Sujet Précédent Sujet Suivant

Processeur qui marche a fond - pc qui rame

Fermé
jazjaz Messages postés 74 Statut Membre -  
jazjaz Messages postés 74 Statut Membre -
Bonsoir a tous,
voila depuis quelques temps mon pc ( le processeur ) tourne a fooooond donc le pc rame j'ai suivi la piste du virus/trojan j'ai fait des scan avec mon anti virus (Avira) et Spybot et Malwarebytes en mode normal et sans echec mais j'ai trouver aucune menace mais en ouvrant le gestionnaire de tache puis en allant voir Processus j'ai vu qu'il y'avais un certain Svchost.exe qui est ouvert en plusieurs exemplaire et qui bouffe toutes la memoire ce qui explique le pc qui devien lent et qui rame donc svp si quelqu'un pouvait m'aider a me debarasser de sa je suis preneur

PS : j'ai les mise a jour desactivé

A voir également:

9 réponses

Réponse 1 / 9
ep44 Messages postés 7432 Statut Contributeur 3
 
Bonjour, on va vérifier tout ça

◊◊◊ Télécharge OTL sur ton Bureau. ◊◊◊

♦ Double-clique sur l'icône pour le lancer. Assure toi que toutes les autres fenêtres de Windows soient fermées et de le laisser travailler.
♦ Lorsque la fenêtre apparaît, cochez Rapport minimal sous Rapport en haut de la fenêtre.
♦ Coche les cases Recherche Lop et Recherche purity. en bas de la fenêtre:
♦ Sous la zone Personnalisation, copie/colle ceci : 

netsvcs
%SYSTEMDRIVE%\*.exe
/md5start
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
sceclt.dll
ntelogon.dll
logevent.dll
iaStor.sys
nvstor.sys
atapi.sys
cdrom.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\*. /mp /s
CREATERESTOREPOINT


♦Clique sur le bouton Run Scan. Ne chance aucun paramètre si on ne te l'a pas demandé. L'analyse prendra peu de temps.
♦ Une fois l'analyse terminée, cela ouvrira deux fenêtres du Bloc-notes Windows : OTL.txt et Extras.txt. Ils sont sauvegardés au même endroit que OtL.
♦ Copie/colle (Éditer -> Sélectionner Tout, Éditer -> Copier) le contenu des deux fichiers ici, un par message stp.

0
Réponse 2 / 9
jazjaz Messages postés 74 Statut Membre 1
 
bonsoir ; merci pour l'aide

voila le contenu de OTL

OTL logfile created on: 01/05/2010 22:38:22 - Run 1
OTL by OldTimer - Version 3.2.4.0 Folder = D:\Users\ushi\Desktop
Ultimate Edition (Version = 6.1.7100) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7100.0)
Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy

2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 52,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 70,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = D: | %SystemRoot% = D:\Windows | %ProgramFiles% = D:\Program Files
Drive C: | 12,70 Gb Total Space | 2,17 Gb Free Space | 17,06% Space Free | Partition Type: NTFS
Drive D: | 31,25 Gb Total Space | 2,01 Gb Free Space | 6,44% Space Free | Partition Type: NTFS
Drive E: | 32,74 Gb Total Space | 5,28 Gb Free Space | 16,14% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: USHI-PC
Current User Name: ushi
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

[color=#E56717]========== Processes (SafeList) ==========/color

PRC - D:\Users\ushi\Desktop\OTL.exe (OldTimer Tools)
PRC - D:\Program Files\uTorrent\uTorrent.exe (BitTorrent, Inc.)
PRC - D:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - D:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - c:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - D:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - D:\Program Files\VideoLAN\VLC\vlc.exe ()
PRC - D:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - D:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - D:\Windows\System32\sppsvc.exe (Microsoft Corporation)
PRC - D:\Windows\explorer.exe (Microsoft Corporation)
PRC - D:\Windows\System32\audiodg.exe (Microsoft Corporation)
PRC - D:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - D:\Program Files\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
PRC - D:\Program Files\XpertVision\TBPANEL.exe (Xpertvision, Inc.)
PRC - D:\Windows\soundman.exe (Realtek Semiconductor Corp.)
PRC - E:\Program Files\Screamer Radio\screamer.exe (Steamcore.se)

[color=#E56717]========== Modules (SafeList) ==========/color

MOD - D:\Users\ushi\Desktop\OTL.exe (OldTimer Tools)
MOD - D:\Windows\System32\sspicli.dll (Microsoft Corporation)
MOD - D:\Windows\System32\sechost.dll (Microsoft Corporation)
MOD - D:\Windows\System32\samcli.dll (Microsoft Corporation)
MOD - D:\Windows\System32\profapi.dll (Microsoft Corporation)
MOD - D:\Windows\System32\netutils.dll (Microsoft Corporation)
MOD - D:\Windows\System32\KernelBase.dll (Microsoft Corporation)
MOD - D:\Windows\System32\dwmapi.dll (Microsoft Corporation)
MOD - D:\Windows\System32\devobj.dll (Microsoft Corporation)
MOD - D:\Windows\System32\cryptbase.dll (Microsoft Corporation)
MOD - D:\Windows\System32\cfgmgr32.dll (Microsoft Corporation)
MOD - D:\Windows\System32\msscript.ocx (Microsoft Corporation)
MOD - D:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7100.0_none_d75e6751736615f2\comctl32.dll (Microsoft Corporation)

[color=#E56717]========== Win32 Services (SafeList) ==========/color

SRV - (WatAdminSvc) -- D:\Windows\System32\Wat\WatAdminSvc.exe (Microsoft Corporation)
SRV - (MBAMService) -- c:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (AntiVirService) -- D:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (Steam Client Service) -- D:\Program Files\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (AntiVirSchedulerService) -- D:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (WwanSvc) -- D:\Windows\System32\wwansvc.dll (Microsoft Corporation)
SRV - (WbioSrvc) -- D:\Windows\System32\wbiosrvc.dll (Microsoft Corporation)
SRV - (Power) -- D:\Windows\System32\umpo.dll (Microsoft Corporation)
SRV - (Themes) -- D:\Windows\System32\themeservice.dll (Microsoft Corporation)
SRV - (sppuinotify) -- D:\Windows\System32\sppuinotify.dll (Microsoft Corporation)
SRV - (SensrSvc) -- D:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (RpcEptMapper) -- D:\Windows\System32\RpcEpMap.dll (Microsoft Corporation)
SRV - (HomeGroupProvider) -- D:\Windows\System32\provsvc.dll (Microsoft Corporation)
SRV - (PNRPsvc) -- D:\Windows\System32\pnrpsvc.dll (Microsoft Corporation)
SRV - (p2pimsvc) -- D:\Windows\System32\pnrpsvc.dll (Microsoft Corporation)
SRV - (PNRPAutoReg) -- D:\Windows\System32\pnrpauto.dll (Microsoft Corporation)
SRV - (PeerDistSvc) -- D:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation)
SRV - (WinDefend) -- D:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SRV - (HomeGroupListener) -- D:\Windows\System32\ListSvc.dll (Microsoft Corporation)
SRV - (FontCache) -- D:\Windows\System32\FntCache.dll (Microsoft Corporation)
SRV - (Dhcp) -- D:\Windows\System32\dhcpcore.dll (Microsoft Corporation)
SRV - (defragsvc) -- D:\Windows\System32\defragsvc.dll (Microsoft Corporation)
SRV - (BDESVC) -- D:\Windows\System32\bdesvc.dll (Microsoft Corporation)
SRV - (AxInstSV) Programme d'installation ActiveX (AxInstSV) -- D:\Windows\System32\AxInstSv.dll (Microsoft Corporation)
SRV - (AppIDSvc) -- D:\Windows\System32\appidsvc.dll (Microsoft Corporation)
SRV - (sppsvc) -- D:\Windows\System32\sppsvc.exe (Microsoft Corporation)
SRV - (SBSDWSCService) -- D:\Program Files\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)

[color=#E56717]========== Driver Services (SafeList) ==========/color

DRV - (avgntflt) -- D:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (nvlddmkm) -- D:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (MBAMProtector) -- D:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (ssmdrv) -- D:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (adp94xx) -- D:\Windows\system32\DRIVERS\adp94xx.sys (Adaptec, Inc.)
DRV - (adpahci) -- D:\Windows\system32\DRIVERS\adpahci.sys (Adaptec, Inc.)
DRV - (elxstor) -- D:\Windows\system32\DRIVERS\elxstor.sys (Emulex)
DRV - (iaStorV) -- D:\Windows\system32\DRIVERS\iaStorV.sys (Intel Corporation)
DRV - (amdsbs) -- D:\Windows\system32\DRIVERS\amdsbs.sys (AMD Technologies Inc.)
DRV - (adpu320) -- D:\Windows\system32\DRIVERS\adpu320.sys (Adaptec, Inc.)
DRV - (MegaSR) -- D:\Windows\system32\DRIVERS\MegaSR.sys (LSI Corporation, Inc.)
DRV - (arcsas) -- D:\Windows\system32\DRIVERS\arcsas.sys (Adaptec, Inc.)
DRV - (nvstor) -- D:\Windows\system32\DRIVERS\nvstor.sys (NVIDIA Corporation)
DRV - (KSecPkg) -- D:\Windows\System32\Drivers\ksecpkg.sys (Microsoft Corporation)
DRV - (nvraid) -- D:\Windows\system32\DRIVERS\nvraid.sys (NVIDIA Corporation)
DRV - (LSI_FC) -- D:\Windows\system32\DRIVERS\lsi_fc.sys (LSI Corporation)
DRV - (LSI_SCSI) -- D:\Windows\system32\DRIVERS\lsi_scsi.sys (LSI Corporation)
DRV - (amdsata) -- D:\Windows\system32\DRIVERS\amdsata.sys (AMD)
DRV - (LSI_SAS) -- D:\Windows\system32\DRIVERS\lsi_sas.sys (LSI Corporation)
DRV - (arc) -- D:\Windows\system32\DRIVERS\arc.sys (Adaptec, Inc.)
DRV - (aic78xx) -- D:\Windows\system32\DRIVERS\djsvs.sys (Adaptec, Inc.)
DRV - (HpSAMD) -- D:\Windows\system32\DRIVERS\HpSAMD.sys (Hewlett-Packard Company)
DRV - (LSI_SAS2) -- D:\Windows\system32\DRIVERS\lsi_sas2.sys (LSI Corporation)
DRV - (FsDepends) -- D:\Windows\System32\drivers\fsdepends.sys (Microsoft Corporation)
DRV - (nfrd960) -- D:\Windows\system32\DRIVERS\nfrd960.sys (IBM Corporation)
DRV - (pcw) -- D:\Windows\System32\drivers\pcw.sys (Microsoft Corporation)
DRV - (amdxata) -- D:\Windows\system32\DRIVERS\amdxata.sys (AMD)
DRV - (cmdide) -- D:\Windows\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.)
DRV - (aliide) -- D:\Windows\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.)
DRV - (iirsp) -- D:\Windows\system32\DRIVERS\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (megasas) -- D:\Windows\system32\DRIVERS\megasas.sys (LSI Corporation)
DRV - (ql2300) -- D:\Windows\system32\DRIVERS\ql2300.sys (QLogic Corporation)
DRV - (vmbus) -- D:\Windows\system32\DRIVERS\vmbus.sys (Microsoft Corporation)
DRV - (rdyboost) -- D:\Windows\System32\drivers\rdyboost.sys (Microsoft Corporation)
DRV - (hwpolicy) -- D:\Windows\System32\drivers\hwpolicy.sys (Microsoft Corporation)
DRV - (vhdmp) -- D:\Windows\system32\DRIVERS\vhdmp.sys (Microsoft Corporation)
DRV - (vsmraid) -- D:\Windows\system32\DRIVERS\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (ql40xx) -- D:\Windows\system32\DRIVERS\ql40xx.sys (QLogic Corporation)
DRV - (SiSRaid4) -- D:\Windows\system32\DRIVERS\sisraid4.sys (Silicon Integrated Systems)
DRV - (storflt) -- D:\Windows\system32\DRIVERS\vmstorfl.sys (Microsoft Corporation)
DRV - (SiSRaid2) -- D:\Windows\system32\DRIVERS\SiSRaid2.sys (Silicon Integrated Systems Corp.)
DRV - (vdrvroot) -- D:\Windows\system32\DRIVERS\vdrvroot.sys (Microsoft Corporation)
DRV - (storvsc) -- D:\Windows\system32\DRIVERS\storvsc.sys (Microsoft Corporation)
DRV - (stexstor) -- D:\Windows\system32\DRIVERS\stexstor.sys (Promise Technology)
DRV - (WIMMount) -- D:\Windows\System32\drivers\wimmount.sys (Microsoft Corporation)
DRV - (viaide) -- D:\Windows\system32\DRIVERS\viaide.sys (VIA Technologies, Inc.)
DRV - (CNG) -- D:\Windows\System32\Drivers\cng.sys (Microsoft Corporation)
DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- D:\Windows\System32\Drivers\Brserid.sys (Brother Industries Ltd.)
DRV - (rdpbus) -- D:\Windows\System32\drivers\rdpbus.sys (Microsoft Corporation)
DRV - (RDPREFMP) -- D:\Windows\System32\drivers\RDPREFMP.sys (Microsoft Corporation)
DRV - (RasAgileVpn) WAN Miniport (IKEv2) -- D:\Windows\System32\drivers\agilevpn.sys (Microsoft Corporation)
DRV - (WfpLwf) -- D:\Windows\System32\drivers\wfplwf.sys (Microsoft Corporation)
DRV - (NdisCap) -- D:\Windows\System32\drivers\ndiscap.sys (Microsoft Corporation)
DRV - (vwifibus) -- D:\Windows\System32\drivers\vwifibus.sys (Microsoft Corporation)
DRV - (1394ohci) -- D:\Windows\system32\DRIVERS\1394ohci.sys (Microsoft Corporation)
DRV - (UmPass) -- D:\Windows\system32\DRIVERS\umpass.sys (Microsoft Corporation)
DRV - (WinUsb) -- D:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (mshidkmdf) -- D:\Windows\System32\drivers\mshidkmdf.sys (Microsoft Corporation)
DRV - (MTConfig) -- D:\Windows\system32\DRIVERS\MTConfig.sys (Microsoft Corporation)
DRV - (CompositeBus) -- D:\Windows\System32\drivers\CompositeBus.sys (Microsoft Corporation)
DRV - (AppID) -- D:\Windows\system32\drivers\appid.sys (Microsoft Corporation)
DRV - (scfilter) -- D:\Windows\System32\drivers\scfilter.sys (Microsoft Corporation)
DRV - (s3cap) -- D:\Windows\system32\DRIVERS\vms3cap.sys (Microsoft Corporation)
DRV - (VMBusHID) -- D:\Windows\system32\DRIVERS\VMBusHID.sys (Microsoft Corporation)
DRV - (discache) -- D:\Windows\System32\drivers\discache.sys (Microsoft Corporation)
DRV - (HidBatt) -- D:\Windows\system32\DRIVERS\HidBatt.sys (Microsoft Corporation)
DRV - (AcpiPmi) -- D:\Windows\system32\DRIVERS\acpipmi.sys (Microsoft Corporation)
DRV - (AmdPPM) -- D:\Windows\system32\DRIVERS\amdppm.sys (Microsoft Corporation)
DRV - (hcw85cir) -- D:\Windows\system32\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV - (BrUsbMdm) -- D:\Windows\System32\Drivers\BrUsbMdm.sys (Brother Industries Ltd.)
DRV - (BrUsbSer) -- D:\Windows\System32\Drivers\BrUsbSer.sys (Brother Industries Ltd.)
DRV - (BrSerWdm) -- D:\Windows\System32\Drivers\BrSerWdm.sys (Brother Industries Ltd.)
DRV - (BrFiltLo) -- D:\Windows\system32\DRIVERS\BrFiltLo.sys (Brother Industries, Ltd.)
DRV - (BrFiltUp) -- D:\Windows\system32\DRIVERS\BrFiltUp.sys (Brother Industries, Ltd.)
DRV - (RTL8023xp) -- D:\Windows\System32\drivers\Rtnicxp.sys (Realtek Semiconductor Corporation )
DRV - (ebdrv) -- D:\Windows\system32\DRIVERS\evbdx.sys (Broadcom Corporation)
DRV - (b06bdrv) -- D:\Windows\system32\DRIVERS\bxvbdx.sys (Broadcom Corporation)
DRV - (b57nd60x) -- D:\Windows\System32\drivers\b57nd60x.sys (Broadcom Corporation)
DRV - (avipbb) -- D:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgio) -- D:\Program Files\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)
DRV - (tap0901) -- D:\Windows\System32\drivers\tap0901.sys (The OpenVPN Project)
DRV - (UsbserFilt) -- D:\Windows\System32\drivers\usbser_lowerfltj.sys (Windows (R) Codename Longhorn DDK provider)
DRV - (nmwcdc) -- D:\Windows\System32\drivers\ccdcmbo.sys (Nokia)
DRV - (upperdev) -- D:\Windows\System32\drivers\usbser_lowerflt.sys (Windows (R) Codename Longhorn DDK provider)
DRV - (nmwcd) -- D:\Windows\System32\drivers\ccdcmb.sys (Nokia)
DRV - (ALCXWDM) Service for Realtek AC97 Audio (WDM) -- D:\Windows\System32\drivers\ALCXWDM.SYS (Realtek Semiconductor Corp.)
DRV - (TBPanel) -- D:\Windows\System32\drivers\TBPanel.sys (Windows (R) 2000 DDK provider)

[color=#E56717]========== Standard Registry (SafeList) ==========/color

[color=#E56717]========== Internet Explorer ==========/color

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://hp.mywebsearch.com/mywebsearch/index.html
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = https://www.msn.com/fr-fr?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = fr
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 34 B4 E5 AE 35 C8 CA 01 [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

[color=#E56717]========== FireFox ==========/color

FF - prefs.js..browser.search.defaultthis.engineName: "Lockerz Wave Updater Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2553240&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.selectedEngine: "Lockerz Wave Updater Customized Web Search"
FF - prefs.js..extensions.enabledItems: firebug@software.joehewitt.com:1.5.3
FF - prefs.js..extensions.enabledItems: autofillForms@blueimp.net:0.9.5.2
FF - prefs.js..extensions.enabledItems: {0d6451b1-a91e-435e-ba58-134ec4797456}:2.5.8.6

FF - HKLM\software\mozilla\Firefox\Extensions\\m3ffxtbr@mywebsearch.com: D:\Program Files\MyWebSearch\bar\1.bin File not found
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: D:\Program Files\Mozilla Firefox\components [2010/04/12 00:31:17 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: D:\Program Files\Mozilla Firefox\plugins [2010/05/01 04:25:22 | 000,000,000 | ---D | M]

[2010/02/18 01:40:25 | 000,000,000 | ---D | M] -- D:\Users\ushi\AppData\Roaming\mozilla\Extensions
[2010/05/01 14:23:11 | 000,000,000 | ---D | M] -- D:\Users\ushi\AppData\Roaming\mozilla\Firefox\Profiles\l1bl7lq0.default\extensions
[2010/04/12 00:03:57 | 000,000,000 | ---D | M] (Lockerz Wave Updater Toolbar) -- D:\Users\ushi\AppData\Roaming\mozilla\Firefox\Profiles\l1bl7lq0.default\extensions\{0d6451b1-a91e-435e-ba58-134ec4797456}
[2010/04/28 21:25:27 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- D:\Users\ushi\AppData\Roaming\mozilla\Firefox\Profiles\l1bl7lq0.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/04/11 22:14:21 | 000,000,000 | ---D | M] -- D:\Users\ushi\AppData\Roaming\mozilla\Firefox\Profiles\l1bl7lq0.default\extensions\autofillForms@blueimp.net
[2010/04/09 01:32:54 | 000,000,000 | ---D | M] -- D:\Users\ushi\AppData\Roaming\mozilla\Firefox\Profiles\l1bl7lq0.default\extensions\firebug@software.joehewitt.com
[2010/04/02 15:09:44 | 000,000,943 | ---- | M] () -- D:\Users\ushi\AppData\Roaming\Mozilla\FireFox\Profiles\l1bl7lq0.default\searchplugins\conduit.xml
[2010/02/16 23:36:45 | 000,000,000 | ---D | M] -- D:\Program Files\mozilla firefox\extensions
[2010/04/07 00:35:31 | 000,001,516 | ---- | M] () -- D:\Program Files\mozilla firefox\searchplugins\amazon-france.xml
[2010/04/07 00:35:31 | 000,001,822 | ---- | M] () -- D:\Program Files\mozilla firefox\searchplugins\cnrtl-tlfi-fr.xml
[2010/04/07 00:35:31 | 000,000,757 | ---- | M] () -- D:\Program Files\mozilla firefox\searchplugins\eBay-france.xml
[2010/04/07 00:35:31 | 000,001,426 | ---- | M] () -- D:\Program Files\mozilla firefox\searchplugins\wikipedia-fr.xml
[2010/04/07 00:35:31 | 000,000,956 | ---- | M] () -- D:\Program Files\mozilla firefox\searchplugins\yahoo-france.xml

O1 HOSTS File: ([2009/03/20 17:31:18 | 000,000,824 | ---- | M]) - D:\Windows\System32\drivers\etc\hosts
O2 - BHO: (no name) - {0055C089-8582-441B-A0BF-17B458C2A3A8} - No CLSID value found.
O2 - BHO: (Shareaza Web Download Hook) - {0EEDB912-C5FA-486F-8334-57288578C627} - e:\Program Files\Shareaza\RazaWebHook32.dll (Shareaza Development Team)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - D:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O4 - HKLM..\Run: [avgnt] D:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [DivXUpdate] D:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [Gainward] D:\Program Files\XpertVision\TBPanel.exe (Xpertvision, Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] c:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [SoundMan] D:\Windows\soundman.exe (Realtek Semiconductor Corp.)
O4 - HKCU..\Run: [uTorrent] D:\Program Files\uTorrent\uTorrent.exe (BitTorrent, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O8 - Extra context menu item: Download with &Shareaza - e:\program files\shareaza\razawebhook32.dll (Shareaza Development Team)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O13 - gopher Prefix: missing
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - D:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - D:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - D:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - D:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O30 - LSA: Security Packages - (pku2u) - D:\Windows\System32\pku2u.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/02/16 13:54:54 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2009/03/20 17:42:25 | 000,000,024 | ---- | M] () - D:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - D:\Windows\System32\ias [2009/04/22 08:17:33 | 000,000,000 | ---D | M]
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: Wmi - D:\Windows\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found
NetSvcs: BDESVC - D:\Windows\System32\bdesvc.dll (Microsoft Corporation)
NetSvcs: Themes - D:\Windows\System32\themeservice.dll (Microsoft Corporation)

[color=#E56717]========== Files/Folders - Created Within 30 Days ==========/color

[2010/05/01 22:35:52 | 000,570,880 | ---- | C] (OldTimer Tools) -- D:\Users\ushi\Desktop\OTL.exe
[2010/05/01 13:47:44 | 000,000,000 | ---D | C] -- D:\Windows\SoftwareDistribution
[2010/05/01 04:34:29 | 000,000,000 | ---D | C] -- D:\Users\ushi\AppData\Roaming\Malwarebytes
[2010/05/01 04:34:17 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- D:\Windows\System32\drivers\mbamswissarmy.sys
[2010/05/01 04:34:03 | 000,000,000 | ---D | C] -- D:\ProgramData\Malwarebytes
[2010/05/01 04:34:02 | 000,019,160 | ---- | C] (Malwarebytes Corporation) -- D:\Windows\System32\drivers\mbam.sys
[2010/04/12 00:30:35 | 000,000,000 | ---D | C] -- D:\ProgramData\Apple Computer
[2010/04/12 00:29:12 | 000,000,000 | ---D | C] -- D:\Program Files\Common Files\Apple
[2010/04/12 00:28:57 | 000,000,000 | ---D | C] -- D:\Users\ushi\AppData\Local\Apple
[2010/04/12 00:28:48 | 000,000,000 | ---D | C] -- D:\Program Files\Apple Software Update
[2010/04/12 00:28:48 | 000,000,000 | ---D | C] -- D:\ProgramData\Apple
[2010/04/08 14:51:11 | 000,000,000 | ---D | C] -- D:\Users\ushi\AppData\Roaming\Nero
[2010/04/08 14:47:31 | 000,802,816 | ---- | C] (Pegasus Imaging Corp.) -- D:\Windows\System32\imagXRA7.dll
[2010/04/08 14:47:31 | 000,497,296 | ---- | C] (Pegasus Imaging Corp.) -- D:\Windows\System32\imagXpr7.dll
[2010/04/08 14:47:31 | 000,368,640 | ---- | C] (Pegasus Imaging Corporation) -- D:\Windows\System32\TwnLib4.dll
[2010/04/08 14:47:31 | 000,258,048 | ---- | C] (Pegasus Imaging Corp.) -- D:\Windows\System32\imagXR7.dll
[2010/04/08 14:47:30 | 001,757,184 | ---- | C] (Pegasus Imaging Corp.) -- D:\Windows\System32\imagX7.dll
[2010/04/08 14:47:29 | 000,000,000 | ---D | C] -- D:\ProgramData\Nero
[2010/04/08 14:47:29 | 000,000,000 | ---D | C] -- D:\Program Files\Common Files\Nero
[2010/04/04 23:52:49 | 000,000,000 | ---D | C] -- D:\ProgramData\Soulseek

[color=#E56717]========== Files - Modified Within 30 Days ==========/color

[2010/05/01 22:40:46 | 002,097,152 | -HS- | M] () -- D:\Users\ushi\NTUSER.DAT
[2010/05/01 22:36:00 | 000,570,880 | ---- | M] (OldTimer Tools) -- D:\Users\ushi\Desktop\OTL.exe
[2010/05/01 22:16:05 | 000,001,072 | ---- | M] () -- D:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4190494208-761756063-4007630184-1000UA.job
[2010/05/01 21:20:08 | 001,524,364 | ---- | M] () -- D:\Windows\System32\PerfStringBackup.INI
[2010/05/01 21:20:08 | 000,684,756 | ---- | M] () -- D:\Windows\System32\perfh00C.dat
[2010/05/01 21:20:08 | 000,606,992 | ---- | M] () -- D:\Windows\System32\perfh009.dat
[2010/05/01 21:20:08 | 000,126,674 | ---- | M] () -- D:\Windows\System32\perfc00C.dat
[2010/05/01 21:20:08 | 000,103,370 | ---- | M] () -- D:\Windows\System32\perfc009.dat
[2010/05/01 21:17:51 | 000,019,712 | -H-- | M] () -- D:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010/05/01 21:17:51 | 000,019,712 | -H-- | M] () -- D:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010/05/01 21:16:11 | 000,000,544 | ---- | M] () -- D:\Windows\DFC.INI
[2010/05/01 21:15:48 | 000,000,006 | -H-- | M] () -- D:\Windows\tasks\SA.DAT
[2010/05/01 21:15:41 | 000,067,584 | --S- | M] () -- D:\Windows\bootstat.dat
[2010/05/01 21:15:39 | 1610,063,872 | -HS- | M] () -- D:\hiberfil.sys
[2010/05/01 14:40:33 | 000,023,762 | ---- | M] () -- D:\Users\ushi\Desktop\15366_1074376639733_1835727286_157936_2598798_n.jpg
[2010/05/01 06:16:00 | 000,001,020 | ---- | M] () -- D:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4190494208-761756063-4007630184-1000Core.job
[2010/05/01 04:34:21 | 000,000,680 | ---- | M] () -- D:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/05/01 03:57:01 | 000,014,237 | ---- | M] () -- D:\Users\ushi\Desktop\Human Traffic French Dvdrip Divx [www.play-the.net].torrent
[2010/05/01 03:55:24 | 000,014,285 | ---- | M] () -- D:\Users\ushi\Desktop\Les démons de jesus,French,Dvdrip,Xvid [www.play-the.net].torrent
[2010/05/01 03:54:17 | 000,014,247 | ---- | M] () -- D:\Users\ushi\Desktop\Wayne's world 2 Truefrench DVDRip XViD-RLD [www.play-the.net].torrent
[2010/04/30 19:53:34 | 000,022,360 | ---- | M] () -- D:\Users\ushi\Desktop\30668_401642887896_243865797896_4107224_699449_n.jpg
[2010/04/30 17:38:40 | 000,000,069 | ---- | M] () -- D:\Windows\NeroDigital.ini
[2010/04/30 16:15:51 | 000,017,710 | ---- | M] () -- D:\Users\ushi\Desktop\Photoshop Extended CS4 Fr [www.play-the.net].torrent
[2010/04/30 04:05:41 | 000,940,019 | -H-- | M] () -- D:\Users\ushi\AppData\Local\IconCache.db
[2010/04/30 02:50:36 | 000,008,644 | ---- | M] () -- D:\Users\ushi\Desktop\31084_416692007237_250129347237_5227371_1456811_n.jpg
[2010/04/30 00:34:59 | 000,028,712 | ---- | M] () -- D:\Users\ushi\Desktop\30854_112990992074956_112850748755647_76510_2265386_n.jpg
[2010/04/29 17:39:14 | 000,003,582 | ---- | M] () -- D:\Users\ushi\Desktop\amri0809hh3.jpg
[2010/04/29 01:16:31 | 000,002,208 | ---- | M] () -- D:\Users\ushi\Desktop\Google Chrome.lnk
[2010/04/28 13:14:28 | 000,023,586 | ---- | M] () -- D:\Users\ushi\Desktop\24738_1252916169919_1439995353_30545929_2135633_n.jpg
[2010/04/28 13:14:16 | 000,024,000 | ---- | M] () -- D:\Users\ushi\Desktop\12328_1463730391944_1194026658_1366339_2751838_n.jpg
[2010/04/22 22:57:45 | 000,014,223 | ---- | M] () -- D:\Users\ushi\Desktop\Jeux d Enfants French Dvdrip Xvid [www.play-the.net].torrent
[2010/04/22 00:21:36 | 000,004,608 | ---- | M] () -- D:\Users\ushi\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/04/14 14:02:43 | 000,000,193 | ---- | M] () -- D:\Windows\WORDPAD.INI
[2010/04/08 14:47:55 | 000,000,819 | ---- | M] () -- D:\Users\Public\Desktop\Nero Express.lnk

[color=#E56717]========== Files Created - No Company Name ==========/color

[2010/05/01 14:40:33 | 000,023,762 | ---- | C] () -- D:\Users\ushi\Desktop\15366_1074376639733_1835727286_157936_2598798_n.jpg
[2010/05/01 04:34:21 | 000,000,680 | ---- | C] () -- D:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/05/01 03:57:00 | 000,014,237 | ---- | C] () -- D:\Users\ushi\Desktop\Human Traffic French Dvdrip Divx [www.play-the.net].torrent
[2010/05/01 03:55:24 | 000,014,285 | ---- | C] () -- D:\Users\ushi\Desktop\Les démons de jesus,French,Dvdrip,Xvid [www.play-the.net].torrent
[2010/05/01 03:54:17 | 000,014,247 | ---- | C] () -- D:\Users\ushi\Desktop\Wayne's world 2 Truefrench DVDRip XViD-RLD [www.play-the.net].torrent
[2010/04/30 19:53:34 | 000,022,360 | ---- | C] () -- D:\Users\ushi\Desktop\30668_401642887896_243865797896_4107224_699449_n.jpg
[2010/04/30 16:15:51 | 000,017,710 | ---- | C] () -- D:\Users\ushi\Desktop\Photoshop Extended CS4 Fr [www.play-the.net].torrent
[2010/04/30 02:50:36 | 000,008,644 | ---- | C] () -- D:\Users\ushi\Desktop\31084_416692007237_250129347237_5227371_1456811_n.jpg
[2010/04/30 00:34:58 | 000,028,712 | ---- | C] () -- D:\Users\ushi\Desktop\30854_112990992074956_112850748755647_76510_2265386_n.jpg
[2010/04/29 17:39:14 | 000,003,582 | ---- | C] () -- D:\Users\ushi\Desktop\amri0809hh3.jpg
[2010/04/28 13:14:27 | 000,023,586 | ---- | C] () -- D:\Users\ushi\Desktop\24738_1252916169919_1439995353_30545929_2135633_n.jpg
[2010/04/28 13:14:15 | 000,024,000 | ---- | C] () -- D:\Users\ushi\Desktop\12328_1463730391944_1194026658_1366339_2751838_n.jpg
[2010/04/22 22:57:45 | 000,014,223 | ---- | C] () -- D:\Users\ushi\Desktop\Jeux d Enfants French Dvdrip Xvid [www.play-the.net].torrent
[2010/04/22 00:20:24 | 000,004,608 | ---- | C] () -- D:\Users\ushi\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/04/09 03:50:56 | 000,000,069 | ---- | C] () -- D:\Windows\NeroDigital.ini
[2010/04/08 14:47:55 | 000,000,819 | ---- | C] () -- D:\Users\Public\Desktop\Nero Express.lnk
[2010/03/30 03:49:36 | 000,004,366 | ---- | C] () -- D:\Windows\wininit.ini
[2010/03/20 08:18:26 | 000,000,193 | ---- | C] () -- D:\Windows\WORDPAD.INI
[2010/02/16 22:38:59 | 000,000,544 | ---- | C] () -- D:\Windows\DFC.INI
[2010/02/16 20:24:48 | 000,143,360 | R--- | C] () -- D:\Windows\System32\RtlCPAPI.dll
[2009/04/22 05:50:07 | 000,073,216 | ---- | C] () -- D:\Windows\System32\BthpanContextHandler.dll
[2009/04/22 05:40:32 | 000,064,000 | ---- | C] () -- D:\Windows\System32\BWContextHandler.dll
[2009/04/22 05:34:32 | 000,193,024 | ---- | C] () -- D:\Windows\System32\sppcomapi.dll

[color=#E56717]========== LOP Check ==========/color

[2010/03/22 02:09:13 | 000,000,000 | ---D | M] -- D:\Users\ushi\AppData\Roaming\AnvSoft
[2010/04/25 17:48:55 | 000,000,000 | ---D | M] -- D:\Users\ushi\AppData\Roaming\Audacity
[2010/03/02 11:30:54 | 000,000,000 | ---D | M] -- D:\Users\ushi\AppData\Roaming\DMCache
[2010/03/14 17:33:10 | 000,000,000 | ---D | M] -- D:\Users\ushi\AppData\Roaming\Shareaza
[2010/03/02 12:51:29 | 000,000,000 | ---D | M] -- D:\Users\ushi\AppData\Roaming\TS3Client
[2010/02/19 01:26:00 | 000,000,000 | ---D | M] -- D:\Users\ushi\AppData\Roaming\TuneUp Software
[2010/05/01 22:40:41 | 000,000,000 | ---D | M] -- D:\Users\ushi\AppData\Roaming\uTorrent
[2010/04/01 00:36:58 | 000,000,000 | ---D | M] -- D:\Users\ushi\AppData\Roaming\XLink Kai
[2010/05/01 21:11:46 | 000,019,754 | ---- | M] () -- D:\Windows\Tasks\SCHEDLGU.TXT

[color=#E56717]========== Purity Check ==========/color

[color=#E56717]========== Custom Scans ==========/color

[color=#A23BEC]< %SYSTEMDRIVE%\*.exe >/color

[color=#A23BEC]< MD5 for: AGP440.SYS >/color
[2009/04/22 07:24:12 | 000,053,328 | ---- | M] (Microsoft Corporation) MD5=7DFFC1CD425BCD998D9FDA0192383A19 -- D:\Windows\System32\drivers\AGP440.sys
[2009/04/22 07:24:12 | 000,053,328 | ---- | M] (Microsoft Corporation) MD5=7DFFC1CD425BCD998D9FDA0192383A19 -- D:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_e13b2b757efc5205\AGP440.sys
[2009/04/22 07:24:12 | 000,053,328 | ---- | M] (Microsoft Corporation) MD5=7DFFC1CD425BCD998D9FDA0192383A19 -- D:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7100.0_none_2b05e59d13c6aac3\AGP440.sys

[color=#A23BEC]< MD5 for: ATAPI.SYS >/color
[2009/04/22 07:24:04 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=80C40F7FDFC376E4C5FEEC28B41C119E -- D:\Windows\System32\drivers\atapi.sys
[2009/04/22 07:24:04 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=80C40F7FDFC376E4C5FEEC28B41C119E -- D:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_b27d5421375ad1cd\atapi.sys
[2009/04/22 07:24:04 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=80C40F7FDFC376E4C5FEEC28B41C119E -- D:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7100.0_none_4e2b207b769f9fe5\atapi.sys

[color=#A23BEC]< MD5 for: CDROM.SYS >/color
[2009/04/22 05:08:50 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=EDF617E3CE277E60B8DDC2B6E99B1D54 -- D:\Windows\System32\drivers\cdrom.sys
[2009/04/22 05:08:50 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=EDF617E3CE277E60B8DDC2B6E99B1D54 -- D:\Windows\System32\DriverStore\FileRepository\cdrom.inf_x86_neutral_979e56719b05c594\cdrom.sys
[2009/04/22 05:08:50 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=EDF617E3CE277E60B8DDC2B6E99B1D54 -- D:\Windows\winsxs\x86_cdrom.inf_31bf3856ad364e35_6.1.7100.0_none_d09c5443f8dd3b93\cdrom.sys

[color=#A23BEC]< MD5 for: CNGAUDIT.DLL >/color
[2009/04/22 07:20:04 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=EC9930C8CDF46295A1354256435CB5DE -- D:\Windows\System32\cngaudit.dll
[2009/04/22 07:20:04 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=EC9930C8CDF46295A1354256435CB5DE -- D:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7100.0_none_5956e38684aa4f03\cngaudit.dll

[color=#A23BEC]< MD5 for: IASTORV.SYS >/color
[2009/04/22 07:24:21 | 000,332,368 | ---- | M] (Intel Corporation) MD5=AC958B65CDE27ADFDEC628BF7ECCEB8C -- D:\Windows\System32\drivers\iaStorV.sys
[2009/04/22 07:24:21 | 000,332,368 | ---- | M] (Intel Corporation) MD5=AC958B65CDE27ADFDEC628BF7ECCEB8C -- D:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_18cccb83b34e1453\iaStorV.sys
[2009/04/22 07:24:21 | 000,332,368 | ---- | M] (Intel Corporation) MD5=AC958B65CDE27ADFDEC628BF7ECCEB8C -- D:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7100.0_none_20044ad9dcddcbd8\iaStorV.sys

[color=#A23BEC]< MD5 for: NETLOGON.DLL >/color
[2009/04/22 07:21:18 | 000,561,152 | ---- | M] (Microsoft Corporation) MD5=A3EA8619FBBC2D270D79C241CE426618 -- D:\Windows\System32\netlogon.dll
[2009/04/22 07:21:18 | 000,561,152 | ---- | M] (Microsoft Corporation) MD5=A3EA8619FBBC2D270D79C241CE426618 -- D:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7100.0_none_6eaaafa48d0fb9a0\netlogon.dll

[color=#A23BEC]< MD5 for: NVSTOR.SYS >/color
[2009/04/22 07:24:17 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=93CF6F974095F7D146AA273F3BF418D7 -- D:\Windows\System32\drivers\nvstor.sys
[2009/04/22 07:24:17 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=93CF6F974095F7D146AA273F3BF418D7 -- D:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_4d1b6b7b67c54c8c\nvstor.sys
[2009/04/22 07:24:17 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=93CF6F974095F7D146AA273F3BF418D7 -- D:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7100.0_none_aacdbb89141475b0\nvstor.sys

[color=#A23BEC]< MD5 for: SCECLI.DLL >/color
[2009/04/22 07:21:47 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=686BAFE6AF35AF1C8D5EB536A8500430 -- D:\Windows\System32\scecli.dll
[2009/04/22 07:21:47 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=686BAFE6AF35AF1C8D5EB536A8500430 -- D:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7100.0_none_a900dabd2e31405b\scecli.dll

[color=#A23BEC]< %systemroot%\*. /mp /s >/color

[color=#E56717]========== Alternate Data Streams ==========/color

@Alternate Data Stream - 16 bytes -> D:\Users\ushi\Downloads:Shareaza.GUID

< End of report >
0
Réponse 3 / 9
jazjaz Messages postés 74 Statut Membre 1
 
Voila le contenu de Extra

OTL Extras logfile created on: 01/05/2010 22:38:22 - Run 1
OTL by OldTimer - Version 3.2.4.0 Folder = D:\Users\ushi\Desktop
Ultimate Edition (Version = 6.1.7100) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7100.0)
Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy

2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 52,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 70,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = D: | %SystemRoot% = D:\Windows | %ProgramFiles% = D:\Program Files
Drive C: | 12,70 Gb Total Space | 2,17 Gb Free Space | 17,06% Space Free | Partition Type: NTFS
Drive D: | 31,25 Gb Total Space | 2,01 Gb Free Space | 6,44% Space Free | Partition Type: NTFS
Drive E: | 32,74 Gb Total Space | 5,28 Gb Free Space | 16,14% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: USHI-PC
Current User Name: ushi
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

[color=#E56717]========== Extra Registry (SafeList) ==========[/color]

[color=#E56717]========== File Associations ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- D:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- D:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

[color=#E56717]========== Shell Spawning ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "D:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "D:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[color=#E56717]========== Security Center Settings ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[color=#E56717]========== Authorized Applications List ==========[/color]

[color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Outil de téléchargement Windows Live
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
"{46ABBC54-1872-4AA3-95E2-F2C063A63F31}" = Installation Windows Live
"{553255F3-78FD-40F1-A6F8-6882140265FE}" = Apple Application Support
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770F1BEC-2871-4E70-B837-FB8525FFA3B1}" = Windows Live Messenger
"{82C7B308-0BDD-49D8-8EA5-9CD3A3F9DF41}" = Windows Live Call
"{87C24822-389C-45AA-9E75-0757B8F1A892}" = XLink Kai
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{AC76BA86-7AD7-1036-7B44-A93000000001}" = Adobe Reader 9.3.2 - Français
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{BC4AE628-81A4-4FC6-863A-7A9BA2E2531F}" = Nokia Connectivity Cable Driver
"{DCE8CD14-FBF5-4464-B9A4-E18E473546C7}" = Assistant de connexion Windows Live
"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio
"7-Zip" = 7-Zip 4.65
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Audacity 1.3 Beta (Unicode)_is1" = Audacity 1.3.11 (Unicode)
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"CCleaner" = CCleaner
"DivX Setup.divx.com" = Configuration DivX
"eMule" = eMule
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Mozilla Firefox (3.6.3)" = Mozilla Firefox (3.6.3)
"Nero8Lite_is1" = Nero 8 Lite 8.3.2.1
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"Shareaza_is1" = Shareaza 2.5.0.0
"Steam App 10" = Counter-Strike
"VLC media player" = VLC media player 1.0.0
"WinLiveSuite_Wave3" = Installation Windows Live
"XpertVision_is1" = XpertVision 4.6

[color=#E56717]========== HKEY_CURRENT_USER Uninstall List ==========[/color]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
"uTorrent" = µTorrent

[color=#E56717]========== Last 10 Event Log Errors ==========[/color]

[ Application Events ]
Error - 30/04/2010 22:03:12 | Computer Name = ushi-PC | Source = Winlogon | ID = 4103
Description = Echec de l'activation de la licence Windows. Erreur 0x80070005.

Error - 30/04/2010 22:24:55 | Computer Name = ushi-PC | Source = Software Protection Platform Service | ID = 1017
Description = L'installation de la preuve d'achat a échoué. 0xC004F015 Pkey partiel=HYRR2
ACID=7cfd4696-69a9-4af7-af36-ff3d12b6b6c8
Erreur
détaillée[?]

Error - 30/04/2010 22:28:19 | Computer Name = ushi-PC | Source = Software Protection Platform Service | ID = 1017
Description = L'installation de la preuve d'achat a échoué. 0xC004F015 Pkey partiel=HYRR2
ACID=7cfd4696-69a9-4af7-af36-ff3d12b6b6c8
Erreur
détaillée[?]

Error - 30/04/2010 22:29:25 | Computer Name = ushi-PC | Source = Software Protection Platform Service | ID = 1017
Description = L'installation de la preuve d'achat a échoué. 0xC004F050 Pkey partiel=V3B49
ACID=?
Erreur
détaillée[?]

Error - 30/04/2010 22:29:34 | Computer Name = ushi-PC | Source = Software Protection Platform Service | ID = 8211
Description = Les jetons de clé de produit et licence Windows mis à jour ont échoué
avec le code d'erreur 0xC004F050.

Error - 30/04/2010 22:49:50 | Computer Name = ushi-PC | Source = Winlogon | ID = 4103
Description = Echec de l'activation de la licence Windows. Erreur 0x80070005.

Error - 30/04/2010 22:55:28 | Computer Name = ushi-PC | Source = Software Protection Platform Service | ID = 1017
Description = L'installation de la preuve d'achat a échoué. 0xC004F015 Pkey partiel=HYRR2
ACID=7cfd4696-69a9-4af7-af36-ff3d12b6b6c8
Erreur
détaillée[?]

Error - 30/04/2010 22:55:46 | Computer Name = ushi-PC | Source = Software Protection Platform Service | ID = 1017
Description = L'installation de la preuve d'achat a échoué. 0xC004F050 Pkey partiel=V3B49
ACID=?
Erreur
détaillée[?]

Error - 30/04/2010 22:55:51 | Computer Name = ushi-PC | Source = Software Protection Platform Service | ID = 8211
Description = Les jetons de clé de produit et licence Windows mis à jour ont échoué
avec le code d'erreur 0xC004F050.

Error - 01/05/2010 15:15:57 | Computer Name = ushi-PC | Source = Winlogon | ID = 4103
Description = Echec de l'activation de la licence Windows. Erreur 0x80070005.

[ System Events ]
Error - 01/05/2010 15:11:59 | Computer Name = ushi-PC | Source = Service Control Manager | ID = 7034
Description = Le service Hôte du fournisseur de découverte de fonctions s'est terminé
de façon inattendue pour la 1ème fois.

Error - 01/05/2010 15:11:59 | Computer Name = ushi-PC | Source = Service Control Manager | ID = 7031
Description = Le service Service Liste des réseaux s'est terminé de manière inattendue.
Ceci s'est produit 2 fois. L'action corrective suivante va être effectuée dans
100 millisecondes : Redémarrer le service.

Error - 01/05/2010 15:11:59 | Computer Name = ushi-PC | Source = Service Control Manager | ID = 7031
Description = Le service Service Interface du magasin réseau s'est terminé de manière
inattendue. Ceci s'est produit 2 fois. L'action corrective suivante va être effectuée
dans 300000 millisecondes : Redémarrer le service.

Error - 01/05/2010 15:11:59 | Computer Name = ushi-PC | Source = Service Control Manager | ID = 7034
Description = Le service Service hôte WDIServiceHost s'est terminé de façon inattendue
pour la 1ème fois.

Error - 01/05/2010 15:12:10 | Computer Name = ushi-PC | Source = Service Control Manager | ID = 7034
Description = Le service Windows Defender s'est terminé de façon inattendue pour
la 3ème fois.

Error - 01/05/2010 15:13:46 | Computer Name = ushi-PC | Source = Service Control Manager | ID = 7032
Description = Le Gestionnaire de services de contrôle a essayé d'entreprendre une
action corrective (Redémarrer le service) après la fin inattendue du service Explorateur
d'ordinateurs, mais cette action a échoué en raison de l'erreur suivante : %%1056

Error - 01/05/2010 15:13:46 | Computer Name = ushi-PC | Source = Service Control Manager | ID = 7032
Description = Le Gestionnaire de services de contrôle a essayé d'entreprendre une
action corrective (Redémarrer le service) après la fin inattendue du service Serveur,
mais cette action a échoué en raison de l'erreur suivante : %%1056

Error - 01/05/2010 15:13:54 | Computer Name = ushi-PC | Source = Service Control Manager | ID = 7032
Description = Le Gestionnaire de services de contrôle a essayé d'entreprendre une
action corrective (Redémarrer le service) après la fin inattendue du service Journal
d'événements Windows, mais cette action a échoué en raison de l'erreur suivante :
%%1056

Error - 01/05/2010 15:15:43 | Computer Name = ushi-PC | Source = EventLog | ID = 6008
Description = L'arrêt système précédant à 21:15:06 le ?01/?05/?2010 n'était pas
prévu.

Error - 01/05/2010 15:15:44 | Computer Name = USHI-PC | Source = BugCheck | ID = 1001
Description =

< End of report >
0
Réponse 4 / 9
ep44 Messages postés 7432 Statut Contributeur 3
 
il me faut surtout l'autre rapport OTL.txt

Utiliser https://www.cjoint.com/ pour poster les rapports.
Merci
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 9
jazjaz Messages postés 74 Statut Membre 1
 
le voila http://cjoint.com/data/fbw7t0CIkN.htm
0
Réponse 6 / 9
ep44 Messages postés 7432 Statut Contributeur 3
 
ok pas grand chose sur ton rapport,

mais il tee faut tout de même faire ce qui suit :)

◊◊◊Télécharge de AD-Remover sur ton Bureau. (Merci à C_XX) ◊◊◊

Miroir:
https://www.androidworld.fr/

/!\ Déconnecte-toi d'internet et ferme toutes applications en cours /!\

♦ DDésactive provisoirement et seulement le temps de l'utilisation de ADremover, la protection en temps réel de ton Antivirus et de tes Antispywares, qui peuvent gêner fortement la procédure de recherche et de nettoyage de l'outil.

♦ Double-clique sur l'icône Ad-remover située sur ton Bureau.
♦ Sur la page, clique sur le bouton « Nettoyer »
♦ Confirme lancement du scan
♦ Laisse travailler l'outil.
♦ Poste le rapport qui apparaît à la fin.

(Le rapport est sauvegardé aussi sous C:\Ad-report(Scan/clean).Txt)

(CTRL+A pour tout sélectionner, CTRL+C pour copier et CTRL+V pour coller)

Ensuite

◊◊◊ Télécharge Ccleaner ◊◊◊

♦ Aide toi de ce tuto pour l'utiliser
http://www.swl1f.net/viewtopic.php?f=14&t=69

◊◊◊ Télécharge Malwarebytes ◊◊◊

Une aide pour l'installation
http://www.swl1f.net/viewtopic.php?f=14&t=68

♦ Installe le
♦ Lance malwarebytes
♦ Coche "Exécuter un examen complet"
♦ Si tu es en présence d'une infection à la fin de l'examen clique sur "ok"
♦ Clique sur Supprimer la sélection
♦ Pour poster le rapport Clique sur l'onglet Rapports/Logs, sélectionne celui t'intéresse et clique sur Ouvrir
♦ Fait copier coller et poste le rapport

Utiliser https://www.cjoint.com/ pour poster les rapports.
Merci

0
Réponse 7 / 9
jazjaz Messages postés 74 Statut Membre 1
 
Voila le raport

http://cjoint.com/data/fbxYjRvrzS.htm
0
jazjaz Messages postés 74 Statut Membre 1
 
c'est le raport de Ad-R

le raport de malwarebytes va venir

merci encore pour l'aide
0
Réponse 8 / 9
delta
 
Bonsoir,
son problème viens surtout que son Windows n'est pas ativé et qu'il est en plus reconnu comme OS piraté, qu'il n'a pas réussi l'activation et que peut être que le délai est dépassé
0
Réponse 9 / 9
jazjaz Messages postés 74 Statut Membre 1
 
voila le raport de malwarebyte

Malwarebytes' Anti-Malware 1.44
Version de la base de données: 3510
Windows 6.1.7100
Internet Explorer 8.0.7100.0

02/05/2010 00:49:03
mbam-log-2010-05-02 (00-49-03).txt

Type de recherche: Examen complet (C:\|D:\|E:\|)
Eléments examinés: 175429
Temps écoulé: 41 minute(s), 45 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 2

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
C:\System Volume Information\_restore{D647EF3F-24C9-4977-96FC-00C58EF67767}\RP0\A0000110.exe (Malware.Tool) -> Quarantined and deleted successfully.
E:\Ushi documents\logiciels\Windows 7 Activation Kit - Mettre Windows 7 Genuine 100%\AutoPlay\Docs\Windows 7 Ultimate Keygen.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
0