Sujet Précédent Sujet Suivant

Lsass.exe

Fermé
Shalice - 15 janv. 2011 à 13:45
 Shalice - 15 janv. 2011 à 18:53
Bonjour,

J'ai depuis plusieurs jours un problème lié au processus lsass.exe. J'ai déjà essayé plusieurs solutions proposées sur votre site sur d'autres posts. Rien n'a marché. Le FxSasser de Secuser.com ne le trouve pas. Je ne confond pas non plus lsass.exe et isass.exe...
J'ai donc installé HiJackThis et je vous copie donc les résultats...

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:39:45, on 15/01/2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast5\avastUI.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Documents and Settings\Sha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Sha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Sha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Sha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Sha\Mes documents\Downloads\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Sha\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Mail Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Web Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing)

12 réponses

Réponse 1 / 12
verni29 Messages postés 6699 Date d'inscription dimanche 6 juillet 2008 Statut Contributeur sécurité Dernière intervention 26 décembre 2016 180
15 janv. 2011 à 14:14
Bonjour,

Commence par ceci :

1/ Télécharge gmer sur ton bureau ( IMPORTANT )
http://www.gmer.net/#files

Précautions d'usage :
- Durant l'utilisation du logiciel, désactive tes protections actives ( antivirus, parefeu ). IMPORTANT.
- Ferme également toutes les applications actives dont ton navigateur.

# Double-clique sur l'exécutable téléchargé .
# Le scan va se lancer de lui-même.

Si tu reçois un message t'indiquant la présence de rootkits, choisis oui pour effectuer une analyse complète du PC mais ne supprime rien.

# A la fin de l'analyse, clique sur save pour enregistrer le rapport
# Enregistre-le sur le bureau ( fichier .log )

Édite ce rapport dans ta prochaine réponse.


2/ Télécharge OTL (de OldTimer) sur ton Bureau.
http://oldtimer.geekstogo.com/OTL.scr

Prends le soin de fermer toutes les autres fenêtres Windows afin de ne pas interrompre le scan.

* Double-clique sur OTL.scr pour le lancer.
Si Sous Vista/seven, , click droit sur sur le fichier et choisir Exécuter en tant qu'administrateur.
* Sélectionne l'option tous les utilisateurs.
* Dans la partie Personnalisation, copie/colle la liste suivante. 

 netsvcs 
Drivers32
msconfig  
activex
/md5start 
lsass.exe  
winlogon.exe 
explorer.exe
wininit.exe
/md5stop
%SYSTEMDRIVE%\*.exe
%ALLUSERSPROFILE%\Application Data\*. 
%ALLUSERSPROFILE%\Application Data\*.exe /s
%appdata%\*.exe /s 
%APPDATA%\*.  
%systemroot%\*. /mp /s 
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
CREATERESTOREPOINT


* Enfin, clique sur le bouton Analyse rapide.

* Une fois l'analyse terminée, deux fenêtres vont s'ouvrir dans le Bloc-notes : OTL.txt et Extras.txt. Ils se trouvent au même endroit que OTL (donc par défaut sur le Bureau)

Utilise un site comme http://cijoint.fr pour les déposer.
indique ensuite les deux liens crées.

A+
1
Réponse 2 / 12
verni29 Messages postés 6699 Date d'inscription dimanche 6 juillet 2008 Statut Contributeur sécurité Dernière intervention 26 décembre 2016 180
15 janv. 2011 à 18:13
Re,

Du nouveau ?
Il n'y a pas d'infections sur le PC.

----------------------------------

1/ Relance OTL.

* clique sur aucun
* Puis sous personnalisation , copie le texte suivant : 

C:\56d0d72a59bf5ff3af2cd620ab08a1\*.* /s
C:\Documents and Settings\Sha\Application Data\Unity\*.* /s
C:\WINDOWS\System32\URTTEMP\*.* /s


* Clique ensuite sur Analyse.

L'analyse va à peine prendre quelques secondes.
Un rapport va s'ouvrir.
Poste le dans ta prochaine réponse.

2/ Puis , fais cette manip pour vérifier les fichiers systèmes.
Il est possible qu'on te demande d'insérer le CD de ta version de XP.

Démarrer --> exécuter --> tape sfc/ scannow puis valide.
Attention à l'espace entre le c et le /.


A+
1
Réponse 3 / 12
Shalice
15 janv. 2011 à 13:52
Ah j'ai oublié des détails qui pourraient peut-être vous aider. J'ai essayé de le kill dans l'invite de commandes sans résultat. Et ce Sasser monte mon Util. de l'UC à 100% dès que je lance une application. Les mises à jour de Windows Update ne changent rien non plus...
0
Réponse 4 / 12
Shalice
15 janv. 2011 à 15:17
Rebonjour,

Voici le résultat de Gmer :


GMER 1.0.15.15530 - http://www.gmer.net
Rootkit scan 2011-01-15 14:53:59
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 IC35L120AVV207-0 rev.V24OA66A
Running: zmqimrqm.exe; Driver: C:\DOCUME~1\Sha\LOCALS~1\Temp\kwpcifoc.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwClose [0xA90A2CF0]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateKey [0xA90A2BAC]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwDeleteKey [0xA90A3160]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwDeleteValueKey [0xA90A308A]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwDuplicateObject [0xA90A2782]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwOpenKey [0xA90A2C86]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwOpenProcess [0xA90A26C2]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwOpenThread [0xA90A2726]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwQueryValueKey [0xA90A2DA6]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwRenameKey [0xA90A322E]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwRestoreKey [0xA90A2D66]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwSetValueKey [0xA90A2EE6]

Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0xA90AFBAE]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateSection [0xA90AF9D2]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwLoadDriver [0xA90AFB0C]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) NtCreateSection
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObInsertObject
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject

---- Kernel code sections - GMER 1.0.15 ----

PAGE ntkrnlpa.exe!ZwLoadDriver 805795FA 7 Bytes JMP A90AFB10 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntkrnlpa.exe!NtCreateSection 805A075C 7 Bytes JMP A90AF9D6 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntkrnlpa.exe!ObMakeTemporaryObject 805B1CE0 5 Bytes JMP A90AB5D4 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntkrnlpa.exe!ObInsertObject 805B8B58 5 Bytes JMP A90ACFFA \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntkrnlpa.exe!ZwCreateProcessEx 805C73EA 7 Bytes JMP A90AFBB2 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
.text C:\WINDOWS\system32\DRIVERS\ati2mtag.sys section is writeable [0xB98D0000, 0x1A3F84, 0xE8000020]

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1524] kernel32.dll!SetUnhandledExceptionFilter 7C84495D 4 Bytes [C2, 04, 00, 90] {RET 0x4; NOP }

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\WINDOWS\system32\services.exe[696] @ C:\WINDOWS\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 00380002
IAT C:\WINDOWS\system32\services.exe[696] @ C:\WINDOWS\system32\services.exe [KERNEL32.dll!CreateProcessW] 00380000

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/AVAST Software)

AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)

---- EOF - GMER 1.0.15 ----

Voici ensuite le OTL.txt :


OTL logfile created on: 15/01/2011 14:55:17 - Run 1
OTL by OldTimer - Version 3.2.20.2 Folder = C:\Documents and Settings\Sha\Mes documents\Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy

2,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 82,00% Memory free
4,00 Gb Paging File | 4,00 Gb Available in Paging File | 93,00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 115,03 Gb Total Space | 98,44 Gb Free Space | 85,58% Space Free | Partition Type: NTFS

Computer Name: SHA-DK4N9SAW0DO | User Name: Sha | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

[color=#E56717]========== Processes (SafeList) ==========/color

PRC - [2011/01/15 14:54:34 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Sha\Mes documents\Downloads\OTL.scr
PRC - [2011/01/08 04:35:52 | 000,991,800 | ---- | M] (Google Inc.) -- C:\Documents and Settings\Sha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
PRC - [2010/09/07 17:12:02 | 002,838,912 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2010/09/07 17:11:59 | 000,040,384 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2010/05/14 11:44:46 | 000,248,552 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe
PRC - [2008/04/14 03:34:03 | 001,037,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


[color=#E56717]========== Modules (SafeList) ==========/color

MOD - [2011/01/15 14:54:34 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Sha\Mes documents\Downloads\OTL.scr
MOD - [2010/08/23 17:12:39 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll


[color=#E56717]========== Win32 Services (SafeList) ==========/color

SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - [2010/09/08 20:46:00 | 003,852,792 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\WINDOWS\System32\GameMon.des -- (npggsvc)
SRV - [2010/09/07 17:11:59 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Stopped] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Web Scanner)
SRV - [2010/09/07 17:11:59 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Stopped] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Mail Scanner)
SRV - [2010/09/07 17:11:59 | 000,040,384 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2010/03/18 16:47:22 | 000,035,160 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe -- (aspnet_state)
SRV - [2010/03/18 13:16:28 | 000,753,504 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe -- (WPFFontCache_v0400)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)


[color=#E56717]========== Driver Services (SafeList) ==========/color

DRV - [2010/09/07 16:52:25 | 000,046,672 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2010/09/07 16:52:03 | 000,165,584 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2010/09/07 16:47:46 | 000,023,376 | ---- | M] (AVAST Software) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2010/09/07 16:47:19 | 000,100,176 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2010/09/07 16:47:07 | 000,017,744 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2010/09/07 16:46:51 | 000,028,880 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2008/08/21 05:52:41 | 003,299,840 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2007/12/06 09:51:00 | 000,285,952 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\yk51x86.sys -- (yukonwxp)
DRV - [2006/08/18 06:52:00 | 004,017,536 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\alcxwdm.sys -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)


[color=#E56717]========== Standard Registry (SafeList) ==========/color


[color=#E56717]========== Internet Explorer ==========/color



IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-2000478354-329068152-682003330-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



O1 HOSTS File: ([2003/04/24 13:00:00 | 000,000,790 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe ARM] C:\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [KernelFaultCheck] File not found
O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\soundman.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2000478354-329068152-682003330-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - File not found
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - File not found
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/... (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 212.27.40.240 212.27.40.241
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop Components:0 (Ma page d'accueil) - About:Home
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Colline verdoyante.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Colline verdoyante.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/11/04 19:30:39 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: AppMgmt - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()


ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Rendu VML (Vector Graphics Rendering)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Lecteur Windows Media Microsoft 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Liaison de données Dynamic HTML pour Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Création avancée
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - Classes Java DirectAnimation
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5056b317-8d4c-43ee-8543-b9d1e234b8f4} - Mise à jour de sécurité pour Windows XP (KB923789)
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - DOTNETFRAMEWORKS
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {9A394342-4A68-4EBA-85A6-55B559F4E700} - .NET Framework
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Planificateur de tâches
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Shockwave Flash
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F196AC50-7C95-42E1-9947-BDAB18BF3C8C} - .NET Framework
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\INF\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

CREATERESTOREPOINT
Error starting restore point: System Restore is disabled.
Error closing restore point: System Restore is disabled.

[color=#E56717]========== Files/Folders - Created Within 30 Days ==========/color

[2011/01/15 13:06:02 | 000,000,000 | ---D | C] -- C:\56d0d72a59bf5ff3af2cd620ab08a1
[2011/01/15 13:05:59 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\UMDF
[2011/01/15 13:05:59 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\LogFiles
[2011/01/15 13:03:18 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\URTTEMP
[2011/01/15 12:52:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sha\Application Data\DriverCure
[2011/01/15 12:52:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sha\Application Data\ParetoLogic
[2011/01/15 12:49:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\ParetoLogic
[2011/01/15 12:10:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sha\Application Data\Uniblue
[2011/01/15 12:09:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sha\Local Settings\Application Data\PackageAware
[2011/01/12 20:01:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
[2011/01/12 20:01:38 | 000,000,000 | ---D | C] -- C:\Program Files\Fichiers communs\Java
[2011/01/12 20:00:56 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2011/01/12 20:00:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sha\Application Data\Sun
[2011/01/08 00:26:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Démarrer\Programmes\gPotato.eu
[2011/01/08 00:14:04 | 000,000,000 | ---D | C] -- C:\Program Files\gPotato.eu
[2011/01/01 23:19:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sha\Application Data\Unity
[2011/01/01 20:09:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sha\Local Settings\Application Data\Unity
[2011/01/01 14:41:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sha\Mes documents\Downloads
[2010/12/26 22:52:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sha\Application Data\WinRAR
[2010/12/26 22:52:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sha\Menu Démarrer\Programmes\WinRAR
[2010/12/26 22:52:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Démarrer\Programmes\WinRAR
[2010/12/26 22:52:15 | 000,000,000 | ---D | C] -- C:\Program Files\WinRAR
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

[color=#E56717]========== Files - Modified Within 30 Days ==========/color

[2011/01/15 14:31:03 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/01/15 14:31:01 | 000,044,964 | ---- | M] () -- C:\WINDOWS\System32\ativvaxx.cap
[2011/01/15 14:12:00 | 000,001,138 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2000478354-329068152-682003330-1004UA.job
[2011/01/15 13:06:01 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\UMDF\MsftWdf_user_01_00_00.Wdf
[2011/01/15 13:03:45 | 000,574,346 | ---- | M] () -- C:\WINDOWS\System32\perfh00C.dat
[2011/01/15 13:03:45 | 000,500,942 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/01/15 13:03:45 | 000,103,830 | ---- | M] () -- C:\WINDOWS\System32\perfc00C.dat
[2011/01/15 13:03:45 | 000,086,952 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/01/15 13:00:02 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/01/15 12:27:12 | 000,003,584 | ---- | M] () -- C:\Documents and Settings\Sha\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/01/13 21:12:33 | 000,001,086 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2000478354-329068152-682003330-1004Core.job
[2011/01/12 22:42:44 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/12/16 19:13:59 | 000,099,048 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

[color=#E56717]========== Files Created - No Company Name ==========/color

[2011/01/15 13:36:25 | 000,000,101 | ---- | C] () -- C:\Documents and Settings\Sha\FxSasser.log
[2011/01/15 13:06:01 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\UMDF\MsftWdf_user_01_00_00.Wdf
[2011/01/15 12:27:12 | 000,003,584 | ---- | C] () -- C:\Documents and Settings\Sha\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/11/08 17:20:50 | 000,000,008 | ---- | C] () -- C:\Documents and Settings\Sha\Application Data\DofusAppId0_3
[2010/11/07 19:46:29 | 000,000,008 | ---- | C] () -- C:\Documents and Settings\Sha\Application Data\DofusAppId0_1
[2010/11/07 19:41:22 | 000,000,193 | ---- | C] () -- C:\Documents and Settings\Sha\Application Data\D2Info0
[2010/11/07 19:41:22 | 000,000,008 | ---- | C] () -- C:\Documents and Settings\Sha\Application Data\DofusAppId0_2
[2010/11/04 23:09:09 | 000,000,010 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2010/11/04 20:02:44 | 000,000,164 | ---- | C] () -- C:\WINDOWS\avrack.ini
[2010/11/04 20:02:32 | 000,143,360 | ---- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
[2010/10/28 12:11:41 | 000,004,207 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI

[color=#E56717]========== LOP Check ==========/color

[2010/11/04 21:16:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2010/11/07 19:04:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nexon
[2011/01/15 12:58:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ParetoLogic
[2010/11/07 19:41:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sha\Application Data\app
[2010/11/07 22:34:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sha\Application Data\Dofus 2
[2010/11/07 19:41:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sha\Application Data\Dofus-2.C9ECCBDBA4E09304DEEFB106465BC17F6D6749B9.1
[2010/11/08 17:20:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sha\Application Data\Dofus-3.C9ECCBDBA4E09304DEEFB106465BC17F6D6749B9.1
[2010/11/07 19:46:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sha\Application Data\Dofus.C9ECCBDBA4E09304DEEFB106465BC17F6D6749B9.1
[2011/01/15 12:52:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sha\Application Data\DriverCure
[2010/11/20 15:56:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sha\Application Data\FOG Downloader
[2011/01/15 12:52:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sha\Application Data\ParetoLogic
[2010/11/07 19:41:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sha\Application Data\Reg.C9ECCBDBA4E09304DEEFB106465BC17F6D6749B9.1
[2011/01/15 12:10:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sha\Application Data\Uniblue
[2011/01/01 23:19:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sha\Application Data\Unity

[color=#E56717]========== Purity Check ==========/color



[color=#E56717]========== Custom Scans ==========/color



[color=#A23BEC]< MD5 for: EXPLORER.EXE >/color
[2004/08/20 00:09:53 | 001,036,288 | ---- | M] (Microsoft Corporation) MD5=2A7BD330924252A2FD80344FC949BB72 -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe
[2008/04/14 03:34:03 | 001,037,824 | ---- | M] (Microsoft Corporation) MD5=F2317622D29F9FF0F88AEECD5F60F0DD -- C:\WINDOWS\explorer.exe
[2008/04/14 03:34:03 | 001,037,824 | ---- | M] (Microsoft Corporation) MD5=F2317622D29F9FF0F88AEECD5F60F0DD -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe

[color=#A23BEC]< MD5 for: LSASS.EXE >/color
[2004/08/20 00:09:54 | 000,013,312 | ---- | M] (Microsoft Corporation) MD5=259AF82A0932EEA4F316F92DB94707B6 -- C:\WINDOWS\$NtServicePackUninstall$\lsass.exe
[2008/04/14 03:34:09 | 000,013,312 | ---- | M] (Microsoft Corporation) MD5=91E6024D6D4DCDECDB36C43ECF9BBECB -- C:\WINDOWS\system32\lsass.exe

[color=#A23BEC]< MD5 for: WINLOGON.EXE >/color
[2004/08/20 00:10:04 | 000,506,368 | ---- | M] (Microsoft Corporation) MD5=123EEA158F74D0F67A51DCDF065D1091 -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[2008/04/14 03:34:28 | 000,512,000 | ---- | M] (Microsoft Corporation) MD5=DD73D6B9F6B4CB630CF35B438B540174 -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008/04/14 03:34:28 | 000,512,000 | ---- | M] (Microsoft Corporation) MD5=DD73D6B9F6B4CB630CF35B438B540174 -- C:\WINDOWS\system32\winlogon.exe

[color=#A23BEC]< %SYSTEMDRIVE%\*.exe >/color
[2007/11/07 08:03:18 | 000,562,688 | ---- | M] (Microsoft Corporation) -- C:\install.exe

[color=#A23BEC]< %ALLUSERSPROFILE%\Application Data\*. >/color
[2010/11/24 17:23:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Adobe
[2010/11/04 21:16:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2010/11/04 23:23:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ATI
[2010/11/22 16:49:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Blizzard
[2011/01/15 12:21:06 | 000,000,000 | --SD | M] -- C:\Documents and Settings\All Users\Application Data\Microsoft
[2010/11/07 19:04:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nexon
[2011/01/15 12:58:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ParetoLogic
[2011/01/12 20:01:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sun
[2010/11/04 20:13:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage

[color=#A23BEC]< %ALLUSERSPROFILE%\Application Data\*.exe /s >/color
[2010/11/10 22:03:41 | 000,337,352 | ---- | M] (Adobe Systems Incorporated) -- C:\Documents and Settings\All Users\Application Data\Adobe\Setup\{AC76BA86-7AD7-1036-7B44-AA0000000001}\setup.exe
[2010/11/10 06:40:23 | 001,873,288 | ---- | M] (Nexon Corp.) -- C:\Documents and Settings\All Users\Application Data\Nexon\Common\NMService.exe

[color=#A23BEC]< %appdata%\*.exe /s >/color
[2010/11/07 19:07:57 | 000,053,632 | ---- | M] (Adobe Systems Inc.) -- C:\Documents and Settings\Sha\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
[2010/11/20 16:58:39 | 002,827,728 | ---- | M] (Adobe Systems, Inc.) -- C:\Documents and Settings\Sha\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\fpupdateax\fpupdateax.exe

[color=#A23BEC]< %APPDATA%\*. >/color
[2010/11/24 17:20:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sha\Application Data\Adobe
[2010/11/07 19:41:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sha\Application Data\app
[2010/11/04 23:23:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sha\Application Data\ATI
[2010/11/07 22:34:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sha\Application Data\Dofus 2
[2010/11/07 19:41:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sha\Application Data\Dofus-2.C9ECCBDBA4E09304DEEFB106465BC17F6D6749B9.1
[2010/11/08 17:20:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sha\Application Data\Dofus-3.C9ECCBDBA4E09304DEEFB106465BC17F6D6749B9.1
[2010/11/07 19:46:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sha\Application Data\Dofus.C9ECCBDBA4E09304DEEFB106465BC17F6D6749B9.1
[2011/01/15 12:52:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sha\Application Data\DriverCure
[2010/11/20 15:56:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sha\Application Data\FOG Downloader
[2010/11/04 19:43:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sha\Application Data\Identities
[2010/11/04 21:09:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sha\Application Data\Macromedia
[2011/01/15 12:22:50 | 000,000,000 | --SD | M] -- C:\Documents and Settings\Sha\Application Data\Microsoft
[2011/01/15 12:52:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sha\Application Data\ParetoLogic
[2010/11/07 19:41:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sha\Application Data\Reg.C9ECCBDBA4E09304DEEFB106465BC17F6D6749B9.1
[2011/01/12 20:00:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sha\Application Data\Sun
[2011/01/15 12:10:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sha\Application Data\Uniblue
[2011/01/01 23:19:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sha\Application Data\Unity
[2010/12/26 22:52:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sha\Application Data\WinRAR

[color=#A23BEC]< %systemroot%\*. /mp /s >/color

[color=#A23BEC]< %systemroot%\system32\*.dll /lockedfiles >/color
[2008/08/21 03:19:26 | 000,425,984 | ---- | M] (Advanced Micro Devices, Inc.)[b] Unable to obtain MD5/b -- C:\WINDOWS\system32\ATIDEMGX.dll
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

[color=#A23BEC]< %systemroot%\Tasks\*.job /lockedfiles >/color

< End of report >

Et enfin le Extras.txt :


OTL Extras logfile created on: 15/01/2011 14:55:17 - Run 1
OTL by OldTimer - Version 3.2.20.2 Folder = C:\Documents and Settings\Sha\Mes documents\Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy

2,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 82,00% Memory free
4,00 Gb Paging File | 4,00 Gb Available in Paging File | 93,00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 115,03 Gb Total Space | 98,44 Gb Free Space | 85,58% Space Free | Partition Type: NTFS

Computer Name: SHA-DK4N9SAW0DO | User Name: Sha | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

[color=#E56717]========== Extra Registry (SafeList) ==========/color


[color=#E56717]========== File Associations ==========/color

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_USERS\S-1-5-21-2000478354-329068152-682003330-1004\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

[color=#E56717]========== Shell Spawning ==========/color

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[color=#E56717]========== Security Center Settings ==========/color

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[color=#E56717]========== System Restore Settings ==========/color

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 4

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

[color=#E56717]========== Firewall Settings ==========/color

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
"1037:TCP" = 1037:TCP:*:Enabled:Akamai NetSession Interface
"5000:UDP" = 5000:UDP:*:Enabled:Akamai NetSession Interface

[color=#E56717]========== Authorized Applications List ==========/color

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Documents and Settings\Sha\Mes documents\Téléchargements\YuLeech-Runes_of_Magic_3_0_5_2262_slim.exe" = C:\Documents and Settings\Sha\Mes documents\Téléchargements\YuLeech-Runes_of_Magic_3_0_5_2262_slim.exe:*:Enabled:YuLeech-Runes_of_Magic_3_0_5_2262_slim
"C:\Program Files\World of Warcraft\Launcher.exe" = C:\Program Files\World of Warcraft\Launcher.exe:*:Enabled:Blizzard Launcher
"C:\Program Files\World of Warcraft\Launcher.patch.exe" = C:\Program Files\World of Warcraft\Launcher.patch.exe:*:Enabled:Blizzard Launcher
"C:\Documents and Settings\Sha\Mes documents\Maestia-Downloader.exe" = C:\Documents and Settings\Sha\Mes documents\Maestia-Downloader.exe:*:Enabled:BigPoint Maestia P2P DLM UC
"C:\Program Files\alaplaya\LOCO\System\LOCO.exe" = C:\Program Files\alaplaya\LOCO\System\LOCO.exe:*:Enabled:LOCO


[color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========/color

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{043F86B7-EE12-3399-B2CA-D0B603D87963}" = Microsoft .NET Framework 4 Extended FRA Language Pack
"{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0A7FBF0B-F96C-B34F-7627-0F93C9A8FABD}" = Skins
"{0F5B4A82-9DAF-3D13-8CB8-AEB25E4A614E}" = Microsoft .NET Framework 4 Client Profile FRA Language Pack
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216021FF}" = Java(TM) 6 Update 21
"{29397E8C-6C98-4C84-83D8-FF987219EC01}_is1" = Rappelz
"{350C940c-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{554E0167-0B53-B866-9512-44B766FABAAF}" = ccc-utility
"{55574205-0833-A7A2-FD0D-D1520E5469DD}" = CCC Help English
"{6A4C13C8-39F5-305C-44DE-CD26E1DE0DD6}" = Catalyst Control Center Graphics Full New
"{82E760D8-F344-3DE4-134D-2D782E31AACF}" = Catalyst Control Center Core Implementation
"{91BFB889-7BDE-E3BB-A622-068DB5202B0F}" = Catalyst Control Center Graphics Previews Common
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A394342-4A68-4EBA-85A6-55B559F4E700}" = Microsoft .NET Framework 1.1 French Language Pack
"{9D622363-9235-E8F0-380C-D9114D77FB52}" = ccc-core-static
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{AC76BA86-7AD7-1036-7B44-AA0000000001}" = Adobe Reader X - Français
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C950420B-4182-49EA-850A-A6A2ABF06C6B}" = Marvell Miniport Driver
"{C9DD3547-2B8B-B451-F479-30F8B05ED6D6}" = Catalyst Control Center Graphics Full Existing
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D6E00160-F372-F959-A54C-ABDE5E03B170}" = ccc-core-preinstall
"{E5D3E730-1EF6-7876-358A-41C0E61475F5}" = Catalyst Control Center Graphics Light
"{F196AC50-7C95-42E1-9947-BDAB18BF3C8C}" = Microsoft .NET Framework 2.0 Language Pack - FRA
"{FA3A247D-437A-455E-A88F-7EB6E5F9E799}" = Catalyst Control Center - Branding
"{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"All ATI Software" = ATI - Software Uninstall Utility
"ATI Display Driver" = ATI Display Driver
"avast5" = avast! Free Antivirus
"HijackThis" = HijackThis 2.0.2
"ie8" = Windows Internet Explorer 8
"Microsoft .NET Framework 2.0 Language Pack - FRA" = Module de prise en charge linguistique de Microsoft .NET Framework 2.0 - FRA
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile FRA Language Pack" = Module linguistique Microsoft .NET Framework 4 Client Profile FRA
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended FRA Language Pack" = Module linguistique Microsoft .NET Framework 4 Extended FRA
"Windows XP Service" = Windows XP Service Pack 3
"WinRAR archiver" = Logiciel d'archivage WinRAR
"World of Warcraft" = World of Warcraft
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

[color=#E56717]========== HKEY_USERS Uninstall List ==========/color

[HKEY_USERS\S-1-5-21-2000478354-329068152-682003330-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome

[color=#E56717]========== Last 10 Event Log Errors ==========/color

[ Application Events ]
Error - 17/11/2010 16:24:22 | Computer Name = SHA-DK4N9SAW0DO | Source = Application Error | ID = 1000
Description = Application défaillante dragonica.exe, version 0.11.32.0, module défaillant
, version 0.0.0.0, adresse de défaillance 0x00000000.

Error - 19/11/2010 12:25:09 | Computer Name = SHA-DK4N9SAW0DO | Source = Application Error | ID = 1000
Description = Application défaillante patcher.exe, version 1.1.3.0, module défaillant
patcher.exe, version 1.1.3.0, adresse de défaillance 0x0004f446.

Error - 20/11/2010 12:16:41 | Computer Name = SHA-DK4N9SAW0DO | Source = Application Error | ID = 1000
Description = Application défaillante launcher.exe, version 1.0.0.1, module défaillant
mshtml.dll, version 8.0.6001.18975, adresse de défaillance 0x001b59fc.

Error - 25/11/2010 13:19:47 | Computer Name = SHA-DK4N9SAW0DO | Source = Application Error | ID = 1000
Description = Application défaillante dragonica.exe, version 0.11.32.0, module défaillant
ntdll.dll, version 5.1.2600.5755, adresse de défaillance 0x0001b21a.

Error - 25/11/2010 13:19:59 | Computer Name = SHA-DK4N9SAW0DO | Source = Application Error | ID = 1000
Description = Application défaillante dragonica.exe, version 0.11.32.0, module défaillant
ntdll.dll, version 5.1.2600.5755, adresse de défaillance 0x0001b21a.

Error - 27/11/2010 07:59:12 | Computer Name = SHA-DK4N9SAW0DO | Source = Application Hang | ID = 1002
Description = Application bloquée iexplore.exe, version 8.0.6001.18702, module bloqué
hungapp, version 0.0.0.0, adresse de blocage 0x00000000.

Error - 29/11/2010 10:25:37 | Computer Name = SHA-DK4N9SAW0DO | Source = Application Error | ID = 1000
Description = Application défaillante locolauncher.exe, version 1.0.0.1, module
défaillant locolauncher.exe, version 1.0.0.1, adresse de défaillance 0x00119b0c.

Error - 29/11/2010 10:26:17 | Computer Name = SHA-DK4N9SAW0DO | Source = Application Error | ID = 1000
Description = Application défaillante locolauncher.exe, version 1.0.0.1, module
défaillant locolauncher.exe, version 1.0.0.1, adresse de défaillance 0x00119b0c.

Error - 02/01/2011 17:24:16 | Computer Name = SHA-DK4N9SAW0DO | Source = Application Hang | ID = 1002
Description = Application bloquée msnmsgr.exe, version 14.0.8117.416, module bloqué
hungapp, version 0.0.0.0, adresse de blocage 0x00000000.

Error - 15/01/2011 09:30:13 | Computer Name = SHA-DK4N9SAW0DO | Source = Winlogon | ID = 1015
Description = Le processus critique du système, C:\WINDOWS\system32\lsass.exe, a
échoué avec un code d'état 00000000. L'ordinateur doit maintenant être redémarré.

[ System Events ]
Error - 15/01/2011 08:09:39 | Computer Name = SHA-DK4N9SAW0DO | Source = Service Control Manager | ID = 7001
Description = Le service Services IPSEC dépend du service Pilote IPSEC qui n'a pas
pu démarrer en raison de l'erreur : %%31

Error - 15/01/2011 08:09:39 | Computer Name = SHA-DK4N9SAW0DO | Source = Service Control Manager | ID = 7026
Description = Le pilote de démarrage système ou d'amorçage suivant n'a pas pu se
charger : Aavmker4 AFD aswSP aswTdi Fips intelppm IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss Tcpip

Error - 15/01/2011 08:10:25 | Computer Name = SHA-DK4N9SAW0DO | Source = DCOM | ID = 10005
Description = DCOM a reçu l'erreur "%1084" lors de la mise en route du service EventSystem
avec les arguments "" pour démarrer le serveur : {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 15/01/2011 08:13:14 | Computer Name = SHA-DK4N9SAW0DO | Source = DCOM | ID = 10005
Description = DCOM a reçu l'erreur "%1084" lors de la mise en route du service EventSystem
avec les arguments "" pour démarrer le serveur : {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 15/01/2011 08:15:25 | Computer Name = SHA-DK4N9SAW0DO | Source = Service Control Manager | ID = 7000
Description = Le service Scutum50 NDIS Protocol Driver n'a pas pu démarrer en raison
de l'erreur : %%2

Error - 15/01/2011 09:31:40 | Computer Name = SHA-DK4N9SAW0DO | Source = Service Control Manager | ID = 7000
Description = Le service Scutum50 NDIS Protocol Driver n'a pas pu démarrer en raison
de l'erreur : %%2

Error - 15/01/2011 09:32:22 | Computer Name = SHA-DK4N9SAW0DO | Source = atapi | ID = 262153
Description = Le périphérique \Device\Ide\IdePort0 n'a pas répondu dans le délai
imparti.

Error - 15/01/2011 09:32:27 | Computer Name = SHA-DK4N9SAW0DO | Source = atapi | ID = 262153
Description = Le périphérique \Device\Ide\IdePort0 n'a pas répondu dans le délai
imparti.

Error - 15/01/2011 09:55:37 | Computer Name = SHA-DK4N9SAW0DO | Source = SRService | ID = 104
Description = Le processus d'initialisation de la restauration du système a échoué.

Error - 15/01/2011 09:55:37 | Computer Name = SHA-DK4N9SAW0DO | Source = Service Control Manager | ID = 7023
Description = Le service Service de restauration système s'est arrêté avec l'erreur :
%%2


< End of report >


Voila. Merci pour la rapidité de la réponse.
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 12
verni29 Messages postés 6699 Date d'inscription dimanche 6 juillet 2008 Statut Contributeur sécurité Dernière intervention 26 décembre 2016 180
15 janv. 2011 à 16:26
Re,

Tu télécharges MalwareBytes .

Tu l'installes. Choisis les options par défaut.
# A la fin de l'installation, il te sera demandé de mettre à jour MalwareBytes et de l'éxecuter .
# Accepte. Après la, mise à jour, le logiciel va s'ouvrir.

# Dans l'onglet Recherche, sélectionne Exécuter un examen complet.
# Clique sur recherche. Tu ne sélectionnes que les disques durs de l'ordinateur.
# Clique sur lancer l'examen.

# A la fin de la recherche, comme il est demandé, clique sur afficher les résultats.
# Si des infections sont trouvées, clique sur Supprimer la sélection.
Tu postes le rapport dans ton prochain message.

Si tu ne retrouves pas le rapport, ouvre MalwareBytes et regarde dans l'onglet Rapport/logs. Il y est. Clique dessus et choisir ouvrir.

L'analyse dure dans les 50 mn.

A+
0
Réponse 6 / 12
Shalice
15 janv. 2011 à 17:07
Voici le résultat de l'analyse.

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Version de la base de données: 5524

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

15/01/2011 17:07:15
mbam-log-2011-01-15 (17-07-15).txt

Type d'examen: Examen complet (C:\|)
Elément(s) analysé(s): 165657
Temps écoulé: 29 minute(s), 13 seconde(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 1
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 0

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowHelp (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
(Aucun élément nuisible détecté)

Encore merci pour l'aide apportée
0
Réponse 7 / 12
verni29 Messages postés 6699 Date d'inscription dimanche 6 juillet 2008 Statut Contributeur sécurité Dernière intervention 26 décembre 2016 180
15 janv. 2011 à 17:27
shalice,

Il y a bien eu des dysfonctionnements sur le PC comme on le voit dans le raport d'évenements .
divers plantages du PC avec lsass.exe, iexplore.exe, ...
Non démarrage de certains protocoles comme IPSec. Restauration système désactivée.

Et tu as utilisé aujourd'hui un pack de nettoyage avec driverCure.
A nettoyer de toute manière.

Je ne crois pas que ce soit infectieux.

-----------------------------------------

On va tout de même vérifier cela.

Tu vas télécharger ComBoFix et enregistre le sur ton bureau ( IMPORTANT )
http://download.bleepingcomputer.com/sUBs/ComboFix.exe

# Désactive les protections résidentes de ton ordinateur ( antivirus, antispyware et parefeu )
# Branche tes différents supports amovibles ( clés USB, disque dur externe ) sans les ouvrir.

# Lance Combofix.exe et suis les invites.
# Il te sera demandé d'installer la console de récupération.
Important. Fais le absolument.

Il est possible que ComBoFix redémarre l'ordinateur pour supprimer certains fichiers.

# Une fois le scan fini, un rapport va apparaitre.

Copie/colle ce rapport dans ta prochaine réponse.

Note : Si tu ne le trouves pas, il est à C:\ComboFix.txt.

A+

0
Réponse 8 / 12
Shalice
15 janv. 2011 à 17:42
Voici le résultat de l'analyse de ComboFix :

ComboFix 11-01-14.01 - Sha 15/01/2011 17:35:10.1.1 - x86
Microsoft Windows XP Édition familiale 5.1.2600.3.1252.33.1036.18.2559.2169 [GMT 1:00]
Lancé depuis: c:\documents and settings\Sha\Mes documents\Downloads\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Install.exe

.
((((((((((((((((((((((((((((( Fichiers créés du 2010-12-15 au 2011-01-15 ))))))))))))))))))))))))))))))))))))
.

2011-01-15 15:33 . 2011-01-15 15:33 -------- d-----w- c:\documents and settings\Sha\Application Data\Malwarebytes
2011-01-15 15:33 . 2010-12-20 17:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-01-15 15:33 . 2011-01-15 15:33 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2011-01-15 15:33 . 2011-01-15 15:33 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-01-15 15:33 . 2010-12-20 17:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-01-15 12:08 . 2011-01-15 12:08 -------- d-----w- c:\documents and settings\Administrateur
2011-01-15 12:06 . 2011-01-15 12:06 -------- d-----w- C:\56d0d72a59bf5ff3af2cd620ab08a1
2011-01-15 12:05 . 2011-01-15 12:06 -------- d-----w- c:\windows\system32\drivers\UMDF
2011-01-15 12:05 . 2011-01-15 12:05 -------- d-----w- c:\windows\system32\LogFiles
2011-01-15 12:03 . 2011-01-15 12:03 -------- d-----w- c:\windows\system32\URTTEMP
2011-01-15 11:52 . 2011-01-15 11:52 -------- d-----w- c:\documents and settings\Sha\Application Data\DriverCure
2011-01-15 11:52 . 2011-01-15 11:52 -------- d-----w- c:\documents and settings\Sha\Application Data\ParetoLogic
2011-01-15 11:49 . 2011-01-15 11:58 -------- d-----w- c:\documents and settings\All Users\Application Data\ParetoLogic
2011-01-15 11:10 . 2011-01-15 11:10 -------- d-----w- c:\documents and settings\Sha\Application Data\Uniblue
2011-01-15 11:09 . 2011-01-15 11:09 -------- d-----w- c:\documents and settings\Sha\Local Settings\Application Data\PackageAware
2011-01-12 19:01 . 2011-01-12 19:01 -------- d-----w- c:\program files\Fichiers communs\Java
2011-01-12 19:01 . 2011-01-12 19:01 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-01-12 19:01 . 2011-01-12 19:01 423656 ----a-w- c:\windows\system32\deployJava1.dll
2011-01-12 19:00 . 2011-01-12 19:00 -------- d-----w- c:\program files\Java
2011-01-07 23:14 . 2011-01-07 23:14 -------- d-----w- c:\program files\gPotato.eu
2011-01-01 22:19 . 2011-01-01 22:19 -------- d-----w- c:\documents and settings\Sha\Application Data\Unity
2011-01-01 19:09 . 2011-01-15 11:25 -------- d-----w- c:\documents and settings\Sha\Local Settings\Application Data\Unity
2010-12-28 18:12 . 2008-04-14 02:05 14720 -c--a-w- c:\windows\system32\dllcache\kbdhid.sys
2010-12-28 18:12 . 2008-04-14 02:05 14720 ----a-w- c:\windows\system32\drivers\kbdhid.sys
2010-12-24 20:51 . 2008-04-13 18:45 32128 -c--a-w- c:\windows\system32\dllcache\usbccgp.sys
2010-12-24 20:51 . 2008-04-13 18:45 32128 ----a-w- c:\windows\system32\drivers\usbccgp.sys

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-11-18 18:12 . 2010-11-04 18:28 86016 ----a-w- c:\windows\system32\isign32.dll
2010-11-09 14:52 . 2003-04-24 12:00 249856 ----a-w- c:\windows\system32\odbc32.dll
2010-11-06 00:21 . 2003-04-24 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-11-06 00:21 . 2003-04-24 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-11-06 00:21 . 2003-04-24 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2010-11-03 12:26 . 2004-08-19 22:56 385024 ----a-w- c:\windows\system32\html.iec
2010-11-02 15:17 . 2003-04-24 12:00 40960 ----a-w- c:\windows\system32\drivers\ndproxy.sys
2010-10-28 13:14 . 2003-04-24 12:00 290048 ----a-w- c:\windows\system32\atmfd.dll
2010-10-26 14:07 . 2003-04-24 12:00 1853440 ----a-w- c:\windows\system32\win32k.sys
.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Google Update"="c:\documents and settings\Sha\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2010-11-04 136176]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2006-08-02 577536]
"avast5"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2010-09-07 2838912]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-08-01 61440]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2010-11-10 35736]
"Adobe ARM"="c:\program files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-10 932288]
"SunJavaUpdateSched"="c:\program files\Fichiers communs\Java\Java Update\jusched.exe" [2010-05-14 248552]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1037:TCP"= 1037:TCP:Akamai NetSession Interface
"5000:UDP"= 5000:UDP:Akamai NetSession Interface

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [04/11/2010 21:16 165584]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [04/11/2010 21:16 17744]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18/03/2010 13:16 130384]
S2 Scutum50;Scutum50 NDIS Protocol Driver;c:\windows\system32\Drivers\Scutum50.sys --> c:\windows\system32\Drivers\Scutum50.sys [?]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18/03/2010 13:16 753504]
.
Contenu du dossier 'Tâches planifiées'

2011-01-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2000478354-329068152-682003330-1004Core.job
- c:\documents and settings\Sha\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-11-04 20:07]

2011-01-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2000478354-329068152-682003330-1004UA.job
- c:\documents and settings\Sha\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-11-04 20:07]
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-01-15 17:38
Windows 5.1.2600 Service Pack 3 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs chargées dans les processus actifs ---------------------

- - - - - - - > 'winlogon.exe'(656)
c:\windows\system32\Ati2evxx.dll
.
Heure de fin: 2011-01-15 17:40:44
ComboFix-quarantined-files.txt 2011-01-15 16:40

Avant-CF: 105 520 918 528 octets libres
Après-CF: 105 648 361 472 octets libres

WindowsXP-KB310994-SP2-Home-BootDisk-FRA.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP dition familiale" /fastdetect /NoExecute=OptIn

- - End Of File - - D5BA5C7E0E1E1139CB8F7A48A9097D7A

Voili voilou. Du nouveau donc ?
0
Réponse 9 / 12
Shalice
15 janv. 2011 à 18:23
OTL logfile created on: 15/01/2011 18:19:56 - Run 2
OTL by OldTimer - Version 3.2.20.2 Folder = C:\Documents and Settings\Sha\Mes documents\Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy

2,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 79,00% Memory free
4,00 Gb Paging File | 4,00 Gb Available in Paging File | 92,00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 115,03 Gb Total Space | 98,42 Gb Free Space | 85,56% Space Free | Partition Type: NTFS

Computer Name: SHA-DK4N9SAW0DO | User Name: Sha | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: Off | File Age = 30 Days

[color=#E56717]========== Custom Scans ==========[/color]


[color=#A23BEC]< C:\56d0d72a59bf5ff3af2cd620ab08a1\*.* /s >[/color]
[2011/01/15 13:06:10 | 000,000,788 | -H-- | M] () -- C:\56d0d72a59bf5ff3af2cd620ab08a1\$shtdwn$.req
[2006/10/18 21:47:08 | 000,276,992 | ---- | M] (Microsoft Corporation) -- C:\56d0d72a59bf5ff3af2cd620ab08a1\audiodev.dll
[2006/10/18 21:47:10 | 000,542,720 | ---- | M] (Microsoft Corporation) -- C:\56d0d72a59bf5ff3af2cd620ab08a1\blackbox.dll
[2006/10/18 21:47:10 | 000,229,376 | ---- | M] (Microsoft Corporation) -- C:\56d0d72a59bf5ff3af2cd620ab08a1\cewmdm.dll
[2006/10/18 20:00:46 | 000,249,856 | ---- | M] (Microsoft Corporation) -- C:\56d0d72a59bf5ff3af2cd620ab08a1\drmupgds.exe
[2006/10/18 21:47:10 | 000,991,744 | ---- | M] (Microsoft Corporation) -- C:\56d0d72a59bf5ff3af2cd620ab08a1\drmv2clt.dll
[2006/10/18 21:47:14 | 000,011,264 | ---- | M] (Microsoft Corporation) -- C:\56d0d72a59bf5ff3af2cd620ab08a1\laprxy.dll
[2006/10/18 20:03:58 | 000,100,864 | ---- | M] (Microsoft Corporation) -- C:\56d0d72a59bf5ff3af2cd620ab08a1\logagent.exe
[2006/10/18 21:47:14 | 000,212,992 | ---- | M] (Microsoft Corporation) -- C:\56d0d72a59bf5ff3af2cd620ab08a1\mfplat.dll
[2006/10/18 21:47:14 | 000,259,072 | ---- | M] (Microsoft Corporation) -- C:\56d0d72a59bf5ff3af2cd620ab08a1\mp43decd.dll
[2006/10/18 21:47:14 | 000,004,096 | ---- | M] (Microsoft Corporation) -- C:\56d0d72a59bf5ff3af2cd620ab08a1\mp43dmod.dll
[2006/10/18 21:47:14 | 000,317,440 | ---- | M] (Microsoft Corporation) -- C:\56d0d72a59bf5ff3af2cd620ab08a1\mp4sdecd.dll
[2006/10/18 21:47:14 | 000,004,096 | ---- | M] (Microsoft Corporation) -- C:\56d0d72a59bf5ff3af2cd620ab08a1\mp4sdmod.dll
[2006/10/18 21:47:14 | 000,259,072 | ---- | M] (Microsoft Corporation) -- C:\56d0d72a59bf5ff3af2cd620ab08a1\mpg4decd.dll
[2006/10/18 21:47:14 | 000,004,096 | ---- | M] (Microsoft Corporation) -- C:\56d0d72a59bf5ff3af2cd620ab08a1\mpg4dmod.dll
[2006/10/18 21:47:16 | 000,179,712 | ---- | M] (Microsoft Corporation) -- C:\56d0d72a59bf5ff3af2cd620ab08a1\msnetobj.dll
[2006/10/18 21:47:16 | 000,027,136 | ---- | M] (Microsoft Corporation) -- C:\56d0d72a59bf5ff3af2cd620ab08a1\mspmsnsv.dll
[2006/10/18 21:47:16 | 000,175,616 | ---- | M] (Microsoft Corporation) -- C:\56d0d72a59bf5ff3af2cd620ab08a1\mspmsp.dll
[2006/10/18 21:47:16 | 000,414,208 | ---- | M] (Microsoft Corporation) -- C:\56d0d72a59bf5ff3af2cd620ab08a1\msscp.dll
[2006/10/18 21:47:16 | 000,321,536 | ---- | M] (Microsoft Corporation) -- C:\56d0d72a59bf5ff3af2cd620ab08a1\mswmdm.dll
[2006/10/18 21:47:18 | 000,284,160 | ---- | M] (Microsoft Corporation) -- C:\56d0d72a59bf5ff3af2cd620ab08a1\portabledeviceapi.dll
[2006/10/18 21:47:18 | 000,101,888 | ---- | M] (Microsoft Corporation) -- C:\56d0d72a59bf5ff3af2cd620ab08a1\portabledeviceclassextension.dll
[2006/10/18 21:47:18 | 000,166,912 | ---- | M] (Microsoft Corporation) -- C:\56d0d72a59bf5ff3af2cd620ab08a1\portabledevicetypes.dll
[2006/10/18 21:47:18 | 000,132,096 | ---- | M] (Microsoft Corporation) -- C:\56d0d72a59bf5ff3af2cd620ab08a1\portabledevicewiacompat.dll
[2006/10/18 21:47:18 | 000,199,168 | ---- | M] (Microsoft Corporation) -- C:\56d0d72a59bf5ff3af2cd620ab08a1\portabledevicewmdrm.dll
[2006/10/18 21:47:18 | 000,211,456 | ---- | M] (Microsoft Corporation) -- C:\56d0d72a59bf5ff3af2cd620ab08a1\qasf.dll
[2006/05/16 18:11:54 | 000,213,216 | ---- | M] (Microsoft Corporation) -- C:\56d0d72a59bf5ff3af2cd620ab08a1\spuninst.exe
[2006/05/16 18:11:54 | 000,022,752 | ---- | M] (Microsoft Corporation) -- C:\56d0d72a59bf5ff3af2cd620ab08a1\spupdsvc.exe
[2006/10/18 21:58:00 | 000,008,704 | ---- | M] (Microsoft Corporation) -- C:\56d0d72a59bf5ff3af2cd620ab08a1\uwdf.exe
[2006/10/18 21:47:18 | 000,004,096 | ---- | M] (Microsoft Corporation) -- C:\56d0d72a59bf5ff3af2cd620ab08a1\wdfapi.dll
[2006/10/18 21:58:00 | 000,008,704 | ---- | M] (Microsoft Corporation) -- C:\56d0d72a59bf5ff3af2cd620ab08a1\wdfmgr.exe
[2006/10/18 21:47:18 | 000,757,248 | ---- | M] (Microsoft Corporation) -- C:\56d0d72a59bf5ff3af2cd620ab08a1\wmadmod.dll
[2006/10/18 21:47:18 | 001,117,696 | ---- | M] (Microsoft Corporation) -- C:\56d0d72a59bf5ff3af2cd620ab08a1\wmadmoe.dll
[2006/10/18 21:47:18 | 000,222,208 | ---- | M] (Microsoft Corporation) -- C:\56d0d72a59bf5ff3af2cd620ab08a1\wmasf.dll
[2006/10/18 21:47:18 | 000,033,792 | ---- | M] (Microsoft Corporation) -- C:\56d0d72a59bf5ff3af2cd620ab08a1\wmdmlog.dll
[2006/10/18 21:47:18 | 000,037,376 | ---- | M] (Microsoft Corporation) -- C:\56d0d72a59bf5ff3af2cd620ab08a1\wmdmps.dll
[2006/10/18 21:47:18 | 000,429,056 | ---- | M] (Microsoft Corporation) -- C:\56d0d72a59bf5ff3af2cd620ab08a1\wmdrmdev.dll
[2006/10/18 21:47:20 | 000,348,672 | ---- | M] (Microsoft Corporation) -- C:\56d0d72a59bf5ff3af2cd620ab08a1\wmdrmnet.dll
[2006/10/18 21:47:20 | 000,535,040 | ---- | M] (Microsoft Corporation) -- C:\56d0d72a59bf5ff3af2cd620ab08a1\wmdrmsdk.dll
[2006/10/18 21:47:20 | 000,157,184 | ---- | M] (Microsoft Corporation) -- C:\56d0d72a59bf5ff3af2cd620ab08a1\wmidx.dll
[2006/10/18 21:47:20 | 000,937,984 | ---- | M] (Microsoft Corporation) -- C:\56d0d72a59bf5ff3af2cd620ab08a1\wmnetmgr.dll
[2006/10/18 21:47:22 | 000,004,096 | ---- | M] (Microsoft Corporation) -- C:\56d0d72a59bf5ff3af2cd620ab08a1\wmsdmod.dll
[2006/10/18 21:47:22 | 000,004,096 | ---- | M] (Microsoft Corporation) -- C:\56d0d72a59bf5ff3af2cd620ab08a1\wmsdmoe2.dll
[2006/11/01 18:31:38 | 001,669,120 | ---- | M] (Microsoft Corporation) -- C:\56d0d72a59bf5ff3af2cd620ab08a1\wmsetsdk.exe
[2006/10/18 21:47:22 | 000,603,648 | ---- | M] (Microsoft Corporation) -- C:\56d0d72a59bf5ff3af2cd620ab08a1\wmspdmod.dll
[2006/10/18 21:47:22 | 001,329,152 | ---- | M] (Microsoft Corporation) -- C:\56d0d72a59bf5ff3af2cd620ab08a1\wmspdmoe.dll
[2006/10/18 21:47:22 | 000,004,096 | ---- | M] (Microsoft Corporation) -- C:\56d0d72a59bf5ff3af2cd620ab08a1\wmvadvd.dll
[2006/10/18 21:47:22 | 000,004,096 | ---- | M] (Microsoft Corporation) -- C:\56d0d72a59bf5ff3af2cd620ab08a1\wmvadve.dll
[2006/10/18 21:47:22 | 002,450,944 | ---- | M] (Microsoft Corporation) -- C:\56d0d72a59bf5ff3af2cd620ab08a1\wmvcore.dll
[2006/10/18 21:47:22 | 001,543,680 | ---- | M] (Microsoft Corporation) -- C:\56d0d72a59bf5ff3af2cd620ab08a1\wmvdecod.dll
[2006/10/18 21:47:22 | 000,004,096 | ---- | M] (Microsoft Corporation) -- C:\56d0d72a59bf5ff3af2cd620ab08a1\wmvdmod.dll
[2006/10/18 21:47:22 | 000,004,096 | ---- | M] (Microsoft Corporation) -- C:\56d0d72a59bf5ff3af2cd620ab08a1\wmvdmoe2.dll
[2006/10/18 21:47:22 | 001,574,912 | ---- | M] (Microsoft Corporation) -- C:\56d0d72a59bf5ff3af2cd620ab08a1\wmvencod.dll
[2006/10/18 21:47:22 | 001,382,912 | ---- | M] (Microsoft Corporation) -- C:\56d0d72a59bf5ff3af2cd620ab08a1\wmvsdecd.dll
[2006/10/18 21:47:22 | 000,767,488 | ---- | M] (Microsoft Corporation) -- C:\56d0d72a59bf5ff3af2cd620ab08a1\wmvsencd.dll
[2006/10/18 21:47:22 | 000,656,896 | ---- | M] (Microsoft Corporation) -- C:\56d0d72a59bf5ff3af2cd620ab08a1\wmvxencd.dll
[2006/10/18 21:47:22 | 000,035,840 | ---- | M] (Microsoft Corporation) -- C:\56d0d72a59bf5ff3af2cd620ab08a1\wpdconns.dll
[2006/11/02 11:46:52 | 000,013,312 | ---- | M] () -- C:\56d0d72a59bf5ff3af2cd620ab08a1\wpdinstallutil.dll
[2006/10/18 21:47:22 | 000,154,624 | ---- | M] (Microsoft Corporation) -- C:\56d0d72a59bf5ff3af2cd620ab08a1\wpdmtp.dll
[2006/09/11 17:00:24 | 000,008,019 | ---- | M] () -- C:\56d0d72a59bf5ff3af2cd620ab08a1\wpdmtp.inf
[2006/10/18 21:47:22 | 000,671,232 | ---- | M] (Microsoft Corporation) -- C:\56d0d72a59bf5ff3af2cd620ab08a1\wpdmtpdr.dll
[2006/04/25 10:09:36 | 000,001,816 | ---- | M] () -- C:\56d0d72a59bf5ff3af2cd620ab08a1\wpdmtphw.inf
[2006/10/18 21:47:22 | 000,063,488 | ---- | M] (Microsoft Corporation) -- C:\56d0d72a59bf5ff3af2cd620ab08a1\wpdmtpus.dll
[2006/10/18 21:47:22 | 002,603,008 | ---- | M] (Microsoft Corporation) -- C:\56d0d72a59bf5ff3af2cd620ab08a1\wpdshext.dll
[2006/10/18 20:00:14 | 000,017,408 | ---- | M] (Microsoft Corporation) -- C:\56d0d72a59bf5ff3af2cd620ab08a1\wpdshextautoplay.exe
[2006/10/18 21:47:22 | 000,133,632 | ---- | M] (Microsoft Corporation) -- C:\56d0d72a59bf5ff3af2cd620ab08a1\wpdshserviceobj.dll
[2006/10/18 21:47:22 | 000,356,352 | ---- | M] (Microsoft Corporation) -- C:\56d0d72a59bf5ff3af2cd620ab08a1\wpdsp.dll
[2006/10/18 20:00:00 | 000,038,528 | ---- | M] (Microsoft Corporation) -- C:\56d0d72a59bf5ff3af2cd620ab08a1\wpdusb.sys
[2006/10/18 21:47:22 | 000,629,760 | ---- | M] (Microsoft Corporation) -- C:\56d0d72a59bf5ff3af2cd620ab08a1\wpd_ci.dll
[2006/11/02 11:51:36 | 000,035,840 | ---- | M] (Microsoft Corporation) -- C:\56d0d72a59bf5ff3af2cd620ab08a1\locbin\wpdshextres.dll.401
[2006/11/02 11:53:38 | 000,022,016 | ---- | M] (Microsoft Corporation) -- C:\56d0d72a59bf5ff3af2cd620ab08a1\locbin\wpdshextres.dll.404
[2006/11/02 11:51:40 | 000,039,936 | ---- | M] (Microsoft Corporation) -- C:\56d0d72a59bf5ff3af2cd620ab08a1\locbin\wpdshextres.dll.405
[2006/11/02 11:51:46 | 000,040,960 | ---- | M] (Microsoft Corporation) -- C:\56d0d72a59bf5ff3af2cd620ab08a1\locbin\wpdshextres.dll.406
[2006/11/02 11:51:52 | 000,043,008 | ---- | M] (Microsoft Corporation) -- C:\56d0d72a59bf5ff3af2cd620ab08a1\locbin\wpdshextres.dll.407
[2006/11/02 11:51:56 | 000,046,080 | ---- | M] (Microsoft Corporation) -- C:\56d0d72a59bf5ff3af2cd620ab08a1\locbin\wpdshextres.dll.408
[2006/10/18 21:47:22 | 000,038,400 | ---- | M] (Microsoft Corporation) -- C:\56d0d72a59bf5ff3af2cd620ab08a1\locbin\wpdshextres.dll.409
Voici le rapport d'OTL :

[2006/11/02 11:52:06 | 000,039,936 | ---- | M] (Microsoft Corporation) -- C:\56d0d72a59bf5ff3af2cd620ab08a1\locbin\wpdshextres.dll.40b
[2006/11/02 11:52:12 | 000,044,032 | ---- | M] (Microsoft Corporation) -- C:\56d0d72a59bf5ff3af2cd620ab08a1\locbin\wpdshextres.dll.40c
[2006/11/02 11:52:16 | 000,034,304 | ---- | M] (Microsoft Corporation) -- C:\56d0d72a59bf5ff3af2cd620ab08a1\locbin\wpdshextres.dll.40d
[2006/11/02 11:52:22 | 000,040,448 | ---- | M] (Microsoft Corporation) -- C:\56d0d72a59bf5ff3af2cd620ab08a1\locbin\wpdshextres.dll.40e
[2006/11/02 11:52:26 | 000,041,984 | ---- | M] (Microsoft Corporation) -- C:\56d0d72a59bf5ff3af2cd620ab08a1\locbin\wpdshextres.dll.410
[2006/11/02 11:52:32 | 000,027,136 | ---- | M] (Microsoft Corporation) -- C:\56d0d72a59bf5ff3af2cd620ab08a1\locbin\wpdshextres.dll.411
[2006/11/02 11:52:36 | 000,026,112 | ---- | M] (Microsoft Corporation) -- C:\56d0d72a59bf5ff3af2cd620ab08a1\locbin\wpdshextres.dll.412
[2006/11/02 11:52:46 | 000,042,496 | ---- | M] (Microsoft Corporation) -- C:\56d0d72a59bf5ff3af2cd620ab08a1\locbin\wpdshextres.dll.413
[2006/11/02 11:52:42 | 000,038,912 | ---- | M] (Microsoft Corporation) -- C:\56d0d72a59bf5ff3af2cd620ab08a1\locbin\wpdshextres.dll.414
[2006/11/02 11:52:52 | 000,042,496 | ---- | M] (Microsoft Corporation) -- C:\56d0d72a59bf5ff3af2cd620ab08a1\locbin\wpdshextres.dll.415
[2006/11/02 11:52:56 | 000,041,984 | ---- | M] (Microsoft Corporation) -- C:\56d0d72a59bf5ff3af2cd620ab08a1\locbin\wpdshextres.dll.416
[2006/11/02 11:53:08 | 000,041,472 | ---- | M] (Microsoft Corporation) -- C:\56d0d72a59bf5ff3af2cd620ab08a1\locbin\wpdshextres.dll.419
[2006/11/02 11:53:12 | 000,041,472 | ---- | M] (Microsoft Corporation) -- C:\56d0d72a59bf5ff3af2cd620ab08a1\locbin\wpdshextres.dll.41b
[2006/11/02 11:53:22 | 000,038,912 | ---- | M] (Microsoft Corporation) -- C:\56d0d72a59bf5ff3af2cd620ab08a1\locbin\wpdshextres.dll.41d
[2006/11/02 11:53:28 | 000,038,400 | ---- | M] (Microsoft Corporation) -- C:\56d0d72a59bf5ff3af2cd620ab08a1\locbin\wpdshextres.dll.41f
[2006/11/02 11:53:18 | 000,040,448 | ---- | M] (Microsoft Corporation) -- C:\56d0d72a59bf5ff3af2cd620ab08a1\locbin\wpdshextres.dll.424
[2006/11/02 11:53:32 | 000,021,504 | ---- | M] (Microsoft Corporation) -- C:\56d0d72a59bf5ff3af2cd620ab08a1\locbin\wpdshextres.dll.804
[2006/11/02 11:53:02 | 000,042,496 | ---- | M] (Microsoft Corporation) -- C:\56d0d72a59bf5ff3af2cd620ab08a1\locbin\wpdshextres.dll.816
[2006/11/02 11:52:02 | 000,043,520 | ---- | M] (Microsoft Corporation) -- C:\56d0d72a59bf5ff3af2cd620ab08a1\locbin\wpdshextres.dll.c0a
[2006/05/16 18:11:54 | 000,716,000 | ---- | M] (Microsoft Corporation) -- C:\56d0d72a59bf5ff3af2cd620ab08a1\update\update.exe
[2006/11/02 11:53:38 | 000,067,002 | ---- | M] () -- C:\56d0d72a59bf5ff3af2cd620ab08a1\update\update.inf
[2006/11/02 11:57:34 | 000,005,284 | ---- | M] () -- C:\56d0d72a59bf5ff3af2cd620ab08a1\update\update.ver
[2006/05/16 18:11:54 | 000,371,424 | ---- | M] (Microsoft Corporation) -- C:\56d0d72a59bf5ff3af2cd620ab08a1\update\updspapi.dll
[2006/11/02 11:54:58 | 000,034,696 | ---- | M] () -- C:\56d0d72a59bf5ff3af2cd620ab08a1\update\wmfdist11.cat
[2006/11/02 11:53:44 | 000,016,559 | ---- | M] () -- C:\56d0d72a59bf5ff3af2cd620ab08a1\update\wmfdist11.cdf
[2006/11/02 11:46:52 | 000,013,312 | ---- | M] () -- C:\56d0d72a59bf5ff3af2cd620ab08a1\update\wpdinstallutil.dll

[color=#A23BEC]< C:\Documents and Settings\Sha\Application Data\Unity\*.* /s >[/color]
[2011/01/01 23:19:30 | 000,001,181 | ---- | M] () -- C:\Documents and Settings\Sha\Application Data\Unity\WebPlayerPrefs\chat_2ekongregate_2ecom\prefgamez-0010-0336-live-web_2eunity3d.upp

[color=#A23BEC]< C:\WINDOWS\System32\URTTEMP\*.* /s >[/color]
[2003/02/21 05:16:08 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\URTTEMP\regtlib.exe

< End of report >

Il se trouve que mon lecteur ne marche plus, et que je n'ai pas le CD de Windows sur moi actuellement. Or, il me le demande bien. Que dois-je faire ?
0
Réponse 10 / 12
Shalice
15 janv. 2011 à 18:34
Il me l'a demandé en tout une vingtaine de fois... Ce qui m'a l'air d'être assez énorme... Est-ce qu'il y aurait une autre solution que le formatage du pc ? Ou plutot, une solution permettant de passer outre l'utilisation du CD de Windows ? Car je ne l'aurais pas avant plusieurs jours =X
0
Réponse 11 / 12
verni29 Messages postés 6699 Date d'inscription dimanche 6 juillet 2008 Statut Contributeur sécurité Dernière intervention 26 décembre 2016 180
15 janv. 2011 à 18:50
Shalice,

Et bien .
Pour que tu puisses vérifier ces fichiers système ou effectuer une réparation de XP, il te faudra ce CD.
Attends de l'avoir avant de refaire cette manip.

--------------------------------------------

Un peu de nettoyage.

Relance OTL.

* Sous l'onglet Personnalisation en bas de la fenêtre, copie-colle le texte suivant : 

:OTL
[2011/01/15 12:52:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sha\Application Data\ParetoLogic 
[2011/01/15 12:10:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sha\Application Data\Uniblue 
[2011/01/15 12:52:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sha\Application Data\DriverCure 
[2011/01/15 12:49:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\ParetoLogic 

:commands
[EMPTYTEMP]
[EMPTYFLASH]


* Puis clique sur le bouton Correction en haut de la fenêtre.
* Laisse le programme travailler, le PC va redémarrer.

Tu verras un log s'ouvrir après le fix (c'est le log qui montre si la suppression a réussi).
sauvegarde-le sur ton Bureau et poste-le après redémarrage.

Note : Si tu ne le trouves pas, c'est un fichier log dans C:\_OTL\MovedFiles
Regarde suivant la date : mmjjaaaa_xxxxxxxx.log

A=
0
Réponse 12 / 12
Shalice
15 janv. 2011 à 18:53
Okay, j'essayerai de faire ça lundi, si j'arrive à avoir le CD. Merci de ton aide et à lundi. =)
0

Discussions similaires

Virus lsass.exe !
anouar -
Regis59 -

82 réponses
comment supprimer lsass.exe!!
Deud -
dispatch -

13 réponses
c'est quoi lsass.exe ou isass.exe???
j.joey -
j.joey -

2 réponses
lsass.exe consomme toutes les ressources
osdur -
Malekal_morte- -

9 réponses
Lsass.exe avec 50-60% d'occupation du CPU
jac357 -
jac357 -

13 réponses