Posez votre question Signaler

Rootkit

appel masqué - Dernière réponse le 4 juin 2009 à 08:40
Bonjour,j'ai un rootkit jarrive pa a lenlever avast me previen a chaque demarage kil y a un rootkit ke faire?
Lire la suite 
Réponse
+0
moins plus
et donne moi aussi un rapport d'antivir stp
Ajouter un commentaire
Réponse
+0
moins plus
OTViewIt logfile created on: 30/03/2009 19:36:13 - Run
OTViewIt by OldTimer - Version 1.0.21.0 Folder = C:\Documents and Settings\user\Bureau
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy

478,48 Mb Total Physical Memory | 208,94 Mb Available Physical Memory | 43,67% Memory free
1,10 Gb Paging File | 0,74 Gb Available in Paging File | 67,34% Paging File free
Paging file location(s): C:\pagefile.sys 720 1440;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 29,29 Gb Total Space | 12,26 Gb Free Space | 41,84% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 45,23 Gb Total Space | 32,18 Gb Free Space | 71,16% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: USER-3393F246B5
Current User Name: user
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Whitelist: On
File Age = 30 Days

[color=orange]========== Processes ==========/color

[2008/10/15 13:31:25 | 00,068,865 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
[2008/10/15 13:29:28 | 00,151,297 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
[2006/01/24 21:15:00 | 00,131,139 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe
[2008/12/06 10:24:13 | 00,066,872 | ---- | M] () -- C:\WINDOWS\system32\PnkBstrA.exe
[2006/03/02 23:00:00 | 00,033,792 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\rundll32.exe
[2005/05/20 12:11:06 | 00,925,696 | R--- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\Core\smax4pnp.exe
[2006/07/21 08:32:58 | 00,126,976 | ---- | M] (SAMSUNG ELECTRONICS) -- C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe
[2007/02/16 10:54:04 | 00,282,624 | ---- | M] (Apple Computer, Inc.) -- C:\Program Files\QuickTime\qttask.exe
[2008/06/12 13:28:40 | 00,266,497 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
[2005/09/08 00:35:36 | 00,716,800 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\SoundMAX\SMax4.exe
[2005/03/14 10:37:48 | 01,057,280 | ---- | M] (SFX TEAM) -- C:\Program Files\SuperCopier2\SuperCopier2.exe
[2007/01/19 21:55:02 | 05,674,352 | ---- | M] (Microsoft Corporation) -- C:\Program Files\MSN Messenger\msnmsgr.exe
[2007/01/19 21:54:14 | 00,097,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\MSN Messenger\usnsvc.exe
[2008/10/16 14:09:44 | 00,051,224 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wuauclt.exe
[2006/05/27 04:26:14 | 00,268,800 | ---- | M] (Fengtao Software Inc.) -- C:\Program Files\DVD Region+CSS Free\DVDRegionFree.exe
[2009/03/30 19:28:31 | 00,422,912 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\user\Bureau\OTViewIt.exe
[2006/09/01 05:33:02 | 00,115,024 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe

[color=orange]========== (O23) Win32 Services ==========/color

[2008/10/15 13:31:25 | 00,068,865 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe -- (AntiVirScheduler [Auto | Running])
[2008/10/15 13:29:28 | 00,151,297 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe -- (AntiVirService [Auto | Running])
[2005/09/23 07:28:32 | 00,029,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
[2005/09/23 07:28:56 | 00,066,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
File not found -- -- (DllSrv Service Controler [Auto | Stopped])
File not found -- -- (iPod Service [On_Demand | Stopped])
[2006/01/24 21:15:00 | 00,131,139 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe -- (NVSvc [Auto | Running])
[2006/10/26 19:49:34 | 00,441,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv [On_Demand | Stopped])
[2006/10/26 14:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
[2008/12/06 10:24:13 | 00,066,872 | ---- | M] () -- C:\WINDOWS\system32\PnkBstrA.exe -- (PnkBstrA [Auto | Running])
[2007/01/19 21:54:14 | 00,097,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\MSN Messenger\usnsvc.exe -- (usnjsvc [On_Demand | Running])
[2006/10/24 20:14:56 | 00,918,016 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc [On_Demand | Stopped])

[color=orange]========== Driver Services ==========/color

[2005/10/05 20:21:10 | 00,141,312 | R--- | M] (Analog Devices, Inc.) -- C:\WINDOWS\system32\drivers\ADIHdAud.sys -- (ADIHdAudAddService [On_Demand | Running])
[2005/03/04 23:53:00 | 00,127,872 | R--- | M] (Andrea Electronics Corporation) -- C:\WINDOWS\system32\drivers\aeaudio.sys -- (AEAudioService [On_Demand | Running])
[2005/03/10 00:53:00 | 00,043,008 | ---- | M] (Advanced Micro Devices) -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8 [System | Running])
[2007/02/01 00:33:46 | 00,005,632 | ---- | M] (GRISOFT, s.r.o.) -- C:\WINDOWS\system32\drivers\avgarkt.sys -- (AVG Anti-Rootkit [Boot | Running])
[2007/01/18 23:00:28 | 00,003,968 | ---- | M] (GRISOFT, s.r.o.) -- C:\WINDOWS\system32\drivers\AvgArCln.sys -- (AvgArCln [System | Running])
[2007/02/27 14:24:55 | 00,011,840 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgio.sys -- (avgio [System | Running])
[2008/05/20 15:29:43 | 00,052,032 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgntflt.sys -- (avgntflt [On_Demand | Running])
[2008/10/30 10:21:03 | 00,075,072 | ---- | M] (Avira GmbH) -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb [System | Running])
[2004/10/28 00:21:30 | 00,145,920 | ---- | M] (Windows (R) Server 2003 DDK provider) -- C:\WINDOWS\system32\drivers\Hdaudio.sys -- (HdAudAddService [On_Demand | Stopped])
[2004/10/28 00:21:36 | 00,138,240 | ---- | M] (Windows (R) Server 2003 DDK provider) -- C:\WINDOWS\system32\drivers\Hdaudbus.sys -- (HDAudBus [On_Demand | Running])
[2004/08/13 13:56:20 | 00,005,810 | R--- | M] () -- C:\WINDOWS\system32\drivers\ASACPI.sys -- (MTsensor [On_Demand | Running])
[2006/01/24 21:15:00 | 03,535,520 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv [On_Demand | Running])
[2006/01/27 17:04:16 | 00,099,584 | R--- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\drivers\nvata.sys -- (nvata [Boot | Running])
[2006/02/17 13:28:30 | 00,034,176 | R--- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD [On_Demand | Running])
[2006/02/17 13:28:32 | 00,013,056 | R--- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus [On_Demand | Running])
[2006/03/02 23:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink [On_Demand | Running])
[2009/03/29 08:32:14 | 00,009,968 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS -- (SASDIFSV [System | Running])
[2009/02/17 11:43:30 | 00,007,408 | R--- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM [On_Demand | Stopped])
[2009/02/17 11:43:28 | 00,055,024 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL [System | Running])
[2007/11/27 14:56:28 | 00,055,168 | ---- | M] (Macrovision Europe Ltd) -- C:\WINDOWS\system32\drivers\sdcplh.sys -- (sdcplh [System | Running])
[2006/03/02 23:00:00 | 00,027,440 | ---- | M] () -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv [On_Demand | Stopped])
[2005/08/11 16:49:28 | 00,393,088 | R--- | M] (Sensaura) -- C:\WINDOWS\system32\drivers\senfilt.sys -- (SenFiltService [On_Demand | Running])
[2007/11/08 18:03:26 | 00,021,248 | ---- | M] (AVIRA GmbH) -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv [System | Running])
[2006/03/02 23:00:00 | 00,012,032 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\ws2ifsl.sys -- (WS2IFSL [Disabled | Stopped])

[color=orange]========== (R ) Internet Explorer ==========/color

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Page_URL"=http://go.microsoft.com/fwlink/?LinkId=69157
"Default_Search_URL"=http://go.microsoft.com/fwlink/?LinkId=54896
"Default_Secondary_Page_URL"=
"Extensions Off Page"=about:NoAdd-ons
"Local Page"=%SystemRoot%\system32\blank.htm
"Search Page"=http://go.microsoft.com/fwlink/?LinkId=54896
"Security Risk Page"=about:SecurityRisk
"Start Page"=http://go.microsoft.com/fwlink/?LinkId=69157

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search]
"CustomizeSearch"=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
"SearchAssistant"=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main]
"Local Page"=C:\WINDOWS\system32\blank.htm
"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Start Page"=http://www.google.fr/

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[color=orange]========== (O1) Hosts File ==========/color

HOSTS File = (686 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
First 25 entries...
127.0.0.1 localhost

[color=orange]========== (O2) BHO's ==========/color

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (HKLM) -- C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
{9030D464-4C02-4ABF-8ECC-5164760863C6} (HKLM) -- C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)

[color=orange]========== (O4) Run Keys ==========/color

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min (Avira GmbH)
"NvCplDaemon"=RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup (NVIDIA Corporation)
"NvMediaCenter"=RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit (NVIDIA Corporation)
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" -atboottime (Apple Computer, Inc.)
"SMSTray"=C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe (SAMSUNG ELECTRONICS)
"SoundMax"="C:\Program Files\Analog Devices\SoundMAX\smax4.exe" /tray (Analog Devices, Inc.)
"SoundMAXPnP"=C:\Program Files\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SuperCopier2.exe"=C:\Program Files\SuperCopier2\SuperCopier2.exe (SFX TEAM)

[color=orange]========== (O4) Startup Folders ==========/color


[color=orange]========== (O6 & O7) Current Version Policies ==========/color

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveAutoRun"=67108863
"NoDriveTypeAutoRun"=323
"NoDrives"=0
"HonorAutoRunSetting"=1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"DisableRegistryTools"=0

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[color=orange]========== (O8) IE Context Menu Extensions ==========/color

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\]
E&xporter vers Microsoft Excel: C:\Program Files\Microsoft Office\Office12\EXCEL.EXE [2006/10/27 15:07:36 | 17,891,112 | ---- | M] (Microsoft Corporation)

[color=orange]========== (O9) IE Extensions ==========/color

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
{92780B25-18CC-41C8-B9BE-3C9C571A8263}: Button: Research -- %ProgramFiles%\Microsoft Office\Office12\REFIEBAR.DLL [2006/10/26 20:12:22 | 00,040,424 | ---- | M] (Microsoft Corporation)
{FB5F1910-F110-11d2-BB9E-00C04F795683}: Button: Messenger -- %ProgramFiles%\Messenger\msmsgs.exe [2004/08/20 01:22:10 | 01,667,584 | ---- | M] (Microsoft Corporation)
{FB5F1910-F110-11d2-BB9E-00C04F795683}: Menu: Windows Messenger -- %ProgramFiles%\Messenger\msmsgs.exe [2004/08/20 01:22:10 | 01,667,584 | ---- | M] (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2004/08/20 01:22:10 | 01,667,584 | ---- | M] (Microsoft Corporation)

[color=orange]========== (O12) Internet Explorer Plugins ==========/color

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\]
PluginsPage: "" = http://activex.microsoft.com/controls/find.asp?ext=%s&mime=%s
PluginsPageFriendlyName: "" = Microsoft ActiveX Gallery

[color=orange]========== (O13) Default Prefixes ==========/color

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix]
""=http://

[color=orange]========== (O15) Trusted Sites ==========/color

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
1 domain(s) and sub-domain(s) not assigned to a zone.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
119 domain(s) and sub-domain(s) not assigned to a zone.

[color=orange]========== (O16) DPF ==========/color

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\]
{0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75}: http://webscanner.kaspersky.fr/kavwebscan_unicode.cab -- CKAVWebScan Object
{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}: http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab -- Reg Error: Key does not exist or could not be opened.

[color=orange]========== (O17) DNS Name Servers ==========/color

{22240D4A-9243-4831-9D7A-11818F52135F} (Servers: | Description: NVIDIA nForce Networking Controller)

[color=orange]========== (O20) Winlogon Notify Settings ==========/color

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\]
!SASWinLogon: "DllName" = C:\Program Files\SUPERAntiSpyware\SASWINLO.dll -- C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)

[color=orange]========== Shell Execute Hooks ==========/color

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}" (HKLM) -- C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
"{93994DE8-8239-4655-B1D1-5F4E91300429}" (HKLM) -- C:\Program Files\DVD Region+CSS Free\DVDShell.dll (Fengtao Software Inc.)

[color=orange]========== Safeboot Options ==========/color

"AlternateShell"=cmd.exe

[color=orange]========== CDRom AutoRun Settings ==========/color

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom]
"AutoRun" = 1

[color=orange]========== Autorun Files on Drives ==========/color

AUTOEXEC.BAT []
[2007/06/16 15:02:34 | 00,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT -- [ NTFS ]

[color=orange]========== Files/Folders - Created Within 30 Days ==========/color

[1 C:\WINDOWS\System32\*.tmp files]
[5 C:\WINDOWS\*.tmp files]
[2009/03/30 19:28:31 | 00,422,912 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\user\Bureau\OTViewIt.exe
[2009/03/30 15:49:35 | 24,768,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe
[2009/03/29 19:45:42 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\Kaspersky Lab
[2009/03/25 07:32:39 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\CatRoot_bak
[2009/03/25 07:07:51 | 00,267,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iertutil.dll
[2009/03/25 07:07:51 | 00,013,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieudinit.exe
[2009/03/25 07:07:50 | 00,459,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeeds.dll
[2009/03/25 07:07:50 | 00,052,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeedsbs.dll
[2009/03/25 07:07:49 | 02,455,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieapfltr.dat
[2009/03/25 07:07:49 | 01,048,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieframe.dll.mui
[2009/03/25 07:07:48 | 00,383,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieapfltr.dll
[2009/03/25 07:07:47 | 00,063,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\icardie.dll
[2009/03/25 07:07:46 | 06,066,688 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieframe.dll
[2009/03/25 06:35:58 | 02,182,400 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntoskrnl.exe
[2009/03/25 06:35:58 | 02,138,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrnlmp.exe
[2009/03/25 06:35:57 | 02,059,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrnlpa.exe
[2009/03/25 06:35:56 | 02,017,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrpamp.exe
[2009/03/24 20:07:28 | 00,000,000 | ---D | C] -- C:\WINDOWS\ie7updates
[2009/03/24 16:50:40 | 00,453,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mrxsmb.sys
[2009/03/24 13:38:19 | 00,001,374 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2009/03/24 13:38:16 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\PreInstall
[2009/03/24 10:08:00 | 00,000,000 | ---D | C] -- C:\Documents and Settings\user\Local Settings\Application Data\WMTools Downloaded Files
[2009/03/24 09:33:59 | 00,000,000 | -HSD | C] -- C:\RECYCLER
[2009/03/24 07:51:19 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\SoftwareDistribution
[2009/03/23 13:00:16 | 00,000,000 | ---D | C] -- C:\WINDOWS\temp
[2009/03/23 12:16:03 | 00,000,216 | ---- | C] () -- C:\Boot.bak
[2009/03/23 12:16:00 | 00,263,488 | ---- | C] () -- C:\cmldr
[2009/03/23 12:15:59 | 00,000,000 | RHSD | C] -- C:\cmdcons
[2009/03/23 12:11:41 | 00,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2009/03/23 12:11:41 | 00,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2009/03/23 12:11:41 | 00,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2009/03/23 12:11:41 | 00,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2009/03/23 12:11:41 | 00,089,504 | ---- | C] (Smallfrogs Studio) -- C:\WINDOWS\fdsv.exe
[2009/03/23 12:11:41 | 00,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2009/03/23 12:11:41 | 00,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2009/03/23 12:11:41 | 00,049,152 | ---- | C] () -- C:\WINDOWS\VFIND.exe
[2009/03/23 12:11:41 | 00,029,696 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2009/03/23 12:09:51 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2009/03/23 12:09:49 | 00,000,000 | ---D | C] -- C:\Qoobox
[2009/03/22 10:38:37 | 00,000,123 | ---- | C] () -- C:\WINDOWS\tmpcpyis.bat
[2009/03/22 10:38:37 | 00,000,122 | ---- | C] () -- C:\WINDOWS\tmpdelis.bat
[2009/03/22 10:38:37 | 00,000,026 | ---- | C] () -- C:\WINDOWS\winstart.bat
[2009/03/22 10:37:45 | 01,053,184 | ---- | C] (Cendant Software) -- C:\WINDOWS\System32\SierraNW.dll
[2009/03/22 10:37:45 | 00,490,256 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\Oleaut32.1
[2009/03/22 10:37:44 | 00,231,936 | ---- | C] (Cendant Software) -- C:\WINDOWS\System32\SNWValid.dll
[2009/03/22 10:37:44 | 00,000,000 | ---D | C] -- C:\WINDOWS\solcache
[2009/03/22 10:36:04 | 00,000,326 | ---- | C] () -- C:\WINDOWS\SIERRA.INI
[2009/03/22 10:35:17 | 00,001,202 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2009/03/21 14:41:38 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERUNT
[2009/03/21 08:39:36 | 00,000,000 | ---D | C] -- C:\Program Files\trend micro
[2009/03/20 18:51:43 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2009/03/20 18:51:33 | 00,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2009/03/20 18:51:33 | 00,000,000 | ---D | C] -- C:\Documents and Settings\user\Application Data\SUPERAntiSpyware.com
[2009/03/18 18:27:14 | 00,045,376 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntdd.sys
[2009/03/18 18:27:14 | 00,022,336 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntmgr.sys
[2009/03/18 18:27:14 | 00,021,248 | ---- | C] (AVIRA GmbH) -- C:\WINDOWS\System32\drivers\ssmdrv.sys
[2009/03/18 18:27:13 | 00,075,072 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys
[2009/03/18 18:27:12 | 00,000,000 | ---D | C] -- C:\Program Files\Avira
[2009/03/18 18:27:12 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Avira
[2009/03/18 17:49:48 | 00,000,000 | ---D | C] -- C:\Documents and Settings\user\Mes documents\ccleaner
[2009/03/18 17:41:01 | 00,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2009/03/17 13:10:11 | 00,031,616 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\usbccgp.sys
[2009/03/13 18:49:42 | 00,000,579 | ---- | C] () -- C:\Documents and Settings\user\Mes documents\Mes dossiers de partage.lnk
[2009/03/13 17:18:47 | 00,000,000 | ---D | C] -- C:\Documents and Settings\user\Application Data\Cool Record Edit Pro
[2009/03/13 17:15:44 | 00,000,000 | ---D | C] -- C:\Documents and Settings\user\Application Data\Free Sound Recorder
[2009/03/13 17:15:15 | 00,602,112 | ---- | C] (Online Media Technologies Ltd.) -- C:\WINDOWS\System32\NCTAudioTransform2.dll
[2009/03/13 17:15:15 | 00,479,232 | ---- | C] (Online Media Technologies Ltd.) -- C:\WINDOWS\System32\NCTAudioVisualization2.dll
[2009/03/13 17:15:15 | 00,417,792 | ---- | C] (Online Media Technologies Ltd.) -- C:\WINDOWS\System32\NCTTextToAudio2.dll
[2009/03/13 17:15:15 | 00,348,160 | ---- | C] (NCT Company Ltd.) -- C:\WINDOWS\System32\NCTWMAFile2.dll
[2009/03/13 17:15:15 | 00,113,486 | ---- | C] () -- C:\WINDOWS\System32\NCTWMAProfiles.prx
[2009/03/13 17:15:14 | 01,986,560 | ---- | C] (NCT Company Ltd.) -- C:\WINDOWS\System32\NCTAudioFile2.dll
[2009/03/13 17:15:14 | 01,212,416 | ---- | C] (Online Media Technologies Ltd.) -- C:\WINDOWS\System32\NCTAudioInformation2.dll
[2009/03/13 17:15:14 | 00,880,640 | ---- | C] (Online Media Technologies Ltd.) -- C:\WINDOWS\System32\NCTAudioEditor2.dll
[2009/03/13 17:15:14 | 00,458,752 | ---- | C] (Online Media Technologies Ltd.) -- C:\WINDOWS\System32\NCTAudioRecord2.dll
[2009/03/13 17:15:14 | 00,458,752 | ---- | C] (Online Media Technologies Ltd.) -- C:\WINDOWS\System32\NCTAudioPlayer2.dll
[2009/03/13 17:15:13 | 00,835,584 | ---- | C] (NCT) -- C:\WINDOWS\System32\NCTAudioCDGrabber2.dll
[2009/03/13 17:15:12 | 00,000,000 | ---D | C] -- C:\Program Files\Free Sound Recorder
[2009/03/11 18:50:44 | 00,000,000 | ---D | C] -- C:\Documents and Settings\user\Application Data\Macromedia
[2009/03/11 17:57:38 | 00,000,000 | ---D | C] -- C:\Program Files\File Scanner Library (Spybot - Search & Destroy)
[2009/03/10 21:31:01 | 00,000,000 | ---D | C] -- C:\Documents and Settings\user\Mes documents\Mes fichiers reçus
[2009/03/10 11:11:22 | 00,003,968 | ---- | C] (GRISOFT, s.r.o.) -- C:\WINDOWS\System32\drivers\AvgArCln.sys
[2009/03/09 18:41:35 | 00,000,000 | ---D | C] -- C:\Documents and Settings\user\Application Data\Malwarebytes
[2009/03/09 18:41:30 | 00,015,504 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/03/09 18:41:28 | 00,038,496 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/03/09 18:41:26 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009/03/09 18:41:25 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/03/09 08:39:05 | 00,000,000 | RHSD | C] -- C:\RESTORE
[2009/03/07 23:40:20 | 00,000,268 | -H-- | C] () -- C:\sqmdata05.sqm
[2009/03/07 23:40:20 | 00,000,244 | -H-- | C] () -- C:\sqmnoopt05.sqm
[2009/03/06 18:20:45 | 00,000,000 | R--D | C] -- C:\Documents and Settings\user\Mes documents\Mes images
[2009/03/05 21:05:41 | 00,000,010 | R--- | C] () -- C:\WINDOWS\PhotoprnLE.SN
[2009/03/01 19:12:20 | 00,000,000 | ---D | C] -- C:\Documents and Settings\user\Mes documents\image

[color=orange]========== Files - Modified Within 30 Days ==========/color

[1 C:\WINDOWS\System32\*.tmp files]
[5 C:\WINDOWS\*.tmp files]
[2009/03/30 19:33:35 | 00,000,579 | ---- | M] () -- C:\Documents and Settings\user\Mes documents\Mes dossiers de partage.lnk
[2009/03/30 19:28:31 | 00,422,912 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\user\Bureau\OTViewIt.exe
[2009/03/30 15:49:57 | 00,000,067 | ---- | M] () -- C:\WINDOWS\DVDRegionFree.INI
[2009/03/30 15:48:18 | 00,043,531 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2009/03/30 15:47:36 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/03/30 15:47:26 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/03/30 12:46:19 | 00,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2009/03/30 09:22:31 | 05,334,548 | -H-- | M] () -- C:\Documents and Settings\user\Local Settings\Application Data\IconCache.db
[2009/03/26 18:08:16 | 00,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/03/26 18:08:00 | 00,263,824 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/03/25 20:29:04 | 00,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009/03/24 10:11:19 | 00,156,672 | ---- | M] () -- C:\Documents and Settings\user\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/03/23 12:58:49 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2009/03/23 12:16:03 | 00,000,286 | RHS- | M] () -- C:\boot.ini
[2009/03/23 10:40:12 | 00,068,856 | ---- | M] () -- C:\Documents and Settings\user\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2009/03/22 10:38:37 | 00,001,202 | ---- | M] () -- C:\WINDOWS\wininit.ini
[2009/03/22 10:38:37 | 00,000,123 | ---- | M] () -- C:\WINDOWS\tmpcpyis.bat
[2009/03/22 10:38:37 | 00,000,122 | ---- | M] () -- C:\WINDOWS\tmpdelis.bat
[2009/03/22 10:38:37 | 00,000,026 | ---- | M] () -- C:\WINDOWS\winstart.bat
[2009/03/22 10:37:58 | 00,000,326 | ---- | M] () -- C:\WINDOWS\SIERRA.INI
[2009/03/21 14:43:06 | 00,000,686 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\HOSTS
[2009/03/17 20:12:31 | 00,003,072 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2009/03/17 19:48:47 | 00,999,660 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/03/17 19:48:47 | 00,460,986 | ---- | M] () -- C:\WINDOWS\System32\perfh00C.dat
[2009/03/17 19:48:47 | 00,395,200 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/03/17 19:48:47 | 00,072,126 | ---- | M] () -- C:\WINDOWS\System32\perfc00C.dat
[2009/03/17 19:48:47 | 00,059,440 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/03/07 23:40:20 | 00,000,268 | -H-- | M] () -- C:\sqmdata05.sqm
[2009/03/07 23:40:20 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt05.sqm
[2009/03/05 21:05:41 | 00,000,010 | R--- | M] () -- C:\WINDOWS\PhotoprnLE.SN
[2009/03/05 21:05:33 | 00,000,183 | ---- | M] () -- C:\WINDOWS\photoprn.ini
[2009/03/01 00:20:00 | 00,022,328 | ---- | M] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2009/03/01 00:19:53 | 00,107,832 | ---- | M] () -- C:\WINDOWS\System32\PnkBstrB.exe
< End of report >
Ajouter un commentaire
Réponse
+0
moins plus
OTViewIt Extras logfile created on: 30/03/2009 19:36:13 - Run
OTViewIt by OldTimer - Version 1.0.21.0 Folder = C:\Documents and Settings\user\Bureau
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy

478,48 Mb Total Physical Memory | 208,94 Mb Available Physical Memory | 43,67% Memory free
1,10 Gb Paging File | 0,74 Gb Available in Paging File | 67,34% Paging File free
Paging file location(s): C:\pagefile.sys 720 1440;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 29,29 Gb Total Space | 12,26 Gb Free Space | 41,84% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 45,23 Gb Total Space | 32,18 Gb Free Space | 71,16% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: USER-3393F246B5
Current User Name: user
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Whitelist: On
File Age = 30 Days

[color=orange]========== File Associations ==========/color

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

[color=orange]========== Security Center Settings ==========/color

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled"=1
"AntiVirusDisableNotify"=0
"FirewallDisableNotify"=0
"UpdatesDisableNotify"=0
"AntiVirusOverride"=0
"FirewallOverride"=0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
"EnableFirewall"=1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts]

[color=orange]========== Authorized Applications List ==========/color

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[2006/03/02 23:00:00 | 00,142,336 | ---- | M] (Microsoft Corporation) -- %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
[2007/01/19 21:55:02 | 05,674,352 | ---- | M] (Microsoft Corporation) -- C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1
[2007/01/05 01:10:02 | 00,297,752 | ---- | M] (Microsoft Corporation) -- C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
[2006/03/02 23:00:00 | 00,142,336 | ---- | M] (Microsoft Corporation) -- %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
[2007/01/19 21:55:02 | 05,674,352 | ---- | M] (Microsoft Corporation) -- C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1
[2007/01/05 01:10:02 | 00,297,752 | ---- | M] (Microsoft Corporation) -- C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)
[2006/10/27 15:16:48 | 12,813,096 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook
[2006/04/11 09:03:44 | 00,163,840 | ---- | M] (Musiccity Co.Ltd.) -- C:\WINDOWS\system32\muzapp.exe:*:Enabled:MUZ AOD APP player
[2008/12/19 16:25:25 | 00,634,024 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe:*:Enabled:Internet Explorer

[color=orange]========== (O18) Protocol Handlers ==========/color

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
ipp: [HKLM - No CLSID value]
[2006/10/26 19:49:48 | 01,011,488 | ---- | M] (Microsoft Corporation) C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL ipp\0x00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAMON.BINDER]
[2007/01/19 21:53:24 | 00,063,344 | ---- | M] (Microsoft Corporation) C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll (livecall:{828030A1-22C1-4009-854F-8E305202313F} (HKLM) [Reg Error: Value does not exist or could not be read.])
msdaipp: [HKLM - No CLSID value]
[2006/10/26 19:49:48 | 01,011,488 | ---- | M] (Microsoft Corporation) C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL msdaipp\0x00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAMON.BINDER]
[2006/10/26 19:49:48 | 01,011,488 | ---- | M] (Microsoft Corporation) C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL msdaipp\oledb:{E1D2BF40-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAIPP.BINDER]
[2006/10/26 13:45:02 | 00,873,216 | ---- | M] (Microsoft Corporation) C:\Program Files\Fichiers communs\Microsoft Shared\Help\hxds.dll (ms-help:{314111c7-a502-11d2-bbca-00c04f8ec294} (HKLM) [HxProtocol Class])
[2007/01/19 21:53:24 | 00,063,344 | ---- | M] (Microsoft Corporation) C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll (msnim:{828030A1-22C1-4009-854F-8E305202313F} (HKLM) [Reg Error: Value does not exist or could not be read.])

[color=orange]========== (O18) Protocol Filters ==========/color

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter\] - Protocol Filters
[2006/10/26 21:41:48 | 00,044,344 | ---- | M] (Microsoft Corporation) C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\MSOXMLMF.DLL text/xml:{807563E5-5146-11D5-A672-00B0D022E945} (HKLM) [Microsoft Office InfoPath XML Mime Filter]

[color=orange]========== HKEY_LOCAL_MACHINE Uninstall List ==========/color

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{350C940c-3D7C-4EE8-BAA9-00BCB3D54227}"=WebFldrs XP
"{49672EC2-171B-47B4-8CE7-50D7806360D7}"=Windows Live Sign-in Assistant
"{5E863175-E85D-44A6-8968-82507D34AE7F}"=QuickTime
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}"=PowerDVD
"{7131646D-CD3C-40F4-97B9-CD9E4E6262EF}"=Microsoft .NET Framework 2.0
"{89661B04-C646-4412-B6D3-5E19F02F1F37}"=EAX4 Unified Redist
"{90120000-0010-040C-0000-0000000FF1CE}"=Microsoft Software Update for Web Folders (French) 12
"{90120000-0011-0000-0000-0000000FF1CE}"=Microsoft Office Professional Plus 2007
"{90120000-0015-040C-0000-0000000FF1CE}"=Microsoft Office Access MUI (French) 2007
"{90120000-0016-040C-0000-0000000FF1CE}"=Microsoft Office Excel MUI (French) 2007
"{90120000-0018-040C-0000-0000000FF1CE}"=Microsoft Office PowerPoint MUI (French) 2007
"{90120000-0019-040C-0000-0000000FF1CE}"=Microsoft Office Publisher MUI (French) 2007
"{90120000-001A-040C-0000-0000000FF1CE}"=Microsoft Office Outlook MUI (French) 2007
"{90120000-001B-040C-0000-0000000FF1CE}"=Microsoft Office Word MUI (French) 2007
"{90120000-001F-0401-0000-0000000FF1CE}"=Microsoft Office Proof (Arabic) 2007
"{90120000-001F-0407-0000-0000000FF1CE}"=Microsoft Office Proof (German) 2007
"{90120000-001F-0409-0000-0000000FF1CE}"=Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}"=Microsoft Office Proof (French) 2007
"{90120000-001F-0413-0000-0000000FF1CE}"=Microsoft Office Proof (Dutch) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}"=Microsoft Office Proof (Spanish) 2007
"{90120000-002C-040C-0000-0000000FF1CE}"=Microsoft Office Proofing (French) 2007
"{90120000-0044-040C-0000-0000000FF1CE}"=Microsoft Office InfoPath MUI (French) 2007
"{90120000-006E-040C-0000-0000000FF1CE}"=Microsoft Office Shared MUI (French) 2007
"{AC76BA86-7AD7-1036-7B44-A70800000002}"=Adobe Reader 7.0.8 - Français
"{C151CE54-E7EA-4804-854B-F515368B0798}"=Athlon 64 Processor Driver
"{C20CE592-B0F8-4D20-BF31-0151CA6331A6}"=Samsung Media Studio
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}"=SUPERAntiSpyware Professional
"{F0A37341-D692-11D4-A984-009027EC0A9C}"=SoundMAX
"{F6326B60-1B1D-4ABF-BFCD-7B7404F44411}"=Windows Live Messenger
"Adobe Flash Player ActiveX"=Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin"=Adobe Flash Player 10 Plugin
"AntiVir PersonalEdition Classic"=Avira AntiVir Personal - Free Antivirus
"Caesar 3"=Caesar 3
"CCleaner"=CCleaner (remove only)
"DVD Region+CSS Free_is1"=DVD Region+CSS Free 5.9.7.9
"Free Sound Recorder"=Free Sound Recorder
"IDNMitigationAPIs"=Microsoft Internationalized Domain Names Mitigation APIs
"ie7"=Windows Internet Explorer 7
"Kaspersky Online Scanner"=Kaspersky Online Scanner
"Lame MP3 Codec (for the ACM)"=Lame ACM MP3 Codec
"Malwarebytes' Anti-Malware_is1"=Malwarebytes' Anti-Malware
"Microsoft .NET Framework 2.0"=Microsoft .NET Framework 2.0
"Mozilla Firefox (3.0.8)"=Mozilla Firefox (3.0.8)
"MSCompPackV1"=Microsoft Compression Client Pack 1.0 for Windows XP
"MSNINST"=MSN
"Nero - Burning Rom!UninstallKey"=Nero 6 Demo
"NLSDownlevelMapping"=Microsoft National Language Support Downlevel APIs
"NVIDIA Drivers"=NVIDIA Drivers
"PhotoFiltre"=PhotoFiltre
"PhotoPrinter 2.0 LE"=PhotoPrinter 2.0 LE
"PROPLUS"=Microsoft Office Professional Plus 2007
"SuperCopier2"=SuperCopier2
"Utilitaires Sierra"=Utilitaires Sierra
"VLC media player"=VideoLAN VLC media player 0.8.6a
"Windows Media Format Runtime"=Windows Media Format 11 runtime
"Windows Media Player"=Lecteur Windows Media 11
"WMFDist11"=Windows Media Format 11 runtime
"wmp11"=Windows Media Player 11
"Wudf01000"=Microsoft User-Mode Driver Framework Feature Pack 1.0
"XviD_is1"=XviD MPEG-4 Video Codec

[color=orange]========== Last 10 Event Log Errors ==========/color

[ Application Events ]
Error - 23/03/2009 20:57:50 | Computer Name = USER-3393F246B5 | Source = Application Error | ID = 1000
Description = Application défaillante explorer.exe, version 6.0.2900.2180, module
défaillant quicktime.qts, version 7.1.5.120, adresse de défaillance 0x00069bc7.

Error - 30/03/2009 03:40:14 | Computer Name = USER-3393F246B5 | Source = Application Error | ID = 1000
Description = Application défaillante nerostartsmart.exe, version 2.0.0.25, module
défaillant nerostartsmart.exe, version 2.0.0.25, adresse de défaillance 0x00104b2b.

[ System Events ]
Error - 30/03/2009 01:53:56 | Computer Name = USER-3393F246B5 | Source = Service Control Manager | ID = 7023
Description = Le service Gestion d'applications s'est arrêté avec l'erreur : %%126

Error - 30/03/2009 01:53:56 | Computer Name = USER-3393F246B5 | Source = Service Control Manager | ID = 7023
Description = Le service Gestion d'applications s'est arrêté avec l'erreur : %%126

Error - 30/03/2009 01:53:56 | Computer Name = USER-3393F246B5 | Source = Service Control Manager | ID = 7023
Description = Le service Gestion d'applications s'est arrêté avec l'erreur : %%126

Error - 30/03/2009 01:53:56 | Computer Name = USER-3393F246B5 | Source = Service Control Manager | ID = 7023
Description = Le service Gestion d'applications s'est arrêté avec l'erreur : %%126

Error - 30/03/2009 01:53:56 | Computer Name = USER-3393F246B5 | Source = Service Control Manager | ID = 7023
Description = Le service Gestion d'applications s'est arrêté avec l'erreur : %%126

Error - 30/03/2009 01:53:56 | Computer Name = USER-3393F246B5 | Source = Service Control Manager | ID = 7023
Description = Le service Gestion d'applications s'est arrêté avec l'erreur : %%126

Error - 30/03/2009 01:53:56 | Computer Name = USER-3393F246B5 | Source = Service Control Manager | ID = 7023
Description = Le service Gestion d'applications s'est arrêté avec l'erreur : %%126

Error - 30/03/2009 01:53:56 | Computer Name = USER-3393F246B5 | Source = Service Control Manager | ID = 7023
Description = Le service Gestion d'applications s'est arrêté avec l'erreur : %%126

Error - 30/03/2009 01:53:56 | Computer Name = USER-3393F246B5 | Source = Service Control Manager | ID = 7023
Description = Le service Gestion d'applications s'est arrêté avec l'erreur : %%126

Error - 30/03/2009 01:53:57 | Computer Name = USER-3393F246B5 | Source = Service Control Manager | ID = 7023
Description = Le service Gestion d'applications s'est arrêté avec l'erreur : %%126


< End of report >
Ajouter un commentaire
Réponse
+0
moins plus
une question :

as tu le cd pour reparer Windows ?

relance un scan avec Dr web avec tous tes perifs barnchés (mp3 , mp4 , cle usb , diskexterne , appareil photo , tout ce qui peut etre en contact avec tes preises usb) un scan complet stp
Ajouter un commentaire
Réponse
+0
moins plus
Avira AntiVir Personal
Date de création du fichier de rapport : lundi 30 mars 2009 20:23

La recherche porte sur 1330971 souches de virus.

Détenteur de la licence :Avira AntiVir PersonalEdition Classic
Numéro de série : 0000149996-ADJIE-0001
Plateforme : Windows XP
Version de Windows :(Service Pack 2) [5.1.2600]
Mode Boot : Démarré normalement
Identifiant : user
Nom de l'ordinateur :USER-3393F246B5

Informations de version :
BUILD.DAT : 8.2.0.52 16931 Bytes 02/12/2008 14:55:00
AVSCAN.EXE : 8.1.4.10 315649 Bytes 17/11/2008 22:21:00
AVSCAN.DLL : 8.1.4.1 49921 Bytes 21/07/2008 03:44:27
LUKE.DLL : 8.1.4.5 164097 Bytes 12/06/2008 02:44:16
LUKERES.DLL : 8.1.4.0 13057 Bytes 03/07/2008 21:30:27
ANTIVIR0.VDF : 7.1.0.0 15603712 Bytes 27/10/2008 01:30:36
ANTIVIR1.VDF : 7.1.2.12 3336192 Bytes 11/02/2009 07:29:33
ANTIVIR2.VDF : 7.1.2.199 1008640 Bytes 22/03/2009 19:31:17
ANTIVIR3.VDF : 7.1.2.231 284672 Bytes 30/03/2009 08:06:03
Version du moteur: 8.2.0.129
AEVDF.DLL : 8.1.1.0 106868 Bytes 18/03/2009 07:32:17
AESCRIPT.DLL : 8.1.1.70 369019 Bytes 27/03/2009 07:12:53
AESCN.DLL : 8.1.1.8 127346 Bytes 18/03/2009 07:31:42
AERDL.DLL : 8.1.1.3 438645 Bytes 04/11/2008 03:58:38
AEPACK.DLL : 8.1.3.11 397687 Bytes 26/03/2009 07:12:01
AEOFFICE.DLL : 8.1.0.36 196987 Bytes 18/03/2009 07:31:13
AEHEUR.DLL : 8.1.0.111 1679736 Bytes 26/03/2009 07:11:32
AEHELP.DLL : 8.1.2.2 119158 Bytes 18/03/2009 07:30:48
AEGEN.DLL : 8.1.1.31 340341 Bytes 27/03/2009 07:12:05
AEEMU.DLL : 8.1.0.9 393588 Bytes 14/10/2008 00:05:56
AECORE.DLL : 8.1.6.6 176501 Bytes 18/03/2009 07:30:14
AEBB.DLL : 8.1.0.3 53618 Bytes 14/10/2008 00:05:56
AVWINLL.DLL : 1.0.0.12 15105 Bytes 08/07/2008 22:40:02
AVPREF.DLL : 8.0.2.0 38657 Bytes 15/05/2008 23:27:58
AVREP.DLL : 8.0.0.2 98344 Bytes 31/07/2008 02:02:15
AVREG.DLL : 8.0.0.1 33537 Bytes 09/05/2008 01:26:37
AVARKT.DLL : 1.0.0.23 307457 Bytes 11/02/2008 22:29:19
AVEVTLOG.DLL : 8.0.0.16 119041 Bytes 12/06/2008 02:27:46
SQLITE3.DLL : 3.3.17.1 339968 Bytes 22/01/2008 07:28:02
SMTPLIB.DLL : 1.2.0.23 28929 Bytes 12/06/2008 02:49:36
NETNT.DLL : 8.0.0.1 7937 Bytes 25/01/2008 02:05:07
RCIMAGE.DLL : 8.0.0.51 2371841 Bytes 03/07/2008 21:23:16
RCTEXT.DLL : 8.0.52.1 86273 Bytes 17/07/2008 00:08:43

Configuration pour la recherche actuelle :
Nom de la tâche..................: Lecteurs locaux
Fichier de configuration.........: c:\program files\avira\antivir personaledition classic\alldrives.avp
Documentation....................: bas
Action principale................: interactif
Action secondaire................: ignorer
Recherche sur les secteurs d'amorçage maître: marche
Recherche sur les secteurs d'amorçage: marche
Secteurs d'amorçage..............: C:, E:, A:, D:,
Recherche dans les programmes actifs: marche
Recherche en cours sur l'enregistrement: marche
Recherche de Rootkits............: arrêt
Fichier mode de recherche........: Sélection de fichiers intelligente
Recherche sur les archives.......: marche
Limiter la profondeur de récursivité: 20
Archive Smart Extensions.........: marche
Heuristique de macrovirus........: marche
Heuristique fichier..............: moyen

Début de la recherche : lundi 30 mars 2009 20:23

La recherche sur les processus démarrés commence :
Processus de recherche 'avscan.exe' - '1' module(s) sont contrôlés
Processus de recherche 'avcenter.exe' - '1' module(s) sont contrôlés
Processus de recherche 'DVDRegionFree.exe' - '1' module(s) sont contrôlés
Processus de recherche 'wuauclt.exe' - '1' module(s) sont contrôlés
Processus de recherche 'usnsvc.exe' - '1' module(s) sont contrôlés
Processus de recherche 'msnmsgr.exe' - '1' module(s) sont contrôlés
Processus de recherche 'ctfmon.exe' - '1' module(s) sont contrôlés
Processus de recherche 'SuperCopier2.exe' - '1' module(s) sont contrôlés
Processus de recherche 'SMax4.exe' - '1' module(s) sont contrôlés
Processus de recherche 'avgnt.exe' - '1' module(s) sont contrôlés
Processus de recherche 'qttask.exe' - '1' module(s) sont contrôlés
Processus de recherche 'SMSTray.exe' - '1' module(s) sont contrôlés
Processus de recherche 'smax4pnp.exe' - '1' module(s) sont contrôlés
Processus de recherche 'rundll32.exe' - '1' module(s) sont contrôlés
Processus de recherche 'explorer.exe' - '1' module(s) sont contrôlés
Processus de recherche 'alg.exe' - '1' module(s) sont contrôlés
Processus de recherche 'PnkBstrA.exe' - '1' module(s) sont contrôlés
Processus de recherche 'nvsvc32.exe' - '1' module(s) sont contrôlés
Processus de recherche 'avguard.exe' - '1' module(s) sont contrôlés
Processus de recherche 'sched.exe' - '1' module(s) sont contrôlés
Processus de recherche 'spoolsv.exe' - '1' module(s) sont contrôlés
Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés
Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés
Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés
Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés
Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés
Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés
Processus de recherche 'lsass.exe' - '1' module(s) sont contrôlés
Processus de recherche 'services.exe' - '1' module(s) sont contrôlés
Processus de recherche 'winlogon.exe' - '1' module(s) sont contrôlés
Processus de recherche 'csrss.exe' - '1' module(s) sont contrôlés
Processus de recherche 'smss.exe' - '1' module(s) sont contrôlés
'32' processus ont été contrôlés avec '32' modules

La recherche sur les secteurs d'amorçage maître commence :
Secteur d'amorçage maître HD0
[INFO] Aucun virus trouvé !

La recherche sur les secteurs d'amorçage commence :
Secteur d'amorçage 'C:\'
[INFO] Aucun virus trouvé !
Secteur d'amorçage 'E:\'
[INFO] Aucun virus trouvé !
Secteur d'amorçage 'A:\'
[INFO] Aucun support de données inséré dans le lecteur 'A:\' !

La recherche sur les renvois aux fichiers exécutables (registre) commence.
Le registre a été contrôlé ( '50' fichiers).


La recherche sur les fichiers sélectionnés commence :

Recherche débutant dans 'C:\'
C:\pagefile.sys
[AVERTISSEMENT] Impossible d'ouvrir le fichier !
Recherche débutant dans 'E:\'
Recherche débutant dans 'A:\'
Impossible d'ouvrir le chemin à contrôler A:\ !
Erreur système [21]: Le périphérique n'est pas prêt.
Recherche débutant dans 'D:\'
Impossible d'ouvrir le chemin à contrôler D:\ !
Erreur système [21]: Le périphérique n'est pas prêt.


Fin de la recherche : lundi 30 mars 2009 20:40
Temps nécessaire: 17:12 Minute(s)

La recherche a été effectuée intégralement

3319 Les répertoires ont été contrôlés
106707 Des fichiers ont été contrôlés
0 Des virus ou programmes indésirables ont été trouvés
0 Des fichiers ont été classés comme suspects
0 Des fichiers ont été supprimés
0 Des virus ou programmes indésirables ont été réparés
0 Les fichiers ont été déplacés dans la quarantaine
0 Les fichiers ont été renommés
1 Impossible de contrôler des fichiers
106706 Fichiers non infectés
1092 Les archives ont été contrôlées
1 Avertissements
0 Consignes
Ajouter un commentaire
Réponse
+0
moins plus
euh pour le cd de réparation de windows non je ne l'ai pas
Ajouter un commentaire
Réponse
+0
moins plus
ok fais un scan complet en mode sans echec sans prise en charge réseau avec Malwarebytes stp
Ajouter un commentaire
Réponse
+0
moins plus
qu'est ce que tu ve dire par sans prise en charge de malwarebyte?
Ajouter un commentaire
Réponse
+0
moins plus
Comment aller en Mode sans échec
1) Redémarres ton ordi
2) Tapote la touche F8 immédiatement, (F5 sur certains PC) juste après le "Bip"
3) Tu verras un écran avec options de démarrage apparaître
4) Choisis la première option : Sans Échec, et valide avec "Entrée"
5) Choisis ton compte habituel, et non Administrateur (si besoin ... )
(attention : pas de connexion possible en mode sans échec , donc copies ou imprimes bien la manipe pour éviter les erreurs ...)
appel masqué- 8 avril 2009 à 02:25
salut en faite tu voulait que je fasse un scan avc malwarebyte en mode sans échec
Répondre
Ajouter un commentaire
Réponse
+0
moins plus
salut oui sans prise en charge réseau
Ajouter un commentaire
Réponse
+0
moins plus
Malwarebytes' Anti-Malware 1.34
Version de la base de données: 1828
Windows 5.1.2600 Service Pack 2

09/04/2009 07:28:20
mbam-log-2009-04-09 (07-28-20).txt

Type de recherche: Examen complet (C:\|E:\|)
Eléments examinés: 105505
Temps écoulé: 13 minute(s), 37 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 0

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
(Aucun élément nuisible détecté)
Ajouter un commentaire
Réponse
+0
moins plus
Malwarebytes' Anti-Malware 1.34 => 1.35
Version de la base de données: 1828 => 194x

salut mets le a jour et recommence stp
appel masqué- 18 avril 2009 à 01:07
Malwarebytes' Anti-Malware 1.36
Version de la base de données: 1992
Windows 5.1.2600 Service Pack 2

18/04/2009 09:57:50
mbam-log-2009-04-18 (09-57-50).txt

Type de recherche: Examen complet (C:\|E:\|)
Eléments examinés: 115705
Temps écoulé: 15 minute(s), 8 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 1
Fichier(s) infecté(s): 1

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
C:\RESTORE\k-1-3542-4232123213-7676767-8888886 (Trojan.Agent) -> Quarantined and deleted successfully.

Fichier(s) infecté(s):
C:\RESTORE\k-1-3542-4232123213-7676767-8888886\Desktop.ini (Trojan.Agent) -> Quarantined and deleted successfully.
Répondre
Ajouter un commentaire
Réponse
+0
moins plus
Salut

Télécharge Random's System Information Tool (RSIT) de random/random et enregistre l'exécutable sur ton Bureau.

! Déconnecte toi et ferme toutes tes applications en cours !

Double-clique sur " RSIT.exe " pour le lancer .

-> Une première fenêtre s'ouvre avec en titre : " Disclaimer of warranty " .

* Devant l'option "List files/folders created ..." , tu choisis : 2 months

* clique ensuite sur " Continue " pour lancer l'analyse ...


-> laisse faire le scan et ne touche pas au PC ...


Lorsque l'analyse sera terminée, deux fichiers texte s'ouvriront (probablement avec le bloc-note).

Poste le contenu de " log.txt " (c'est celui qui apparait à l'écran), ainsi que de " info.txt " (que tu verras dans la barre des tâches), pour analyse et attends la suite ...

Important : poste un rapport, puis l'autre dans la réponse suivante
Si tu essaies de poster les deux en même temps, cela risque d'être trop long pour le forum


( Note : les rapports seront en outre sauvegardés dans ce dossier -> C:\rsit )
appel masqué- 2 mai 2009 à 10:06
salut excuse pour le retard
Logfile of random's system information tool 1.06 (written by random/random)
Run by user at 2009-04-23 18:13:24
Microsoft Windows XP Édition familiale Service Pack 2
System drive C: has 13 GB (42%) free of 30 GB
Total RAM: 478 MB (50% free)

HijackThis download failed

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2006-01-12 63128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2009-01-26 1879896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Sign-in Helper - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2006-09-01 322368]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2006-01-24 7311360]
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2006-01-24 86016]
"SoundMAXPnP"=C:\Program Files\Analog Devices\Core\smax4pnp.exe [2005-05-20 925696]
"SMSTray"=C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe [2006-07-21 126976]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2007-02-16 282624]
"avgnt"=C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe [2008-06-12 266497]
"SoundMax"=C:\Program Files\Analog Devices\SoundMAX\smax4.exe [2005-09-08 716800]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"SuperCopier2.exe"=C:\Program Files\SuperCopier2\SuperCopier2.exe [2005-03-14 1057280]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2006-03-02 15360]
"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2009-01-26 2144088]
"ccleaner"=C:\Program Files\CCleaner\CCleaner.exe [2009-03-25 1488112]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
C:\WINDOWS\system32\ctfmon.exe [2006-03-02 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\High Definition Audio Property Page Shortcut]
C:\WINDOWS\system32\HDAShCut.exe [2004-10-28 61952]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
nwiz.exe /install []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\qttask.exe [2007-02-16 282624]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^DOCUME~1^ALLUSE~1^Menu Démarrer^Programmes^Démarrage^Lancement rapide d'Adobe Reader.lnk]
C:\PROGRA~1\Adobe\ACROBA~1.0\Reader\READER~1.EXE [2005-09-23 29696]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]
UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\system32\upnpui.dll [2006-03-02 240128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{93994DE8-8239-4655-B1D1-5F4E91300429}"=C:\PROGRA~1\DVDREG~1\DVDShell.dll [2004-10-10 49152]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\WINDOWS\system32\muzapp.exe"="C:\WINDOWS\system32\muzapp.exe:*:Enabled:MUZ AOD APP player"
"C:\Program Files\Internet Explorer\iexplore.exe"="C:\Program Files\Internet Explorer\iexplore.exe:*:Enabled:Internet Explorer"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

======List of files/folders created in the last 2 months======

2009-04-23 18:13:24 ----D---- C:\rsit
2009-04-18 14:46:10 ----D---- C:\Program Files\Spybot - Search & Destroy
2009-04-06 09:53:19 ----A---- C:\WINDOWS\system32\ptpusb.dll
2009-04-06 09:53:18 ----A---- C:\WINDOWS\system32\ptpusd.dll
2009-03-30 15:49:35 ----A---- C:\WINDOWS\system32\MRT.exe
2009-03-29 19:45:42 ----D---- C:\WINDOWS\system32\Kaspersky Lab
2009-03-25 07:32:39 ----D---- C:\WINDOWS\system32\CatRoot_bak
2009-03-24 20:07:28 ----D---- C:\WINDOWS\ie7updates
2009-03-24 13:38:16 ----D---- C:\WINDOWS\system32\PreInstall
2009-03-24 09:33:59 ----SHD---- C:\RECYCLER
2009-03-24 07:51:19 ----D---- C:\WINDOWS\system32\SoftwareDistribution
2009-03-23 13:00:16 ----D---- C:\WINDOWS\temp
2009-03-23 12:16:03 ----A---- C:\Boot.bak
2009-03-23 12:15:59 ----RASHD---- C:\cmdcons
2009-03-23 12:11:41 ----A---- C:\WINDOWS\zip.exe
2009-03-23 12:11:41 ----A---- C:\WINDOWS\VFIND.exe
2009-03-23 12:11:41 ----A---- C:\WINDOWS\SWXCACLS.exe
2009-03-23 12:11:41 ----A---- C:\WINDOWS\SWSC.exe
2009-03-23 12:11:41 ----A---- C:\WINDOWS\SWREG.exe
2009-03-23 12:11:41 ----A---- C:\WINDOWS\sed.exe
2009-03-23 12:11:41 ----A---- C:\WINDOWS\NIRCMD.exe
2009-03-23 12:11:41 ----A---- C:\WINDOWS\grep.exe
2009-03-23 12:11:41 ----A---- C:\WINDOWS\fdsv.exe
2009-03-23 12:09:51 ----D---- C:\WINDOWS\ERDNT
2009-03-23 12:09:49 ----AD---- C:\Qoobox
2009-03-22 10:38:37 ----A---- C:\WINDOWS\winstart.bat
2009-03-22 10:38:37 ----A---- C:\WINDOWS\tmpdelis.bat
2009-03-22 10:38:37 ----A---- C:\WINDOWS\tmpcpyis.bat
2009-03-22 10:37:45 ----A---- C:\WINDOWS\system32\SierraNW.dll
2009-03-22 10:37:44 ----D---- C:\WINDOWS\solcache
2009-03-22 10:37:44 ----A---- C:\WINDOWS\system32\SNWValid.dll
2009-03-22 10:36:04 ----A---- C:\WINDOWS\SIERRA.INI
2009-03-22 10:35:59 ----A---- C:\WINDOWS\IsUn040c.exe
2009-03-22 10:35:17 ----A---- C:\WINDOWS\wininit.ini
2009-03-21 14:41:38 ----D---- C:\WINDOWS\ERUNT
2009-03-21 08:39:36 ----D---- C:\Program Files\trend micro
2009-03-20 18:51:43 ----D---- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2009-03-20 18:51:33 ----D---- C:\Documents and Settings\user\Application Data\SUPERAntiSpyware.com
2009-03-18 18:27:12 ----D---- C:\Program Files\Avira
2009-03-18 18:27:12 ----D---- C:\Documents and Settings\All Users\Application Data\Avira
2009-03-18 17:41:01 ----D---- C:\Program Files\CCleaner
2009-03-13 17:18:47 ----D---- C:\Documents and Settings\user\Application Data\Cool Record Edit Pro
2009-03-13 17:15:44 ----D---- C:\Documents and Settings\user\Application Data\Free Sound Recorder
2009-03-13 17:15:15 ----A---- C:\WINDOWS\system32\NCTWMAFile2.dll
2009-03-13 17:15:15 ----A---- C:\WINDOWS\system32\NCTTextToAudio2.dll
2009-03-13 17:15:15 ----A---- C:\WINDOWS\system32\NCTAudioVisualization2.dll
2009-03-13 17:15:15 ----A---- C:\WINDOWS\system32\NCTAudioTransform2.dll
2009-03-13 17:15:14 ----A---- C:\WINDOWS\system32\NCTAudioRecord2.dll
2009-03-13 17:15:14 ----A---- C:\WINDOWS\system32\NCTAudioPlayer2.dll
2009-03-13 17:15:14 ----A---- C:\WINDOWS\system32\NCTAudioInformation2.dll
2009-03-13 17:15:14 ----A---- C:\WINDOWS\system32\NCTAudioFile2.dll
2009-03-13 17:15:14 ----A---- C:\WINDOWS\system32\NCTAudioEditor2.dll
2009-03-13 17:15:13 ----A---- C:\WINDOWS\system32\NCTAudioCDGrabber2.dll
2009-03-13 17:15:12 ----D---- C:\Program Files\Free Sound Recorder
2009-03-11 18:50:44 ----D---- C:\Documents and Settings\user\Application Data\Macromedia
2009-03-11 17:57:38 ----D---- C:\Program Files\File Scanner Library (Spybot - Search & Destroy)
2009-03-09 18:41:35 ----D---- C:\Documents and Settings\user\Application Data\Malwarebytes
2009-03-09 18:41:26 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2009-03-09 18:41:25 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-03-09 08:39:05 ----RSHD---- C:\RESTORE

======List of files/folders modified in the last 2 months======

2009-04-23 18:12:17 ----D---- C:\WINDOWS\Prefetch
2009-04-23 18:12:07 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2009-04-23 17:41:08 ----D---- C:\Program Files\Mozilla Firefox
2009-04-23 17:39:10 ----D---- C:\WINDOWS\system32\LogFiles
2009-04-23 17:39:09 ----D---- C:\WINDOWS
2009-04-23 06:07:44 ----N---- C:\WINDOWS\SchedLgU.Txt
2009-04-23 05:05:27 ----A---- C:\WINDOWS\DVDRegionFree.INI
2009-04-22 20:22:48 ----SHD---- C:\WINDOWS\Installer
2009-04-22 20:22:26 ----D---- C:\Documents and Settings
2009-04-19 18:49:30 ----A---- C:\WINDOWS\NeroDigital.ini
2009-04-18 16:31:12 ----D---- C:\WINDOWS\Debug
2009-04-18 14:46:10 ----D---- C:\Program Files
2009-04-18 13:38:56 ----D---- C:\Program Files\Fichiers communs\Wise Installation Wizard
2009-04-18 13:18:47 ----D---- C:\WINDOWS\system32\CatRoot2
2009-04-18 09:58:45 ----D---- C:\WINDOWS\system32\drivers
2009-04-18 08:46:50 ----D---- C:\WINDOWS\system32
2009-04-18 08:46:49 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-04-18 06:53:17 ----D---- C:\WINDOWS\system32\wbem
2009-04-18 00:06:33 ----HD---- C:\WINDOWS\inf
2009-04-18 00:06:28 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-04-18 00:06:25 ----D---- C:\WINDOWS\system32\fr-fr
2009-04-18 00:06:25 ----D---- C:\Program Files\Internet Explorer
2009-04-18 00:05:33 ----HD---- C:\WINDOWS\$hf_mig$
2009-04-17 20:01:53 ----D---- C:\WINDOWS\AppPatch
2009-03-29 19:45:42 ----SD---- C:\WINDOWS\Downloaded Program Files
2009-03-28 21:06:40 ----D---- C:\WINDOWS\system32\CatRoot
2009-03-24 20:55:08 ----D---- C:\Program Files\Messenger
2009-03-24 14:39:50 ----D---- C:\WINDOWS\WinSxS
2009-03-24 07:51:43 ----D---- C:\WINDOWS\SoftwareDistribution
2009-03-24 07:51:42 ----D---- C:\WINDOWS\Help
2009-03-23 13:00:17 ----D---- C:\Program Files\SuperCopier2
2009-03-23 12:58:49 ----A---- C:\WINDOWS\system.ini
2009-03-23 12:58:17 ----D---- C:\Program Files\Fichiers communs
2009-03-23 12:16:03 ----RASH---- C:\boot.ini
2009-03-22 01:20:10 ----A---- C:\WINDOWS\system32\kernel32.dll
2009-03-21 14:43:44 ----SD---- C:\WINDOWS\system32\Microsoft
2009-03-17 20:16:27 ----D---- C:\Program Files\Alwil Software
2009-03-16 12:09:06 ----D---- C:\Documents and Settings\user\Application Data\Mozilla
2009-03-11 18:53:06 ----D---- C:\WINDOWS\system32\Macromed
2009-03-11 18:50:40 ----D---- C:\Documents and Settings\user\Application Data\Adobe
2009-03-09 08:40:46 ----SD---- C:\Documents and Settings\user\Application Data\Microsoft
2009-03-07 01:46:15 ----A---- C:\WINDOWS\system32\pdh.dll
2009-03-05 21:05:33 ----A---- C:\WINDOWS\photoprn.ini
2009-03-03 11:13:06 ----A---- C:\WINDOWS\system32\wininet.dll
2009-03-01 00:19:53 ----A---- C:\WINDOWS\system32\PnkBstrB.exe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AmdK8;Pilote de processeur AMD; C:\WINDOWS\system32\DRIVERS\AmdK8.sys [2005-03-10 43008]
R1 AvgArCln;Avg Anti-Rootkit Clean Driver; C:\WINDOWS\System32\DRIVERS\AvgArCln.sys [2007-01-18 3968]
R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgio.sys []
R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2008-10-30 75072]
R1 sdcplh;sdcplh; C:\WINDOWS\System32\drivers\sdcplh.sys [2007-11-27 55168]
R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2007-11-08 21248]
R3 ADIHdAudAddService;ADI UAA Function Driver for High Definition Audio Service; C:\WINDOWS\system32\drivers\ADIHdAud.sys [2005-10-05 141312]
R3 AEAudioService;AEAudio Service; C:\WINDOWS\system32\drivers\AEAudio.sys [2005-03-04 127872]
R3 avgntflt;avgntflt; \??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgntflt.sys []
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2004-10-28 138240]
R3 MTsensor;ATK0110 ACPI UTILITY; C:\WINDOWS\system32\DRIVERS\ASACPI.sys [2004-08-13 5810]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2006-01-24 3535520]
R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\WINDOWS\system32\DRIVERS\NVENETFD.sys [2006-02-17 34176]
R3 nvnetbus;NVIDIA Network Bus Enumerator; C:\WINDOWS\system32\DRIVERS\nvnetbus.sys [2006-02-17 13056]
R3 SenFiltService;SenFilt Service; C:\WINDOWS\system32\drivers\Senfilt.sys [2005-08-11 393088]
R3 usbehci;Pilote miniport de contrôleur d'hôte amélioré Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2006-03-02 26624]
R3 usbhub;Concentrateur USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2006-03-02 57600]
R3 usbohci;Pilote miniport de contrôleur hôte ouvert USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2006-03-02 17024]
S3 4c05c5df-0abc-4914-89e2-6b1754281ed8;4c05c5df-0abc-4914-89e2-6b1754281ed8; \??\D:\Player\cds300.dll []
S3 5c846fe9-3f64-4e43-8221-36c5ecd8923f;5c846fe9-3f64-4e43-8221-36c5ecd8923f; \??\D:\Player\cds300.dll []
S3 a2d24089-d72e-4b9d-b420-a7f61ce1e4fe;a2d24089-d72e-4b9d-b420-a7f61ce1e4fe; \??\D:\Player\cds300.dll []
S3 HdAudAddService;Microsoft UAA Function Driver for High Definition Audio Service; C:\WINDOWS\system32\drivers\HdAudio.sys [2004-10-28 145920]
S3 hidusb;Pilote de classe HID Microsoft; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2006-03-02 9600]
S3 mouhid;Pilote HID de souris; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2006-03-02 12288]
S3 usbccgp;Pilote parent générique USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-03 31616]
S3 usbprint;Classe d'imprimantes USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-03 25856]
S3 usbscan;Pilote de scanneur USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
S3 USBSTOR;Pilote de stockage de masse USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
S4 mchInjDrv;mchInjDrv; \??\C:\DOCUME~1\user\LOCALS~1\Temp\mc21.tmp []
S4 WS2IFSL;Environnement de prise en charge de Fournisseur de services non-IFS Windows Sockets 2.0; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2006-03-02 12032]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AntiVirScheduler;Planificateur Avira AntiVir Personal - Free Antivirus; C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe [2008-10-15 68865]
R2 AntiVirService;Avira AntiVir Personal - Free Antivirus Guard; C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe [2008-10-15 151297]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2006-01-24 131139]
R2 PnkBstrA;PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [2008-12-06 66872]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2006-03-02 14336]
R3 usnjsvc;Service Messenger Sharing Folders USN Journal Reader; C:\Program Files\MSN Messenger\usnsvc.exe [2007-01-19 97136]
S2 DllSrv Service Controler;DllSrv Service Controler; C:\WINDOWS\system32\drivers\DllSrv.exe []
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240]
S3 iPod Service;Service de l'iPod; C:\Program Files\iPod\bin\iPodService.exe []
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 WMPNetworkSvc;Service Partage réseau du Lecteur Windows Media; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-24 918016]

-----------------EOF-----------------
Répondre
Ajouter un commentaire
Réponse
+0
moins plus
info.txt logfile of random's system information tool 1.06 2009-04-23 18:13:30

======Uninstall list======

-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 7.0.8 - Français-->MsiExec.exe /I{AC76BA86-7AD7-1036-7B44-A70800000002}
Athlon 64 Processor Driver-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C151CE54-E7EA-4804-854B-F515368B0798}\setup.exe" -l0x40c
Avira AntiVir Personal - Free Antivirus-->C:\Program Files\Avira\AntiVir PersonalEdition Classic\SETUP.EXE /REMOVE
Caesar 3-->C:\WINDOWS\IsUn040c.exe -fC:\SIERRA\Caesar3\Uninst.isu
CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe"
DVD Region+CSS Free 5.9.7.9-->"C:\Program Files\DVD Region+CSS Free\unins000.exe"
EAX4 Unified Redist-->MsiExec.exe /X{89661B04-C646-4412-B6D3-5E19F02F1F37}
Free Sound Recorder-->C:\PROGRA~1\FREESO~1\UNWISE.EXE C:\PROGRA~1\FREESO~1\INSTALL.LOG
Kaspersky Online Scanner-->C:\WINDOWS\system32\KASPER~1\KASPER~1\kavuninstall.exe
Lame ACM MP3 Codec-->"C:\WINDOWS\IFinst26.exe" -UC:\Program Files\Lame MP3 Codec\IFUE.inf
Lecteur Windows Media 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft .NET Framework 2.0-->C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.exe
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office Access MUI (French) 2007-->MsiExec.exe /X{90120000-0015-040C-0000-0000000FF1CE}
Microsoft Office Excel MUI (French) 2007-->MsiExec.exe /X{90120000-0016-040C-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (French) 2007-->MsiExec.exe /X{90120000-0044-040C-0000-0000000FF1CE}
Microsoft Office Outlook MUI (French) 2007-->MsiExec.exe /X{90120000-001A-040C-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (French) 2007-->MsiExec.exe /X{90120000-0018-040C-0000-0000000FF1CE}
Microsoft Office Professional Plus 2007-->"C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall PROPLUS /dll OSETUP.DLL
Microsoft Office Professional Plus 2007-->MsiExec.exe /X{90120000-0011-0000-0000-0000000FF1CE}
Microsoft Office Proof (Arabic) 2007-->MsiExec.exe /X{90120000-001F-0401-0000-0000000FF1CE}
Microsoft Office Proof (Dutch) 2007-->MsiExec.exe /X{90120000-001F-0413-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (German) 2007-->MsiExec.exe /X{90120000-001F-0407-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (French) 2007-->MsiExec.exe /X{90120000-002C-040C-0000-0000000FF1CE}
Microsoft Office Publisher MUI (French) 2007-->MsiExec.exe /X{90120000-0019-040C-0000-0000000FF1CE}
Microsoft Office Shared MUI (French) 2007-->MsiExec.exe /X{90120000-006E-040C-0000-0000000FF1CE}
Microsoft Office Word MUI (French) 2007-->MsiExec.exe /X{90120000-001B-040C-0000-0000000FF1CE}
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB938127-v2)-->"C:\WINDOWS\ie7updates\KB938127-v2-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB961260)-->"C:\WINDOWS\ie7updates\KB961260-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB963027)-->"C:\WINDOWS\ie7updates\KB963027-IE7\spuninst\spuninst.exe"
Mozilla Firefox (3.0.8)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSN-->C:\Program Files\MSN\MsnInstaller\msninst.exe /Action:ARP
Nero 6 Demo-->C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL
NVIDIA Drivers-->C:\WINDOWS\system32\nvudisp.exe UninstallGUI
PhotoFiltre-->"C:\Program Files\PhotoFiltre\Uninst.exe"
PhotoPrinter 2.0 LE-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\ArcSoft\PhotoPrinter LE\Uninst.isu"
PowerDVD-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\Setup.exe" -uninstall
QuickTime-->MsiExec.exe /I{5E863175-E85D-44A6-8968-82507D34AE7F}
Samsung Media Studio-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C20CE592-B0F8-4D20-BF31-0151CA6331A6}\Setup.exe" -l0x40c
SoundMAX-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F0A37341-D692-11D4-A984-009027EC0A9C}\Setup.exe" -l0x40c -removeonly
Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"
SuperCopier2-->"C:\Program Files\SuperCopier2\SC2Uninst.exe"
VideoLAN VLC media player 0.8.6a-->C:\Program Files\VideoLAN\VLC\uninstall.exe
Windows Internet Explorer 7-->"C:\WINDOWS\ie7\spuninst\spuninst.exe"
Windows Live Messenger-->MsiExec.exe /I{F6326B60-1B1D-4ABF-BFCD-7B7404F44411}
Windows Live Sign-in Assistant-->MsiExec.exe /I{49672EC2-171B-47B4-8CE7-50D7806360D7}
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
XviD MPEG-4 Video Codec-->"C:\Program Files\XviD\unins000.exe"

======Hosts File======

127.0.0.1 localhost
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com

======Security center information======

AV: Avira AntiVir PersonalEdition Classic (disabled) (outdated)

======System event log======

Computer Name: USER-3393F246B5
Event Code: 7035
Message: Un contrôle Démarrer a correctement été envoyé au service Gestion d'applications.

Record Number: 30080
Source Name: Service Control Manager
Time Written: 20090330165350.000000+660
Event Type: Informations
User: USER-3393F246B5\user

Computer Name: USER-3393F246B5
Event Code: 7023
Message: Le service Gestion d'applications s'est arrêté avec l'erreur :
Le module spécifié est introuvable.


Record Number: 30079
Source Name: Service Control Manager
Time Written: 20090330165349.000000+660
Event Type: erreur
User:

Computer Name: USER-3393F246B5
Event Code: 7036
Message: Le service Gestion d'applications est entré dans l'état : arrêté.

Record Number: 30078
Source Name: Service Control Manager
Time Written: 20090330165349.000000+660
Event Type: Informations
User:

Computer Name: USER-3393F246B5
Event Code: 7035
Message: Un contrôle Démarrer a correctement été envoyé au service Gestion d'applications.

Record Number: 30077
Source Name: Service Control Manager
Time Written: 20090330165349.000000+660
Event Type: Informations
User: USER-3393F246B5\user

Computer Name: USER-3393F246B5
Event Code: 7023
Message: Le service Gestion d'applications s'est arrêté avec l'erreur :
Le module spécifié est introuvable.


Record Number: 30076
Source Name: Service Control Manager
Time Written: 20090330165349.000000+660
Event Type: erreur
User:

=====Application event log=====

Computer Name: USER-3393F246B5
Event Code: 12001
Message: The Messenger Sharing USN Journal Reader service started successfully.

Record Number: 4529
Source Name: usnjsvc
Time Written: 20090323151248.000000+660
Event Type:
User:

Computer Name: USER-3393F246B5
Event Code: 1800
Message: Le service Centre de sécurité Windows a démarré.

Record Number: 4528
Source Name: SecurityCenter
Time Written: 20090323151140.000000+660
Event Type: Informations
User:

Computer Name: USER-3393F246B5
Event Code: 4096
Message: Le service AntiVir a bien démarré!

Record Number: 4527
Source Name: Avira AntiVir
Time Written: 20090323151139.000000+660
Event Type: Informations
User: AUTORITE NT\SYSTEM

Computer Name: USER-3393F246B5
Event Code: 102
Message: wuaueng.dll (2008) SUS20ClientDataStore: Le moteur de base de données a démarré une nouvelle instance (0).

Record Number: 4526
Source Name: ESENT
Time Written: 20090323151139.000000+660
Event Type: Informations
User:

Computer Name: USER-3393F246B5
Event Code: 100
Message: wuauclt (2008) Le moteur de base de données 5.01.2600.2180 est démarré.

Record Number: 4525
Source Name: ESENT
Time Written: 20090323151139.000000+660
Event Type: Informations
User:

=====Security event log=====

Computer Name: USER-3393F246B5
Event Code: 849
Message: Une application générait une erreur d'exception lorsque le Pare-feu Windows a démarré.



Origine de la stratégie : Stratégie locale

Profil utilisé : Standard

Nom : Windows Live Messenger 8.1 (Phone)

Chemin d'accès : C:\Program Files\MSN Messenger\livecall.exe

État : Activé

Étendue : Tous les sous-réseaux

Record Number: 2050
Source Name: Security
Time Written: 20090418171358.000000+660
Event Type: Succès de l'audit
User: AUTORITE NT\SYSTEM

Computer Name: USER-3393F246B5
Event Code: 849
Message: Une application générait une erreur d'exception lorsque le Pare-feu Windows a démarré.



Origine de la stratégie : Stratégie locale

Profil utilisé : Standard

Nom : Microsoft Office Outlook

Chemin d'accès : C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE

État : Activé

Étendue : Tous les sous-réseaux

Record Number: 2049
Source Name: Security
Time Written: 20090418171358.000000+660
Event Type: Succès de l'audit
User: AUTORITE NT\SYSTEM

Computer Name: USER-3393F246B5
Event Code: 849
Message: Une application générait une erreur d'exception lorsque le Pare-feu Windows a démarré.



Origine de la stratégie : Stratégie locale

Profil utilisé : Standard

Nom : Internet Explorer

Chemin d'accès : C:\Program Files\Internet Explorer\iexplore.exe

État : Activé

Étendue : Tous les sous-réseaux

Record Number: 2048
Source Name: Security
Time Written: 20090418171358.000000+660
Event Type: Succès de l'audit
User: AUTORITE NT\SYSTEM

Computer Name: USER-3393F246B5
Event Code: 848
Message: La stratégie suivante était active lorsque le Pare-feu Windows a démarré.



Stratégie de groupe appliquée : Oui

Profil utilisé : Standard

Interface : Toutes les interfaces

Mode d'opération : Activé

Services: 

Partage de fichiers et d'imprimantes : Désactivé

Bureau à distance : Désactivé

Infrastructure UPnP : Activé

Autoriser l'administration à distance : Désactivé

Autoriser les réponses monodiffusion vers le trafic multidiffusion/diffusion : Désactivé

Enregistrement dans le journal de sécurité :

Enregistrer les paquets ignorés dans le journal : Désactivé

Enregistrer les connexions réussies dans le journal :Désactivé

ICMP:

Autoriser les requêtes d'écho entrantes : Désactivé

Autorisez les requêtes de datage entrantes : Désactivé

Autoriser les requêtes de masque entrantes : Désactivé

Autoriser les requêtes de routeur entrantes : Désactivé

Autoriser la destination inaccessible sortante : Désactivé

Autoriser l'extinction de source sortante : Désactivé

Autoriser le problème de paramètre sortant : Désactivé

Autoriser le temps dépassé sortant : Désactivé

Autoriser la redirection : Désactivé

Autoriser les paquets sortants trop grands : Désactivé

Record Number: 2047
Source Name: Security
Time Written: 20090418171358.000000+660
Event Type: Succès de l'audit
User: AUTORITE NT\SYSTEM

Computer Name: USER-3393F246B5
Event Code: 576
Message: Privilèges spéciaux assignés à la nouvelle session :

Utilisateur : SERVICE LOCAL

Domaine : AUTORITE NT

Id. de la session : (0x0,0x3E5)

Privilèges : SeAuditPrivilege
SeAssignPrimaryTokenPrivilege
SeDebugPrivilege
SeChangeNotifyPrivilege

Record Number: 2046
Source Name: Security
Time Written: 20090418171357.000000+660
Event Type: Succès de l'audit
User: AUTORITE NT\SERVICE LOCAL

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%systemroot%\system32;%systemroot%;%systemroot%\system32\wbem;C:\Program Files\QuickTime\QTSystem;C:\Program Files\Fichiers communs\Ulead Systems\MPEG
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 79 Stepping 2, AuthenticAMD
"PROCESSOR_REVISION"=4f02
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"CLASSPATH"=.;C:\Program Files\QuickTime\QTSystem\QTJava.zip
"QTJAVA"=C:\Program Files\QuickTime\QTSystem\QTJava.zip

-----------------EOF-----------------
Ajouter un commentaire
Réponse
+0
moins plus
---> Désactive ton antivirus le temps de la manipulation car OTMoveIt3 est détecté comme une infection à tort.

---> Télécharge OTMoveIt3 (OldTimer) sur ton Bureau :

---> Double-clique sur OTMoveIt3.exe afin de le lancer.

---> Copie (Ctrl+C) le texte suivant ci-dessous :





:processes
explorer.exe

:services
4c05c5df-0abc-4914-89e2-6b1754281ed8
5c846fe9-3f64-4e43-8221-36c5ecd8923f
a2d24089-d72e-4b9d-b420-a7f61ce1e4fe
mchInjDrv

:files
C:\WINDOWS\winstart.bat
C:\WINDOWS\tmpdelis.bat
C:\WINDOWS\tmpcpyis.bat
C:\Qoobox
C:\RESTORE
C:\WINDOWS\photoprn.ini
C:\DOCUME~1\user\LOCALS~1\Temp\mc21.tmp

:reg
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"=-


:commands
[purity]
[emptytemp]
[start explorer]
[reboot]





---> Colle (Ctrl+V) le texte précédemment copié dans le cadre Paste Instructions for Items to be Moved.

---> Clique maintenant sur le bouton MoveIt! puis ferme OTMoveIt3.

Si un fichier ou dossier ne peut pas être supprimé immédiatement, le logiciel te demandera de redémarrer.
Accepte en cliquant sur YES.

---> Poste le rapport situé dans ce dossier : C:\_OTMoveIt\MovedFiles\
Le nom du rapport correspond au moment de sa création : date_heure.log
appel masqué- 6 mai 2009 à 06:59
========== PROCESSES ==========
Process explorer.exe killed successfully.
========== SERVICES/DRIVERS ==========

Service\Driver 4c05c5df-0abc-4914-89e2-6b1754281ed8 deleted successfully.

Service\Driver 5c846fe9-3f64-4e43-8221-36c5ecd8923f deleted successfully.

Service\Driver a2d24089-d72e-4b9d-b420-a7f61ce1e4fe deleted successfully.
Service\Driver mchInjDrv not found.
Service\Driver key mchInjDrv deleted successfully.
========== FILES ==========
C:\WINDOWS\winstart.bat moved successfully.
C:\WINDOWS\tmpdelis.bat moved successfully.
C:\WINDOWS\tmpcpyis.bat moved successfully.
C:\Qoobox\Quarantine\Registry_backups moved successfully.
C:\Qoobox\Quarantine\F moved successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32 moved successfully.
C:\Qoobox\Quarantine\C\WINDOWS moved successfully.
C:\Qoobox\Quarantine\C moved successfully.
C:\Qoobox\Quarantine moved successfully.
C:\Qoobox\BackEnv moved successfully.
C:\Qoobox moved successfully.
C:\RESTORE moved successfully.
C:\WINDOWS\photoprn.ini moved successfully.
File/Folder C:\DOCUME~1\user\LOCALS~1\Temp\mc21.tmp not found.
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\QuickTime Task deleted successfully.
========== COMMANDS ==========
File delete failed. C:\DOCUME~1\user\LOCALS~1\Temp\BIT50.tmp scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\user\LOCALS~1\Temp\~DF35CE.tmp scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\user\LOCALS~1\Temp\~DF59F5.tmp scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\user\LOCALS~1\Temp\~DF5B2D.tmp scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\user\LOCALS~1\Temp\~DFDCE.tmp scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Internet Explorer cache folder emptied.
File delete failed. C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
User's Temporary Internet Files folder emptied.
Local Service Temp folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
Local Service Temporary Internet Files folder emptied.
Network Service Temp folder emptied.
Network Service Temporary Internet Files folder emptied.
Windows Temp folder emptied.
FireFox cache emptied.
Temp folders emptied.
Explorer started successfully

OTMoveIt3 by OldTimer - Version 1.0.11.0 log created on 05062009_154238

Files moved on Reboot...
C:\DOCUME~1\user\LOCALS~1\Temp\BIT50.tmp moved successfully.
File C:\DOCUME~1\user\LOCALS~1\Temp\~DF35CE.tmp not found!
File C:\DOCUME~1\user\LOCALS~1\Temp\~DF59F5.tmp not found!
File C:\DOCUME~1\user\LOCALS~1\Temp\~DF5B2D.tmp not found!
File C:\DOCUME~1\user\LOCALS~1\Temp\~DFDCE.tmp not found!
Répondre
Ajouter un commentaire
Réponse
+0
moins plus
bonjour :

Télécharge HostXpert sur ton Bureau :

---> Décompresse-le (Clic droit >> Extraire ici)

---> Double-clique sur HostsXpert pour le lancer

---> clique sur le bouton "Restore MS Hosts File" puis ferme le programme

PS : Avant de cliquer sur le bouton "Restore MS Hosts File", vérifie que le cadenas en haut à gauche est ouvert sinon tu vas avoir un message d'erreur.

s'il est fermé , clique dessus :)

ensuite redemarre puis relances rsit stp
Ajouter un commentaire
Réponse
+0
moins plus
Logfile of random's system information tool 1.06 (written by random/random)
Run by user at 2009-05-13 16:32:07
Microsoft Windows XP Édition familiale Service Pack 3
System drive C: has 12 GB (39%) free of 30 GB
Total RAM: 478 MB (27% free)

HijackThis download failed

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C}]
Dealio Toolbar - C:\Program Files\Dealio Toolbar\DealioToolbarIE.dll [2009-04-09 688128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2006-01-12 63128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2009-01-26 1879896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}]
Search Helper - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll [2009-01-14 92504]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Programme d'aide de l'Assistant de connexion Windows Live - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E15A8DC0-8516-42A1-81EA-DC94EC1ACF10}]
Windows Live Toolbar Helper - C:\Program Files\Windows Live\Toolbar\wltcore.dll [2009-02-06 1068904]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E312764E-7706-43F1-8DAB-FCDD2B1E416D}]
SearchSettings Class - C:\Program Files\Search Settings\kb128\SearchSettings.dll [2009-04-09 1091584]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - Dealio Toolbar - C:\Program Files\Dealio Toolbar\DealioToolbarIE.dll [2009-04-09 688128]
{21FA44EF-376D-4D53-9B0F-8A89D3229068} - &Windows Live Toolbar - C:\Program Files\Windows Live\Toolbar\wltcore.dll [2009-02-06 1068904]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2006-01-24 7311360]
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2006-01-24 86016]
"SoundMAXPnP"=C:\Program Files\Analog Devices\Core\smax4pnp.exe [2005-05-20 925696]
"SMSTray"=C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe [2006-07-21 126976]
"avgnt"=C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe [2008-06-12 266497]
"SoundMax"=C:\Program Files\Analog Devices\SoundMAX\smax4.exe [2005-09-08 716800]
"SearchSettings"=C:\Program Files\Search Settings\SearchSettings.exe [2009-04-09 970240]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"SuperCopier2.exe"=C:\Program Files\SuperCopier2\SuperCopier2.exe [2005-03-14 1057280]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2009-01-26 2144088]
"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2008-04-14 1695232]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\High Definition Audio Property Page Shortcut]
C:\WINDOWS\system32\HDAShCut.exe [2004-10-28 61952]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
nwiz.exe /install []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\qttask.exe [2007-02-16 282624]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^DOCUME~1^ALLUSE~1^Menu Démarrer^Programmes^Démarrage^Lancement rapide d'Adobe Reader.lnk]
C:\PROGRA~1\Adobe\ACROBA~1.0\Reader\READER~1.EXE [2005-09-23 29696]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]
UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\system32\upnpui.dll [2008-04-14 240128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{93994DE8-8239-4655-B1D1-5F4E91300429}"=C:\PROGRA~1\DVDREG~1\DVDShell.dll [2004-10-10 49152]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\WINDOWS\system32\muzapp.exe"="C:\WINDOWS\system32\muzapp.exe:*:Enabled:MUZ AOD APP player"
"C:\Program Files\Internet Explorer\iexplore.exe"="C:\Program Files\Internet Explorer\iexplore.exe:*:Enabled:Internet Explorer"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe"="C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe"="C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync"

======List of files/folders created in the last 2 months======

2009-05-13 16:32:07 ----D---- C:\rsit
2009-05-13 14:49:43 ----D---- C:\Program Files\Microsoft Silverlight
2009-05-13 14:49:31 ----D---- C:\Program Files\Microsoft Office Outlook Connector
2009-05-13 14:48:21 ----D---- C:\Program Files\Microsoft Sync Framework
2009-05-13 14:47:16 ----D---- C:\Program Files\Microsoft SQL Server Compact Edition
2009-05-13 14:45:55 ----D---- C:\Program Files\Microsoft
2009-05-13 14:45:37 ----D---- C:\Program Files\Windows Live SkyDrive
2009-05-13 14:45:12 ----D---- C:\Program Files\Windows Live
2009-05-13 14:36:04 ----D---- C:\Program Files\Fichiers communs\Windows Live
2009-05-08 20:30:48 ----D---- C:\Program Files\Paint.NET
2009-05-03 19:28:06 ----A---- C:\WINDOWS\system32\xmltok.dll
2009-05-03 19:28:06 ----A---- C:\WINDOWS\system32\xmlparse.dll
2009-05-03 19:28:06 ----A---- C:\WINDOWS\system32\xmlinst.exe
2009-05-03 19:28:06 ----A---- C:\WINDOWS\system32\VB5DB.DLL
2009-05-03 19:22:36 ----D---- C:\Program Files\Ubisoft
2009-05-03 09:25:56 ----D---- C:\WINDOWS\Prefetch
2009-05-03 09:19:09 ----D---- C:\WINDOWS\l2schemas
2009-05-03 09:19:08 ----D---- C:\WINDOWS\system32\fr
2009-05-03 09:19:07 ----D---- C:\WINDOWS\system32\bits
2009-05-03 09:15:41 ----D---- C:\WINDOWS\ServicePackFiles
2009-05-03 09:13:00 ----D---- C:\WINDOWS\network diagnostic
2009-05-03 09:09:34 ----HDC---- C:\WINDOWS\$NtServicePackUninstall$
2009-05-03 09:09:31 ----D---- C:\WINDOWS\EHome
2009-04-23 20:00:05 ----D---- C:\Documents and Settings\user\Application Data\Search Settings
2009-04-23 20:00:03 ----D---- C:\Documents and Settings\user\Application Data\Dealio
2009-04-23 19:37:47 ----D---- C:\Program Files\Search Settings
2009-04-23 19:37:31 ----D---- C:\Program Files\Dealio Toolbar
2009-04-23 19:36:59 ----A---- C:\WINDOWS\system32\TubeFinder.exe
2009-04-23 19:36:57 ----A---- C:\WINDOWS\system32\VB6STKIT.DLL
2009-04-23 19:36:57 ----A---- C:\WINDOWS\system32\VB6FR.DLL
2009-04-23 19:36:56 ----A---- C:\WINDOWS\system32\PCCLPFR.DLL
2009-04-23 19:36:55 ----A---- C:\WINDOWS\system32\MSCMCFR.DLL
2009-04-23 19:36:54 ----A---- C:\WINDOWS\system32\CMDLGFR.DLL
2009-04-23 19:36:53 ----D---- C:\Program Files\Free FLV Converter
2009-04-18 14:46:10 ----D---- C:\Program Files\Spybot - Search & Destroy
2009-04-06 09:53:19 ----A---- C:\WINDOWS\system32\ptpusb.dll
2009-04-06 09:53:18 ----A---- C:\WINDOWS\system32\ptpusd.dll
2009-03-30 15:49:35 ----A---- C:\WINDOWS\system32\MRT.exe
2009-03-29 19:45:42 ----D---- C:\WINDOWS\system32\Kaspersky Lab
2009-03-24 20:07:28 ----D---- C:\WINDOWS\ie7updates
2009-03-24 13:38:16 ----D---- C:\WINDOWS\system32\PreInstall
2009-03-24 09:33:59 ----SHD---- C:\RECYCLER
2009-03-24 07:51:19 ----D---- C:\WINDOWS\system32\SoftwareDistribution
2009-03-23 13:00:16 ----D---- C:\WINDOWS\temp
2009-03-23 12:16:03 ----A---- C:\Boot.bak
2009-03-23 12:15:59 ----RASHD---- C:\cmdcons
2009-03-23 12:11:41 ----A---- C:\WINDOWS\zip.exe
2009-03-23 12:11:41 ----A---- C:\WINDOWS\VFIND.exe
2009-03-23 12:11:41 ----A---- C:\WINDOWS\SWXCACLS.exe
2009-03-23 12:11:41 ----A---- C:\WINDOWS\SWSC.exe
2009-03-23 12:11:41 ----A---- C:\WINDOWS\SWREG.exe
2009-03-23 12:11:41 ----A---- C:\WINDOWS\sed.exe
2009-03-23 12:11:41 ----A---- C:\WINDOWS\NIRCMD.exe
2009-03-23 12:11:41 ----A---- C:\WINDOWS\grep.exe
2009-03-23 12:11:41 ----A---- C:\WINDOWS\fdsv.exe
2009-03-23 12:09:51 ----D---- C:\WINDOWS\ERDNT
2009-03-22 10:37:45 ----A---- C:\WINDOWS\system32\SierraNW.dll
2009-03-22 10:37:44 ----D---- C:\WINDOWS\solcache
2009-03-22 10:37:44 ----A---- C:\WINDOWS\system32\SNWValid.dll
2009-03-22 10:36:04 ----A---- C:\WINDOWS\SIERRA.INI
2009-03-22 10:35:59 ----A---- C:\WINDOWS\IsUn040c.exe
2009-03-22 10:35:17 ----A---- C:\WINDOWS\wininit.ini
2009-03-21 14:41:38 ----D---- C:\WINDOWS\ERUNT
2009-03-21 08:39:36 ----D---- C:\Program Files\trend micro
2009-03-20 18:51:43 ----D---- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2009-03-20 18:51:33 ----D---- C:\Documents and Settings\user\Application Data\SUPERAntiSpyware.com
2009-03-18 18:27:12 ----D---- C:\Program Files\Avira
2009-03-18 18:27:12 ----D---- C:\Documents and Settings\All Users\Application Data\Avira
2009-03-18 17:41:01 ----D---- C:\Program Files\CCleaner

======List of files/folders modified in the last 2 months======

2009-05-13 16:12:31 ----A---- C:\WINDOWS\DVDRegionFree.INI
2009-05-13 16:12:17 ----D---- C:\Program Files\Mozilla Firefox
2009-05-13 15:54:57 ----D---- C:\WINDOWS\system32
2009-05-13 15:54:57 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-05-13 15:53:04 ----D---- C:\WINDOWS
2009-05-13 15:49:22 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-05-13 14:51:22 ----RSD---- C:\WINDOWS\assembly
2009-05-13 14:50:23 ----D---- C:\WINDOWS\Microsoft.NET
2009-05-13 14:49:46 ----SHD---- C:\WINDOWS\Installer
2009-05-13 14:49:43 ----D---- C:\Program Files
2009-05-13 14:49:31 ----D---- C:\Program Files\Fichiers communs\System
2009-05-13 14:49:20 ----HD---- C:\WINDOWS\inf
2009-05-13 14:49:20 ----D---- C:\WINDOWS\system32\drivers
2009-05-13 14:49:10 ----DC---- C:\WINDOWS\system32\DRVSTORE
2009-05-13 14:48:21 ----D---- C:\WINDOWS\WinSxS
2009-05-13 14:48:13 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2009-05-13 14:47:34 ----D---- C:\WINDOWS\system32\CatRoot2
2009-05-13 14:47:31 ----D---- C:\WINDOWS\system32\DirectX
2009-05-13 14:45:43 ----D---- C:\Program Files\Fichiers communs\Microsoft Shared
2009-05-13 14:36:04 ----D---- C:\Program Files\Fichiers communs
2009-05-12 18:52:02 ----A---- C:\WINDOWS\NeroDigital.ini
2009-05-08 15:39:18 ----D---- C:\WINDOWS\system32\LogFiles
2009-05-05 16:03:33 ----D---- C:\WINDOWS\system32\wbem
2009-05-04 20:40:53 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-05-04 20:40:42 ----D---- C:\WINDOWS\system32\CatRoot
2009-05-04 14:42:26 ----HD---- C:\WINDOWS\$hf_mig$
2009-05-03 19:28:18 ----HD---- C:\Program Files\InstallShield Installation Information
2009-05-03 10:33:34 ----D---- C:\Program Files\Messenger
2009-05-03 09:31:13 ----D---- C:\WINDOWS\Debug
2009-05-03 09:25:32 ----D---- C:\WINDOWS\system32\Setup
2009-05-03 09:25:32 ----D---- C:\WINDOWS\AppPatch
2009-05-03 09:25:31 ----RSD---- C:\WINDOWS\Fonts
2009-05-03 09:23:09 ----D---- C:\WINDOWS\security
2009-05-03 09:19:27 ----D---- C:\WINDOWS\ime
2009-05-03 09:19:27 ----D---- C:\WINDOWS\Help
2009-05-03 09:19:10 ----D---- C:\WINDOWS\system32\usmt
2009-05-03 09:19:10 ----D---- C:\WINDOWS\system32\fr-fr
2009-05-03 09:19:07 ----D---- C:\WINDOWS\PeerNet
2009-05-03 09:19:07 ----D---- C:\Program Files\Movie Maker
2009-05-03 09:15:35 ----D---- C:\WINDOWS\system32\Restore
2009-05-03 09:15:34 ----D---- C:\WINDOWS\system32\npp
2009-05-03 09:15:33 ----D---- C:\WINDOWS\msagent
2009-05-03 09:15:32 ----D---- C:\WINDOWS\srchasst
2009-05-03 09:15:31 ----D---- C:\Program Files\NetMeeting
2009-05-03 09:15:30 ----D---- C:\WINDOWS\system32\Com
2009-05-03 09:15:25 ----D---- C:\Program Files\Windows Media Player
2009-05-03 09:15:24 ----D---- C:\Program Files\Windows NT
2009-05-03 09:15:24 ----D---- C:\Program Files\Outlook Express
2009-05-03 09:15:06 ----D---- C:\WINDOWS\system32\oobe
2009-05-03 09:15:04 ----D---- C:\WINDOWS\system
2009-05-03 09:11:45 ----D---- C:\WINDOWS\system32\ReinstallBackups
2009-05-02 10:38:20 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2009-04-22 20:22:26 ----D---- C:\Documents and Settings
2009-04-18 13:38:56 ----D---- C:\Program Files\Fichiers communs\Wise Installation Wizard
2009-04-18 00:06:25 ----D---- C:\Program Files\Internet Explorer
2009-04-18 00:03:35 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-03-29 19:45:42 ----SD---- C:\WINDOWS\Downloaded Program Files
2009-03-24 07:51:43 ----D---- C:\WINDOWS\SoftwareDistribution
2009-03-23 13:00:17 ----D---- C:\Program Files\SuperCopier2
2009-03-23 12:58:49 ----A---- C:\WINDOWS\system.ini
2009-03-23 12:16:03 ----RASH---- C:\boot.ini
2009-03-22 01:07:58 ----A---- C:\WINDOWS\system32\kernel32.dll
2009-03-21 14:43:44 ----SD---- C:\WINDOWS\system32\Microsoft
2009-03-17 20:16:27 ----D---- C:\Program Files\Alwil Software
2009-03-16 13:11:26 ----D---- C:\Documents and Settings\user\Application Data\Cool Record Edit Pro
2009-03-16 12:09:06 ----D---- C:\Documents and Settings\user\Application Data\Mozilla

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AmdK8;Pilote de processeur AMD; C:\WINDOWS\system32\DRIVERS\AmdK8.sys [2005-03-10 43008]
R1 AvgArCln;Avg Anti-Rootkit Clean Driver; C:\WINDOWS\System32\DRIVERS\AvgArCln.sys [2007-01-18 3968]
R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgio.sys []
R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2008-10-30 75072]
R1 sdcplh;sdcplh; C:\WINDOWS\System32\drivers\sdcplh.sys [2007-11-27 55168]
R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2007-11-08 21248]
R1 WS2IFSL;Environnement de prise en charge de Fournisseur de services non-IFS Windows Sockets 2.0; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2006-03-02 12032]
R2 fssfltr;FssFltr; C:\WINDOWS\system32\DRIVERS\fssfltr_tdi.sys [2009-02-06 55152]
R3 ADIHdAudAddService;ADI UAA Function Driver for High Definition Audio Service; C:\WINDOWS\system32\drivers\ADIHdAud.sys [2005-10-05 141312]
R3 AEAudioService;AEAudio Service; C:\WINDOWS\system32\drivers\AEAudio.sys [2005-03-04 127872]
R3 avgntflt;avgntflt; \??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgntflt.sys []
R3 HDAudBus;Pilote de bus Microsoft UAA pour High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-14 144384]
R3 MTsensor;ATK0110 ACPI UTILITY; C:\WINDOWS\system32\DRIVERS\ASACPI.sys [2004-08-13 5810]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2006-01-24 3535520]
R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\WINDOWS\system32\DRIVERS\NVENETFD.sys [2006-02-17 34176]
R3 nvnetbus;NVIDIA Network Bus Enumerator; C:\WINDOWS\system32\DRIVERS\nvnetbus.sys [2006-02-17 13056]
R3 SenFiltService;SenFilt Service; C:\WINDOWS\system32\drivers\Senfilt.sys [2005-08-11 393088]
R3 usbehci;Pilote miniport de contrôleur d'hôte amélioré Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-14 30208]
R3 usbhub;Concentrateur USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-14 59520]
R3 usbohci;Pilote miniport de contrôleur hôte ouvert USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-04-14 17152]
R3 USBSTOR;Pilote de stockage de masse USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
S3 HdAudAddService;Microsoft UAA Function Driver for High Definition Audio Service; C:\WINDOWS\system32\drivers\HdAudio.sys [2004-10-28 145920]
S3 hidusb;Pilote de classe HID Microsoft; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368]
S3 mouhid;Pilote HID de souris; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2006-03-02 12288]
S3 usbccgp;Pilote parent générique USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-14 32128]
S3 usbprint;Classe d'imprimantes USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-14 25856]
S3 usbscan;Pilote de scanneur USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-14 15104]
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
S4 mchInjDrv;mchInjDrv; \??\C:\DOCUME~1\user\LOCALS~1\Temp\mc24.tmp []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AntiVirScheduler;Planificateur Avira AntiVir Personal - Free Antivirus; C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe [2008-10-15 68865]
R2 AntiVirService;Avira AntiVir Personal - Free Antivirus Guard; C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe [2008-10-15 151297]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2006-01-24 131139]
R2 PnkBstrA;PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [2008-12-06 66872]
R2 SeaPort;SeaPort; C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2009-01-14 226656]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S2 DllSrv Service Controler;DllSrv Service Controler; C:\WINDOWS\system32\drivers\DllSrv.exe []
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240]
S3 fsssvc;Windows Live Contrôle parental; C:\Program Files\Windows Live\Family Safety\fsssvc.exe [2009-02-06 533360]
S3 iPod Service;Service de l'iPod; C:\Program Files\iPod\bin\iPodService.exe []
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 WMPNetworkSvc;Service Partage réseau du Lecteur Windows Media; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-24 918016]

-----------------EOF-----------------
Ajouter un commentaire
Réponse
+0
moins plus
faut pas faire n importe quoi tu t'es reinfecté

Télécharge TOOLBAR S&D ( de Eric_71/Team IDN ) sur ton bureau :


!! Déconnecte toi,desactive tes protections résidentes, et ferme toutes tes applications en cours le temps de la manip. !!

* Double-clique sur ToolBar SD.exe pour lancer l'outil et laisse toi guider ...

--> Tapes ( option " recherche " ) puis tape sur [Entrée].

Un rapport sera généré à la fin du processus : poste son contenu dans ta prochaine réponse

( le rapport est en outre sauvegardé ici -> C:\TB.txt )

Tutoriel
Ajouter un commentaire
Réponse
+0
moins plus
-----------\\ ToolBar S&D 1.2.8 XP/Vista

Microsoft Windows XP Édition familiale ( v5.1.2600 ) Service Pack 3
X86-based PC ( Uniprocessor Free : AMD Sempron(tm) Processor 3000+ )
BIOS : Phoenix - AwardBIOS v6.00PG
USER : user ( Administrator )
BOOT : Normal boot
Antivirus : Avira AntiVir PersonalEdition Classic 8.0.1.30 (Not Activated)
A:\ (USB)
C:\ (Local Disk) - NTFS - Total:29 Go (Free:11 Go)
D:\ (CD or DVD) - UDF - Total:3 Go (Free:0 Go)
E:\ (Local Disk) - NTFS - Total:45 Go (Free:38 Go)
F:\ (Local Disk) - NTFS - Total:149 Go (Free:146 Go)

"C:\ToolBar SD" ( MAJ : 21-12-2008|20:47 )
Option : [1] ( 13/05/2009|19:39 )

-----------\\ Recherche de Fichiers / Dossiers ...

C:\DOCUME~1\user\APPLIC~1\Dealio
C:\DOCUME~1\user\APPLIC~1\Dealio\res
C:\DOCUME~1\user\APPLIC~1\Dealio\temp
C:\DOCUME~1\user\APPLIC~1\Dealio\res\widgets.xml
C:\DOCUME~1\user\APPLIC~1\Dealio\temp\http___www_dealio_com_rss_coupons-deals_dotd_.xml
C:\DOCUME~1\USER2~1\APPLIC~1\Dealio
C:\DOCUME~1\USER2~1\APPLIC~1\Dealio\res
C:\DOCUME~1\USER2~1\APPLIC~1\Dealio\temp
C:\DOCUME~1\USER2~1\APPLIC~1\Dealio\res\widgets.xml
C:\DOCUME~1\USER2~1\APPLIC~1\Dealio\temp\http___www_dealio_com_rss_coupons-deals_dotd_.xml
C:\WINDOWS\Prefetch\SEARCHSETTINGS.EXE-253CB611.pf
C:\Program Files\Mozilla Firefox\extensions\search@searchsettings.com
C:\Program Files\Mozilla Firefox\extensions\search@searchsettings.com\CHROME\CONTENT\searchsettingsplugin.js
C:\Program Files\Mozilla Firefox\extensions\search@searchsettings.com\CHROME\CONTENT\searchsettingsplugin.xul
C:\Program Files\Mozilla Firefox\extensions\search@searchsettings.com\CHROME\LOCALE\EN-US\searchsettingsplugin.dtd
C:\Program Files\Mozilla Firefox\extensions\search@searchsettings.com\CHROME\LOCALE\EN-US\searchsettingsplugin.properties
C:\Program Files\Mozilla Firefox\extensions\search@searchsettings.com\COMPONENTS\SearchSettingsFF.dll
C:\DOCUME~1\user\APPLIC~1\Search Settings
C:\DOCUME~1\user\APPLIC~1\Search Settings\kb128
C:\DOCUME~1\user\APPLIC~1\Search Settings\kb128\temp
C:\DOCUME~1\user\APPLIC~1\Search Settings\kb128\temp\ws-14375.log
C:\DOCUME~1\user\APPLIC~1\Search Settings\kb128\temp\ws-14376.log
C:\DOCUME~1\user\APPLIC~1\Search Settings\kb128\temp\ws-14377.log
C:\DOCUME~1\USER2~1\APPLIC~1\Search Settings
C:\DOCUME~1\USER2~1\APPLIC~1\Search Settings\kb128
C:\DOCUME~1\USER2~1\APPLIC~1\Search Settings\kb128\temp
C:\DOCUME~1\USER2~1\APPLIC~1\Search Settings\kb128\temp\ws-14372.log
C:\DOCUME~1\USER2~1\APPLIC~1\Search Settings\kb128\temp\ws-14373.log
C:\DOCUME~1\USER2~1\APPLIC~1\Search Settings\kb128\temp\ws-14374.log
C:\DOCUME~1\USER2~1\APPLIC~1\Search Settings\kb128\temp\ws-14375.log
C:\Program Files\Search Settings
C:\Program Files\Search Settings\kb128
C:\Program Files\Search Settings\SearchSettings.exe
C:\Program Files\Search Settings\kb128\res
C:\Program Files\Search Settings\kb128\SearchSettings.dll
C:\Program Files\Search Settings\kb128\SearchSettingsRes409.dll
C:\Program Files\Search Settings\kb128\temp

-----------\\ Extensions

(user) - {635abd67-4fe9-1b23-4f01-e679fa7484c1} => ytoolbar


-----------\\ [..\Internet Explorer\Main]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Local Page"="C:\\WINDOWS\\system32\\blank.htm"
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"
"Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157"
"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"
"Search Bar"="http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm"


--------------------\\ Recherche d'autres infections


Aucune autre infection trouvée !


1 - "C:\ToolBar SD\TB_1.txt" - 13/05/2009|19:40 - Option : [1]

-----------\\ Fin du rapport a 19:40:48,37
Ajouter un commentaire
Réponse
+0
moins plus
désolé au faite je sais pas comment c'est arrivé
Ajouter un commentaire
Ce document intitulé «  rootkit  » issu de CommentCaMarche (www.commentcamarche.net) est mis à disposition sous les termes de la licence Creative Commons. Vous pouvez copier, modifier des copies de cette page, dans les conditions fixées par la licence, tant que cette note apparaît clairement.

Vous n'êtes pas encore membre ?

inscrivez-vous, c'est gratuit et ça prend moins d'une minute !

Les membres obtiennent plus de réponses que les utilisateurs anonymes.

Le fait d'être membre vous permet d'avoir un suivi détaillé de vos demandes.

Le fait d'être membre vous permet d'avoir des options supplémentaires.