Sujet Précédent Sujet Suivant

Un virus ce matin

Fermé
F117 Messages postés 144 Date d'inscription vendredi 9 mai 2008 Statut Membre Dernière intervention 6 juin 2019 - 27 mai 2009 à 17:19
Lyonnais92 Messages postés 25159 Date d'inscription vendredi 23 juin 2006 Statut Contributeur sécurité Dernière intervention 16 septembre 2016 - 17 juin 2009 à 08:23
Bonjour,
Petit surprise ce matin avec un virus encore une fois...
Cette fois mon Avg la détecter dans

File name: C:\Systeme Volume Information\_restore(...).dll
Threat name: Runtime packed fsg

J'ai en ma posession : AVG,spybot s&d,Malwaire byte, ijackthis.

Merci de m'aider a me débarasser de ce truc et de voir a d'éventuelle probleme avec les rapports que vous me demanderez sans doute ^^ A+

15 réponses

Réponse 1 / 15
Lyonnais92 Messages postés 25159 Date d'inscription vendredi 23 juin 2006 Statut Contributeur sécurité Dernière intervention 16 septembre 2016 1 536
27 mai 2009 à 18:34
Bonjour,

si seule la restauration système est infectée, ça sera simple.

Pour vérifier :

Télécharge OTL de OLDTimer ici :

http://www.geekstogo.com/forum/files/file/398-otl-oldtimers-list-it/

et enregistre le sur ton Bureau.

Double clic sur OTL.exe pour le lancer.

Coche les 2 cases Lop et Purity

Coche la case devant "scan all users"

Clic sur Run Scan.

A la fin du scan, le Bloc-Notes va s'ouvrir avec le rapport (OTL.txt).

Ce fichier est sur ton Bureau (en général C:\Documents and settings\le_nom_de_ta_session\OTL.txt)


Pour me le transmettre clique sur ce lien :

http://www.cijoint.fr/

Clique sur Parcourir et cherche le fichier ci-dessus.

Clique sur Ouvrir.

Clique sur "Cliquez ici pour déposer le fichier".

Un lien de cette forme :

http://www.cijoint.fr/cjlink.php?file=cj200905/cijSKAP5fU.txt

est ajouté dans la page.

Copie ce lien dans ta réponse.
0
Réponse 2 / 15
F117 Messages postés 144 Date d'inscription vendredi 9 mai 2008 Statut Membre Dernière intervention 6 juin 2019 2
30 mai 2009 à 00:17
*Je t'es fait q'un copy coller sa fera quand meme?*
Donc voila le Rapport :

OTL logfile created on: 2009-05-29 18:12:48 - Run 1
OTL by OldTimer - Version 2.1.1.0 Folder = D:\XK\Programe Dwl
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000C0C | Country: Canada | Language: FRC | Date Format: yyyy-MM-dd

2,00 Gb Total Physical Memory | 1,30 Gb Available Physical Memory | 65,28% Memory free
3,85 Gb Paging File | 3,24 Gb Available in Paging File | 84,32% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 29,29 Gb Total Space | 9,28 Gb Free Space | 31,67% Space Free | Partition Type: NTFS
Drive D: | 203,59 Gb Total Space | 145,47 Gb Free Space | 71,45% Space Free | Partition Type: NTFS
Drive E: | 7,74 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: LXKL007
Current User Name: lXKl
NOT logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Output = Standard
File Age = 30 Days
Company Name Whitelist: On

[color=orange]========== Processes (SafeList) ==========[/color]

PRC - [2008-04-13 19:34:04 | 01,037,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Explorer.EXE
PRC - [2008-01-28 12:55:10 | 01,413,120 | ---- | M] () -- C:\Program Files\ASUS\AI Suite\AiNap\AiNap.exe
PRC - [2008-05-16 14:39:00 | 16,862,720 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\RTHDCPL.EXE
PRC - [2009-05-16 09:56:49 | 01,947,928 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgtray.exe
PRC - [2004-03-05 00:14:44 | 01,587,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe
PRC - [2009-05-16 09:56:52 | 00,692,504 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgcsrvx.exe
PRC - [2007-01-19 13:55:02 | 05,674,352 | ---- | M] (Microsoft Corporation) -- C:\Program Files\MSN Messenger\msnmsgr.exe
PRC - [2007-10-10 01:29:14 | 01,250,816 | ---- | M] (Nullsoft) -- D:\XK\Winamp\Winamp.exe
PRC - [2009-02-28 00:54:41 | 00,636,072 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe
PRC - [2009-02-28 00:54:41 | 00,636,072 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe
PRC - [2009-05-29 18:11:59 | 00,501,760 | ---- | M] (OldTimer Tools) -- D:\XK\Programe Dwl\OTL-AV.exe

[color=orange]========== Win32 Services (SafeList) ==========[/color]


[color=orange]========== Driver Services (SafeList) ==========[/color]


[color=orange]========== Standard Registry (SafeList) ==========[/color]


[color=orange]========== Internet Explorer ==========[/color]

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = https://www.bing.com/?toHttps=1&redig=8F3F334EA60E4B1CB4D040DCFE393A89{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = https://www.bing.com/?toHttps=1&redig=8F3F334EA60E4B1CB4D040DCFE393A89{SUB_RFC1766}/srchasst/srchasst.htm






IE - HKU\S-1-5-21-1123561945-113007714-682003330-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKU\S-1-5-21-1123561945-113007714-682003330-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKU\S-1-5-21-1123561945-113007714-682003330-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
IE - HKU\S-1-5-21-1123561945-113007714-682003330-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/?gws_rd=ssl
IE - URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found
IE - HKU\S-1-5-21-1123561945-113007714-682003330-1004\S-1-5-21-1123561945-113007714-682003330-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



O1 HOSTS File: (304364 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 10482 more lines...
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - Reg Error: Key error. File not found
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx ()
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - Reg Error: Key error. File not found
O2 - BHO: (AVG Security Toolbar) - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\Program Files\AVG\AVG8\avgtoolbar.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\Program Files\AVG\AVG8\avgtoolbar.dll (AVG Technologies CZ, s.r.o.)
O3 - HKU\S-1-5-21-1123561945-113007714-682003330-1004\..\Toolbar\WebBrowser: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\Program Files\AVG\AVG8\avgtoolbar.dll (AVG Technologies CZ, s.r.o.)
O3 - HKU\S-1-5-21-1123561945-113007714-682003330-1004\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found
O4 - HKLM..\Run: [Ai Nap] "C:\Program Files\ASUS\AI Suite\AiNap\AiNap.exe" ()
O4 - HKLM..\Run: [Alcmtr] ALCMTR.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [ASUS Energy Saving] "C:\Program Files\ASUS\AI Suite\EnergySaving\PwSave.exe" ()
O4 - HKLM..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [Cpu Level Up help] C:\Program Files\ASUS\AI Suite\CpuLevelUpHelp.exe ()
O4 - HKLM..\Run: [CPU Power Monitor] "C:\Program Files\ASUS\AI Suite\AiGear3\CpuPowerMonitor.exe" ()
O4 - HKLM..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup (NVIDIA Corporation)
O4 - HKLM..\Run: [RTHDCPL] RTHDCPL.EXE (Realtek Semiconductor Corp.)
O4 - HKU\S-1-5-21-1123561945-113007714-682003330-1004..\Run: [MP4 Player] "C:\Program Files\MP4 Player\mp4Player.exe" hmw File not found
O4 - HKU\S-1-5-21-1123561945-113007714-682003330-1004..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (Microsoft Corporation)
O4 - HKU\S-1-5-21-1123561945-113007714-682003330-1004..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1123561945-113007714-682003330-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O12 - Plugin for: .spop - C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll (Intertrust Technologies, Inc.)
O15 - HKLM\..Trusted Domains: 49 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\.DEFAULT\..Trusted Domains: 48 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-18\..Trusted Domains: 48 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/... (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab (Java Plug-in 1.6.0_02)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\system32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O24 - Desktop Components:0 (Ma page d'accueil) - About:Home
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009-04-03 22:32:35 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2007-08-31 19:16:15 | 00,564,175 | R--- | M] () - E:\Autorun.dbd -- [ CDFS ]
O32 - AutoRun File - [2007-08-25 19:49:27 | 00,000,044 | R--- | M] () - E:\autorun.inf -- [ CDFS ]
O32 - AutoRun File - [2007-08-17 00:26:49 | 00,004,274 | R--- | M] () - E:\Autorun.txt -- [ CDFS ]
O33 - MountPoints2\{767457c7-2092-11de-b849-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{767457c7-2092-11de-b849-806d6172696f}\Shell\AutoRun\command - "" = E:\Launch.exe -- [2007-09-05 21:56:43 | 00,132,416 | R--- | M] (Macrovision Corporation)
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - * [2009-05-29 18:11:59 | 00,000,000 | ---D | M]

[color=orange]========== Files/Folders - Created Within 30 Days ==========[/color]

[2009-05-25 23:43:28 | 00,000,000 | ---D | C] -- C:\Documents and Settings\lXKl\Application Data\GRETECH
[2009-05-25 23:40:40 | 00,000,000 | ---D | C] -- C:\Program Files\FusionSoft DVD Player XP
[2009-05-25 23:35:16 | 00,000,000 | ---D | C] -- C:\Program Files\GRETECH
[2009-05-24 00:46:03 | 00,060,273 | ---- | C] (Open Source Software community project) -- C:\WINDOWS\System32\pthreadGC2.dll
[2009-05-24 00:46:03 | 00,007,680 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2009-05-24 00:46:03 | 00,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2009-05-24 00:46:02 | 00,000,000 | ---D | C] -- C:\Program Files\ffdshow
[2009-05-24 00:34:59 | 00,000,000 | ---D | C] -- C:\Documents and Settings\lXKl\Application Data\Media Player Classic
[2009-05-19 20:12:00 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files
[2009-05-19 20:01:17 | 00,000,654 | ---- | C] () -- C:\Documents and Settings\lXKl\Bureau\Raccourci vers L2.lnk
[2009-05-19 19:19:08 | 00,005,174 | R--- | C] () -- C:\WINDOWS\System32\nppt9x.vxd
[2009-05-19 19:19:08 | 00,004,682 | R--- | C] (INCA Internet Co., Ltd.) -- C:\WINDOWS\System32\npptNT2.sys
[2009-05-14 07:05:14 | 00,000,000 | -H-D | C] -- C:\$AVG8.VAULT$
[2009-05-14 00:34:37 | 00,000,000 | ---D | C] -- C:\Documents and Settings\lXKl\Application Data\AVGTOOLBAR
[2009-05-14 00:24:30 | 00,011,952 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
[2009-05-14 00:24:30 | 00,001,507 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\AVG Free 8.5.lnk
[2009-05-14 00:24:29 | 00,108,552 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
[2009-05-14 00:24:26 | 00,325,896 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
[2009-05-14 00:24:25 | 00,027,784 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
[2009-05-14 00:24:21 | 36,528,201 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2009-05-14 00:24:21 | 06,061,540 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\avi7.avg
[2009-05-14 00:24:21 | 00,434,673 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\miniavi.avg
[2009-05-14 00:24:21 | 00,062,955 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\microavi.avg
[2009-05-14 00:24:21 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\Avg
[2009-05-14 00:24:10 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\avg8
[2009-05-14 00:21:45 | 00,000,268 | -H-- | C] () -- C:\sqmdata12.sqm
[2009-05-14 00:21:45 | 00,000,244 | -H-- | C] () -- C:\sqmnoopt12.sqm
[2009-05-14 00:09:41 | 00,000,268 | -H-- | C] () -- C:\sqmdata11.sqm
[2009-05-14 00:09:41 | 00,000,244 | -H-- | C] () -- C:\sqmnoopt11.sqm
[2009-05-14 00:08:39 | 00,000,304 | -H-- | C] () -- C:\sqmdata10.sqm
[2009-05-14 00:08:39 | 00,000,244 | -H-- | C] () -- C:\sqmnoopt10.sqm
[2009-05-13 23:50:17 | 00,000,268 | -H-- | C] () -- C:\sqmdata09.sqm
[2009-05-13 23:50:17 | 00,000,244 | -H-- | C] () -- C:\sqmnoopt09.sqm
[2009-05-13 23:29:29 | 00,000,268 | -H-- | C] () -- C:\sqmdata08.sqm
[2009-05-13 23:29:29 | 00,000,244 | -H-- | C] () -- C:\sqmnoopt08.sqm
[2009-04-30 21:07:37 | 00,000,000 | ---D | C] -- C:\Documents and Settings\lXKl\Application Data\Ventrilo
[2009-04-30 21:06:41 | 00,000,630 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\Ventrilo.lnk
[2009-04-30 21:06:41 | 00,000,000 | ---D | C] -- C:\Program Files\Ventrilo
[2009-04-30 21:06:27 | 00,000,000 | ---D | C] -- C:\Program Files\Fichiers communs\Wise Installation Wizard
[2009-04-22 11:54:25 | 00,024,576 | ---- | C] () -- C:\WINDOWS\System32\AsIO.dll
[2009-04-22 11:54:25 | 00,012,400 | ---- | C] () -- C:\WINDOWS\System32\drivers\AsIO.sys
[2009-04-22 11:54:24 | 00,011,832 | ---- | C] () -- C:\WINDOWS\System32\drivers\AsInsHelp64.sys
[2009-04-22 11:54:24 | 00,010,216 | ---- | C] () -- C:\WINDOWS\System32\drivers\AsInsHelp32.sys
[2009-04-13 01:53:01 | 00,000,379 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2009-04-12 16:31:10 | 00,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2009-04-08 16:56:16 | 00,000,024 | ---- | C] () -- C:\WINDOWS\winamp.ini
[2009-04-04 00:08:18 | 00,014,714 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini
[2009-04-03 23:18:36 | 00,000,100 | ---- | C] () -- C:\WINDOWS\VSWizard.ini
[2009-04-03 22:57:33 | 00,015,020 | ---- | C] () -- C:\WINDOWS\Ascd_log.ini
[2009-04-03 22:56:04 | 00,005,810 | R--- | C] () -- C:\WINDOWS\System32\drivers\ASACPI.sys
[2009-04-03 22:55:46 | 00,010,288 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS
[2007-11-06 05:30:00 | 01,703,936 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2007-11-06 05:30:00 | 01,474,560 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2007-11-06 05:30:00 | 01,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2007-11-06 05:30:00 | 00,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2007-11-06 05:30:00 | 00,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2001-08-28 08:00:00 | 00,000,573 | ---- | C] () -- C:\WINDOWS\win.ini
[2001-08-28 08:00:00 | 00,000,250 | ---- | C] () -- C:\WINDOWS\system.ini
[1999-01-22 15:46:58 | 00,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL

[color=orange]========== Files - Modified Within 30 Days ==========[/color]

[2 C:\WINDOWS\System32\*.tmp files]
[4 C:\WINDOWS\*.tmp files]
[2009-05-29 13:49:35 | 00,000,567 | ---- | M] () -- C:\Documents and Settings\lXKl\Mes documents\Mes dossiers de partage.lnk
[2009-05-29 09:39:21 | 36,528,201 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2009-05-29 09:39:21 | 00,062,955 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\microavi.avg
[2009-05-26 09:19:46 | 00,000,062 | -HS- | M] () -- C:\Documents and Settings\lXKl\Local Settings\desktop.ini
[2009-05-25 23:44:56 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009-05-25 23:42:20 | 00,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2009-05-23 19:53:40 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009-05-23 19:53:36 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009-05-19 20:01:17 | 00,000,654 | ---- | M] () -- C:\Documents and Settings\lXKl\Bureau\Raccourci vers L2.lnk
[2009-05-19 19:58:07 | 00,304,364 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2009-05-17 03:17:05 | 00,002,237 | ---- | M] () -- C:\Documents and Settings\lXKl\Bureau\Windows Live Messenger.lnk
[2009-05-16 09:56:52 | 00,325,896 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
[2009-05-16 09:56:52 | 00,027,784 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
[2009-05-16 09:56:52 | 00,011,952 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
[2009-05-16 09:56:48 | 00,108,552 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
[2009-05-14 11:38:23 | 00,434,673 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\miniavi.avg
[2009-05-14 00:34:18 | 00,501,190 | ---- | M] () -- C:\WINDOWS\System32\perfh00C.dat
[2009-05-14 00:34:18 | 00,432,800 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009-05-14 00:34:18 | 00,080,860 | ---- | M] () -- C:\WINDOWS\System32\perfc00C.dat
[2009-05-14 00:34:18 | 00,067,564 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009-05-14 00:24:30 | 00,001,507 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\AVG Free 8.5.lnk
[2009-05-14 00:24:21 | 06,061,540 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\avi7.avg
[2009-05-14 00:21:45 | 00,000,268 | -H-- | M] () -- C:\sqmdata12.sqm
[2009-05-14 00:21:45 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt12.sqm
[2009-05-14 00:09:41 | 00,000,268 | -H-- | M] () -- C:\sqmdata11.sqm
[2009-05-14 00:09:41 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt11.sqm
[2009-05-14 00:08:39 | 00,000,304 | -H-- | M] () -- C:\sqmdata10.sqm
[2009-05-14 00:08:39 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt10.sqm
[2009-05-13 23:50:17 | 00,000,268 | -H-- | M] () -- C:\sqmdata09.sqm
[2009-05-13 23:50:17 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt09.sqm
[2009-05-13 23:29:29 | 00,000,268 | -H-- | M] () -- C:\sqmdata08.sqm
[2009-05-13 23:29:29 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt08.sqm
[2009-05-07 03:16:29 | 24,699,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe
[2009-04-30 21:06:41 | 00,000,630 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\Ventrilo.lnk

[color=orange]========== LOP Check ==========[/color]

[2009-05-26 09:17:37 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\All Users\Application Data
[2009-04-03 23:14:05 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Adobe
[2009-05-14 00:24:10 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg8
[2009-04-11 16:13:49 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009-04-04 13:52:47 | 00,000,000 | --SD | M] -- C:\Documents and Settings\All Users\Application Data\Microsoft
[2009-04-12 17:11:21 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
[2009-04-04 11:27:44 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2009-04-07 23:57:04 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
[2009-04-04 11:13:27 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Windows Messenger_5.0.0482
[2009-04-25 06:10:27 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Yahoo!
[2009-04-03 17:15:26 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\Default User\Application Data
[2009-04-03 22:32:33 | 00,000,000 | --SD | M] -- C:\Documents and Settings\Default User\Application Data\Microsoft
[2009-05-25 23:43:28 | 00,000,000 | -H-D | M] -- C:\Documents and Settings\lXKl\Application Data
[2009-04-04 13:15:58 | 00,000,000 | ---D | M] -- C:\Documents and Settings\lXKl\Application Data\Adobe
[2009-05-14 00:35:13 | 00,000,000 | ---D | M] -- C:\Documents and Settings\lXKl\Application Data\AVGTOOLBAR
[2009-05-25 23:43:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\lXKl\Application Data\GRETECH
[2009-04-04 12:22:04 | 00,000,000 | ---D | M] -- C:\Documents and Settings\lXKl\Application Data\Identities
[2009-04-12 01:45:17 | 00,000,000 | ---D | M] -- C:\Documents and Settings\lXKl\Application Data\LimeWire
[2009-04-04 13:15:58 | 00,000,000 | ---D | M] -- C:\Documents and Settings\lXKl\Application Data\Macromedia
[2009-05-24 00:35:02 | 00,000,000 | ---D | M] -- C:\Documents and Settings\lXKl\Application Data\Media Player Classic
[2009-05-14 00:23:22 | 00,000,000 | --SD | M] -- C:\Documents and Settings\lXKl\Application Data\Microsoft
[2009-05-08 21:31:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\lXKl\Application Data\mIRC
[2009-04-22 15:50:22 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\lXKl\Application Data\SecuROM
[2009-04-20 18:55:05 | 00,000,000 | ---D | M] -- C:\Documents and Settings\lXKl\Application Data\Sun
[2009-04-30 21:08:56 | 00,000,000 | ---D | M] -- C:\Documents and Settings\lXKl\Application Data\Ventrilo
[2009-04-05 01:08:04 | 00,000,000 | ---D | M] -- C:\Documents and Settings\lXKl\Application Data\Yahoo!
[2001-08-28 08:00:00 | 00,000,065 | RH-- | M] () -- C:\WINDOWS\Tasks\desktop.ini
[2009-05-23 19:53:40 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\Tasks\SA.DAT

[color=orange]========== Purity Check ==========[/color]

< End of report >
0
Réponse 3 / 15
Lyonnais92 Messages postés 25159 Date d'inscription vendredi 23 juin 2006 Statut Contributeur sécurité Dernière intervention 16 septembre 2016 1 536
30 mai 2009 à 00:56
Re,

Il semble que tes outils de sécurité ont fait leur boulot.

1) on purge la restauration système :


Ouvre ce lien :

http://service1.symantec.com/SUPPORT/INTER/tsgeninfointl.nsf/fr_docid/20020830101856924

dans un premier temps tu le suis pour désactiver la restauration système.

Tu fermes la fenêtre.

Dans un deuxième temps, tu le suis pour réactiver la restauration.

Ceci recréé automatiquement un point de restauration daté de l"heure de la réactivation.

2) ta version Acrobat Reader date de ..... (mieux vaut pas savoir) et constitue une faille de sécurité.

Désinstalle la version actuelle par le Panneau de configuration.

Rélécharge ici : http://www.commentcamarche.net/telecharger/telecharger 27 acrobat reader

et installe cette version.

3) un peu de nettoyage :

Double clic sur OTL.exe pour le lancer.


Copie la liste qui se trouve en gras ci-dessous,

et colle-la dans la zone sous Customs Scans/Fixes


:OTL
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - Reg Error: Key error. File not found
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - Reg Error: Key error. File not found
O3 - HKU\S-1-5-21-1123561945-113007714-682003330-1004\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab (Java Plug-in 1.6.0_02)

:commands
[emptytemp]


Clique sur RunFix pour lancer la suppression.


Poste le rapport.

==========



0
Réponse 4 / 15
F117 Messages postés 144 Date d'inscription vendredi 9 mai 2008 Statut Membre Dernière intervention 6 juin 2019 2
31 mai 2009 à 21:00
-Apres reboot-

========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7E853D72-626A-48EC-A868-BA8D5E23E045}\ not found.
Registry key HKEY_USERS\S-1-5-21-1123561945-113007714-682003330-1004\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}\ not found.
========== COMMANDS ==========
File delete failed. C:\Documents and Settings\Dom\Local Settings\Temp\Perflib_Perfdata_10b8.dat scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Dom\Local Settings\Temp\Perflib_Perfdata_1784.dat scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Dom\Local Settings\Temp\Perflib_Perfdata_3c4.dat scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Internet Explorer cache folder emptied.
Local Service Temp folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
Local Service Temporary Internet Files folder emptied.
Network Service Temp folder emptied.
File delete failed. C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
Network Service Temporary Internet Files folder emptied.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_138c.dat scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_684.dat scheduled to be deleted on reboot.
Windows Temp folder emptied.
Java cache emptied.
Temp folders emptied.

OTL by OldTimer - Version 2.1.1.0 log created on 05312009_145045

Files moved on Reboot...
File C:\Documents and Settings\Dom\Local Settings\Temp\Perflib_Perfdata_10b8.dat not found!
File C:\Documents and Settings\Dom\Local Settings\Temp\Perflib_Perfdata_1784.dat not found!
File C:\Documents and Settings\Dom\Local Settings\Temp\Perflib_Perfdata_3c4.dat not found!
C:\WINDOWS\temp\Perflib_Perfdata_138c.dat moved successfully.
File C:\WINDOWS\temp\Perflib_Perfdata_684.dat not found!

Registry entries deleted on Reboot...
**************************************************
**************************************************
**************************************************

-Apres Scan-

OTL logfile created on: 2009-05-31 14:57:36 - Run 2
OTL by OldTimer - Version 2.1.1.0 Folder = D:\XK\Programe Dwl
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000C0C | Country: Canada | Language: FRC | Date Format: yyyy-MM-dd

2,00 Gb Total Physical Memory | 1,33 Gb Available Physical Memory | 66,56% Memory free
3,85 Gb Paging File | 3,31 Gb Available in Paging File | 85,90% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 29,29 Gb Total Space | 11,27 Gb Free Space | 38,46% Space Free | Partition Type: NTFS
Drive D: | 203,59 Gb Total Space | 147,04 Gb Free Space | 72,22% Space Free | Partition Type: NTFS
Drive E: | 7,74 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: LXKL007
Current User Name: Dom
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Output = Standard
File Age = 30 Days
Company Name Whitelist: On

[color=orange]========== Processes (SafeList) ==========/color

PRC - [2008-04-13 19:34:04 | 01,037,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Explorer.EXE
PRC - [2009-05-16 09:56:45 | 00,298,776 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe
PRC - [2009-04-12 05:09:14 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2007-11-06 05:30:00 | 00,155,716 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe
PRC - [2009-05-19 08:24:24 | 00,486,680 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgrsx.exe
PRC - [2009-05-16 09:56:46 | 00,594,712 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgnsx.exe
PRC - [2009-02-06 06:10:02 | 00,227,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\wmiprvse.exe
PRC - [2009-02-06 06:10:02 | 00,227,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\wmiprvse.exe
PRC - [2008-04-13 19:34:16 | 00,070,656 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\notepad.exe
PRC - [2008-01-28 12:55:10 | 01,413,120 | ---- | M] () -- C:\Program Files\ASUS\AI Suite\AiNap\AiNap.exe
PRC - [2008-05-16 14:39:00 | 16,862,720 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\RTHDCPL.EXE
PRC - [2009-05-16 09:56:49 | 01,947,928 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgtray.exe
PRC - [2008-06-12 02:38:00 | 00,034,672 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
PRC - [2008-01-24 18:53:16 | 00,613,376 | ---- | M] () -- C:\Program Files\ASUS\AASP\1.00.59\aaCenter.exe
PRC - [2009-03-05 17:07:20 | 02,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2007-01-19 13:55:02 | 05,674,352 | ---- | M] (Microsoft Corporation) -- C:\Program Files\MSN Messenger\MsnMsgr.Exe
PRC - [2009-05-18 23:27:28 | 01,217,784 | ---- | M] (Valve Corporation) -- D:\XK\Valve\Steam.exe
PRC - [2009-03-18 18:50:30 | 04,363,504 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
PRC - [2009-02-28 00:54:41 | 00,636,072 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe
PRC - [2009-05-29 18:11:59 | 00,501,760 | ---- | M] (OldTimer Tools) -- D:\XK\Programe Dwl\OTL-AV.exe

[color=orange]========== Win32 Services (SafeList) ==========/color

SRV - [2008-07-25 11:16:40 | 00,034,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
SRV - [2009-05-16 09:56:45 | 00,298,776 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe -- (avg8wd [Auto | Running])
SRV - [2008-07-25 11:17:02 | 00,069,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
SRV - [2008-07-29 21:10:04 | 00,046,104 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Stopped])
SRV - [2008-04-13 19:33:40 | 00,038,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto | Running])
SRV - [2005-04-04 01:41:10 | 00,069,632 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped])
SRV - [2008-07-29 19:24:50 | 00,881,664 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc [Unknown | Stopped])
SRV - [2009-04-12 05:09:14 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService [Auto | Running])
SRV - [2008-07-29 19:16:38 | 00,132,096 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled | Stopped])
SRV - [2007-11-06 05:30:00 | 00,155,716 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe -- (NVSvc [Auto | Running])
SRV - [2007-01-19 13:54:14 | 00,097,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\MSN Messenger\usnsvc.exe -- (usnjsvc [On_Demand | Stopped])

[color=orange]========== Driver Services (SafeList) ==========/color

DRV - [2007-12-18 01:14:04 | 00,012,400 | ---- | M] () -- C:\WINDOWS\system32\drivers\AsIO.sys -- (AsIO [System | Running])
DRV - [2007-03-15 02:12:02 | 00,038,656 | R--- | M] (Attansic Technology corporation.) -- C:\WINDOWS\system32\DRIVERS\atl01_xp.sys -- (AtcL001 [On_Demand | Running])
DRV - [2009-05-16 09:56:52 | 00,325,896 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\Drivers\avgldx86.sys -- (AvgLdx86 [System | Running])
DRV - [2009-05-16 09:56:52 | 00,027,784 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\Drivers\avgmfx86.sys -- (AvgMfx86 [System | Running])
DRV - [2009-05-16 09:56:48 | 00,108,552 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\Drivers\avgtdix.sys -- (AvgTdiX [System | Running])
DRV - [2008-04-13 09:36:06 | 00,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) -- C:\WINDOWS\system32\DRIVERS\HDAudBus.sys -- (HDAudBus [On_Demand | Running])
DRV - [2008-05-20 17:53:00 | 04,800,000 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService [On_Demand | Running])
DRV - [2004-08-13 06:56:20 | 00,005,810 | R--- | M] () -- C:\WINDOWS\system32\DRIVERS\ASACPI.sys -- (MTsensor [On_Demand | Running])
DRV - [2009-05-19 20:11:48 | 00,023,217 | ---- | M] (INCA Internet Co., Ltd.) -- D:\XK\Jeux\line age 2\system\npkcrypt.sys -- (npkcrypt [On_Demand | Stopped])
DRV - [2007-11-06 05:30:00 | 07,429,088 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\DRIVERS\nv4_mini.sys -- (nv [On_Demand | Running])
DRV - [2001-08-28 08:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\system32\DRIVERS\ptilink.sys -- (Ptilink [On_Demand | Running])
DRV - [2001-08-28 08:00:00 | 00,005,888 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\Drivers\RootMdm.sys -- (ROOTMODEM [On_Demand | Running])
DRV - [2008-04-13 09:39:16 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\system32\DRIVERS\secdrv.sys -- (Secdrv [On_Demand | Stopped])

[color=orange]========== Standard Registry (SafeList) ==========/color


[color=orange]========== Internet Explorer ==========/color

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = https://www.bing.com/?toHttps=1&redig=8F3F334EA60E4B1CB4D040DCFE393A89{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = https://www.bing.com/?toHttps=1&redig=8F3F334EA60E4B1CB4D040DCFE393A89{SUB_RFC1766}/srchasst/srchasst.htm






IE - HKU\S-1-5-21-1123561945-113007714-682003330-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKU\S-1-5-21-1123561945-113007714-682003330-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKU\S-1-5-21-1123561945-113007714-682003330-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
IE - HKU\S-1-5-21-1123561945-113007714-682003330-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.google.ca/?gws_rd=ssl
IE - HKU\S-1-5-21-1123561945-113007714-682003330-1003\S-1-5-21-1123561945-113007714-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1



O1 HOSTS File: (304364 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 10482 more lines...
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (AVG Security Toolbar) - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\Program Files\AVG\AVG8\avgtoolbar.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\Program Files\AVG\AVG8\avgtoolbar.dll (AVG Technologies CZ, s.r.o.)
O3 - HKU\S-1-5-21-1123561945-113007714-682003330-1003\..\Toolbar\WebBrowser: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\Program Files\AVG\AVG8\avgtoolbar.dll (AVG Technologies CZ, s.r.o.)
O3 - HKU\S-1-5-21-1123561945-113007714-682003330-1003\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Ai Nap] "C:\Program Files\ASUS\AI Suite\AiNap\AiNap.exe" ()
O4 - HKLM..\Run: [Alcmtr] ALCMTR.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [ASUS Energy Saving] "C:\Program Files\ASUS\AI Suite\EnergySaving\PwSave.exe" ()
O4 - HKLM..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [Cpu Level Up help] C:\Program Files\ASUS\AI Suite\CpuLevelUpHelp.exe ()
O4 - HKLM..\Run: [CPU Power Monitor] "C:\Program Files\ASUS\AI Suite\AiGear3\CpuPowerMonitor.exe" ()
O4 - HKLM..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup (NVIDIA Corporation)
O4 - HKLM..\Run: [RTHDCPL] RTHDCPL.EXE (Realtek Semiconductor Corp.)
O4 - HKU\S-1-5-21-1123561945-113007714-682003330-1003..\Run: [DMSN] C:\Program Files\Dialflirt\dialmsn.exe File not found
O4 - HKU\S-1-5-21-1123561945-113007714-682003330-1003..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet (Yahoo! Inc.)
O4 - HKU\S-1-5-21-1123561945-113007714-682003330-1003..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background (Microsoft Corporation)
O4 - HKU\S-1-5-21-1123561945-113007714-682003330-1003..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKU\S-1-5-21-1123561945-113007714-682003330-1003..\Run: [Steam] "D:\XK\Valve\Steam.exe" -silent (Valve Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\Dom\Menu Démarrer\Programmes\Démarrage\PowerReg Scheduler.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1123561945-113007714-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O12 - Plugin for: .spop - C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll (Intertrust Technologies, Inc.)
O15 - HKLM\..Trusted Domains: 49 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\.DEFAULT\..Trusted Domains: 48 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-18\..Trusted Domains: 48 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-21-1123561945-113007714-682003330-1003\..Trusted Domains: 48 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/... (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\system32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O24 - Desktop Components:0 (Ma page d'accueil) - About:Home
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009-04-03 22:32:35 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2007-08-31 19:16:15 | 00,564,175 | R--- | M] () - E:\Autorun.dbd -- [ CDFS ]
O32 - AutoRun File - [2007-08-25 19:49:27 | 00,000,044 | R--- | M] () - E:\autorun.inf -- [ CDFS ]
O32 - AutoRun File - [2007-08-17 00:26:49 | 00,004,274 | R--- | M] () - E:\Autorun.txt -- [ CDFS ]
O33 - MountPoints2\{767457c7-2092-11de-b849-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{767457c7-2092-11de-b849-806d6172696f}\Shell\AutoRun\command - "" = E:\Launch.exe -- [2007-09-05 21:56:43 | 00,132,416 | R--- | M] (Macrovision Corporation)
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - * [2009-05-31 14:44:29 | 00,000,000 | ---D | M]

[color=orange]========== Files/Folders - Created Within 30 Days ==========/color

[2009-05-31 14:46:06 | 00,001,729 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\Adobe Reader 9.lnk
[2009-05-31 14:45:59 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Adobe
[2009-05-31 14:44:31 | 00,000,000 | -HSD | C] -- C:\Config.Msi
[2009-05-29 18:50:03 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Dom\Mes documents\GomPlayer
[2009-05-29 18:50:02 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Dom\Application Data\GRETECH
[2009-05-29 18:49:22 | 00,000,762 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\GOM Player.lnk
[2009-05-25 23:40:40 | 00,000,000 | ---D | C] -- C:\Program Files\FusionSoft DVD Player XP
[2009-05-25 23:35:16 | 00,000,000 | ---D | C] -- C:\Program Files\GRETECH
[2009-05-24 00:46:03 | 00,060,273 | ---- | C] (Open Source Software community project) -- C:\WINDOWS\System32\pthreadGC2.dll
[2009-05-24 00:46:03 | 00,007,680 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2009-05-24 00:46:03 | 00,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2009-05-24 00:46:02 | 00,000,000 | ---D | C] -- C:\Program Files\ffdshow
[2009-05-19 20:12:00 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files
[2009-05-19 20:04:56 | 00,000,654 | ---- | C] () -- C:\Documents and Settings\Dom\Bureau\Raccourci vers L2.exe.lnk
[2009-05-19 19:19:08 | 00,005,174 | R--- | C] () -- C:\WINDOWS\System32\nppt9x.vxd
[2009-05-19 19:19:08 | 00,004,682 | R--- | C] (INCA Internet Co., Ltd.) -- C:\WINDOWS\System32\npptNT2.sys
[2009-05-19 19:08:20 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Dom\Application Data\InstallShield
[2009-05-14 07:05:14 | 00,000,000 | -H-D | C] -- C:\$AVG8.VAULT$
[2009-05-14 00:24:30 | 00,011,952 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
[2009-05-14 00:24:30 | 00,001,507 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\AVG Free 8.5.lnk
[2009-05-14 00:24:29 | 00,108,552 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
[2009-05-14 00:24:26 | 00,325,896 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
[2009-05-14 00:24:25 | 00,027,784 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
[2009-05-14 00:24:21 | 36,616,598 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2009-05-14 00:24:21 | 06,061,540 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\avi7.avg
[2009-05-14 00:24:21 | 00,434,673 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\miniavi.avg
[2009-05-14 00:24:21 | 00,063,467 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\microavi.avg
[2009-05-14 00:24:21 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\Avg
[2009-05-14 00:24:21 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Dom\Application Data\AVGTOOLBAR
[2009-05-14 00:24:10 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\avg8
[2009-05-14 00:21:45 | 00,000,268 | -H-- | C] () -- C:\sqmdata12.sqm
[2009-05-14 00:21:45 | 00,000,244 | -H-- | C] () -- C:\sqmnoopt12.sqm
[2009-05-14 00:09:41 | 00,000,268 | -H-- | C] () -- C:\sqmdata11.sqm
[2009-05-14 00:09:41 | 00,000,244 | -H-- | C] () -- C:\sqmnoopt11.sqm
[2009-05-14 00:08:39 | 00,000,304 | -H-- | C] () -- C:\sqmdata10.sqm
[2009-05-14 00:08:39 | 00,000,244 | -H-- | C] () -- C:\sqmnoopt10.sqm
[2009-05-13 23:50:17 | 00,000,268 | -H-- | C] () -- C:\sqmdata09.sqm
[2009-05-13 23:50:17 | 00,000,244 | -H-- | C] () -- C:\sqmnoopt09.sqm
[2009-05-13 23:29:29 | 00,000,268 | -H-- | C] () -- C:\sqmdata08.sqm
[2009-05-13 23:29:29 | 00,000,244 | -H-- | C] () -- C:\sqmnoopt08.sqm
[2009-04-22 11:54:25 | 00,024,576 | ---- | C] () -- C:\WINDOWS\System32\AsIO.dll
[2009-04-22 11:54:25 | 00,012,400 | ---- | C] () -- C:\WINDOWS\System32\drivers\AsIO.sys
[2009-04-22 11:54:24 | 00,011,832 | ---- | C] () -- C:\WINDOWS\System32\drivers\AsInsHelp64.sys
[2009-04-22 11:54:24 | 00,010,216 | ---- | C] () -- C:\WINDOWS\System32\drivers\AsInsHelp32.sys
[2009-04-13 01:53:01 | 00,000,379 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2009-04-12 16:31:10 | 00,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2009-04-08 16:56:16 | 00,000,024 | ---- | C] () -- C:\WINDOWS\winamp.ini
[2009-04-04 00:08:18 | 00,014,714 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini
[2009-04-03 23:18:36 | 00,000,100 | ---- | C] () -- C:\WINDOWS\VSWizard.ini
[2009-04-03 22:57:33 | 00,015,020 | ---- | C] () -- C:\WINDOWS\Ascd_log.ini
[2009-04-03 22:56:04 | 00,005,810 | R--- | C] () -- C:\WINDOWS\System32\drivers\ASACPI.sys
[2009-04-03 22:55:46 | 00,010,288 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS
[2007-11-06 05:30:00 | 01,703,936 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2007-11-06 05:30:00 | 01,474,560 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2007-11-06 05:30:00 | 01,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2007-11-06 05:30:00 | 00,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2007-11-06 05:30:00 | 00,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2001-08-28 08:00:00 | 00,000,573 | ---- | C] () -- C:\WINDOWS\win.ini
[2001-08-28 08:00:00 | 00,000,250 | ---- | C] () -- C:\WINDOWS\system.ini
[1999-01-22 15:46:58 | 00,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL

[color=orange]========== Files - Modified Within 30 Days ==========/color

[2 C:\WINDOWS\System32\*.tmp files]
[4 C:\WINDOWS\*.tmp files]
[2009-05-31 14:55:18 | 00,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2009-05-31 14:53:08 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009-05-31 14:52:59 | 00,000,062 | -HS- | M] () -- C:\Documents and Settings\Dom\Local Settings\desktop.ini
[2009-05-31 14:52:54 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009-05-31 14:52:53 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009-05-31 14:46:06 | 00,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\Adobe Reader 9.lnk
[2009-05-31 09:39:16 | 36,616,598 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2009-05-29 18:50:13 | 00,063,467 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\microavi.avg
[2009-05-29 18:49:22 | 00,000,762 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\GOM Player.lnk
[2009-05-25 23:45:31 | 00,000,566 | ---- | M] () -- C:\Documents and Settings\Dom\Mes documents\Mes dossiers de partage.lnk
[2009-05-19 20:04:56 | 00,000,654 | ---- | M] () -- C:\Documents and Settings\Dom\Bureau\Raccourci vers L2.exe.lnk
[2009-05-19 19:58:07 | 00,304,364 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2009-05-16 09:56:52 | 00,325,896 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
[2009-05-16 09:56:52 | 00,027,784 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
[2009-05-16 09:56:52 | 00,011,952 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
[2009-05-16 09:56:48 | 00,108,552 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
[2009-05-14 11:38:23 | 00,434,673 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\miniavi.avg
[2009-05-14 00:34:18 | 00,501,190 | ---- | M] () -- C:\WINDOWS\System32\perfh00C.dat
[2009-05-14 00:34:18 | 00,432,800 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009-05-14 00:34:18 | 00,080,860 | ---- | M] () -- C:\WINDOWS\System32\perfc00C.dat
[2009-05-14 00:34:18 | 00,067,564 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009-05-14 00:24:30 | 00,001,507 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\AVG Free 8.5.lnk
[2009-05-14 00:24:21 | 06,061,540 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\avi7.avg
[2009-05-14 00:21:45 | 00,000,268 | -H-- | M] () -- C:\sqmdata12.sqm
[2009-05-14 00:21:45 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt12.sqm
[2009-05-14 00:09:41 | 00,000,268 | -H-- | M] () -- C:\sqmdata11.sqm
[2009-05-14 00:09:41 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt11.sqm
[2009-05-14 00:08:39 | 00,000,304 | -H-- | M] () -- C:\sqmdata10.sqm
[2009-05-14 00:08:39 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt10.sqm
[2009-05-13 23:50:17 | 00,000,268 | -H-- | M] () -- C:\sqmdata09.sqm
[2009-05-13 23:50:17 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt09.sqm
[2009-05-13 23:29:29 | 00,000,268 | -H-- | M] () -- C:\sqmdata08.sqm
[2009-05-13 23:29:29 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt08.sqm
[2009-05-07 03:16:29 | 24,699,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe

[color=orange]========== Purity Check ==========/color

< End of report >
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 15
Lyonnais92 Messages postés 25159 Date d'inscription vendredi 23 juin 2006 Statut Contributeur sécurité Dernière intervention 16 septembre 2016 1 536
1 juin 2009 à 00:07
Bonjour,

suite du nettoyage :

1) Imprime ces instructions car il faudra fermer toutes les fenêtres et applications lors de l'installation et de l'analyse.

2) Télécharge Malwarebytes' Anti-Malware (MBAM) et enregistre le sur ton Bureau à partir de ce lien :

https://download.cnet.com/Malwarebytes/3000-8022_4-10804572.html

3) A la fin du téléchargement, ferme toutes les fenêtres et programmes, y compris celui-ci.

4) Double-clique sur l'icône Download_mbam-setup.exe sur ton bureau pour démarrer le programme d'installation.

5) Pendant l'installation, suis les indications (en particulier le choix de la langue et l'autorisation d'accession à Internet). N'apporte aucune modification aux réglages par défaut et, en fin d'installation, vérifie que les options Update Malwarebytes' Anti-Malware et Launch Malwarebytes' Anti-Malware sont cochées.

6) MBAM démarrera automatiquement et enverra un message demandant à mettre à jour le programme avant de lancer une analyse. Comme MBAM se met automatiquement à jour en fin d'installation, clique sur OK pour fermer la boîte de dialogue. La fenêtre principale de MBAM s'affiche :

7) Dans l'onglet analyse, vérifie que "Exécuter une analyse rapide" est coché et clique sur le bouton Rechercher pour démarrer l'analyse.

8) MBAM analyse ton ordinateur. L'analyse peut prendre un certain temps. Il suffit de vérifier de temps en temps son avancement.

9) A la fin de l'analyse, un message s'affiche indiquant la fin de l'analyse. Clique sur OK pour poursuivre.

10) Si des malwares ont été détectés, leur liste s'affiche.
En cliquant sur Suppression (?) , MBAM va détruire les fichiers et clés de registre et en mettre une copie dans la quarantaine.

11) MBAM va ouvrir le Bloc-notes et y copier le rapport d'analyse. Ferme le Bloc-notes. (Le rapport peut être retrouvé sous l'onglet Rapports/logs)

12) Ferme MBAM en cliquant sur Quitter.

13) Poste le rapport dans ta réponse
0
Réponse 6 / 15
F117 Messages postés 144 Date d'inscription vendredi 9 mai 2008 Statut Membre Dernière intervention 6 juin 2019 2
12 juin 2009 à 18:07
Malwarebytes' Anti-Malware 1.37
Version de la base de données: 2266
Windows 5.1.2600 Service Pack 3

2009-06-12 12:07:35
mbam-log-2009-06-12 (12-07-35).txt

Type de recherche: Examen rapide
Eléments examinés: 103070
Temps écoulé: 6 minute(s), 27 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 0

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
(Aucun élément nuisible détecté)
0
Réponse 7 / 15
Lyonnais92 Messages postés 25159 Date d'inscription vendredi 23 juin 2006 Statut Contributeur sécurité Dernière intervention 16 septembre 2016 1 536
12 juin 2009 à 19:56
Bonjour,

tu sais que tu es derrière un proxy ?

C'est volontaire ?
0
Réponse 8 / 15
F117 Messages postés 144 Date d'inscription vendredi 9 mai 2008 Statut Membre Dernière intervention 6 juin 2019 2
15 juin 2009 à 09:27
un proxy ?? sa veux dire quoi ?
0
Réponse 9 / 15
Lyonnais92 Messages postés 25159 Date d'inscription vendredi 23 juin 2006 Statut Contributeur sécurité Dernière intervention 16 septembre 2016 1 536
15 juin 2009 à 11:14
Bonjour,

un peu de lecture :

http://sebsauvage.net/comprendre/proxy/index.html (merci sebsauvage)
0
Réponse 10 / 15
F117 Messages postés 144 Date d'inscription vendredi 9 mai 2008 Statut Membre Dernière intervention 6 juin 2019 2
15 juin 2009 à 18:29
Techniquement je me connect a un routeur réseau puis a mon fourniseur internet si je suis toujours derriere un proxy je ne sais pas oO si c'est normal
0
Réponse 11 / 15
Lyonnais92 Messages postés 25159 Date d'inscription vendredi 23 juin 2006 Statut Contributeur sécurité Dernière intervention 16 septembre 2016 1 536
15 juin 2009 à 19:13
Re,

Il ne faut pas trop en faire sans une bonne raison.

Relance OTL, clique sur CleanUp.

Purge la restauration système :

Ouvre ce lien :

http://service1.symantec.com/SUPPORT/INTER/tsgeninfointl.nsf/fr_docid/20020830101856924

dans un premier temps tu le suis pour désactiver la restauration système.

Tu fermes la fenêtre.

Dans un deuxième temps, tu le suis pour réactiver la restauration.

Ceci recréé automatiquement un point de restauration daté de l"heure de la réactivation.

Fin à mon avis.

Bon surf.
0
Réponse 12 / 15
F117 Messages postés 144 Date d'inscription vendredi 9 mai 2008 Statut Membre Dernière intervention 6 juin 2019 2
16 juin 2009 à 07:44
et sa change quoi au probleme proxy ? sérieusement je vois pas en quoi mon ordinateur et nétoyer de probleme :s
0
Réponse 13 / 15
Lyonnais92 Messages postés 25159 Date d'inscription vendredi 23 juin 2006 Statut Contributeur sécurité Dernière intervention 16 septembre 2016 1 536
16 juin 2009 à 08:17
Bonjour,

c'est quoi tes problèmes ?
0
Réponse 14 / 15
F117 Messages postés 144 Date d'inscription vendredi 9 mai 2008 Statut Membre Dernière intervention 6 juin 2019 2
17 juin 2009 à 03:26
Bah présentement ...rien mais rien me dis qu'il est clean.. ya un moyen de tout vérifier histoire davoir la consience tranquille ?
0
Réponse 15 / 15
Lyonnais92 Messages postés 25159 Date d'inscription vendredi 23 juin 2006 Statut Contributeur sécurité Dernière intervention 16 septembre 2016 1 536
17 juin 2009 à 08:23
Bonjour,

purge la restauration système, vide ta Corbeille.

Pas de symptômes, des rapports propres.

Ce n'est vraiment pas la peine d'en faire plus.

Bon surf.
0

Discussions similaires

Est ce que le site tlauncher est dangereux ?
caribou -
bazfile -

1 réponse
Devinette : Je commence la nuit, finis le matin on me trouve 2 fois dans l’année
sarah2008 -
alfredafa -

40 réponses
Comment savoir si j'ai attrapé un virus sur mon téléphone ?
Infolock -
bell -

66 réponses
Devinette
lauradelgado -
Chris 94 -

2 réponses
Virus Altruistic
Mael03250 -
MisteryBean -

11 réponses