Bibou Le Forum
Portail sur la sécurité
 
PortailAccueilRechercherS'enregistrerMembresGroupesConnexion

Partagez | 
 

 [Fermé] Virus connexion non certifié

Voir le sujet précédent Voir le sujet suivant Aller en bas 
AuteurMessage
nickylarson622
Bibou
Bibou


Masculin
Nombre de messages : 23
Age : 27
Localisation : arras
Date d'inscription : 14/02/2009

MessageSujet: [Fermé] Virus connexion non certifié   Mar 16 Fév 2010 - 22:34

Bonsoir tout le monde,

Mon problème est le suivant. En démarrant mon pc tout à l'heure je suis tombé directement sur le bios. J'ai réussi a revenir sur mon bureau normalement mais je ne peux pas me connecter à msn ou facebook.En effet j'ai le message suivant qui s'affiche
" Cette connexion n'est pas certifiée






Vous avez demandé à Firefox de se connecter de manière sécurisée à login.facebook.com, mais nous ne pouvons pas confirmer que votre connexion est sécurisée.



Normalement, lorsque vous essayez de vous connecter de manière sécurisée, les sites présentent une identification certifiée pour prouver que vous vous trouvez à la bonne adresse. Cependant, l'identité de ce site ne peut pas être vérifiée. "

De plus mon pc rame fortement
Je sais plus trop quoi faire
Quelqu'un peut m'aider ?
Merci d'avance

voici le les logs

http://www.miraclesalad.com/webtools/clip.php?clip=31a4
Revenir en haut Aller en bas
GrosBébé
Moderateurs (trices)
Moderateurs (trices)


Masculin
Nombre de messages : 6874
Age : 36
Localisation : devant le pc
Date d'inscription : 18/12/2007

MessageSujet: Re: [Fermé] Virus connexion non certifié   Mer 17 Fév 2010 - 1:34

Salut nickylarson622

Petite question, ton pc t'indique qu'il est quelle heure ? et quel jour ?
Mets ton pc à la bonne heure et à la bonne date et vois si tu peux à nouveau te connecter sur des sites sécurisés (msn, facebook, autre).

Pour l'instant je ne regarde pas trop les rapports à cause des dates (on y reviendra)

Bonne soirée

__________________________________________________________________________________________________________________
Profitez d'offres promotionnelles et suivez Bibou0007.com sur Facebook -------->
*
*
Revenir en haut Aller en bas
nickylarson622
Bibou
Bibou


Masculin
Nombre de messages : 23
Age : 27
Localisation : arras
Date d'inscription : 14/02/2009

MessageSujet: Re: [Fermé] Virus connexion non certifié   Mer 17 Fév 2010 - 1:44

Salut GrosBébé

T'avais raison mon pc n'était pas à la bonne date ni la bonne heure. J'arrive à me connecter maintenant mais ca lag toujours et ca me déconnecte on dirait.
En tout cas merci, c'était tout con mais fallait trouver =)
Revenir en haut Aller en bas
Laddy
Admin
Admin


Féminin
Nombre de messages : 7927
Age : 39
Localisation : suisse
Date d'inscription : 14/03/2008

MessageSujet: Re: [Fermé] Virus connexion non certifié   Mer 17 Fév 2010 - 8:44

Bonjour
ton rapport RSIT n'est pas complet, reposte le fichier log.txt pour que GrosBébé puisse te prendre en charge.

__________________________________________________________________________________________________________________
Me faire un don paypal pour mes outils OneClick2RP, Report_Antivir, Report_CHKDsk, RescueUSBClic ici
[Dons = 6] un immense Merci à tous 6 Very Happy





Revenir en haut Aller en bas
nickylarson622
Bibou
Bibou


Masculin
Nombre de messages : 23
Age : 27
Localisation : arras
Date d'inscription : 14/02/2009

MessageSujet: Re: [Fermé] Virus connexion non certifié   Mer 17 Fév 2010 - 15:16

Bonjour

Merci de m'aider Very Happy
Voici le rapport ( je n'ai pas réussi a le mettre sous un seul lien donc je l'ai partagé en deux )

http://www.miraclesalad.com/webtools/clip.php?clip=31a8 ( 1ere partie )
http://www.miraclesalad.com/webtools/clip.php?clip=31a9 ( 2 eme partie )
Revenir en haut Aller en bas
GrosBébé
Moderateurs (trices)
Moderateurs (trices)


Masculin
Nombre de messages : 6874
Age : 36
Localisation : devant le pc
Date d'inscription : 18/12/2007

MessageSujet: Re: [Fermé] Virus connexion non certifié   Mer 17 Fév 2010 - 20:24

Salut

Ok, déjà un problème de résolu.
A première vue, tu as des traces d'une infection par clé usb.


D'après ton rapport, Malwarebyte n'était pas à jour quand tu l'as lancé.

  • Lance-le et mets à jour la base de définition en allant dans l'onglet "Mise à jour" puis "Recherche de mise à jour".
  • Choisis "Exécuter un examen rapide" puis "Rechercher"
  • Laisse l'analyse se faire (cela peut durer longtemps).
      Une fois le scan terminé, clique sur "Afficher les résultats", vérifie que les éléments trouvés soient cochés puis sur "Supprimer la sélection" en bas.

  • Un redémarrage peut être nécessaire.

Un rapport va s'afficher, enregistre-le sur ton bureau. Sinon, après le démarrage, il se trouvera dans l'onglet Rapports/logs de Malwarebyte.
Et poste le rapport svp

Une aide à l'utilisation ici




Clique ici pour télécharger Gmer sur ton bureau.

  • Ferme tous tes programmes et déconnecte toi d'internet.
  • Désactive tes logiciels de sécurité (antivirus, antispyware, etc).

  • Décompresse le sur ton bureau et double clique sur Gmer.exe pour le lancer.
    • Utilisateur de Vista : effectue un clic droit sur gmer.exe et sélectionne "Exécuter en tant qu'administrateur".

  • Gmer peut te demander de lancer un scan, accepte. Dans le cas contraire, clique sur l'onglet Rootkit/Malware.
    • Sur la droite, vérifie que toutes les cases à cocher sont cochées sauf Show All.

  • Clique sur le bouton Scan.
    • Laisse Gmer travailler et ne touche plus à ton ordinateur.
    • Patiente car le scan peut être long.

  • A la fin du scan, un rapport s'ouvrira : enregistre le sur le bureau sous le nom "gmer.txt" puis copie/colle son contenu ici.
  • Quitte Gmer et réactive tes logiciels de sécurité.

Attention à ne rien tenter par toi même !!


Bonne soirée

__________________________________________________________________________________________________________________
Profitez d'offres promotionnelles et suivez Bibou0007.com sur Facebook -------->
*
*
Revenir en haut Aller en bas
nickylarson622
Bibou
Bibou


Masculin
Nombre de messages : 23
Age : 27
Localisation : arras
Date d'inscription : 14/02/2009

MessageSujet: Re: [Fermé] Virus connexion non certifié   Jeu 18 Fév 2010 - 4:19

Re
Voici les rapports

Malwarebytes' Anti-Malware 1.44
Version de la base de données: 3510
Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18882

17/01/2010 22:58:37
mbam-log-2010-01-17 (22-58-37).txt

Type de recherche: Examen complet (C:\|D:\|E:\|G:\|)
Eléments examinés: 302352
Temps écoulé: 1 hour(s), 37 minute(s), 37 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 0

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
(Aucun élément nuisible détecté)



GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2008-07-24 21:16:02
Windows 6.0.6002 Service Pack 2
Running: gmer.exe; Driver: C:\Users\xav\AppData\Local\Temp\kwddipob.sys


---- System - GMER 1.0.15 ----

SSDT 90DEBCAC ZwCreateThread
SSDT 90DEBC98 ZwOpenProcess
SSDT 90DEBC9D ZwOpenThread
SSDT 90DEBCA7 ZwTerminateProcess

INT 0x71 ? 904F67D0
INT 0x72 ? 87B2AF00
INT 0x81 ? 904F6A50
INT 0x82 ? 87B2AF00
INT 0x92 ? 87B2AF00
INT 0x92 ? 87B2AF00
INT 0xA3 ? 904F62D0
INT 0xB2 ? 86122BF8
INT 0xB2 ? 87B2AF00
INT 0xB2 ? 87B2AF00
INT 0xB2 ? 86122BF8
INT 0xB3 ? 87B2AF00

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!KeSetEvent + 221 828FE984 4 Bytes [AC, BC, DE, 90]
.text ntkrnlpa.exe!KeSetEvent + 3F1 828FEB54 4 Bytes [98, BC, DE, 90]
.text ntkrnlpa.exe!KeSetEvent + 40D 828FEB70 4 Bytes [9D, BC, DE, 90]
.text ntkrnlpa.exe!KeSetEvent + 621 828FED84 4 Bytes [A7, BC, DE, 90]
? System32\Drivers\spor.sys Le chemin d'accès spécifié est introuvable. !
.text USBPORT.SYS!DllUnload 8F7EE41B 5 Bytes JMP 87B2A4E0
.text au3b7pt9.SYS 8FF30000 22 Bytes [82, 63, 82, 82, 6C, 62, 82, ...]
.text au3b7pt9.SYS 8FF30017 181 Bytes [00, 32, 07, 7A, 80, 3D, 05, ...]
.text au3b7pt9.SYS 8FF300CE 10 Bytes [00, 00, 00, 00, 00, 00, 6A, ...]
.text au3b7pt9.SYS 8FF300DA 12 Bytes [00, 00, 02, 00, 00, 00, 25, ...]
.text au3b7pt9.SYS 8FF300E7 714 Bytes [00, F0, 0E, 00, 00, 00, 00, ...]
.text ...

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortUchar] [806976D2] \SystemRoot\System32\Drivers\spor.sys
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortUchar] [80697040] \SystemRoot\System32\Drivers\spor.sys
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortBufferUshort] [806977FC] \SystemRoot\System32\Drivers\spor.sys
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortUshort] [806970BE] \SystemRoot\System32\Drivers\spor.sys
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortBufferUshort] [8069713C] \SystemRoot\System32\Drivers\spor.sys
IAT \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [806A7048] \SystemRoot\System32\Drivers\spor.sys
IAT \SystemRoot\System32\Drivers\au3b7pt9.SYS[ataport.SYS!AtaPortNotification] CC000CC2
IAT \SystemRoot\System32\Drivers\au3b7pt9.SYS[ataport.SYS!AtaPortWritePortUchar] 83EC8B55
IAT \SystemRoot\System32\Drivers\au3b7pt9.SYS[ataport.SYS!AtaPortWritePortUlong] 575320EC
IAT \SystemRoot\System32\Drivers\au3b7pt9.SYS[ataport.SYS!AtaPortGetPhysicalAddress] 458DFF33
IAT \SystemRoot\System32\Drivers\au3b7pt9.SYS[ataport.SYS!AtaPortConvertPhysicalAddressToUlong] 8D5750FC
IAT \SystemRoot\System32\Drivers\au3b7pt9.SYS[ataport.SYS!AtaPortGetScatterGatherList] 5750F845
IAT \SystemRoot\System32\Drivers\au3b7pt9.SYS[ataport.SYS!AtaPortReadPortUchar] 8957046A
IAT \SystemRoot\System32\Drivers\au3b7pt9.SYS[ataport.SYS!AtaPortStallExecution] 75E8FC7D
IAT \SystemRoot\System32\Drivers\au3b7pt9.SYS[ataport.SYS!AtaPortGetParentBusType] BB0001E8
IAT \SystemRoot\System32\Drivers\au3b7pt9.SYS[ataport.SYS!AtaPortRequestCallback] 000000EA
IAT \SystemRoot\System32\Drivers\au3b7pt9.SYS[ataport.SYS!AtaPortWritePortBufferUshort] 850FC33B
IAT \SystemRoot\System32\Drivers\au3b7pt9.SYS[ataport.SYS!AtaPortGetUnCachedExtension] 0000012B
IAT \SystemRoot\System32\Drivers\au3b7pt9.SYS[ataport.SYS!AtaPortCompleteRequest] 0FFC7D39
IAT \SystemRoot\System32\Drivers\au3b7pt9.SYS[ataport.SYS!AtaPortMoveMemory] 00012284
IAT \SystemRoot\System32\Drivers\au3b7pt9.SYS[ataport.SYS!AtaPortCompleteAllActiveRequests] 458D5600
IAT \SystemRoot\System32\Drivers\au3b7pt9.SYS[ataport.SYS!AtaPortReleaseRequestSenseIrb] 106A50F4
IAT \SystemRoot\System32\Drivers\au3b7pt9.SYS[ataport.SYS!AtaPortBuildRequestSenseIrb] 38335668
IAT \SystemRoot\System32\Drivers\au3b7pt9.SYS[ataport.SYS!AtaPortReadPortUshort] FC75FF36
IAT \SystemRoot\System32\Drivers\au3b7pt9.SYS[ataport.SYS!AtaPortReadPortBufferUshort] D1E85757
IAT \SystemRoot\System32\Drivers\au3b7pt9.SYS[ataport.SYS!AtaPortInitialize] 8B0001E7
IAT \SystemRoot\System32\Drivers\au3b7pt9.SYS[ataport.SYS!AtaPortGetDeviceBase] 1BDEF7F0
IAT \SystemRoot\System32\Drivers\au3b7pt9.SYS[ataport.SYS!AtaPortDeviceStateChange] 23D6F7F6

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Windows\Explorer.EXE[2808] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [741E7817] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2808] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [7423A86D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2808] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [741EBB22] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2808] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [741DF695] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2808] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [741E75E9] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2808] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [741DE7CA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2808] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStreamICM] [74218395] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2808] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStream] [741EDA60] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2808] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [741DFFFA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2808] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [741DFF61] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2808] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [741D71CF] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2808] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFileICM] [7426CAE2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2808] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFile] [7420C8D8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2808] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [741DD968] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2808] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [741D6853] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2808] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [741D687E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2808] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [741E2AD1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs 861251F8
Device \FileSystem\fastfat \FatCdrom 9FB1E1F8

AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (WDF dynamique/Microsoft Corporation)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (WDF dynamique/Microsoft Corporation)

Device \Driver\sptd \Device\173055283 spor.sys
Device \Driver\volmgr \Device\VolMgrControl 857931F8
Device \Driver\usbuhci \Device\USBPDO-0 87B3E1F8
Device \Driver\PCI_PNP7270 \Device\00000051 spor.sys
Device \Driver\usbuhci \Device\USBPDO-1 87B3E1F8
Device \Driver\usbuhci \Device\USBPDO-2 87B3E1F8
Device \Driver\usbehci \Device\USBPDO-3 87B3F1F8
Device \Driver\usbuhci \Device\USBPDO-4 87B3E1F8
Device \Driver\usbuhci \Device\USBPDO-5 87B3E1F8
Device \Driver\usbuhci \Device\USBPDO-6 87B3E1F8
Device \Driver\volmgr \Device\HarddiskVolume1 857931F8
Device \Driver\usbehci \Device\USBPDO-7 87B3F1F8
Device \Driver\volmgr \Device\HarddiskVolume2 857931F8
Device \Driver\cdrom \Device\CdRom0 87B111F8
Device \Driver\volmgr \Device\HarddiskVolume3 857931F8
Device \Driver\cdrom \Device\CdRom1 87B111F8
Device \Driver\iaStor \Device\Ide\iaStor0 [82F505A0] \SystemRoot\system32\DRIVERS\iaStor.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\iaStor \Device\Ide\IAAStorageDevice-0 [82F505A0] \SystemRoot\system32\DRIVERS\iaStor.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\iaStor \Device\Ide\IAAStorageDevice-1 [82F505A0] \SystemRoot\system32\DRIVERS\iaStor.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\netbt \Device\NetBT_Tcpip_{2EA65472-AC84-428F-B230-40BE78E4A8D7} 90EF5500
Device \Driver\netbt \Device\NetBt_Wins_Export 90EF5500
Device \Driver\Smb \Device\NetbiosSmb 90F001F8
Device \Driver\iScsiPrt \Device\RaidPort0 87BD81F8
Device \Driver\usbuhci \Device\USBFDO-0 87B3E1F8
Device \Driver\usbuhci \Device\USBFDO-1 87B3E1F8
Device \Driver\usbuhci \Device\USBFDO-2 87B3E1F8
Device \Driver\usbehci \Device\USBFDO-3 87B3F1F8
Device \Driver\usbuhci \Device\USBFDO-4 87B3E1F8
Device \Driver\usbuhci \Device\USBFDO-5 87B3E1F8
Device \Driver\netbt \Device\NetBT_Tcpip_{38DEEB3B-5228-4077-9C55-DF3163E270E1} 90EF5500
Device \Driver\usbuhci \Device\USBFDO-6 87B3E1F8
Device \Driver\usbehci \Device\USBFDO-7 87B3F1F8
Device \Driver\au3b7pt9 \Device\Scsi\au3b7pt91 87C7F1F8
Device \Driver\au3b7pt9 \Device\Scsi\au3b7pt91Port2Path0Target0Lun0 87C7F1F8
Device \FileSystem\fastfat \Fat 9FB1E1F8

AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Gestionnaire de filtres de système de fichiers Microsoft/Microsoft Corporation)

Device \FileSystem\cdfs \Cdfs 9F408500

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xCD 0xA0 0xDA 0x49 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xAC 0xF7 0x41 0x88 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x1A 0xE8 0x3A 0xC5 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xCD 0xA0 0xDA 0x49 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xAC 0xF7 0x41 0x88 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x1A 0xE8 0x3A 0xC5 ...

---- EOF - GMER 1.0.15 ----
Revenir en haut Aller en bas
GrosBébé
Moderateurs (trices)
Moderateurs (trices)


Masculin
Nombre de messages : 6874
Age : 36
Localisation : devant le pc
Date d'inscription : 18/12/2007

MessageSujet: Re: [Fermé] Virus connexion non certifié   Jeu 18 Fév 2010 - 13:47

Salut

Ok, on y va pour l'infection par clé usb


Télécharge UsbFix (de Chiquitine29 et C_XX) sur ton Bureau.

/!\ Déconnecte-toi et ferme toutes les applications en cours /!\
/!\ Branche tous tes périphériques ayant pu être infectés (clés usb, disque dur externe, etc ...) /!\


  • Double-clique sur "UsbFix" pour lancer le programme
    (Utilisateur de Vista/Windows 7, clique-droit sur UsbFix > Exécuter en tant qu'administrateur)
  • Tape "F" pour français et valide avec la touche "Entrée"
  • Tape ensuite "1" pour "Rechercher" et valide
  • Laisse travailler l'outil
  • A la fin, un rapport apparaitra (sinon, il est situé ici C:\Usbfix.txt). Poste-le dans ta prochaine réponse

Une aide à l'utilisation ici

__________________________________________________________________________________________________________________
Profitez d'offres promotionnelles et suivez Bibou0007.com sur Facebook -------->
*
*
Revenir en haut Aller en bas
nickylarson622
Bibou
Bibou


Masculin
Nombre de messages : 23
Age : 27
Localisation : arras
Date d'inscription : 14/02/2009

MessageSujet: Re: [Fermé] Virus connexion non certifié   Jeu 18 Fév 2010 - 17:53

Re GrosBébé

J'ai téléchargé usb et je l'ai décompressé.
Lorsque que je lance Usbfix ( script de commande ) je mets bien le " f " pour français et le 1 pour rechercher. Le scan se lance mais s'interrompt au bout de 3 sec et il y a un message " accés refusé " ...
Y-a t-il une autre solution ?
Revenir en haut Aller en bas
GrosBébé
Moderateurs (trices)
Moderateurs (trices)


Masculin
Nombre de messages : 6874
Age : 36
Localisation : devant le pc
Date d'inscription : 18/12/2007

MessageSujet: Re: [Fermé] Virus connexion non certifié   Jeu 18 Fév 2010 - 20:09

Salut

Lance Usbfix en cliquant droit sur l'icône d'USBFix et sélectionne "lancer en tant qu'administrateur".

__________________________________________________________________________________________________________________
Profitez d'offres promotionnelles et suivez Bibou0007.com sur Facebook -------->
*
*
Revenir en haut Aller en bas
nickylarson622
Bibou
Bibou


Masculin
Nombre de messages : 23
Age : 27
Localisation : arras
Date d'inscription : 14/02/2009

MessageSujet: Re: [Fermé] Virus connexion non certifié   Jeu 18 Fév 2010 - 20:36

Ok j'ai reussi =)


############################## | UsbFix V6.095 |

User : xav (Administrateurs) # PC-DE-XAV
Update on 15/02/2010 by El Desaparecido , C_XX & Chimay8
Start at: 19:33:18 | 18/01/2010
Website : http://pagesperso-orange.fr/NosTools/index.html
Contact : FindyKill.Contact@gmail.com

Intel(R) Core(TM)2 Duo CPU T5750 @ 2.00GHz
Microsoft® Windows Vista™ Édition Familiale Premium (6.0.6002 32-bit) # Service Pack 2
Internet Explorer 8.0.6001.18882
Windows Firewall Status : Enabled

C:\ -> Disque fixe local # 173 Go (79.42 Go free) [VistaOS] # NTFS
D:\ -> Disque fixe local # 115.33 Go (115.24 Go free) [DATA] # NTFS
E:\ -> Disque CD-ROM
F:\ -> Disque amovible # 3.82 Go (3.72 Go free) [UDISK 2.0] # FAT32
G:\ -> Disque CD-ROM

############################## | Processus actifs |

C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Program Files\ATK Hotkey\ASLDRSrv.exe
C:\Program Files\ATKGFNEX\GFNEXSrv.exe
C:\Windows\system32\taskeng.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\Windows\system32\svchost.exe
C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe
C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\RocketDocke\RocketDock.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\ATK Hotkey\Hcontrol.exe
C:\Program Files\ATK Hotkey\MsgTranAgt.exe
C:\Program Files\Wireless Console 2\wcourier.exe
C:\Program Files\P4G\BatteryLife.exe
C:\Program Files\ATK Hotkey\ATKOSD.exe
C:\Program Files\ATK Hotkey\KBFiltr.exe
C:\Program Files\ATK Hotkey\WDC.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Windows\system32\conime.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\System32\mobsync.exe
C:\Windows\system32\WUDFHost.exe

################## | Elements infectieux |


################## | Registre |


################## | Mountpoints2 |

HKCU\..\..\Explorer\MountPoints2\{1953e0ea-9017-11de-af16-00221584cc16}
shell\Auto\command =AdobeR.exe e
shell\AutoRun\command =C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL AdobeR.exe e

HKCU\..\..\Explorer\MountPoints2\{2d9e6fe0-f192-11dd-a7cf-806e6f6e6963}
shell\AutoRun\command =E:\setup.exe

HKCU\..\..\Explorer\MountPoints2\{40e488f0-d5cd-11de-b58a-00221584cc16}
Shell\autOplay\cOmmANd =F:\movgs.pif
Shell\AutoRun\command =F:\movgs.pif
Shell\expLore\CoMmand =F:\movgs.pif
Shell\OpEN\coMmAnd =F:\movgs.pif

HKCU\..\..\Explorer\MountPoints2\{94f71f27-f52c-11dd-808c-00221584cc16}
shell\AutoRun\command =G:\Checker.exe

HKCU\..\..\Explorer\MountPoints2\{f03104e2-e1cb-11de-9aae-00221584cc16}
shell\AutoRun\command =F:\InstallTomTomHOME.exe

################## | Vaccin |

(!) Cet ordinateur n'est pas vacciné !

################## | ! Fin du rapport # UsbFix V6.095 ! |
Revenir en haut Aller en bas
GrosBébé
Moderateurs (trices)
Moderateurs (trices)


Masculin
Nombre de messages : 6874
Age : 36
Localisation : devant le pc
Date d'inscription : 18/12/2007

MessageSujet: Re: [Fermé] Virus connexion non certifié   Jeu 18 Fév 2010 - 20:56

Ok, relance le et cette fois ci choisi l'option 2# suppression, puis poste le rapport svp.

__________________________________________________________________________________________________________________
Profitez d'offres promotionnelles et suivez Bibou0007.com sur Facebook -------->
*
*
Revenir en haut Aller en bas
nickylarson622
Bibou
Bibou


Masculin
Nombre de messages : 23
Age : 27
Localisation : arras
Date d'inscription : 14/02/2009

MessageSujet: Re: [Fermé] Virus connexion non certifié   Jeu 18 Fév 2010 - 21:31

Re


############################## | UsbFix V6.095 |

User : xav (Administrateurs) # PC-DE-XAV
Update on 15/02/2010 by El Desaparecido , C_XX & Chimay8
Start at: 20:23:37 | 18/01/2010
Website : http://pagesperso-orange.fr/NosTools/index.html
Contact : FindyKill.Contact@gmail.com

Intel(R) Core(TM)2 Duo CPU T5750 @ 2.00GHz
Microsoft® Windows Vista™ Édition Familiale Premium (6.0.6002 32-bit) # Service Pack 2
Internet Explorer 8.0.6001.18882
Windows Firewall Status : Enabled

C:\ -> Disque fixe local # 173 Go (79.2 Go free) [VistaOS] # NTFS
D:\ -> Disque fixe local # 115.33 Go (115.24 Go free) [DATA] # NTFS
E:\ -> Disque CD-ROM
F:\ -> Disque amovible # 3.82 Go (3.72 Go free) [UDISK 2.0] # FAT32
G:\ -> Disque CD-ROM

############################## | Processus actifs |

C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\svchost.exe
C:\Program Files\ATK Hotkey\ASLDRSrv.exe
C:\Program Files\ATKGFNEX\GFNEXSrv.exe
C:\Windows\system32\taskeng.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\lpksetup.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\Windows\system32\svchost.exe
C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe
C:\Windows\system32\svchost.exe
C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
C:\Windows\system32\LogonUI.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\userinit.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\runonce.exe
C:\Windows\system32\conime.exe
C:\Program Files\ATK Hotkey\Hcontrol.exe
C:\Program Files\ATK Hotkey\MsgTranAgt.exe
C:\Program Files\Wireless Console 2\wcourier.exe
C:\Program Files\P4G\BatteryLife.exe

################## | Elements infectieux |

Supprimé ! C:\$Recycle.Bin\S-1-5-18
Supprimé ! C:\$Recycle.Bin\S-1-5-21-2466365761-1582336881-1551427631-500
Supprimé ! C:\$Recycle.Bin\S-1-5-21-316784245-1982861093-3486434783-1000
Supprimé ! C:\$Recycle.Bin\S-1-5-21-316784245-1982861093-3486434783-500
Supprimé ! D:\$Recycle.Bin\S-1-5-18
Supprimé ! D:\$Recycle.Bin\S-1-5-21-316784245-1982861093-3486434783-1000
Supprimé ! D:\$Recycle.Bin\S-1-5-21-316784245-1982861093-3486434783-500
Supprimé ! F:\Recycler\S-1-6-21-2434476501-1644491937-600003330-1213

################## | Registre |


################## | Mountpoints2 |

Supprimé ! HKCU\...\Explorer\MountPoints2\{1953e0ea-9017-11de-af16-00221584cc16}\Shell\Auto\Command
Supprimé ! HKCU\...\Explorer\MountPoints2\{2d9e6fe0-f192-11dd-a7cf-806e6f6e6963}\Shell\AutoRun\Command
Supprimé ! HKCU\...\Explorer\MountPoints2\{40e488f0-d5cd-11de-b58a-00221584cc16}\Shell\autOplay\Command
Supprimé ! HKCU\...\Explorer\MountPoints2\{94f71f27-f52c-11dd-808c-00221584cc16}\Shell\AutoRun\Command
Supprimé ! HKCU\...\Explorer\MountPoints2\{f03104e2-e1cb-11de-9aae-00221584cc16}\Shell\AutoRun\Command

################## | Listing des fichiers présent |

[18/09/2006 22:43|--a------|24] C:\autoexec.bat
[10/04/2009 22:36|-rahs----|333257] C:\bootmgr
[16/04/2008 12:27|-ra-s----|8192] C:\BOOTSECT.BAK
[04/04/2007 20:01|--a------|19] C:\CA21.txt
[18/09/2006 22:43|--a------|10] C:\config.sys
[23/07/2009 00:16|-rahs----|0] C:\IO.SYS
[19/06/2008 14:10|---------|1048576] C:\M50V.BIN
[30/06/2008 11:01|---------|13] C:\M50VC_M50VM_VISTA.10
[23/07/2009 00:16|-rahs----|0] C:\MSDOS.SYS
[29/02/2004 16:44|--a------|52576] C:\orange.bmp
[?|?|?] C:\pagefile.sys
[30/06/2008 11:01|---------|14] C:\RECOVERY.DAT
[07/02/2009 14:38|--a------|560] C:\RHDSetup.log
[07/02/2009 14:46|--a------|159] C:\setup.log
[18/01/2010 20:27|--a------|4491] C:\UsbFix.txt
[21/09/2009 14:20|--ah-----|165] F:\~$TPE Version hot.pptx
[11/01/2009 17:45|--a------|296] F:\WMPInfo.xml
[17/09/2009 15:52|--ah-----|165] F:\~$TPE fait par nico.pptx
[15/09/2008 19:31|---hs----|85] F:\desktop.ini

################## | Vaccination |

# C:\autorun.inf -> Dossier créé par UsbFix (El Desaparecido).
# D:\autorun.inf -> Dossier créé par UsbFix (El Desaparecido).
# F:\autorun.inf -> Dossier créé par UsbFix (El Desaparecido).

################## | Upload |

Veuillez envoyer le fichier : C:\UsbFix_Upload_Me_PC-de-xav.zip : http://chiquitine.changelog.fr/Sample/Upload.php
Merci pour votre contribution .

################## | ! Fin du rapport # UsbFix V6.095 ! |
Revenir en haut Aller en bas
GrosBébé
Moderateurs (trices)
Moderateurs (trices)


Masculin
Nombre de messages : 6874
Age : 36
Localisation : devant le pc
Date d'inscription : 18/12/2007

MessageSujet: Re: [Fermé] Virus connexion non certifié   Jeu 18 Fév 2010 - 21:49

Ok, j'aimerais voir un rapport OTL pour avoir une vision globale du pc.

Au passage, comment va ton pc ?


  • Clique ici pour télécharger OTL (de Old Timer) sur ton bureau
  • Ferme toutes tes fenêtres, puis double clique sur OTL.exe pour le lancer.
  • Coche Lop Check et Purity check
  • Sous Custom Scans (en bas), copie/colle ceci

    %SYSTEMDRIVE%\*.*
    %PROGRAMFILES%\*.*
    %PROGRAMFILES%\*.
    %ALLUSERSPROFILE%\Application Data\*.
    %ALLUSERSPROFILE%\Application Data\*.exe /s
    %APPDATA%\*.
    %APPDATA%\*.exe /s
    msconfig
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
    CREATERESTOREPOINT

  • Clique sur le bouton Run Scan en haut à gauche puis patiente quelques instants.

    • A la fin du scan, deux rapports s'ouvriront (OTL.Txt et Extras.Txt). Copie/colle ici l'ensemble des rapports.

    PS : Les rapport sont aussi enregistrés sur le bureau


Attention, les rapports sont carrément longs.

__________________________________________________________________________________________________________________
Profitez d'offres promotionnelles et suivez Bibou0007.com sur Facebook -------->
*
*
Revenir en haut Aller en bas
nickylarson622
Bibou
Bibou


Masculin
Nombre de messages : 23
Age : 27
Localisation : arras
Date d'inscription : 14/02/2009

MessageSujet: Re: [Fermé] Virus connexion non certifié   Ven 19 Fév 2010 - 2:16

Re
Le pc se porte mieux mais ya toujours quelques lags et bugs tout de même ...

OTL Extras logfile created on: 19/01/2010 01:06:48 - Run 1
OTL by OldTimer - Version 3.1.28.0 Folder = C:\Users\xav\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18882)
Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 61.00% Memory free
6.00 Gb Paging File | 5.00 Gb Available in Paging File | 81.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 173.00 Gb Total Space | 79.31 Gb Free Space | 45.84% Space Free | Partition Type: NTFS
Drive D: | 115.33 Gb Total Space | 115.24 Gb Free Space | 99.92% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: PC-DE-XAV
Current User Name: xav
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{066D8539-B847-450E-A7B4-032E691E9752}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{07B18756-E95F-4EC6-A5DB-78A26C1669BE}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{0AD82A15-8428-46EE-8906-7B147466F45A}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{0E845569-3E6B-4FFE-ADA5-99781A582A0D}" = lport=3724 | protocol=6 | dir=in | name=blizzard downloader: 3724 |
"{203BF3B7-52CF-4D43-A83F-C2DB08383E5D}" = lport=445 | protocol=6 | dir=in | app=system |
"{4692C4A8-3EDC-43B4-A268-6071DA0A8278}" = lport=137 | protocol=17 | dir=in | app=system |
"{51C3C807-0EA3-4DAD-96EC-195C77DF8384}" = rport=138 | protocol=17 | dir=out | app=system |
"{54DFF3BA-DC67-47A4-88FD-A1ED97B7A5A2}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
"{6A291E03-61AE-4A2D-81CB-57F9F9696DD8}" = rport=137 | protocol=17 | dir=out | app=system |
"{781B8EB2-D942-4FFB-B9DE-9B2E9D82D855}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{7F63D597-EC15-4D6D-9304-1D8CAB77FD93}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{7FF5BE62-0365-4E22-8F46-B694640E4C11}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{84620AFE-804D-4007-820A-E25B05D1D29A}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{8F11503C-B71C-48CF-969D-59342E974B59}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{9C464DD5-9D39-4457-8C05-037FFF8AFF03}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{A047AC5A-E511-4B4F-B251-DFB473913429}" = lport=48113 | protocol=17 | dir=in | name=maconfig_udp |
"{A7810D24-30BE-4846-B017-8116AE41A85D}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{AFECF3EC-CF78-4366-851A-BCFC7B709FF0}" = lport=139 | protocol=6 | dir=in | app=system |
"{BC82B80C-7751-4066-BA1A-876B25FFAF2A}" = rport=445 | protocol=6 | dir=out | app=system |
"{CB2C2107-3B32-463F-B196-98202422EDC0}" = lport=2869 | protocol=6 | dir=in | app=system |
"{DA1885A8-81B2-4E9F-9C6B-C1F3CAE9FA17}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{E26F1B17-EAD5-4CE0-899C-62F49B3D904E}" = lport=48113 | protocol=6 | dir=in | name=maconfig_tcp |
"{E59FFBE7-EDD1-4694-9A84-980E0A147C48}" = lport=138 | protocol=17 | dir=in | app=system |
"{F46B2353-6907-4A7C-89B8-8576A0E6E4BD}" = rport=139 | protocol=6 | dir=out | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{12D051A8-19A9-4839-B7B3-46EE9B6C2C58}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{190E9F87-207E-4184-9F68-19F04D237F55}" = protocol=6 | dir=in | app=c:\program files\ma-config.com\maconfservice.exe |
"{2D32EE74-D213-4F0C-82C9-8063057C1883}" = protocol=17 | dir=in | app=c:\program files\ma-config.com\maconfservice.exe |
"{4521E05E-521C-4BCC-B0AB-9764AABC6EF8}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{4DF88071-6AB7-40EC-8C3B-CD44B7B8C660}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.0.9.9551-to-3.1.0.9767-frfr-downloader.exe |
"{73589471-AB0C-4332-97F9-FDEAABF91AC9}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{73951382-FA76-4724-A363-0A90D1010480}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe |
"{899777A3-672F-4C99-9E19-CE16A13D7284}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.0.9.9551-to-3.1.0.9767-frfr-downloader.exe |
"{8DF9B26A-8CF0-4660-A4DB-720FBF5A472A}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.0.1-to-3.0.2-frfr-win-update-downloader.exe |
"{A95C6DB2-06E5-4D4F-9B55-8347E49B7CDF}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{B94A5B9C-8B56-4972-A256-DF79CB908022}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{C788CEC1-9B67-4659-85DF-7DBD6E47B253}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.0.1-to-3.0.2-frfr-win-update-downloader.exe |
"{F16EC407-5671-418A-AA6B-F3B7CECBFD7C}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{FE960F83-13BA-4B88-952F-95A522AD4162}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"TCP Query User{21738255-73C4-4F76-831F-1C7A39C0A0FC}C:\program files\zattoo\zattood.exe" = protocol=6 | dir=in | app=c:\program files\zattoo\zattood.exe |
"TCP Query User{3770C2A0-953F-48D2-AC62-55040B2C88E8}C:\users\public\games\world of warcraft\launcher.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\launcher.exe |
"TCP Query User{50D73C17-7ACA-4A0C-B625-2394550C3173}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"TCP Query User{57B5E9EB-D5C7-4BB3-B759-C98C4B842E10}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{695E2C79-0AE0-4457-B68E-88C4FED157DD}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"TCP Query User{95DE494F-F42C-441D-986F-ADEEE19BE038}C:\users\xav\desktop\freezer.exe" = protocol=6 | dir=in | app=c:\users\xav\desktop\freezer.exe |
"TCP Query User{9B56C773-6BFA-4FAC-B930-81FD67F8DF3E}C:\users\xav\desktop\freezer.exe" = protocol=6 | dir=in | app=c:\users\xav\desktop\freezer.exe |
"TCP Query User{BC465EEA-0F77-4B67-95E8-BECE52EF3E19}C:\users\xav\downloads\freezer v1.4 fr\freezer v1.4 fr\freezer.exe" = protocol=6 | dir=in | app=c:\users\xav\downloads\freezer v1.4 fr\freezer v1.4 fr\freezer.exe |
"UDP Query User{02844B5E-95A2-4A1A-A7C1-BCC104DDF88D}C:\program files\zattoo\zattood.exe" = protocol=17 | dir=in | app=c:\program files\zattoo\zattood.exe |
"UDP Query User{1DD936BC-275A-4516-839C-A891CBC55FBC}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"UDP Query User{1F7126A8-2A71-41F4-8EEC-F9DAABE200A3}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{53643F30-AE99-4B99-884F-5428BA62B0A1}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"UDP Query User{70FBDF51-CCDB-4933-BFFA-67400D977DA2}C:\users\xav\desktop\freezer.exe" = protocol=17 | dir=in | app=c:\users\xav\desktop\freezer.exe |
"UDP Query User{B4E842D2-EC06-4039-A222-F34FB2352D6C}C:\users\xav\desktop\freezer.exe" = protocol=17 | dir=in | app=c:\users\xav\desktop\freezer.exe |
"UDP Query User{E953CBD9-590A-4067-8BE0-227D589F4B94}C:\users\public\games\world of warcraft\launcher.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\launcher.exe |
"UDP Query User{EC3BEB2E-C042-45E1-B464-1A14817326D8}C:\users\xav\downloads\freezer v1.4 fr\freezer v1.4 fr\freezer.exe" = protocol=17 | dir=in | app=c:\users\xav\downloads\freezer v1.4 fr\freezer v1.4 fr\freezer.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{139B0FFA-187E-4BA1-BCA6-6B56B2B6AB8C}" = ATK Media
"{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}" = ASUS LifeFrame3
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Outil de téléchargement Windows Live
"{2075CB0A-D26F-4DAA-B424-5079296B43BA}" = Windows Live FolderShare
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java(TM) 6 Update 17
"{2C14901F-ED9D-40B5-8FE5-1BAF3D31F73B}" = ColdFear
"{3912D529-02BC-4CA8-B5ED-0D0C20EB6003}" = ATK Hotkey
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3E31821C-7917-367E-938E-E65FC413EA31}" = Microsoft .NET Framework 3.5 Language Pack SP1 - fra
"{40580068-9B10-40B5-9548-536CE88AB23C}" = ITECIR
"{46ABBC54-1872-4AA3-95E2-F2C063A63F31}" = Installation Windows Live
"{5545EEE1-FA36-4F76-B6BE-5696E7F4E2D6}" = VBA (2627.01)
"{5545EEE3-FA36-4F76-B6BE-5696E7F4E2D6}" = VBA (2627.5)
"{5783F2D7-6006-040C-0002-0060B0CE6BBA}" = AutoCAD MEP 2008 - Français
"{5783F2D7-8001-040C-0002-0060B0CE6BBA}" = AutoCAD 2010 - Français
"{5783F2D7-8001-040C-1002-0060B0CE6BBA}" = AutoCAD 2010 Language Pack - Français
"{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}" = Microsoft Office Live Add-in 1.3
"{59F6A514-9813-47A3-948C-8A155460CC2A}" = RICOH R5C83x/84x Flash Media Controller Driver Ver.3.55.01
"{5C1DB4ED-E9B4-402D-BB14-D75D97D6C1A6}" = ATKOSD2
"{6324A1EF-CEF4-43E3-8BCD-9EF3F67317FD}" = NB Probe
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6ECB39BD-73C2-44DD-B1A0-898207C58D8B}" = Photo et imagerie HP 2.0 - All-in-One Pilote
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{770F1BEC-2871-4E70-B837-FB8525FFA3B1}" = Windows Live Messenger
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{82C7B308-0BDD-49D8-8EA5-9CD3A3F9DF41}" = Windows Live Call
"{83757A6B-FA36-4B50-A6A5-44D004D7A90B}" = PyschroCalcDiag
"{83F73CB1-7705-49D1-9852-84D839CA2A45}" = Wireless Console 2
"{8448D435-7543-411F-A0CC-7AA40D815E8F}" = Express Gate
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169, 8168, 8101E and 8102E Ethernet Network Card Driver for Windows Vista
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8AFB8FC4-3EBA-4C67-943F-CF43DB2180F1}" = Ma-Config.com
"{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules
"{90120000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2007
"{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0015-040C-0000-0000000FF1CE}" = Microsoft Office Access MUI (French) 2007
"{90120000-0015-040C-0000-0000000FF1CE}_PROPLUS_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-040C-0000-0000000FF1CE}" = Microsoft Office Excel MUI (French) 2007
"{90120000-0016-040C-0000-0000000FF1CE}_PROPLUS_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-040C-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (French) 2007
"{90120000-0018-040C-0000-0000000FF1CE}_PROPLUS_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-040C-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (French) 2007
"{90120000-0019-040C-0000-0000000FF1CE}_PROPLUS_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-040C-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (French) 2007
"{90120000-001A-040C-0000-0000000FF1CE}_PROPLUS_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-040C-0000-0000000FF1CE}" = Microsoft Office Word MUI (French) 2007
"{90120000-001B-040C-0000-0000000FF1CE}_PROPLUS_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0401-0000-0000000FF1CE}" = Microsoft Office Proof (Arabic) 2007
"{90120000-001F-0401-0000-0000000FF1CE}_PROPLUS_{14809F99-C601-4D4A-9391-F1E8FAA964C5}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_PROPLUS_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROPLUS_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROPLUS_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0413-0000-0000000FF1CE}" = Microsoft Office Proof (Dutch) 2007
"{90120000-001F-0413-0000-0000000FF1CE}_PROPLUS_{D66D5A44-E480-4BA4-B4F2-C554F6B30EBB}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_PROPLUS_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-040C-0000-0000000FF1CE}" = Microsoft Office Proofing (French) 2007
"{90120000-0044-040C-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (French) 2007
"{90120000-0044-040C-0000-0000000FF1CE}_PROPLUS_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-040C-0000-0000000FF1CE}" = Microsoft Office Shared MUI (French) 2007
"{90120000-006E-040C-0000-0000000FF1CE}_PROPLUS_{B165D3C2-40AE-4D39-86F7-E5C87C4264C0}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95120000-0122-040C-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{9867A917-5D17-40DE-83BA-BEA5293194B1}" = Photo et imagerie HP 2.0 - All-in-One
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A346205-EA92-4406-B1AB-50379DA3F057}" = Autodesk DWF Viewer 7
"{9B6239BF-4E85-4590-8D72-51E30DB1A9AA}" = ASUS Power4Gear eXtreme
"{A8B94669-8654-4126-BD28-D0D2412CDED6}" = TI Connect 1.6
"{AC76BA86-7AD7-1036-7B44-A91000000001}" = Adobe Reader 9.1 - Français
"{B131E59D-202C-43C6-84C9-68F0C37541F1}" = Galerie de photos Windows Live
"{B376402D-58EA-45EA-BD50-DD924EB67A70}" = Disque de souvenirs HP
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{C5C1C0F0-D62F-4DBF-81D4-D7EF397C228B}" = NVIDIA PhysX
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D3D54F3E-C5C3-443D-978F-87A72E5616E8}" = ATK Generic Function Service
"{DCE8CD14-FBF5-4464-B9A4-E18E473546C7}" = Assistant de connexion Windows Live
"{DE10AB76-4756-4913-BE25-55D1C1051F9A}" = WinFlash
"{DE66EFAD-B9CC-4FD4-9157-6C18E5100161}" = Dolby Control Center
"{EC8BD21F-0CA0-4BBF-97D9-4A52B30041A1}" = ASUS Virtual Camera
"{ECC3713C-08A4-40E3-95F1-7D0704F1CE5E}" = PL-2303 USB-to-Serial
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{FE0646A7-19D0-41B4-A2BB-2C35D644270D}" = Windows Live OneCare safety scanner
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Agere Systems Soft Modem" = Agere Systems HDA Modem
"AutoCAD 2010 - Français" = AutoCAD 2010 - Français
"AutoCAD MEP 2008 - Français" = AutoCAD MEP 2008 - Français
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"BurnAware Free_is1" = BurnAware Free 2.3.8
"CCleaner" = CCleaner (remove only)
"HijackThis" = HijackThis 2.0.2
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 Language Pack SP1 - fra" = Module linguistique Microsoft .NET Framework 3.5 SP1- fra
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.5.7)" = Mozilla Firefox (3.5.7)
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"PROPLUS" = Microsoft Office Professional Plus 2007
"Quick Zip_is1" = Quick Zip 4.60.019
"RocketDock_is1" = RocketDock 1.3.5
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TomTom HOME" = TomTom HOME 2.7.3.1894
"Uninstall_is1" = Uninstall 1.0.0.1
"USB2.0 1.3M UVC WebCam" = USB2.0 1.3M UVC WebCam
"VLC media player" = VideoLAN VLC media player 0.8.6b
"Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner
"WinLiveSuite_Wave3" = Installation Windows Live
"WinRAR archiver" = Archiveur WinRAR

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 17/01/2010 08:56:22 | Computer Name = PC-de-xav | Source = Windows Search Service | ID = 3013
Description =

Error - 17/01/2010 08:56:22 | Computer Name = PC-de-xav | Source = Windows Search Service | ID = 3013
Description =

Error - 17/01/2010 08:56:41 | Computer Name = PC-de-xav | Source = LoadPerf | ID = 3012
Description =

Error - 17/01/2010 08:56:41 | Computer Name = PC-de-xav | Source = LoadPerf | ID = 3012
Description =

Error - 17/01/2010 08:56:41 | Computer Name = PC-de-xav | Source = LoadPerf | ID = 3011
Description =

Error - 17/01/2010 09:29:07 | Computer Name = PC-de-xav | Source = Windows Search Service | ID = 3013
Description =

Error - 17/01/2010 09:29:07 | Computer Name = PC-de-xav | Source = Windows Search Service | ID = 3013
Description =

Error - 17/01/2010 09:29:07 | Computer Name = PC-de-xav | Source = Windows Search Service | ID = 3013
Description =

Error - 17/01/2010 09:29:07 | Computer Name = PC-de-xav | Source = Windows Search Service | ID = 3013
Description =

Error - 17/01/2010 16:11:42 | Computer Name = PC-de-xav | Source = WinMgmt | ID = 10
Description =

[ OSession Events ]
Error - 11/04/2009 04:51:06 | Computer Name = PC-de-xav | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6331.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 9050
seconds with 720 seconds of active time. This session ended with a crash.

Error - 02/08/2009 17:42:28 | Computer Name = PC-de-xav | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 6999
seconds with 240 seconds of active time. This session ended with a crash.

Error - 05/08/2009 14:23:05 | Computer Name = PC-de-xav | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 108
seconds with 60 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 18/01/2010 00:32:36 | Computer Name = PC-de-xav | Source = W32Time | ID = 39452706
Description = Le service de temps a détecté que l'heure système doit être modifiée
de +2678510 secondes. Le service de temps ne va pas modifier l'heure système de
plus de +54000 secondes. Vérifiez que votre heure et votre fuseau horaire sont
corrects et que la source de temps time.windows.com,0x9 (ntp.m|0x9|0.0.0.0:123->207.46.232.182:123)
fonctionne correctement.

Error - 18/01/2010 10:07:38 | Computer Name = PC-de-xav | Source = EventLog | ID = 6008
Description = L'arrêt système précédant à 05:48:24 le 18/01/2010 n'était pas prévu.

Error - 18/01/2010 10:07:19 | Computer Name = PC-de-xav | Source = volmgr | ID = 262189
Description = Le système n'a pas pu charger le pilote du fichier de vidage sur incident.

Error - 18/01/2010 10:08:29 | Computer Name = PC-de-xav | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001
Description =

Error - 18/01/2010 11:27:56 | Computer Name = PC-de-xav | Source = volmgr | ID = 262189
Description = Le système n'a pas pu charger le pilote du fichier de vidage sur incident.

Error - 18/01/2010 11:28:48 | Computer Name = PC-de-xav | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001
Description =

Error - 18/01/2010 11:39:29 | Computer Name = PC-de-xav | Source = W32Time | ID = 39452706
Description = Le service de temps a détecté que l'heure système doit être modifiée
de +2678508 secondes. Le service de temps ne va pas modifier l'heure système de
plus de +54000 secondes. Vérifiez que votre heure et votre fuseau horaire sont
corrects et que la source de temps time.windows.com,0x9 (ntp.m|0x9|0.0.0.0:123->207.46.232.182:123)
fonctionne correctement.

Error - 18/01/2010 15:22:59 | Computer Name = PC-de-xav | Source = volmgr | ID = 262189
Description = Le système n'a pas pu charger le pilote du fichier de vidage sur incident.

Error - 18/01/2010 15:23:55 | Computer Name = PC-de-xav | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001
Description =

Error - 18/01/2010 15:38:19 | Computer Name = PC-de-xav | Source = W32Time | ID = 39452706
Description = Le service de temps a détecté que l'heure système doit être modifiée
de +2678509 secondes. Le service de temps ne va pas modifier l'heure système de
plus de +54000 secondes. Vérifiez que votre heure et votre fuseau horaire sont
corrects et que la source de temps time.windows.com,0x9 (ntp.m|0x9|0.0.0.0:123->207.46.232.182:123)
fonctionne correctement.


< End of report >
Revenir en haut Aller en bas
nickylarson622
Bibou
Bibou


Masculin
Nombre de messages : 23
Age : 27
Localisation : arras
Date d'inscription : 14/02/2009

MessageSujet: Re: [Fermé] Virus connexion non certifié   Ven 19 Fév 2010 - 2:17

OTL logfile created on: 19/01/2010 01:06:48 - Run 1
OTL by OldTimer - Version 3.1.28.0 Folder = C:\Users\xav\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18882)
Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 61.00% Memory free
6.00 Gb Paging File | 5.00 Gb Available in Paging File | 81.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 173.00 Gb Total Space | 79.31 Gb Free Space | 45.84% Space Free | Partition Type: NTFS
Drive D: | 115.33 Gb Total Space | 115.24 Gb Free Space | 99.92% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: PC-DE-XAV
Current User Name: xav
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/01/19 01:05:56 | 000,549,376 | ---- | M] (OldTimer Tools) -- C:\Users\xav\Desktop\OTL.exe
PRC - [2010/01/18 17:22:59 | 000,908,248 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2009/11/20 20:33:00 | 000,122,984 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvvsvc.exe
PRC - [2009/11/13 12:31:14 | 000,092,008 | ---- | M] (TomTom) -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
PRC - [2009/09/10 15:58:25 | 000,168,960 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmplayer.exe
PRC - [2009/09/06 12:38:06 | 000,071,096 | ---- | M] () -- C:\Program Files\CDBurnerXP\NMSAccessU.exe
PRC - [2009/08/18 16:23:57 | 000,185,089 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2009/05/13 15:47:40 | 000,108,289 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2009/04/10 22:28:10 | 000,037,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wbem\unsecapp.exe
PRC - [2009/04/10 22:27:38 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/04/10 22:27:30 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conime.exe
PRC - [2009/02/06 17:21:00 | 000,583,024 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\wlcsdk.exe
PRC - [2009/02/06 16:07:48 | 000,027,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Contacts\wlcomm.exe
PRC - [2008/06/13 15:22:14 | 000,191,032 | ---- | M] (ATK) -- C:\Program Files\P4G\BatteryLife.exe
PRC - [2008/01/21 03:25:33 | 000,202,240 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnscfg.exe
PRC - [2007/12/11 16:13:22 | 000,151,552 | ---- | M] () -- C:\Program Files\ATK Hotkey\WDC.exe
PRC - [2007/12/04 10:57:06 | 002,486,272 | ---- | M] () -- C:\Program Files\ATK Hotkey\ATKOSD.exe
PRC - [2007/11/28 17:39:36 | 000,229,376 | ---- | M] (ATK0100) -- C:\Program Files\ATK Hotkey\Hcontrol.exe
PRC - [2007/11/04 19:48:06 | 000,106,496 | ---- | M] () -- C:\Program Files\ATK Hotkey\MsgTranAgt.exe
PRC - [2007/10/02 21:53:00 | 000,094,208 | ---- | M] () -- C:\Program Files\ATK Hotkey\ASLDRSrv.exe
PRC - [2007/08/15 11:20:16 | 000,106,496 | ---- | M] () -- C:\Program Files\ATK Hotkey\KBFiltr.exe
PRC - [2007/08/08 00:08:40 | 000,094,208 | ---- | M] () -- C:\Program Files\ATKGFNEX\GFNEXSrv.exe
PRC - [2007/08/03 12:24:54 | 000,125,496 | ---- | M] () -- C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe
PRC - [2007/07/05 16:53:44 | 001,040,384 | ---- | M] () -- C:\Program Files\Wireless Console 2\wcourier.exe


========== Modules (SafeList) ==========

MOD - [2010/01/19 01:05:56 | 000,549,376 | ---- | M] (OldTimer Tools) -- C:\Users\xav\Desktop\OTL.exe
MOD - [2009/04/10 22:21:40 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2009/11/20 20:33:00 | 000,122,984 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Windows\System32\nvvsvc.exe -- (nvsvc)
SRV - [2009/11/13 12:31:14 | 000,092,008 | ---- | M] (TomTom) [Auto | Running] -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService)
SRV - [2009/09/25 02:27:04 | 000,793,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache)
SRV - [2009/09/06 19:31:09 | 000,651,720 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009/09/06 12:38:06 | 000,071,096 | ---- | M] () [Auto | Running] -- C:\Program Files\CDBurnerXP\NMSAccessU.exe -- (NMSAccessU)
SRV - [2009/08/18 16:23:57 | 000,185,089 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2009/05/13 15:47:40 | 000,108,289 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2009/01/24 14:46:50 | 000,216,232 | ---- | M] (CybelSoft) [On_Demand | Stopped] -- C:\Program Files\ma-config.com\maconfservice.exe -- (maconfservice)
SRV - [2008/11/04 00:06:28 | 000,441,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2008/03/18 05:27:12 | 000,013,312 | ---- | M] (Agere Systems) [Disabled | Stopped] -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio)
SRV - [2008/01/21 03:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)
SRV - [2007/10/02 21:53:00 | 000,094,208 | ---- | M] () [Auto | Running] -- C:\Program Files\ATK Hotkey\ASLDRSrv.exe -- (ASLDRService)
SRV - [2007/08/08 00:08:40 | 000,094,208 | ---- | M] () [Auto | Running] -- C:\Program Files\ATKGFNEX\GFNEXSrv.exe -- (ATKGFNEXSrv)
SRV - [2007/08/03 12:24:54 | 000,125,496 | ---- | M] () [Auto | Running] -- C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe -- (spmgr)
SRV - [2006/11/02 13:35:29 | 000,013,312 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\ehome\ehstart.dll -- (ehstart)
SRV - [2006/10/26 14:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose)


========== Driver Services (SafeList) ==========

DRV - [2009/12/10 19:43:52 | 000,056,816 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2009/11/21 03:34:54 | 011,515,752 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2009/11/12 05:14:28 | 000,066,664 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA)
DRV - [2009/09/28 20:57:28 | 000,007,168 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\StarOpen.sys -- (StarOpen)
DRV - [2009/07/17 16:53:38 | 000,080,384 | ---- | M] (Prolific Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ser2pl.sys -- (Ser2pl)
DRV - [2009/06/23 19:37:11 | 000,077,004 | ---- | M] (Oak Technology Inc.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\AFS.SYS -- (AFS)
DRV - [2009/05/11 09:11:52 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009/04/10 20:45:26 | 000,113,664 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rmcast.sys -- (RMCAST)
DRV - [2009/04/05 10:37:36 | 000,012,800 | ---- | M] (AsusTek Computer Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\BS_DEF.sys -- (BS_DEF)
DRV - [2009/03/30 09:32:47 | 000,096,104 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2009/02/13 11:34:33 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2009/02/07 16:31:07 | 000,717,296 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd)
DRV - [2009/01/24 15:18:00 | 000,014,336 | ---- | M] (CybelSoft) [Kernel | On_Demand | Stopped] -- C:\Program Files\ma-config.com\Drivers\driverhardwarev2.sys -- (driverhardwarev2)
DRV - [2008/06/13 10:10:08 | 002,152,344 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTKVHDA.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2008/06/03 22:41:52 | 000,015,928 | ---- | M] ( ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\kbfiltr.sys -- (kbfiltr)
DRV - [2008/05/20 21:36:12 | 003,663,360 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw5v32.sys -- (NETw5v32) Pilote de carte Intel(R)
DRV - [2008/05/07 10:40:02 | 000,317,976 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\iaStor.sys -- (iaStor)
DRV - [2008/03/21 05:13:00 | 001,203,776 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2008/02/15 17:42:42 | 000,046,592 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2008/02/14 22:56:02 | 000,118,784 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2008/01/21 03:23:27 | 000,386,616 | ---- | M] (LSI Corporation, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasr.sys -- (MegaSR)
DRV - [2008/01/21 03:23:27 | 000,149,560 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
DRV - [2008/01/21 03:23:27 | 000,031,288 | ---- | M] (LSI Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
DRV - [2008/01/21 03:23:26 | 000,101,432 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2008/01/21 03:23:26 | 000,074,808 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2008/01/21 03:23:26 | 000,040,504 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
DRV - [2008/01/21 03:23:26 | 000,018,432 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\MODEMCSA.sys -- (MODEMCSA)
DRV - [2008/01/21 03:23:25 | 000,300,600 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
DRV - [2008/01/21 03:23:25 | 000,089,656 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2008/01/21 03:23:24 | 001,122,360 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
DRV - [2008/01/21 03:23:24 | 000,118,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel(R)
DRV - [2008/01/21 03:23:24 | 000,079,928 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
DRV - [2008/01/21 03:23:23 | 000,235,064 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
DRV - [2008/01/21 03:23:23 | 000,130,616 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2008/01/21 03:23:23 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2008/01/21 03:23:23 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2008/01/21 03:23:23 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2008/01/21 03:23:23 | 000,079,416 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc)
DRV - [2008/01/21 03:23:22 | 000,342,584 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
DRV - [2008/01/21 03:23:21 | 000,422,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2008/01/21 03:23:21 | 000,102,968 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
DRV - [2008/01/21 03:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2008/01/21 03:23:20 | 000,238,648 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
DRV - [2008/01/21 03:23:00 | 000,020,024 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
DRV - [2008/01/21 03:23:00 | 000,019,000 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2008/01/21 03:23:00 | 000,017,464 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
DRV - [2007/12/18 17:12:12 | 000,054,784 | ---- | M] (ITE Tech. Inc. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\itecir.sys -- (itecir)
DRV - [2007/11/16 21:09:46 | 000,195,760 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SynTP.sys -- (SynTP)
DRV - [2007/10/15 08:39:26 | 000,206,336 | ---- | M] (eMPIA Technology Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\etFilter.sys -- (FiltUSBET)
DRV - [2007/09/06 16:45:22 | 000,006,656 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\etScan.sys -- (ScanUSBET)
DRV - [2007/09/06 09:43:50 | 000,474,624 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\etDevice.sys -- (DCamUSBET)
DRV - [2007/08/03 05:26:22 | 000,020,936 | ---- | M] () [Kernel | Auto | Running] -- C:\Program Files\ASUS\NB Probe\SPM\ghaio.sys -- (ghaio)
DRV - [2007/07/30 11:54:02 | 000,038,400 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2007/07/30 10:42:58 | 000,043,008 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2007/07/24 11:09:04 | 000,013,880 | ---- | M] () [Kernel | Auto | Running] -- C:\Program Files\ATKGFNEX\ASMMAP.sys -- (ASMMAP)
DRV - [2006/12/14 23:11:58 | 000,007,680 | ---- | M] (ATK0100) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ATKACPI.sys -- (MTsensor)
DRV - [2006/11/02 10:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006/11/02 10:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
DRV - [2006/11/02 10:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006/11/02 10:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
DRV - [2006/11/02 10:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006/11/02 10:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
DRV - [2006/11/02 10:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006/11/02 10:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006/11/02 10:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006/11/02 10:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
DRV - [2006/11/02 10:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006/11/02 09:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006/11/02 09:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
DRV - [2006/11/02 09:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
DRV - [2006/11/02 09:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
DRV - [2006/11/02 09:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
DRV - [2006/11/02 09:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
DRV - [2006/11/02 08:41:49 | 001,010,560 | ---- | M] (Motorola Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\smserial.sys -- (smserial)
DRV - [2006/11/02 08:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)
DRV - [2006/11/02 08:30:56 | 000,194,048 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\yk60x86.sys -- (yukonwlh)
DRV - [2006/11/02 07:37:21 | 000,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\secdrv.sys -- (secdrv)
DRV - [2004/02/04 10:27:56 | 000,049,536 | ---- | M] (Texas Instruments Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tiehdusb.sys -- (TIEHDUSB)
DRV - [2004/01/28 15:03:26 | 000,021,456 | ---- | M] (Texas Instruments Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\SilvrLnk.sys -- (SilverLink) Texas Instruments SilverLink (USB GraphLink)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Wibeez"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "www.google.fr"
FF - prefs.js..extensions.enabledItems: {71328583-3CA7-4809-B4BA-570A85818FBB}:0.6.3
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.7
FF - prefs.js..keyword.URL: "http://www.wibeez.com/renseignement?search&q="
FF - prefs.js..network.proxy.http: "localhost"
FF - prefs.js..network.proxy.http_port: 8800


FF - HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/01/18 17:23:14 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/01/18 17:23:14 | 000,000,000 | ---D | M]

[2009/12/05 20:20:54 | 000,000,000 | ---D | M] -- C:\Users\xav\AppData\Roaming\mozilla\Extensions
[2009/12/05 20:20:54 | 000,000,000 | ---D | M] -- C:\Users\xav\AppData\Roaming\mozilla\Extensions\home2@tomtom.com
[2010/02/15 18:47:26 | 000,000,000 | ---D | M] -- C:\Users\xav\AppData\Roaming\mozilla\Firefox\Profiles\d2ixl1s6.default\extensions
[2010/01/23 14:43:26 | 000,000,000 | ---D | M] (CacheViewer) -- C:\Users\xav\AppData\Roaming\mozilla\Firefox\Profiles\d2ixl1s6.default\extensions\{71328583-3CA7-4809-B4BA-570A85818FBB}
[2010/01/23 14:43:28 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\xav\AppData\Roaming\mozilla\Firefox\Profiles\d2ixl1s6.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2009/02/14 18:12:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\xav\AppData\Roaming\mozilla\Firefox\Profiles\d2ixl1s6.default\extensions\{bb628310-0ab7-11db-9cd8-0800200c9a66}
[2010/02/13 18:18:39 | 000,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2010/01/18 17:23:06 | 000,001,516 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-france.xml
[2010/01/18 17:23:06 | 000,001,822 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\cnrtl-tlfi-fr.xml
[2010/01/18 17:23:06 | 000,000,757 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-france.xml
[2009/08/05 18:05:43 | 000,000,748 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\MediaDICO-fr.xml
[2010/01/18 17:23:06 | 000,001,426 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-fr.xml
[2010/01/18 17:23:06 | 000,000,652 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-france.xml

O1 HOSTS File: ([2006/09/18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [RocketDock] C:\Program Files\RocketDocke\RocketDock.exe ()
O4 - HKCU..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: AllowLegacyWebView = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: AllowUnhashedWebView = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 255
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 0
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img36.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img36.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2010/01/18 20:27:28 | 000,000,000 | RHSD | M] - C:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2010/01/18 20:27:28 | 000,000,000 | RHSD | M] - D:\autorun.inf -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

MsConfig - StartUpReg: TomTomHOME.exe - hkey= - key= - C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe (TomTom)
MsConfig - State: "startup" - 2
OTL cannot create restorepoints on Vista OSs!

========== Files/Folders - Created Within 30 Days ==========

[2010/02/11 16:55:46 | 000,000,000 | ---D | C] -- C:\Program Files\JDownloader
[2010/02/09 21:49:20 | 003,600,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2010/02/09 21:49:19 | 003,548,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2010/02/09 21:49:08 | 001,314,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\quartz.dll
[2010/02/09 21:49:07 | 000,123,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msvfw32.dll
[2010/02/09 21:49:07 | 000,091,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\avifil32.dll
[2010/02/09 21:49:07 | 000,082,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mciavi32.dll
[2010/02/08 23:33:13 | 000,182,888 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcohda.dll
[2010/02/08 23:33:13 | 000,066,664 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\drivers\nvhda32v.sys
[2010/02/08 23:33:13 | 000,057,344 | ---- | C] (Windows (R) Codename Longhorn DDK provider) -- C:\Windows\System32\nvapo32v.dll
[2010/02/08 23:33:13 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\nvhdap32.dll
[2010/02/08 23:31:48 | 000,000,000 | ---D | C] -- C:\Windows\System32\AGEIA
[2010/02/08 23:31:47 | 000,000,000 | ---D | C] -- C:\Program Files\AGEIA Technologies
[2010/02/08 23:31:22 | 000,000,000 | ---D | C] -- C:\Program Files\NVIDIA Corporation
[2010/02/08 23:30:04 | 011,515,752 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\drivers\nvlddmkm.sys
[2010/02/08 23:30:04 | 004,241,000 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvwgf2um.dll
[2010/02/08 23:30:04 | 000,076,392 | ---- | C] (Khronos Group) -- C:\Windows\System32\OpenCL.dll
[2010/02/08 23:30:04 | 000,010,920 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\drivers\nvBridge.kmd
[2010/02/08 23:30:02 | 014,064,232 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvoglv32.dll
[2010/02/08 23:30:02 | 009,333,352 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvd3dum.dll
[2010/02/08 23:30:02 | 004,001,384 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcuda.dll
[2010/02/08 23:30:02 | 002,243,176 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcuvid.dll
[2010/02/08 23:30:02 | 001,989,224 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcuvenc.dll
[2010/02/08 23:29:59 | 011,381,352 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcompiler.dll
[2010/02/08 23:29:59 | 001,249,896 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvapi.dll
[2010/02/08 23:29:59 | 000,182,888 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcod178.dll
[2010/02/08 23:29:59 | 000,182,888 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcod.dll
[2010/02/08 22:44:48 | 000,000,000 | ---D | C] -- C:\NVIDIA
[2010/02/04 21:52:04 | 000,000,000 | ---D | C] -- C:\Users\xav\Desktop\RAPPORT DE STAGE FINAL
[2010/01/21 22:04:14 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2010/01/21 22:04:14 | 000,594,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2010/01/21 22:04:14 | 000,387,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2010/01/21 22:04:13 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2010/01/21 22:04:13 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2010/01/21 22:04:13 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2010/01/21 22:04:13 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2010/01/21 22:04:13 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2010/01/21 22:04:13 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2010/01/21 22:04:13 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2010/01/21 22:04:13 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2010/01/21 22:04:13 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2010/01/21 22:04:13 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2010/01/21 22:04:13 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2010/01/19 01:05:33 | 000,549,376 | ---- | C] (OldTimer Tools) -- C:\Users\xav\Desktop\OTL.exe
[2010/01/18 20:27:28 | 000,000,000 | RHSD | C] -- C:\autorun.inf
[2010/01/17 14:42:32 | 000,000,000 | ---D | C] -- C:\Users\xav\Desktop\Muse
[2010/01/14 20:41:26 | 000,000,000 | -HSD | C] -- C:\found.000
[2010/01/13 16:18:00 | 000,156,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\t2embed.dll
[2010/01/13 16:18:00 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fontsub.dll
[2009/02/03 03:22:13 | 000,015,928 | ---- | C] ( ) -- C:\Windows\System32\drivers\kbfiltr.sys
[2 C:\Users\xav\Desktop\*.tmp files -> C:\Users\xav\Desktop\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/02/14 06:43:52 | 000,000,290 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2010/02/12 01:46:51 | 000,108,544 | ---- | M] () -- C:\Users\xav\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/02/08 22:46:43 | 000,000,680 | ---- | M] () -- C:\Users\xav\AppData\Local\d3d9caps.dat
[2010/01/19 01:08:47 | 003,932,160 | -HS- | M] () -- C:\Users\xav\NTUSER.DAT
[2010/01/19 01:05:56 | 000,549,376 | ---- | M] (OldTimer Tools) -- C:\Users\xav\Desktop\OTL.exe
[2010/01/19 00:23:15 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/01/19 00:23:15 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/01/18 23:52:23 | 000,122,561 | ---- | M] () -- C:\Users\xav\Desktop\Sans titre.jpg
[2010/01/18 20:28:07 | 000,002,013 | ---- | M] () -- C:\UsbFix_Upload_Me_PC-de-xav.zip
[2010/01/18 20:27:39 | 000,402,640 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2010/01/18 20:27:39 | 000,402,640 | ---- | M] () -- C:\ProgramData\nvModes.001
[2010/01/18 20:23:17 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/01/18 20:23:15 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/01/18 20:22:21 | 000,524,288 | -HS- | M] () -- C:\Users\xav\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms
[2010/01/18 20:22:21 | 000,065,536 | -HS- | M] () -- C:\Users\xav\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf
[2010/01/18 16:36:26 | 002,624,614 | ---- | M] () -- C:\Windows\System32\perfh00C.dat
[2010/01/18 16:36:26 | 000,903,450 | ---- | M] () -- C:\Windows\System32\perfc00C.dat
[2010/01/18 16:36:25 | 001,386,862 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/01/18 16:36:25 | 000,866,042 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/01/18 16:36:25 | 000,005,106 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010/01/18 03:38:31 | 001,675,780 | -H-- | M] () -- C:\Users\xav\AppData\Local\IconCache.db
[2010/01/18 01:00:35 | 000,325,942 | ---- | M] () -- C:\Users\xav\Desktop\Sans titreOMG.png
[2010/01/18 00:47:37 | 000,118,541 | ---- | M] () -- C:\Users\xav\Desktop\axelo.jpg
[2010/01/18 00:26:45 | 000,139,115 | ---- | M] () -- C:\Users\xav\Desktop\axelleeee.jpg
[2010/01/18 00:08:05 | 000,121,576 | ---- | M] () -- C:\Users\xav\Desktop\AXE.jpg
[2010/01/18 00:05:55 | 000,158,615 | ---- | M] () -- C:\Users\xav\Desktop\ax.jpg
[2010/01/17 23:49:33 | 000,123,935 | ---- | M] () -- C:\Users\xav\Desktop\axou.jpg
[2010/01/17 21:47:28 | 003,739,865 | ---- | M] () -- C:\Users\xav\Desktop\038.JPG
[2010/01/17 21:45:29 | 003,699,021 | ---- | M] () -- C:\Users\xav\Desktop\034.JPG
[2010/01/17 15:16:08 | 000,001,150 | ---- | M] () -- C:\Users\xav\AppData\Roaming\QuickZip45.ini
[2010/01/14 11:12:06 | 000,181,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe
[2010/01/07 16:07:14 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/01/07 16:07:04 | 000,019,160 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/01/02 07:33:32 | 000,594,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2010/01/02 07:33:32 | 000,055,296 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2010/01/02 07:32:51 | 000,025,600 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2010/01/02 07:32:46 | 001,469,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2010/01/02 07:32:33 | 000,164,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2010/01/02 07:32:33 | 000,109,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2010/01/02 07:32:33 | 000,071,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2010/01/02 07:32:32 | 000,184,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2010/01/02 07:32:32 | 000,055,808 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2010/01/02 07:32:26 | 000,387,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2010/01/02 05:57:00 | 000,133,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2010/01/02 05:56:50 | 000,173,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2010/01/02 05:56:14 | 000,013,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2010/01/02 05:55:54 | 001,638,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2 C:\Users\xav\Desktop\*.tmp files -> C:\Users\xav\Desktop\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/02/14 06:43:52 | 000,000,290 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2010/02/08 23:46:48 | 000,402,640 | ---- | C] () -- C:\ProgramData\nvModes.001
[2010/02/08 23:37:05 | 000,402,640 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2010/02/08 23:30:04 | 000,007,133 | ---- | C] () -- C:\Windows\System32\nvinfo.pb
[2010/01/18 23:52:22 | 000,122,561 | ---- | C] () -- C:\Users\xav\Desktop\Sans titre.jpg
[2010/01/18 20:28:07 | 000,002,013 | ---- | C] () -- C:\UsbFix_Upload_Me_PC-de-xav.zip
[2010/01/18 01:00:29 | 000,325,942 | ---- | C] () -- C:\Users\xav\Desktop\Sans titreOMG.png
[2010/01/18 00:47:37 | 000,118,541 | ---- | C] () -- C:\Users\xav\Desktop\axelo.jpg
[2010/01/18 00:26:45 | 000,139,115 | ---- | C] () -- C:\Users\xav\Desktop\axelleeee.jpg
[2010/01/18 00:08:04 | 000,121,576 | ---- | C] () -- C:\Users\xav\Desktop\AXE.jpg
[2010/01/18 00:05:54 | 000,158,615 | ---- | C] () -- C:\Users\xav\Desktop\ax.jpg
[2010/01/17 23:49:32 | 000,123,935 | ---- | C] () -- C:\Users\xav\Desktop\axou.jpg
[2010/01/17 21:46:18 | 003,739,865 | ---- | C] () -- C:\Users\xav\Desktop\038.JPG
[2010/01/17 21:44:29 | 003,699,021 | ---- | C] () -- C:\Users\xav\Desktop\034.JPG
[2009/12/06 17:19:09 | 000,007,168 | ---- | C] () -- C:\Windows\System32\drivers\StarOpen.sys
[2009/10/31 16:30:25 | 000,000,331 | ---- | C] () -- C:\Users\xav\AppData\Roaming\burnaware.ini
[2009/08/03 00:21:54 | 000,197,912 | ---- | C] () -- C:\Windows\System32\physxcudart_20.dll
[2009/08/03 00:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll
[2009/08/03 00:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll
[2009/08/03 00:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll
[2009/08/03 00:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll
[2009/08/03 00:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll
[2009/08/03 00:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll
[2009/08/03 00:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll
[2009/08/03 00:21:52 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll
[2009/08/03 00:21:52 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll
[2009/07/23 09:56:52 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/06/23 19:27:51 | 000,000,191 | ---- | C] () -- C:\ProgramData\hpzinstall.log
[2009/05/26 19:27:36 | 000,000,025 | ---- | C] () -- C:\Windows\CDE DX6000EFDG.ini
[2009/05/25 21:55:07 | 000,000,097 | ---- | C] () -- C:\Windows\System32\PICSDK.ini
[2009/05/25 21:52:20 | 000,000,027 | ---- | C] () -- C:\Windows\CDE DX4400DEFGIPS.ini
[2009/04/15 19:06:19 | 000,000,024 | ---- | C] () -- C:\Windows\ATKPF.ini
[2009/03/26 19:56:07 | 000,001,150 | ---- | C] () -- C:\Users\xav\AppData\Roaming\QuickZip45.ini
[2009/02/25 18:15:23 | 000,000,552 | ---- | C] () -- C:\Users\xav\AppData\Local\d3d8caps.dat
[2009/02/09 17:07:21 | 000,108,544 | ---- | C] () -- C:\Users\xav\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/02/07 16:31:07 | 000,717,296 | ---- | C] () -- C:\Windows\System32\drivers\sptd.sys
[2009/02/07 14:42:21 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2009/02/07 14:41:51 | 000,049,152 | ---- | C] () -- C:\Windows\revdevdll.dll
[2009/02/02 18:52:18 | 000,000,680 | ---- | C] () -- C:\Users\xav\AppData\Local\d3d9caps.dat
[2008/04/16 11:43:39 | 000,000,010 | ---- | C] () -- C:\Windows\System32\ABLKSR.ini
[2006/11/02 13:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini

========== LOP Check ==========

[2009/09/06 19:39:17 | 000,000,000 | ---D | M] -- C:\Users\xav\AppData\Roaming\Autodesk
[2009/12/06 17:19:26 | 000,000,000 | ---D | M] -- C:\Users\xav\AppData\Roaming\Canneverbe_Limited
[2009/02/07 16:36:25 | 000,000,000 | ---D | M] -- C:\Users\xav\AppData\Roaming\DAEMON Tools
[2009/02/07 16:53:22 | 000,000,000 | ---D | M] -- C:\Users\xav\AppData\Roaming\DAEMON Tools Lite
[2009/02/07 16:36:25 | 000,000,000 | ---D | M] -- C:\Users\xav\AppData\Roaming\DAEMON Tools Pro
[2009/12/05 20:20:53 | 000,000,000 | ---D | M] -- C:\Users\xav\AppData\Roaming\TomTom
[2009/04/05 22:53:45 | 000,000,000 | ---D | M] -- C:\Users\xav\AppData\Roaming\WordRider
[2010/01/18 20:22:22 | 000,032,606 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2006/09/18 22:43:36 | 000,000,024 | ---- | M] () -- C:\autoexec.bat
[2009/04/10 22:36:38 | 000,333,257 | RHS- | M] () -- C:\bootmgr
[2008/04/16 12:27:17 | 000,008,192 | R-S- | M] () -- C:\BOOTSECT.BAK
[2007/04/04 20:01:54 | 000,000,019 | ---- | M] () -- C:\CA21.txt
[2006/09/18 22:43:37 | 000,000,010 | ---- | M] () -- C:\config.sys
[2009/07/23 00:16:06 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2008/06/19 14:10:34 | 001,048,576 | ---- | M] () -- C:\M50V.BIN
[2008/06/30 11:01:36 | 000,000,013 | ---- | M] () -- C:\M50VC_M50VM_VISTA.10
[2009/07/23 00:16:06 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2004/02/29 16:44:34 | 000,052,576 | ---- | M] () -- C:\orange.bmp
[2010/01/18 20:23:11 | 3534,073,856 | -HS- | M] () -- C:\pagefile.sys
[2008/06/30 11:01:36 | 000,000,014 | ---- | M] () -- C:\RECOVERY.DAT
[2009/02/07 14:38:00 | 000,000,560 | ---- | M] () -- C:\RHDSetup.log
[2009/02/07 14:46:25 | 000,000,159 | ---- | M] () -- C:\setup.log
[2010/01/18 20:28:20 | 000,005,253 | ---- | M] () -- C:\UsbFix.txt
[2010/01/18 20:28:07 | 000,002,013 | ---- | M] () -- C:\UsbFix_Upload_Me_PC-de-xav.zip

< %PROGRAMFILES%\*.* >
[2008/01/21 03:43:21 | 000,000,174 | -HS- | M] () -- C:\Program Files\desktop.ini

< %PROGRAMFILES%\*. >
[2009/07/23 00:31:03 | 000,000,000 | ---D | M] -- C:\Program Files\Adobe
[2010/02/08 23:31:58 | 000,000,000 | ---D | M] -- C:\Program Files\AGEIA Technologies
[2009/05/31 13:02:44 | 000,000,000 | ---D | M] -- C:\Program Files\ASUS
[2009/02/07 14:29:21 | 000,000,000 | ---D | M] -- C:\Program Files\ATK Hotkey
[2009/02/07 14:28:48 | 000,000,000 | ---D | M] -- C:\Program Files\ATKGFNEX
[2009/02/07 14:30:05 | 000,000,000 | ---D | M] -- C:\Program Files\ATKOSD2
[2009/09/06 19:32:40 | 000,000,000 | ---D | M] -- C:\Program Files\AutoCAD 2010
[2009/09/19 09:46:49 | 000,000,000 | ---D | M] -- C:\Program Files\AutoCAD MEP 2008
[2009/09/06 19:24:17 | 000,000,000 | ---D | M] -- C:\Program Files\Autodesk
[2009/07/23 00:44:22 | 000,000,000 | ---D | M] -- C:\Program Files\Avira
[2009/10/31 16:28:10 | 000,000,000 | ---D | M] -- C:\Program Files\BurnAware Free
[2009/02/14 16:13:51 | 000,000,000 | ---D | M] -- C:\Program Files\CCleaner
[2009/12/06 17:19:09 | 000,000,000 | ---D | M] -- C:\Program Files\CDBurnerXP
[2009/03/26 19:44:12 | 000,000,000 | ---D | M] -- C:\Program Files\Climpack
[2009/09/26 08:52:45 | 000,000,000 | ---D | M] -- C:\Program Files\Common Files
[2009/02/07 16:35:40 | 000,000,000 | ---D | M] -- C:\Program Files\DAEMON Tools Lite
[2009/09/26 09:03:40 | 000,000,000 | ---D | M] -- C:\Program Files\DivX
[2009/02/07 14:37:47 | 000,000,000 | ---D | M] -- C:\Program Files\Dolby
[2009/05/31 10:38:29 | 000,000,000 | ---D | M] -- C:\Program Files\epson
[2009/05/31 11:07:51 | 000,000,000 | ---D | M] -- C:\Program Files\Fast Icon Explorer
[2009/06/23 19:37:13 | 000,000,000 | ---D | M] -- C:\Program Files\Hewlett-Packard
[2009/12/03 20:00:11 | 000,000,000 | -H-D | M] -- C:\Program Files\InstallShield Installation Information
[2009/02/07 14:19:37 | 000,000,000 | ---D | M] -- C:\Program Files\Intel
[2010/01/27 17:59:50 | 000,000,000 | ---D | M] -- C:\Program Files\Internet Explorer
[2009/11/28 18:02:39 | 000,000,000 | ---D | M] -- C:\Program Files\Java
[2010/02/11 17:57:23 | 000,000,000 | ---D | M] -- C:\Program Files\JDownloader
[2009/02/14 18:12:34 | 000,000,000 | ---D | M] -- C:\Program Files\ma-config.com
[2010/01/17 21:15:55 | 000,000,000 | ---D | M] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/11/24 17:52:42 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft
[2006/11/02 13:37:34 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Games
[2009/02/09 17:26:24 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Office
[2009/11/24 17:54:21 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Office Outlook Connector
[2010/01/22 01:32:34 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Silverlight
[2009/05/31 22:54:06 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft SQL Server Compact Edition
[2009/02/09 17:20:43 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Visual Studio
[2009/02/08 15:24:22 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Visual Studio 8
[2009/05/31 23:03:40 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Works
[2009/02/09 17:19:39 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft.NET
[2009/07/23 10:41:39 | 000,000,000 | ---D | M] -- C:\Program Files\Movie Maker
[2010/01/19 01:03:54 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox
[2009/02/09 17:21:03 | 000,000,000 | ---D | M] -- C:\Program Files\MSBuild
[2009/12/17 17:55:02 | 000,000,000 | ---D | M] -- C:\Program Files\Navirad GPS6
[2010/02/08 23:32:40 | 000,000,000 | ---D | M] -- C:\Program Files\NVIDIA Corporation
[2009/02/07 14:45:30 | 000,000,000 | ---D | M] -- C:\Program Files\P4G
[2009/03/26 19:56:06 | 000,000,000 | ---D | M] -- C:\Program Files\QuickZip4
[2009/02/07 14:36:52 | 000,000,000 | ---D | M] -- C:\Program Files\Realtek
[2006/11/02 13:37:34 | 000,000,000 | ---D | M] -- C:\Program Files\Reference Assemblies
[2009/05/31 14:00:35 | 000,000,000 | ---D | M] -- C:\Program Files\RocketDock
[2009/05/31 14:01:27 | 000,000,000 | ---D | M] -- C:\Program Files\RocketDocke
[2009/02/07 17:30:24 | 000,000,000 | ---D | M] -- C:\Program Files\SEGA
[2009/02/07 14:42:38 | 000,000,000 | ---D | M] -- C:\Program Files\Synaptics
[2009/02/12 19:48:01 | 000,000,000 | ---D | M] -- C:\Program Files\TI Education
[2009/12/05 20:18:19 | 000,000,000 | ---D | M] -- C:\Program Files\TomTom DesktopSuite
[2009/12/05 20:20:39 | 000,000,000 | ---D | M] -- C:\Program Files\TomTom HOME 2
[2009/12/05 20:20:49 | 000,000,000 | ---D | M] -- C:\Program Files\TomTom International B.V
[2008/07/24 00:47:24 | 000,000,000 | ---D | M] -- C:\Program Files\Trend Micro
[2009/03/04 20:47:16 | 000,000,000 | ---D | M] -- C:\Program Files\Ubisoft
[2006/11/02 14:01:55 | 000,000,000 | -H-D | M] -- C:\Program Files\Uninstall Information
[2009/02/28 19:27:14 | 000,000,000 | ---D | M] -- C:\Program Files\VideoLAN
[2009/07/23 10:41:40 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Calendar
[2009/07/23 10:41:36 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Collaboration
[2009/07/23 10:41:24 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Defender
[2009/07/23 10:41:36 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Journal
[2009/11/24 17:53:47 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Live
[2010/02/05 17:25:01 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Live Safety Center
[2009/02/07 15:50:20 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Live SkyDrive
[2010/02/10 12:23:55 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Mail
[2009/10/29 18:21:36 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Media Player
[2006/11/02 13:37:34 | 000,000,000 | ---D | M] -- C:\Program Files\Windows NT
[2009/07/23 10:41:32 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Photo Gallery
[2009/11/18 10:15:44 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Portable Devices
[2009/07/23 10:41:37 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Sidebar
[2009/02/07 17:09:41 | 000,000,000 | ---D | M] -- C:\Program Files\WinRAR
[2009/02/07 14:38:54 | 000,000,000 | ---D | M] -- C:\Program Files\Wireless Console 2

< %ALLUSERSPROFILE%\Application Data\*. >

< %ALLUSERSPROFILE%\Application Data\*.exe /s >

< %APPDATA%\*. >
[2009/02/09 16:39:18 | 000,000,000 | ---D | M] -- C:\Users\xav\AppData\Roaming\Adobe
[2009/09/06 19:39:17 | 000,000,000 | ---D | M] -- C:\Users\xav\AppData\Roaming\Autodesk
[2009/12/06 17:19:26 | 000,000,000 | ---D | M] -- C:\Users\xav\AppData\Roaming\Canneverbe_Limited
[2009/02/07 16:36:25 | 000,000,000 | ---D | M] -- C:\Users\xav\AppData\Roaming\DAEMON Tools
[2009/02/07 16:53:22 | 000,000,000 | ---D | M] -- C:\Users\xav\AppData\Roaming\DAEMON Tools Lite
[2009/02/07 16:36:25 | 000,000,000 | ---D | M] -- C:\Users\xav\AppData\Roaming\DAEMON Tools Pro
[2009/05/17 16:42:51 | 000,000,000 | ---D | M] -- C:\Users\xav\AppData\Roaming\Download Manager
[2010/02/10 15:05:35 | 000,000,000 | ---D | M] -- C:\Users\xav\AppData\Roaming\dvdcss
[2009/02/02 18:53:57 | 000,000,000 | ---D | M] -- C:\Users\xav\AppData\Roaming\Identities
[2009/02/07 14:28:47 | 000,000,000 | ---D | M] -- C:\Users\xav\AppData\Roaming\InstallShield
[2009/02/07 14:45:41 | 000,000,000 | ---D | M] -- C:\Users\xav\AppData\Roaming\Macromedia
[2009/02/14 15:44:32 | 000,000,000 | ---D | M] -- C:\Users\xav\AppData\Roaming\Malwarebytes
[2006/11/02 13:37:34 | 000,000,000 | ---D | M] -- C:\Users\xav\AppData\Roaming\Media Center Programs
[2010/01/18 20:30:47 | 000,000,000 | --SD | M] -- C:\Users\xav\AppData\Roaming\Microsoft
[2009/02/07 15:27:00 | 000,000,000 | ---D | M] -- C:\Users\xav\AppData\Roaming\Mozilla
[2009/12/05 20:20:53 | 000,000,000 | ---D | M] -- C:\Users\xav\AppData\Roaming\TomTom
[2009/02/28 19:27:39 | 000,000,000 | ---D | M] -- C:\Users\xav\AppData\Roaming\vlc
[2009/02/07 17:09:52 | 000,000,000 | ---D | M] -- C:\Users\xav\AppData\Roaming\WinRAR
[2009/04/05 22:53:45 | 000,000,000 | ---D | M] -- C:\Users\xav\AppData\Roaming\WordRider

< %APPDATA%\*.exe /s >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2010-01-18 15:33:09
< End of report >
Revenir en haut Aller en bas
GrosBébé
Moderateurs (trices)
Moderateurs (trices)


Masculin
Nombre de messages : 6874
Age : 36
Localisation : devant le pc
Date d'inscription : 18/12/2007

MessageSujet: Re: [Fermé] Virus connexion non certifié   Ven 19 Fév 2010 - 23:08

Salut

@nickylarson622 a écrit:
Le pc se porte mieux mais ya toujours quelques lags et bugs tout de même ...
De quel genre ?


Clique ici pour télécharger AD-Remover sur ton bureau.

/!\ Déconnecte-toi et ferme toutes les applications en cours /!\
  • Double-clique sur Ad-Remover sur ton Bureau.
    Utilisateur de Vista : clique droit sur l'icône puis sélectionne "lancer en tant qu'administrateur"
  • Choisis la langue en tapant "F" pour français.
  • Au menu principal, choisis l'option "S".
    Patiente quelques instants le temps du scan.


Poste le rapport qui apparaît à la fin. (aussi sauvegardé sous C:\Ad-report(date).log)

Une aide en image ici

__________________________________________________________________________________________________________________
Profitez d'offres promotionnelles et suivez Bibou0007.com sur Facebook -------->
*
*
Revenir en haut Aller en bas
nickylarson622
Bibou
Bibou


Masculin
Nombre de messages : 23
Age : 27
Localisation : arras
Date d'inscription : 14/02/2009

MessageSujet: Re: [Fermé] Virus connexion non certifié   Sam 20 Fév 2010 - 1:38

Re,
Encore merci pour ton aide GrosBébé

Il arrive que firefox plante ( assez rare ), mais surtout il y a une certaine lenteur pour afficher et réduire mes fenêtres ... je pense plus que c'est du a ma carte graphique.

Voici le rapport Smile

.
======= RAPPORT D'AD-REMOVER 1.1.4.6_J | UNIQUEMENT XP/VISTA/7 =======
.
Mis à jour par C_XX le 05.02.2010 à 17:34
Contact: AdRemover.contact@gmail.com
Site web: http://pagesperso-orange.fr/NosTools/ad_remover.html
.
Lancé à: 0:21:28, 20/01/2010 | Mode Normal | Option: SCAN
Exécuté de: C:\Ad-Remover\
Système d'exploitation: Microsoft® Windows Vista™ HomePremium Service Pack 2 v6.0.6002
Nom du PC: PC-DE-XAV | Utilisateur actuel: xav
.
============== ÉLÉMENT(S) TROUVÉ(S) ==============
.

.
.
============== Scan additionnel ==============
.
.
* Mozilla FireFox Version 3.5.7 [fr] *
.
Nom du profil: d2ixl1s6.default (xav)
.
(xav, prefs.js) Browser.download.dir, C:\Users\xav\Desktop
(xav, prefs.js) Browser.download.lastDir, C:\Users\xav\Desktop
(xav, prefs.js) Browser.search.selectedEngine, Wibeez
(xav, prefs.js) Browser.startup.homepage, www.google.fr
(xav, prefs.js) Extensions.enabledItems, {71328583-3CA7-4809-B4BA-570A85818FBB}:0.6.3,{b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.7,{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}:6.0.13,{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}:6.0.15,{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}:6.0.17,{20a82645-c095-46ed-80e3-08825760534b}:1.1,{972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5.7
(xav, prefs.js) Keyword.URL, hxxp://www.wibeez.com/renseignement?search&q=
.
.
.
* Internet Explorer Version 8.0.6001.18882 *
.
[HKEY_CURRENT_USER\..\Internet Explorer\Main]
.
Do404Search: 01000000
Local Page: C:\Windows\system32\blank.htm
Show_ToolBar: yes
Enable Browser Extensions: yes
Start Page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
Default_Page_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
Default_search_url: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
.
[HKEY_LOCAL_MACHINE\..\Internet Explorer\Main]
.
Start Page: hxxp://fr.msn.com/
Default_Page_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Search Page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Delete_Temp_Files_On_Exit: yes
Local Page: C:\Windows\System32\blank.htm
Search bar: hxxp://search.msn.com/spbasic.htm
.
[HKEY_LOCAL_MACHINE\..\Internet Explorer\ABOUTURLS]
.
Tabs: res://ieframe.dll/tabswelcome.htm
.
============== Suspect (Cracks, Serials, ...) ==============
.
C:\Users\Public\Documents\Blizzard Entertainment\World of Warcraft\WoW-3.0.2.9056-to-3.0.3.9183-frFR-patch.exe
C:\Users\Public\Documents\Blizzard Entertainment\World of Warcraft\WoW-3.0.3.9183-to-3.0.8.9464-frFR-patch.exe
C:\Users\Public\Documents\Blizzard Entertainment\World of Warcraft\WoW-3.0.8.9464-to-3.0.8.9506-frFR-patch.exe
C:\Users\Public\Documents\Blizzard Entertainment\World of Warcraft\WoW-3.0.8.9506-to-3.0.9.9551-frFR-patch.exe
C:\Users\xav\Desktop\1ERE TS\Autocad\crack autocad MEP 2008\AutoCAD MEP 2008 - KeyGen.exe
C:\Users\xav\Desktop\1ERE TS\Jeux\Hlý Episode Two\HALF LIFE 2 Episode Two Patch FR.nfo
C:\Users\xav\Desktop\1ERE TS\prog ti89\PRGRM ASM\hw3patch.zip
C:\Users\xav\Desktop\2TS\Autocad\Autocad 2010\Crack.zip
C:\Users\xav\Desktop\2TS\Autocad 2010\Crack.zip
.
===================================
.
3251 Octet(s) - C:\Ad-Report-SCAN[1].log
.
107 Fichier(s) - C:\Users\xav\AppData\Local\Temp
46 Fichier(s) - C:\Windows\Temp
129 Fichier(s) - C:\Windows\Prefetch
.
3 Fichier(s) - C:\Ad-Remover\BACKUP
0 Fichier(s) - C:\Ad-Remover\QUARANTINE
.
Fin à: 0:31:26 | 20/01/2010 - SCAN[1]
.
============== E.O.F ==============
.
Revenir en haut Aller en bas
GrosBébé
Moderateurs (trices)
Moderateurs (trices)


Masculin
Nombre de messages : 6874
Age : 36
Localisation : devant le pc
Date d'inscription : 18/12/2007

MessageSujet: Re: [Fermé] Virus connexion non certifié   Dim 21 Fév 2010 - 14:23

Salut


Alors ...

Supprime tous les keygens et crack que tu as sur ton pc svp, c'est une très mauvaise idée d'en avoir car ce sont de gros vecteurs de virus :
C:\Users\xav\Desktop\1ERE TS\Autocad\crack autocad MEP 2008\AutoCAD MEP 2008 - KeyGen.exe
C:\Users\xav\Desktop\2TS\Autocad\Autocad 2010\Crack.zip
C:\Users\xav\Desktop\2TS\Autocad 2010\Crack.zip



Je vois qu'un proxy est en place, c'est toi qui l'a mis ? Pour Freezer ?


Etape 1


On va supprimer Wibeez de ton pc :

Ouvre Firefox, tout à droite, tu as une barre de recherche, clique sur la petite flèche dans la barre de recherche
Source
Sélectionne "Gérer les moteurs de recherche".
Une fenêtre s'ouvre, sélectionne "Wibeez", puis clique sur "Supprimer" et "Ok"


Etape 2

Relance OTL
  • Dans le cadre Custom Scans/Fixes qui est en bas, colle le contenu du cadre ci dessous :

    Citation :
    :OTL
    FF - prefs.js..browser.search.selectedEngine: "Wibeez"
    FF - prefs.js..keyword.URL: "http://www.wibeez.com/renseignement?search&q="

    :Services

    :Reg

    :Files
    C:\Users\xav\Desktop\1ERE TS\Autocad\crack autocad MEP 2008
    C:\Users\xav\Desktop\2TS\Autocad\Autocad 2010\Crack.zip
    C:\Users\xav\Desktop\2TS\Autocad 2010\Crack.zip

    :Commands
    [purity]
    [emptytemp]
    Puis clique sur le bouton Run Fix en haut.
  • Laisse OTL tourner, le pc va redémarrer.
  • Au redémarrage, un nouveau rapport va s'ouvrir, copie/colle son contenu ici svp



Bonne journée

__________________________________________________________________________________________________________________
Profitez d'offres promotionnelles et suivez Bibou0007.com sur Facebook -------->
*
*
Revenir en haut Aller en bas
nickylarson622
Bibou
Bibou


Masculin
Nombre de messages : 23
Age : 27
Localisation : arras
Date d'inscription : 14/02/2009

MessageSujet: Re: [Fermé] Virus connexion non certifié   Lun 22 Fév 2010 - 20:51

Bonjour

Le proxy était en effet pour freezer ... je l'ai supprimé récemment

Voici le nouveau rapport

All processes killed
========== OTL ==========
Prefs.js: "Wibeez" removed from browser.search.selectedEngine
Prefs.js: "http://www.wibeez.com/renseignement?search&q=" removed from keyword.URL
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
C:\Users\xav\Desktop\1ERE TS\Autocad\crack autocad MEP 2008 folder moved successfully.
C:\Users\xav\Desktop\2TS\Autocad\Autocad 2010\Crack.zip moved successfully.
File\Folder C:\Users\xav\Desktop\2TS\Autocad 2010\Crack.zip not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public

User: xav
->Temp folder emptied: 12218251 bytes
->Temporary Internet Files folder emptied: 2155404 bytes
->Java cache emptied: 20924776 bytes
->FireFox cache emptied: 37175993 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1287174 bytes
Error loading Shell32.dll! Cannot empty RecycleBin.
RecycleBin emptied: 6655397520 bytes

Total Files Cleaned = 6 417.00 mb


OTL by OldTimer - Version 3.1.30.1 log created on 01222010_194241

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...
Revenir en haut Aller en bas
GrosBébé
Moderateurs (trices)
Moderateurs (trices)


Masculin
Nombre de messages : 6874
Age : 36
Localisation : devant le pc
Date d'inscription : 18/12/2007

MessageSujet: Re: [Fermé] Virus connexion non certifié   Lun 22 Fév 2010 - 21:37

Salut


@nickylarson622 a écrit:
Le proxy était en effet pour freezer ... je l'ai supprimé récemment

Pour supprimer le proxy, lance Firefox
* vas dans "Outils", puis "Options"
* sélectionne l'onglet "Avancé" puis "Réseau" et clique sur "Paramètres"
* dans la fenêtre qui s'ouvre, coche "Pas de proxy"
* valide et redémarre Firefox


Citation :
Total Files Cleaned = 6 417.00 mb
Et bien ça fait de la place de gagner.


Surfe un peu, utilise un peu ton pc, et donne moi quelques nouvelles Smile (ce n'est pas fini)

Bonne soirée

__________________________________________________________________________________________________________________
Profitez d'offres promotionnelles et suivez Bibou0007.com sur Facebook -------->
*
*
Revenir en haut Aller en bas
nickylarson622
Bibou
Bibou


Masculin
Nombre de messages : 23
Age : 27
Localisation : arras
Date d'inscription : 14/02/2009

MessageSujet: Re: [Fermé] Virus connexion non certifié   Mar 23 Fév 2010 - 20:32

Bonsoir

Le pc est désormais plus fluide c'est indéniable Smile ( surtout l'agrandissement et retrécissement des fenetres )
Voila voila
Merci encore Very Happy
Revenir en haut Aller en bas
GrosBébé
Moderateurs (trices)
Moderateurs (trices)


Masculin
Nombre de messages : 6874
Age : 36
Localisation : devant le pc
Date d'inscription : 18/12/2007

MessageSujet: Re: [Fermé] Virus connexion non certifié   Mar 23 Fév 2010 - 21:49

Salut


C'est une bonne chose.
En général, quand ça me semble bon, j'ai pour habitude de lancer deux scans supplémentaires pour vérifier que rien ne traine.


Etape 1

La version de Java qui est installée n'est pas à jour :
Télécharge JavaRa.zip sur ton bureau.

    * Décompresse le fichier sur ton bureau (clic droit > Extraire tout)
    * Double-clique sur le répertoire JavaRa obtenu
    * Puis double-clique sur le fichier JavaRa.exe (le exe peut ne pas s'afficher)
    * Choisis dans le menu déroulante : French
    * Clique sur Recherche de mise à jour
    * Sélectionne Mettre à jour via jucheck.exe puis clique sur Rechercher
    * Autorise le processus à se connecter s'il te le demande, clique sur Installer et suis les instructions d'installation. Cela prendra quelques minutes.
    * Quand l'installation est terminée, revient à l'écran de JavaRa et clique sur Effacer les anciennes versions
    * Clique sur Oui pour confirmer. L'outil va travailler, clique ensuite sur Ok, puis une deuxième fois sur Ok.
    * Ferme l'application


Etape 2

Lorsque tu as suivi la procédure de prédésinfection, tu as dû utiliser TFC : lance le une fois s'il te plait.


Etape 3

    Relance Malwarebyte et mets à jour la base de définition en allant dans l'onglet "Mise à jour" puis "Recherche de mise à jour".
  • Choisis "Exécuter un examen rapide" puis "Rechercher"
  • Laisse l'analyse se faire (cela peut durer longtemps).
      Une fois le scan terminé, clique sur "Afficher les résultats", vérifie que les éléments trouvés soient cochés puis sur "Supprimer la sélection" en bas.

  • Un redémarrage peut être nécessaire.

Un rapport va s'afficher, enregistre-le sur ton bureau. Sinon, après le démarrage, il se trouvera dans l'onglet Rapports/logs de Malwarebyte.
Et poste le rapport svp

Une aide à l'utilisation ici


Etape 4

Rends toi sur kaspersky online scanner (clique ici)
  • Clique sur Accept en bas pour installer le programme.
  • Ferme toutes tes fenêtres et désactive tes logiciels de sécurité.
  • Clique sur exécuter pour lancer le programme.
    Patiente le temps de la mise à jour ...
  • Clique sur my computer sous scan (à gauche)
    Patiente le temps du scan.
  • Dès que c'est fini, clique sur Report... à gauche, puis clique sur save report...

Sauvegarde le rapport sous le nom kaspersky.txt et copie/colle son contenu ici svp.
Réactive ton antivirus.

ps : n'utilise pas ton pc le temps du scan.

Une aide en image ici


Etape 5

Copie/colle les rapports ici svp :
- Malwarebyte
- Kaspersky


A demain

__________________________________________________________________________________________________________________
Profitez d'offres promotionnelles et suivez Bibou0007.com sur Facebook -------->
*
*
Revenir en haut Aller en bas
nickylarson622
Bibou
Bibou


Masculin
Nombre de messages : 23
Age : 27
Localisation : arras
Date d'inscription : 14/02/2009

MessageSujet: Re: [Fermé] Virus connexion non certifié   Mer 24 Fév 2010 - 21:11

Bonsoir

Lorsque je veux lancer kasperky j'ai ce message d'erreur. Pourtant ma connection n'a pas l'air d'être interrompu.
" Launch of the Java application is interrupted! Please establish an uninterrupted Internet connection for work with this program. "

Sinon voici les rapports MBAM et OTL ( Apparemment j'ai chopé un trojan entre temps ... )

OTL logfile created on: 24/01/2010 19:39:29 - Run 2
OTL by OldTimer - Version 3.1.30.1 Folder = C:\Users\xav\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18882)
Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 58.00% Memory free
6.00 Gb Paging File | 5.00 Gb Available in Paging File | 80.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 173.00 Gb Total Space | 107.45 Gb Free Space | 62.11% Space Free | Partition Type: NTFS
Drive D: | 115.33 Gb Total Space | 115.24 Gb Free Space | 99.92% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: PC-DE-XAV
Current User Name: xav
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/01/22 19:42:21 | 000,549,376 | ---- | M] (OldTimer Tools) -- C:\Users\xav\Desktop\OTL.exe
PRC - [2010/01/18 17:22:59 | 000,908,248 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2009/11/20 20:33:00 | 000,122,984 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvvsvc.exe
PRC - [2009/11/13 12:31:14 | 000,092,008 | ---- | M] (TomTom) -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
PRC - [2009/09/06 12:38:06 | 000,071,096 | ---- | M] () -- C:\Program Files\CDBurnerXP\NMSAccessU.exe
PRC - [2009/08/18 16:23:57 | 000,185,089 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2009/05/13 15:47:40 | 000,108,289 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2009/04/10 22:28:10 | 000,037,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wbem\unsecapp.exe
PRC - [2009/04/10 22:27:38 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/03/02 12:08:11 | 000,209,153 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2009/02/06 16:07:48 | 000,027,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Contacts\wlcomm.exe
PRC - [2008/06/13 15:22:14 | 000,191,032 | ---- | M] (ATK) -- C:\Program Files\P4G\BatteryLife.exe
PRC - [2008/01/21 03:25:33 | 000,202,240 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnscfg.exe
PRC - [2008/01/21 03:23:32 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
PRC - [2007/12/11 16:13:22 | 000,151,552 | ---- | M] () -- C:\Program Files\ATK Hotkey\WDC.exe
PRC - [2007/12/04 10:57:06 | 002,486,272 | ---- | M] () -- C:\Program Files\ATK Hotkey\ATKOSD.exe
PRC - [2007/11/28 17:39:36 | 000,229,376 | ---- | M] (ATK0100) -- C:\Program Files\ATK Hotkey\Hcontrol.exe
PRC - [2007/11/04 19:48:06 | 000,106,496 | ---- | M] () -- C:\Program Files\ATK Hotkey\MsgTranAgt.exe
PRC - [2007/10/02 21:53:00 | 000,094,208 | ---- | M] () -- C:\Program Files\ATK Hotkey\ASLDRSrv.exe
PRC - [2007/09/02 12:58:52 | 000,495,616 | ---- | M] () -- C:\Program Files\RocketDocke\RocketDock.exe
PRC - [2007/08/15 11:20:16 | 000,106,496 | ---- | M] () -- C:\Program Files\ATK Hotkey\KBFiltr.exe
PRC - [2007/08/08 00:08:40 | 000,094,208 | ---- | M] () -- C:\Program Files\ATKGFNEX\GFNEXSrv.exe
PRC - [2007/08/03 12:24:54 | 000,125,496 | ---- | M] () -- C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe
PRC - [2007/07/05 16:53:44 | 001,040,384 | ---- | M] () -- C:\Program Files\Wireless Console 2\wcourier.exe


========== Modules (SafeList) ==========

MOD - [2010/01/22 19:42:21 | 000,549,376 | ---- | M] (OldTimer Tools) -- C:\Users\xav\Desktop\OTL.exe
MOD - [2009/04/10 22:21:40 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll
MOD - [2007/09/02 12:57:36 | 000,069,632 | ---- | M] () -- C:\Program Files\RocketDocke\RocketDock.dll


========== Win32 Services (SafeList) ==========

SRV - [2009/11/20 20:33:00 | 000,122,984 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Windows\System32\nvvsvc.exe -- (nvsvc)
SRV - [2009/11/13 12:31:14 | 000,092,008 | ---- | M] (TomTom) [Auto | Running] -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService)
SRV - [2009/09/25 02:27:04 | 000,793,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache)
SRV - [2009/09/06 19:31:09 | 000,651,720 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009/09/06 12:38:06 | 000,071,096 | ---- | M] () [Auto | Running] -- C:\Program Files\CDBurnerXP\NMSAccessU.exe -- (NMSAccessU)
SRV - [2009/08/18 16:23:57 | 000,185,089 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2009/05/13 15:47:40 | 000,108,289 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2009/01/24 14:46:50 | 000,216,232 | ---- | M] (CybelSoft) [On_Demand | Stopped] -- C:\Program Files\ma-config.com\maconfservice.exe -- (maconfservice)
SRV - [2008/11/04 00:06:28 | 000,441,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2008/03/18 05:27:12 | 000,013,312 | ---- | M] (Agere Systems) [Disabled | Stopped] -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio)
SRV - [2008/01/21 03:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)
SRV - [2007/10/02 21:53:00 | 000,094,208 | ---- | M] () [Auto | Running] -- C:\Program Files\ATK Hotkey\ASLDRSrv.exe -- (ASLDRService)
SRV - [2007/08/08 00:08:40 | 000,094,208 | ---- | M] () [Auto | Running] -- C:\Program Files\ATKGFNEX\GFNEXSrv.exe -- (ATKGFNEXSrv)
SRV - [2007/08/03 12:24:54 | 000,125,496 | ---- | M] () [Auto | Running] -- C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe -- (spmgr)
SRV - [2006/11/02 13:35:29 | 000,013,312 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\ehome\ehstart.dll -- (ehstart)
SRV - [2006/10/26 14:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose)


========== Driver Services (SafeList) ==========

DRV - [2009/12/10 19:43:52 | 000,056,816 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2009/11/21 03:34:54 | 011,515,752 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2009/11/12 05:14:28 | 000,066,664 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA)
DRV - [2009/09/28 20:57:28 | 000,007,168 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\StarOpen.sys -- (StarOpen)
DRV - [2009/07/17 16:53:38 | 000,080,384 | ---- | M] (Prolific Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ser2pl.sys -- (Ser2pl)
DRV - [2009/06/23 19:37:11 | 000,077,004 | ---- | M] (Oak Technology Inc.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\AFS.SYS -- (AFS)
DRV - [2009/05/11 09:11:52 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009/04/10 20:45:26 | 000,113,664 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rmcast.sys -- (RMCAST)
DRV - [2009/04/05 10:37:36 | 000,012,800 | ---- | M] (AsusTek Computer Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\BS_DEF.sys -- (BS_DEF)
DRV - [2009/03/30 09:32:47 | 000,096,104 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2009/02/13 11:34:33 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2009/02/07 16:31:07 | 000,717,296 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd)
DRV - [2009/01/24 15:18:00 | 000,014,336 | ---- | M] (CybelSoft) [Kernel | On_Demand | Stopped] -- C:\Program Files\ma-config.com\Drivers\driverhardwarev2.sys -- (driverhardwarev2)
DRV - [2008/06/13 10:10:08 | 002,152,344 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTKVHDA.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2008/06/03 22:41:52 | 000,015,928 | ---- | M] ( ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\kbfiltr.sys -- (kbfiltr)
DRV - [2008/05/20 21:36:12 | 003,663,360 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw5v32.sys -- (NETw5v32) Pilote de carte Intel(R)
DRV - [2008/05/07 10:40:02 | 000,317,976 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\iaStor.sys -- (iaStor)
DRV - [2008/03/21 05:13:00 | 001,203,776 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2008/02/15 17:42:42 | 000,046,592 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2008/02/14 22:56:02 | 000,118,784 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2008/01/21 03:23:27 | 000,386,616 | ---- | M] (LSI Corporation, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasr.sys -- (MegaSR)
DRV - [2008/01/21 03:23:27 | 000,149,560 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
DRV - [2008/01/21 03:23:27 | 000,031,288 | ---- | M] (LSI Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
DRV - [2008/01/21 03:23:26 | 000,101,432 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2008/01/21 03:23:26 | 000,074,808 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2008/01/21 03:23:26 | 000,040,504 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
DRV - [2008/01/21 03:23:26 | 000,018,432 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\MODEMCSA.sys -- (MODEMCSA)
DRV - [2008/01/21 03:23:25 | 000,300,600 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
DRV - [2008/01/21 03:23:25 | 000,089,656 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2008/01/21 03:23:24 | 001,122,360 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
DRV - [2008/01/21 03:23:24 | 000,118,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel(R)
DRV - [2008/01/21 03:23:24 | 000,079,928 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
DRV - [2008/01/21 03:23:23 | 000,235,064 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
DRV - [2008/01/21 03:23:23 | 000,130,616 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2008/01/21 03:23:23 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2008/01/21 03:23:23 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2008/01/21 03:23:23 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2008/01/21 03:23:23 | 000,079,416 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc)
DRV - [2008/01/21 03:23:22 | 000,342,584 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
DRV - [2008/01/21 03:23:21 | 000,422,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2008/01/21 03:23:21 | 000,102,968 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
DRV - [2008/01/21 03:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2008/01/21 03:23:20 | 000,238,648 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
DRV - [2008/01/21 03:23:00 | 000,020,024 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
DRV - [2008/01/21 03:23:00 | 000,019,000 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2008/01/21 03:23:00 | 000,017,464 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
DRV - [2007/12/18 17:12:12 | 000,054,784 | ---- | M] (ITE Tech. Inc. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\itecir.sys -- (itecir)
DRV - [2007/11/16 21:09:46 | 000,195,760 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SynTP.sys -- (SynTP)
DRV - [2007/10/15 08:39:26 | 000,206,336 | ---- | M] (eMPIA Technology Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\etFilter.sys -- (FiltUSBET)
DRV - [2007/09/06 16:45:22 | 000,006,656 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\etScan.sys -- (ScanUSBET)
DRV - [2007/09/06 09:43:50 | 000,474,624 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\etDevice.sys -- (DCamUSBET)
DRV - [2007/08/03 05:26:22 | 000,020,936 | ---- | M] () [Kernel | Auto | Running] -- C:\Program Files\ASUS\NB Probe\SPM\ghaio.sys -- (ghaio)
DRV - [2007/07/30 11:54:02 | 000,038,400 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2007/07/30 10:42:58 | 000,043,008 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2007/07/24 11:09:04 | 000,013,880 | ---- | M] () [Kernel | Auto | Running] -- C:\Program Files\ATKGFNEX\ASMMAP.sys -- (ASMMAP)
DRV - [2006/12/14 23:11:58 | 000,007,680 | ---- | M] (ATK0100) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ATKACPI.sys -- (MTsensor)
DRV - [2006/11/02 10:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006/11/02 10:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
DRV - [2006/11/02 10:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006/11/02 10:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
DRV - [2006/11/02 10:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006/11/02 10:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
DRV - [2006/11/02 10:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006/11/02 10:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006/11/02 10:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006/11/02 10:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
DRV - [2006/11/02 10:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006/11/02 09:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006/11/02 09:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
DRV - [2006/11/02 09:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
DRV - [2006/11/02 09:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
DRV - [2006/11/02 09:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
DRV - [2006/11/02 09:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
DRV - [2006/11/02 08:41:49 | 001,010,560 | ---- | M] (Motorola Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\smserial.sys -- (smserial)
DRV - [2006/11/02 08:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)
DRV - [2006/11/02 08:30:56 | 000,194,048 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\yk60x86.sys -- (yukonwlh)
DRV - [2006/11/02 07:37:21 | 000,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\secdrv.sys -- (secdrv)
DRV - [2004/02/04 10:27:56 | 000,049,536 | ---- | M] (Texas Instruments Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tiehdusb.sys -- (TIEHDUSB)
DRV - [2004/01/28 15:03:26 | 000,021,456 | ---- | M] (Texas Instruments Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\SilvrLnk.sys -- (SilverLink) Texas Instruments SilverLink (USB GraphLink)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: ""
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "www.google.fr"
FF - prefs.js..extensions.enabledItems: {71328583-3CA7-4809-B4BA-570A85818FBB}:0.6.3
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.7


FF - HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/01/18 17:23:14 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/01/18 17:23:14 | 000,000,000 | ---D | M]

[2009/12/05 20:20:54 | 000,000,000 | ---D | M] -- C:\Users\xav\AppData\Roaming\mozilla\Extensions
[2009/12/05 20:20:54 | 000,000,000 | ---D | M] -- C:\Users\xav\AppData\Roaming\mozilla\Extensions\home2@tomtom.com
[2010/02/15 18:47:26 | 000,000,000 | ---D | M] -- C:\Users\xav\AppData\Roaming\mozilla\Firefox\Profiles\d2ixl1s6.default\extensions
[2010/01/23 14:43:26 | 000,000,000 | ---D | M] (CacheViewer) -- C:\Users\xav\AppData\Roaming\mozilla\Firefox\Profiles\d2ixl1s6.default\extensions\{71328583-3CA7-4809-B4BA-570A85818FBB}
[2010/01/23 14:43:28 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\xav\AppData\Roaming\mozilla\Firefox\Profiles\d2ixl1s6.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2009/02/14 18:12:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\xav\AppData\Roaming\mozilla\Firefox\Profiles\d2ixl1s6.default\extensions\{bb628310-0ab7-11db-9cd8-0800200c9a66}
[2010/01/24 19:38:36 | 000,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2010/01/18 17:23:06 | 000,001,516 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-france.xml
[2010/01/18 17:23:06 | 000,001,822 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\cnrtl-tlfi-fr.xml
[2010/01/18 17:23:06 | 000,000,757 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-france.xml
[2009/08/05 18:05:43 | 000,000,748 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\MediaDICO-fr.xml
[2010/01/18 17:23:06 | 000,001,426 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-fr.xml
[2010/01/18 17:23:06 | 000,000,652 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-france.xml

O1 HOSTS File: ([2006/09/18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [RocketDock] C:\Program Files\RocketDocke\RocketDock.exe ()
O4 - HKCU..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: AllowLegacyWebView = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: AllowUnhashedWebView = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 255
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 0
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img36.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img36.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2010/01/18 20:27:28 | 000,000,000 | RHSD | M] - C:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2010/01/18 20:27:28 | 000,000,000 | RHSD | M] - D:\autorun.inf -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/02/11 16:55:46 | 000,000,000 | ---D | C] -- C:\Program Files\JDownloader
[2010/02/09 21:49:20 | 003,600,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2010/02/09 21:49:19 | 003,548,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2010/02/09 21:49:08 | 001,314,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\quartz.dll
[2010/02/09 21:49:07 | 000,123,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msvfw32.dll
[2010/02/09 21:49:07 | 000,091,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\avifil32.dll
[2010/02/09 21:49:07 | 000,082,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mciavi32.dll
[2010/02/08 23:33:13 | 000,182,888 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcohda.dll
[2010/02/08 23:33:13 | 000,066,664 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\drivers\nvhda32v.sys
[2010/02/08 23:33:13 | 000,057,344 | ---- | C] (Windows (R) Codename Longhorn DDK provider) -- C:\Windows\System32\nvapo32v.dll
[2010/02/08 23:33:13 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\nvhdap32.dll
[2010/02/08 23:31:48 | 000,000,000 | ---D | C] -- C:\Windows\System32\AGEIA
[2010/02/08 23:31:47 | 000,000,000 | ---D | C] -- C:\Program Files\AGEIA Technologies
[2010/02/08 23:31:22 | 000,000,000 | ---D | C] -- C:\Program Files\NVIDIA Corporation
[2010/02/08 23:30:04 | 011,515,752 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\drivers\nvlddmkm.sys
[2010/02/08 23:30:04 | 004,241,000 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvwgf2um.dll
[2010/02/08 23:30:04 | 000,076,392 | ---- | C] (Khronos Group) -- C:\Windows\System32\OpenCL.dll
[2010/02/08 23:30:04 | 000,010,920 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\drivers\nvBridge.kmd
[2010/02/08 23:30:02 | 014,064,232 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvoglv32.dll
[2010/02/08 23:30:02 | 009,333,352 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvd3dum.dll
[2010/02/08 23:30:02 | 004,001,384 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcuda.dll
[2010/02/08 23:30:02 | 002,243,176 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcuvid.dll
[2010/02/08 23:30:02 | 001,989,224 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcuvenc.dll
[2010/02/08 23:29:59 | 011,381,352 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcompiler.dll
[2010/02/08 23:29:59 | 001,249,896 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvapi.dll
[2010/02/08 23:29:59 | 000,182,888 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcod178.dll
[2010/02/08 23:29:59 | 000,182,888 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcod.dll
[2010/02/08 22:44:48 | 000,000,000 | ---D | C] -- C:\NVIDIA
[2010/02/04 21:52:04 | 000,000,000 | ---D | C] -- C:\Users\xav\Desktop\RAPPORT DE STAGE FINAL
[2010/01/24 19:38:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2010/01/24 19:38:51 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2010/01/24 19:38:34 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2010/01/24 19:38:34 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2010/01/24 19:38:34 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2010/01/23 19:37:14 | 000,726,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll
[2010/01/23 19:36:56 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2010/01/23 19:36:21 | 000,471,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_isv.dll
[2010/01/23 19:36:21 | 000,471,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc.dll
[2010/01/23 19:36:20 | 000,526,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_isv.exe
[2010/01/23 19:36:20 | 000,518,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate.exe
[2010/01/23 19:36:20 | 000,347,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_ssp.exe
[2010/01/23 19:36:20 | 000,346,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_ssp_isv.exe
[2010/01/23 19:36:19 | 000,332,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdrm.dll
[2010/01/23 19:36:19 | 000,152,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_ssp_isv.dll
[2010/01/23 19:36:19 | 000,152,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_ssp.dll
[2010/01/23 19:35:42 | 004,240,384 | ---- | C] (Microsoft) -- C:\Windows\System32\GameUXLegacyGDFs.dll
[2010/01/23 19:35:42 | 001,696,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\gameux.dll
[2010/01/23 19:35:42 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Apphlpdm.dll
[2010/01/22 19:42:41 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/01/22 19:42:17 | 000,549,376 | ---- | C] (OldTimer Tools) -- C:\Users\xav\Desktop\OTL.exe
[2010/01/21 22:04:14 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2010/01/21 22:04:14 | 000,594,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2010/01/21 22:04:14 | 000,387,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2010/01/21 22:04:13 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2010/01/21 22:04:13 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2010/01/21 22:04:13 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2010/01/21 22:04:13 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2010/01/21 22:04:13 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2010/01/21 22:04:13 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2010/01/21 22:04:13 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2010/01/21 22:04:13 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2010/01/21 22:04:13 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2010/01/21 22:04:13 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2010/01/21 22:04:13 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2010/01/20 21:06:43 | 000,000,000 | ---D | C] -- C:\Users\xav\AppData\Roaming\TeamViewer
[2010/01/20 00:19:20 | 000,000,000 | ---D | C] -- C:\Ad-Remover
[2010/01/20 00:17:31 | 001,263,511 | ---- | C] (C_XX) -- C:\Users\xav\Desktop\AD-R.exe
[2010/01/18 20:27:28 | 000,000,000 | RHSD | C] -- C:\autorun.inf
[2010/01/17 14:42:32 | 000,000,000 | ---D | C] -- C:\Users\xav\Desktop\Muse
[2010/01/14 20:41:26 | 000,000,000 | -HSD | C] -- C:\found.000
[2010/01/13 16:18:00 | 000,156,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\t2embed.dll
[2010/01/13 16:18:00 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fontsub.dll
[2009/02/03 03:22:13 | 000,015,928 | ---- | C] ( ) -- C:\Windows\System32\drivers\kbfiltr.sys
[2 C:\Users\xav\Desktop\*.tmp files -> C:\Users\xav\Desktop\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/02/14 06:43:52 | 000,000,290 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2010/02/12 01:46:51 | 000,108,544 | ---- | M] () -- C:\Users\xav\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/02/08 22:46:43 | 000,000,680 | ---- | M] () -- C:\Users\xav\AppData\Local\d3d9caps.dat
[2010/01/25 13:00:35 | 000,471,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\secproc_isv.dll
[2010/01/25 13:00:35 | 000,152,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\secproc_ssp_isv.dll
[2010/01/25 13:00:35 | 000,152,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\secproc_ssp.dll
[2010/01/25 13:00:22 | 000,471,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\secproc.dll
[2010/01/25 12:58:52 | 000,332,288 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msdrm.dll
[2010/01/25 09:21:20 | 000,526,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_isv.exe
[2010/01/25 09:21:20 | 000,346,624 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_ssp_isv.exe
[2010/01/25 09:21:18 | 000,518,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\RMActivate.exe
[2010/01/25 09:21:18 | 000,347,136 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_ssp.exe
[2010/01/24 19:41:15 | 003,932,160 | -HS- | M] () -- C:\Users\xav\NTUSER.DAT
[2010/01/24 18:58:48 | 000,136,784 | ---- | M] () -- C:\Users\xav\AppData\Local\GDIPFONTCACHEV1.DAT
[2010/01/24 18:58:39 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/01/24 18:58:37 | 000,596,760 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2010/01/24 18:58:37 | 000,596,760 | ---- | M] () -- C:\ProgramData\nvModes.001
[2010/01/24 18:58:37 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/01/24 18:57:45 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/01/24 18:57:39 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/01/24 18:57:34 | 000,457,296 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010/01/24 17:44:21 | 000,524,288 | -HS- | M] () -- C:\Users\xav\NTUSER.DAT{470c5cee-0903-11df-a3cf-00221584cc16}.TMContainer00000000000000000002.regtrans-ms
[2010/01/24 17:44:21 | 000,524,288 | -HS- | M] () -- C:\Users\xav\NTUSER.DAT{470c5cee-0903-11df-a3cf-00221584cc16}.TMContainer00000000000000000001.regtrans-ms
[2010/01/24 17:44:21 | 000,065,536 | -HS- | M] () -- C:\Users\xav\NTUSER.DAT{470c5cee-0903-11df-a3cf-00221584cc16}.TM.blf
[2010/01/23 10:26:13 | 000,002,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2010/01/22 20:53:07 | 000,524,288 | -HS- | M] () -- C:\Users\xav\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms
[2010/01/22 20:53:07 | 000,065,536 | -HS- | M] () -- C:\Users\xav\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf
[2010/01/22 20:52:58 | 001,849,002 | -H-- | M] () -- C:\Users\xav\AppData\Local\IconCache.db
[2010/01/22 20:04:20 | 000,061,399 | ---- | M] () -- C:\Users\xav\Desktop\Nouveau Document Microsoft Office Word.docx
[2010/01/22 19:42:21 | 000,549,376 | ---- | M] (OldTimer Tools) -- C:\Users\xav\Desktop\OTL.exe
[2010/01/20 21:06:37 | 002,195,352 | ---- | M] () -- C:\Users\xav\Desktop\TeamViewerQS.exe
[2010/01/20 00:17:34 | 001,263,511 | ---- | M] (C_XX) -- C:\Users\xav\Desktop\AD-R.exe
[2010/01/18 23:52:23 | 000,122,561 | ---- | M] () -- C:\Users\xav\Desktop\Sans titre.jpg
[2010/01/18 20:28:07 | 000,002,013 | ---- | M] () -- C:\UsbFix_Upload_Me_PC-de-xav.zip
[2010/01/18 16:36:26 | 002,624,614 | ---- | M] () -- C:\Windows\System32\perfh00C.dat
[2010/01/18 16:36:26 | 000,903,450 | ---- | M] () -- C:\Windows\System32\perfc00C.dat
[2010/01/18 16:36:25 | 001,386,862 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/01/18 16:36:25 | 000,866,042 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/01/18 16:36:25 | 000,005,106 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010/01/18 01:00:35 | 000,325,942 | ---- | M] () -- C:\Users\xav\Desktop\Sans titreOMG.png
[2010/01/18 00:47:37 | 000,118,541 | ---- | M] () -- C:\Users\xav\Desktop\axelo.jpg
[2010/01/18 00:26:45 | 000,139,115 | ---- | M] () -- C:\Users\xav\Desktop\axelleeee.jpg
[2010/01/18 00:08:05 | 000,121,576 | ---- | M] () -- C:\Users\xav\Desktop\AXE.jpg
[2010/01/18 00:05:55 | 000,158,615 | ---- | M] () -- C:\Users\xav\Desktop\ax.jpg
[2010/01/17 23:49:33 | 000,123,935 | ---- | M] () -- C:\Users\xav\Desktop\axou.jpg
[2010/01/17 21:47:28 | 003,739,865 | ---- | M] () -- C:\Users\xav\Desktop\038.JPG
[2010/01/17 21:45:29 | 003,699,021 | ---- | M] () -- C:\Users\xav\Desktop\034.JPG
[2010/01/17 15:16:08 | 000,001,150 | ---- | M] () -- C:\Users\xav\AppData\Roaming\QuickZip45.ini
[2010/01/14 11:12:06 | 000,181,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe
[2010/01/07 16:07:14 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/01/07 16:07:04 | 000,019,160 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/01/06 16:39:38 | 001,696,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\gameux.dll
[2010/01/06 16:38:47 | 000,028,672 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\Apphlpdm.dll
[2010/01/06 14:30:41 | 004,240,384 | ---- | M] (Microsoft) -- C:\Windows\System32\GameUXLegacyGDFs.dll
[2010/01/02 07:33:32 | 000,594,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2010/01/02 07:33:32 | 000,055,296 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2010/01/02 07:32:51 | 000,025,600 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2010/01/02 07:32:46 | 001,469,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2010/01/02 07:32:33 | 000,164,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2010/01/02 07:32:33 | 000,109,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2010/01/02 07:32:33 | 000,071,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2010/01/02 07:32:32 | 000,184,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2010/01/02 07:32:32 | 000,055,808 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2010/01/02 07:32:26 | 000,387,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2010/01/02 05:57:00 | 000,133,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2010/01/02 05:56:50 | 000,173,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2010/01/02 05:56:14 | 000,013,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2010/01/02 05:55:54 | 001,638,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2 C:\Users\xav\Desktop\*.tmp files -> C:\Users\xav\Desktop\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/02/14 06:43:52 | 000,000,290 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2010/02/08 23:46:48 | 000,596,760 | ---- | C] () -- C:\ProgramData\nvModes.001
[2010/02/08 23:37:05 | 000,596,760 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2010/02/08 23:30:04 | 000,007,133 | ---- | C] () -- C:\Windows\System32\nvinfo.pb
[2010/01/24 17:13:37 | 000,524,288 | -HS- | C] () -- C:\Users\xav\NTUSER.DAT{470c5cee-0903-11df-a3cf-00221584cc16}.TMContainer00000000000000000002.regtrans-ms
[2010/01/24 17:13:37 | 000,524,288 | -HS- | C] () -- C:\Users\xav\NTUSER.DAT{470c5cee-0903-11df-a3cf-00221584cc16}.TMContainer00000000000000000001.regtrans-ms
[2010/01/24 17:13:37 | 000,065,536 | -HS- | C] () -- C:\Users\xav\NTUSER.DAT{470c5cee-0903-11df-a3cf-00221584cc16}.TM.blf
[2010/01/22 20:01:56 | 000,061,399 | ---- | C] () -- C:\Users\xav\Desktop\Nouveau Document Microsoft Office Word.docx
[2010/01/20 21:06:34 | 002,195,352 | ---- | C] () -- C:\Users\xav\Desktop\TeamViewerQS.exe
[2010/01/18 23:52:22 | 000,122,561 | ---- | C] () -- C:\Users\xav\Desktop\Sans titre.jpg
[2010/01/18 20:28:07 | 000,002,013 | ---- | C] () -- C:\UsbFix_Upload_Me_PC-de-xav.zip
[2010/01/18 01:00:29 | 000,325,942 | ---- | C] () -- C:\Users\xav\Desktop\Sans titreOMG.png
[2010/01/18 00:47:37 | 000,118,541 | ---- | C] () -- C:\Users\xav\Desktop\axelo.jpg
[2010/01/18 00:26:45 | 000,139,115 | ---- | C] () -- C:\Users\xav\Desktop\axelleeee.jpg
[2010/01/18 00:08:04 | 000,121,576 | ---- | C] () -- C:\Users\xav\Desktop\AXE.jpg
[2010/01/18 00:05:54 | 000,158,615 | ---- | C] () -- C:\Users\xav\Desktop\ax.jpg
[2010/01/17 23:49:32 | 000,123,935 | ---- | C] () -- C:\Users\xav\Desktop\axou.jpg
[2010/01/17 21:46:18 | 003,739,865 | ---- | C] () -- C:\Users\xav\Desktop\038.JPG
[2010/01/17 21:44:29 | 003,699,021 | ---- | C] () -- C:\Users\xav\Desktop\034.JPG
[2009/12/06 17:19:09 | 000,007,168 | ---- | C] () -- C:\Windows\System32\drivers\StarOpen.sys
[2009/10/31 16:30:25 | 000,000,331 | ---- | C] () -- C:\Users\xav\AppData\Roaming\burnaware.ini
[2009/08/03 00:21:54 | 000,197,912 | ---- | C] () -- C:\Windows\System32\physxcudart_20.dll
[2009/08/03 00:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll
[2009/08/03 00:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll
[2009/08/03 00:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll
[2009/08/03 00:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll
[2009/08/03 00:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll
[2009/08/03 00:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll
[2009/08/03 00:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll
[2009/08/03 00:21:52 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll
[2009/08/03 00:21:52 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll
[2009/07/23 09:56:52 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/06/23 19:27:51 | 000,000,191 | ---- | C] () -- C:\ProgramData\hpzinstall.log
[2009/05/26 19:27:36 | 000,000,025 | ---- | C] () -- C:\Windows\CDE DX6000EFDG.ini
[2009/05/25 21:55:07 | 000,000,097 | ---- | C] () -- C:\Windows\System32\PICSDK.ini
[2009/05/25 21:52:20 | 000,000,027 | ---- | C] () -- C:\Windows\CDE DX4400DEFGIPS.ini
[2009/04/15 19:06:19 | 000,000,024 | ---- | C] () -- C:\Windows\ATKPF.ini
[2009/03/26 19:56:07 | 000,001,150 | ---- | C] () -- C:\Users\xav\AppData\Roaming\QuickZip45.ini
[2009/02/25 18:15:23 | 000,000,552 | ---- | C] () -- C:\Users\xav\AppData\Local\d3d8caps.dat
[2009/02/09 17:07:21 | 000,108,544 | ---- | C] () -- C:\Users\xav\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/02/07 16:31:07 | 000,717,296 | ---- | C] () -- C:\Windows\System32\drivers\sptd.sys
[2009/02/07 14:42:21 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2009/02/07 14:41:51 | 000,049,152 | ---- | C] () -- C:\Windows\revdevdll.dll
[2009/02/02 18:52:18 | 000,000,680 | ---- | C] () -- C:\Users\xav\AppData\Local\d3d9caps.dat
[2008/04/16 11:43:39 | 000,000,010 | ---- | C] () -- C:\Windows\System32\ABLKSR.ini
[2006/11/02 13:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
< End of report >


Malwarebytes' Anti-Malware 1.44
Version de la base de données: 3785
Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18882

24/01/2010 19:47:25
mbam-log-2010-01-24 (19-47-25).txt

Type de recherche: Examen rapide
Eléments examinés: 106068
Temps écoulé: 4 minute(s), 6 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 1

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
C:\Windows\Temp\TMP0000000D8D044AC03DBF2644 (Trojan.Dropper) -> Quarantined and deleted successfully.
Revenir en haut Aller en bas
GrosBébé
Moderateurs (trices)
Moderateurs (trices)


Masculin
Nombre de messages : 6874
Age : 36
Localisation : devant le pc
Date d'inscription : 18/12/2007

MessageSujet: Re: [Fermé] Virus connexion non certifié   Jeu 25 Fév 2010 - 21:25

Salut Smile

@GrosBébé a écrit:
Lorsque tu as suivi la procédure de prédésinfection, tu as dû utiliser TFC : lance le une fois s'il te plait.
Je parlais de TFC Smile

Clique ici pour télécharger TFC (de Old Timer) sur le bureau
  • Double clique sur TFC.exe pour le lancer
  • Clique sur le bouton Start et patiente quelques instants.
  • Une fois le nettoyage terminé, ton pc va redémarrer. S'il ne le fait pas, redémarre le toi même pour terminer le nettoyage



PUIS


Vu que tu as des soucis avec Kaspersky, tente voir avec ESET svp
http://www.bibou0007.com/scans-en-ligne-f75/tutorial-eset-online-scanner-t3691.htm


Bonne soirée

__________________________________________________________________________________________________________________
Profitez d'offres promotionnelles et suivez Bibou0007.com sur Facebook -------->
*
*
Revenir en haut Aller en bas
GrosBébé
Moderateurs (trices)
Moderateurs (trices)


Masculin
Nombre de messages : 6874
Age : 36
Localisation : devant le pc
Date d'inscription : 18/12/2007

MessageSujet: Re: [Fermé] Virus connexion non certifié   Jeu 4 Mar 2010 - 13:15

Salut

Toujours avec nous ?

__________________________________________________________________________________________________________________
Profitez d'offres promotionnelles et suivez Bibou0007.com sur Facebook -------->
*
*
Revenir en haut Aller en bas
GrosBébé
Moderateurs (trices)
Moderateurs (trices)


Masculin
Nombre de messages : 6874
Age : 36
Localisation : devant le pc
Date d'inscription : 18/12/2007

MessageSujet: Re: [Fermé] Virus connexion non certifié   Mar 9 Mar 2010 - 8:58

Sujet fermé en raison de l'inactivité. Si vous souhaitez réouvrir ce sujet, faites en la demande par MP en indiquant la raison et le lien vers ce sujet. Cela ne s'applique qu'à nickylarson622. Pour les autres, créez votre propre sujet svp.

__________________________________________________________________________________________________________________
Profitez d'offres promotionnelles et suivez Bibou0007.com sur Facebook -------->
*
*
Revenir en haut Aller en bas
Contenu sponsorisé




MessageSujet: Re: [Fermé] Virus connexion non certifié   

Revenir en haut Aller en bas
 
[Fermé] Virus connexion non certifié
Voir le sujet précédent Voir le sujet suivant Revenir en haut 
Page 1 sur 1
 Sujets similaires
-
» [Fermé] Virus connexion non certifié
» [Fermé] Virus de clé usb
» [Fermé] Virus
» [Fermé] virus variante win32/kryptik.bke cheval de troie
» [Fermé] virus sur msn

Permission de ce forum:Vous ne pouvez pas répondre aux sujets dans ce forum
Bibou le forum :: 
La sécurité
 :: Aide à la désinfection :: Sujets résolus ou anciens
-
Sauter vers: