christelsina

Bonjour à tous, voici mon problème. Hier, une page s'est affichée sur mon ordinateur, prétendûment de la police nationale m'indiquant que j'étais allée sur des sites interdits et qu'il fallait que je paie. Bref, un virus. Pour pouvoir accéder de nouveau aux fonctions de l'ordi, j'ai dû passer par un mode sans échec. J'ai alors utilisé Malwarebytes qui a trouvé 2 infections. A la remise en mode normal de l'ordi, c'est microsoft sécurity qui ne fonctionnait plus. Je l'ai donc désinstallé puis réinstallé. Il a trouvé lui aussi 2 trojan : "trojan win32/sirefef.1" et trojan win32/sirefef.AG". Il les met en quarantaine, je lui demande de les supprimer, ce qu'il semble faire mais au redémarrage de l'ordi, ils sont toujours en quaranataine. Dernier souci, j'ai un message d'erreur qui m'indique qu'il est impossible de charger ou d'exécuter un fichier et que je dois m'assurer qu'il existe dans le registre spécifié de mémoire c/windows/users/local (et après je ne me souviens plus mais si c'est important, je peux l'indiquer en recopiant exactement ce message). Voilà, je ne sais pas su tout comment me sortir de cette situation. Je fonctionne avec Windows Vista. Merci d'avanace à quiconque peut me venir en aide. Christelle

Non, pour l'instant, tout a l'air de fonctionner normalement. Merci beaucoup pour votre aide.

Voici le nouveau rapport : Malwarebytes' Anti-Malware 1.50.1.1100 www.malwarebytes.org Version de la base de données: 6374 Windows 6.0.6002 Service Pack 2 Internet Explorer 9.0.8112.16421 16/04/2011 17:48:00 mbam-log-2011-04-16 (17-48-00).txt Type d'examen: Examen complet (C:\|D:\|) Elément(s) analysé(s): 302577 Temps écoulé: 43 minute(s), 35 seconde(s) Processus mémoire infecté(s): 0 Module(s) mémoire infecté(s): 0 Clé(s) du Registre infectée(s): 2 Valeur(s) du Registre infectée(s): 0 Elément(s) de données du Registre infecté(s): 0 Dossier(s) infecté(s): 0 Fichier(s) infecté(s): 1 Processus mémoire infecté(s): (Aucun élément nuisible détecté) Module(s) mémoire infecté(s): (Aucun élément nuisible détecté) Clé(s) du Registre infectée(s): HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{DB38E21A-0133-419D-92AD-ECDFD5244D6D} (Adware.ShoppingReport2) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{EB620C54-E229-4942-87CE-E717109FC8C6} (Adware.ShoppingReport2) -> Quarantined and deleted successfully. Valeur(s) du Registre infectée(s): (Aucun élément nuisible détecté) Elément(s) de données du Registre infecté(s): (Aucun élément nuisible détecté) Dossier(s) infecté(s): (Aucun élément nuisible détecté) Fichier(s) infecté(s): c:\Users\utilisateur\documents\activation office2010\mini-kms_activator_v1.052\mini-kms_activator_v1.052.exe (Riskware.Keygen) -> Quarantined and deleted successfully.

Voici le rapport : = RAPPORT D'AD-REMOVER 2.0.0.2,G | UNIQUEMENT XP/VISTA/7 ======= Mis à jour par TeamXscript le 12/04/11 Contact: AdRemover[DOT]contact[AT]gmail[DOT]com Site web: TeamXscript : AD-Remover - FindyKill - UsbFix - SEAF C:\Program Files\Ad-Remover\main.exe (CLEAN [1]) -> Lancé à 14:22:38 le 16/04/2011, Mode normal Microsoft® Windows Vista™ Édition Familiale Premium Service Pack 2 (X86) Utilisateur@PC-FIXE (System manufacturer System Product Name) ============== ACTION(S) ============== Dossier supprimé: C:\Program Files\Mozilla FireFox\extensions\{D9ADB0A8-7BFB-498D-9880-EE78A81CCFA0} Dossier supprimé: C:\Users\Utilisateur\AppData\Local\Conduit Dossier supprimé: C:\Users\Utilisateur\AppData\LocalLow\Conduit Dossier supprimé: C:\Program Files\Conduit Dossier supprimé: C:\Users\Utilisateur\AppData\LocalLow\ConduitEngine Dossier supprimé: C:\Program Files\ConduitEngine Dossier supprimé: C:\Users\Utilisateur\AppData\LocalLow\PriceGong Dossier supprimé: C:\Users\Utilisateur\AppData\LocalLow\ShoppingReport2 Dossier supprimé: C:\Program Files\ShoppingReport2 (!) -- Fichiers temporaires supprimés. Clé supprimée: HKLM\Software\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D} Clé supprimée: HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D} Clé supprimée: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{30F9B915-B755-4826-820B-08FBA6BD249D} Clé supprimée: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{30F9B915-B755-4826-820B-08FBA6BD249D} Clé supprimée: HKLM\Software\Classes\CLSID\{410F54F2-412F-45F9-A0A0-2F91216223AF} Clé supprimée: HKLM\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{410F54F2-412F-45F9-A0A0-2F91216223AF} Clé supprimée: HKLM\Software\Classes\CLSID\{C96012EA-ED7B-400A-A2F2-9AB46F88FABD} Clé supprimée: HKLM\Software\Classes\Interface\{0EB3F101-224A-4B2B-9E5B-DF720857529C} Clé supprimée: HKLM\Software\Classes\Interface\{A1F1ECD3-4806-44C6-A869-F0DADF11C57C} Clé supprimée: HKLM\Software\Classes\TypeLib\{B035BA6B-57CD-4F72-B545-65BE465FCAF6} Clé supprimée: HKLM\Software\Classes\TypeLib\{D44FD6F0-9746-484E-B5C4-C66688393872} Clé supprimée: HKLM\Software\Classes\Conduit.Engine Clé supprimée: HKLM\Software\Classes\ShoppingReport2.HbAx Clé supprimée: HKLM\Software\Classes\ShoppingReport2.HbAx.1 Clé supprimée: HKLM\Software\Classes\ShoppingReport2.HbInfoBand Clé supprimée: HKLM\Software\Classes\ShoppingReport2.HbInfoBand.1 Clé supprimée: HKLM\Software\Classes\ShoppingReport2.IEButton Clé supprimée: HKLM\Software\Classes\ShoppingReport2.IEButton.1 Clé supprimée: HKLM\Software\Classes\ShoppingReport2.IEButtonA Clé supprimée: HKLM\Software\Classes\ShoppingReport2.IEButtonA.1 Clé supprimée: HKLM\Software\Classes\ShoppingReport2.RprtCtrl Clé supprimée: HKLM\Software\Classes\ShoppingReport2.RprtCtrl.1 Clé supprimée: HKLM\Software\Classes\Toolbar.CT2849852 Clé supprimée: HKLM\Software\Classes\Toolbar.CT2866295 Clé supprimée: HKLM\Software\Conduit Clé supprimée: HKLM\Software\conduitEngine Clé supprimée: HKLM\Software\ShoppingReport2 Clé supprimée: HKCU\Software\ShoppingReport2 Clé supprimée: HKCU\Software\AppDataLow\Toolbar Clé supprimée: HKCU\Software\AppDataLow\Software\Conduit Clé supprimée: HKCU\Software\AppDataLow\Software\conduitEngine Clé supprimée: HKCU\Software\AppDataLow\Software\PriceGong Clé supprimée: HKCU\Software\AppDataLow\Software\ShoppingReport2 Clé supprimée: HKCU\Software\AppDataLow\Software\Toolbar Clé supprimée: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B} Clé supprimée: HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B} Clé supprimée: HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A078F691-9C07-4AF2-BF43-35E79EECF8B7} Clé supprimée: HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B06A1FFF-44C4-42E8-B9C5-94D7DAB5253B} Clé supprimée: HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ShoppingReport2 Clé supprimée: HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\conduitEngine Clé supprimée: HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\ShoppingReport2 Clé supprimée: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DB38E21A-0133-419D-92AD-ECDFD5244D6D} Clé supprimée: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EB620C54-E229-4942-87CE-E717109FC8C6} Valeur supprimée: HKLM\Software\Microsoft\Internet Explorer\Toolbar|{30F9B915-B755-4826-820B-08FBA6BD249D} ============== SCAN ADDITIONNEL ============== **** Mozilla Firefox Version [3.6.13 (fr)] **** -- C:\Users\Utilisateur\AppData\Roaming\Mozilla\FireFox\Profiles\y9z72s3z.default -- Prefs.js - browser.startup.homepage_override.mstone, rv:1.9.2.13 ======================================== **** Internet Explorer Version [7.0.6002.18005] **** HKCU_Main|Default_Page_URL - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome HKCU_Main|Default_Search_URL - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKCU_Main|Search bar - hxxp://go.microsoft.com/fwlink/?linkid=54896 HKCU_Main|Start Page - hxxp://fr.msn.com/ HKLM_Main|Default_Page_URL - hxxp://go.microsoft.com/fwlink/?LinkId=54896 HKLM_Main|Default_Search_URL - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKLM_Main|Search bar - hxxp://search.msn.com/spbasic.htm HKLM_Main|Search Page - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKLM_Main|Start Page - hxxp://fr.msn.com/ HKLM_URLSearchHooks|{ef79f67a-6ad7-4715-a0f8-932fca442023} - "BittorrentBar_FR Toolbar" (C:\Program Files\BittorrentBar_FR\tbBitt.dll) HKCU_Toolbar\WebBrowser|{B9D63C58-90CC-428B-8D3B-CBB88EB07E7E} (x) HKCU_Toolbar\WebBrowser|{EF79F67A-6AD7-4715-A0F8-932FCA442023} (C:\Program Files\BittorrentBar_FR\tbBitt.dll) HKLM_Toolbar|{ef79f67a-6ad7-4715-a0f8-932fca442023} (C:\Program Files\BittorrentBar_FR\tbBitt.dll) HKLM_ElevationPolicy\{DDAD690D-8362-460C-AF8F-54442BB68C14} - C:\Program Files\BittorrentBar_FR\BittorrentBar_FRToolbarHelper.exe (?) HKLM_Extensions\{85d1f590-48f4-11d9-9669-0800200c9a66} - "?" (?) BHO\{ef79f67a-6ad7-4715-a0f8-932fca442023} - "BittorrentBar_FR Toolbar" (C:\Program Files\BittorrentBar_FR\tbBitt.dll) ======================================== C:\Program Files\Ad-Remover\Quarantine: 72 Fichier(s) C:\Program Files\Ad-Remover\Backup: 15 Fichier(s) C:\Ad-Report-CLEAN[1].txt - 16/04/2011 14:22:51 (6511 Octet(s)) Fin à: 14:23:21, 16/04/2011 ============== E.O.F ==============

Voilà, j'ai effectué la manip dont vous m'avez parlé. Le rapport se trouve ici. Cijoint.fr - Service gratuit de dépôt de fichiers

Bonjour, mon ordinateur disfonctionnant un peu (besoin de le redémarrer plusieurs fois par exemple), j'ai fait un scan en ligne avec Panda. Celui-ci a détecté de nombreux cookies que je pense avoir supprimés mais aussi un virus et un trojan. Comme je ne sais pas comment les supprimer, je fais appel à vos lumières. Je vous joins le rapport d'Active Scan : ;*********************************************************************************************************************************************************************************** ANALYSIS: 2011-04-16 13:16:50 PROTECTIONS: 1 MALWARE: 26 SUSPECTS: 0 ;*********************************************************************************************************************************************************************************** PROTECTIONS Description Version Active Updated ;=================================================================================================================================================================================== Microsoft Security Essentials Yes Yes ;=================================================================================================================================================================================== MALWARE Id Description Type Active Severity Disinfectable Disinfected Location ;=================================================================================================================================================================================== 00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No c:\users\utilisateur\appdata\roaming\microsoft\windows\cookies\low\utilisateur@doubleclick[2].txt 00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No c:\users\utilisateur\appdata\roaming\microsoft\windows\cookies\low\utilisateur@atdmt[1].txt 00145405 Cookie/RealMedia TrackingCookie No 0 Yes No c:\users\utilisateur\appdata\roaming\microsoft\windows\cookies\low\utilisateur@247realmedia[2].txt 00145457 Cookie/FastClick TrackingCookie No 0 Yes No c:\users\utilisateur\appdata\roaming\microsoft\windows\cookies\low\utilisateur@fastclick[1].txt 00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No c:\users\utilisateur\appdata\roaming\microsoft\windows\cookies\low\utilisateur@tribalfusion[2].txt 00145738 Cookie/Mediaplex TrackingCookie No 0 Yes No c:\users\utilisateur\appdata\roaming\microsoft\windows\cookies\low\utilisateur@mediaplex[1].txt 00167704 Cookie/Xiti TrackingCookie No 0 Yes No c:\users\utilisateur\appdata\roaming\microsoft\windows\cookies\low\utilisateur@xiti[1].txt 00167753 Cookie/Statcounter TrackingCookie No 0 Yes No c:\users\utilisateur\appdata\roaming\microsoft\windows\cookies\low\utilisateur@statcounter[2].txt 00168056 Cookie/YieldManager TrackingCookie No 0 Yes No c:\users\utilisateur\appdata\roaming\microsoft\windows\cookies\low\utilisateur@ad.yieldmanager[1].txt 00168061 Cookie/Apmebf TrackingCookie No 0 Yes No c:\users\utilisateur\appdata\roaming\microsoft\windows\cookies\low\utilisateur@apmebf[1].txt 00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No c:\users\utilisateur\appdata\roaming\microsoft\windows\cookies\low\utilisateur@serving-sys[2].txt 00168106 Cookie/Weborama TrackingCookie No 0 Yes No c:\users\utilisateur\appdata\roaming\microsoft\windows\cookies\low\utilisateur@weborama[1].txt 00168106 Cookie/Weborama TrackingCookie No 0 Yes No c:\users\utilisateur\appdata\roaming\microsoft\windows\cookies\utilisateur@weborama[2].txt 00168109 Cookie/Adtech TrackingCookie No 0 Yes No c:\users\utilisateur\appdata\roaming\microsoft\windows\cookies\low\utilisateur@adtech[2].txt 00168110 Cookie/Server.iad.Liveperson TrackingCookie No 0 Yes No c:\users\utilisateur\appdata\roaming\microsoft\windows\cookies\low\utilisateur@server.iad.liveperson[2].txt 00168116 Cookie/Comclick TrackingCookie No 0 Yes No c:\users\utilisateur\appdata\roaming\microsoft\windows\cookies\low\utilisateur@fl01.ct2.comclick[1].txt 00169190 Cookie/Advertising TrackingCookie No 0 Yes No c:\users\utilisateur\appdata\roaming\microsoft\windows\cookies\low\utilisateur@advertising[1].txt 00170554 Cookie/Overture TrackingCookie No 0 Yes No c:\users\utilisateur\appdata\roaming\microsoft\windows\cookies\low\utilisateur@overture[2].txt 00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No c:\users\utilisateur\appdata\roaming\microsoft\windows\cookies\low\utilisateur@questionmarket[1].txt 00172449 Cookie/MetriWeb TrackingCookie No 0 Yes No c:\users\utilisateur\appdata\roaming\microsoft\windows\cookies\low\utilisateur@metriweb[1].txt 00191644 Cookie/adultfriendfinder TrackingCookie No 0 Yes No c:\users\utilisateur\appdata\roaming\microsoft\windows\cookies\low\utilisateur@adultfriendfinder[2].txt 00207936 Cookie/Adviva TrackingCookie No 0 Yes No c:\users\utilisateur\appdata\roaming\microsoft\windows\cookies\low\utilisateur@adviva[2].txt 00273339 Cookie/Smartadserver TrackingCookie No 0 Yes No c:\users\utilisateur\appdata\roaming\microsoft\windows\cookies\low\utilisateur@smartadserver[2].txt 00286736 Cookie/Cgi-bin TrackingCookie No 0 Yes No c:\users\utilisateur\appdata\roaming\microsoft\windows\cookies\low\utilisateur@www6.addfreestats[1].txt 03009106 W32/Xor-encoded.A Virus No 0 Yes No c:\programdata\microsoft\microsoft antimalware\localcopy\{7ff3e236-db8c-9865-8b57-f0d6e058f247}-rdlang_pddom.fra 07636738 Generic Trojan Virus/Trojan No 0 Yes No c:\users\utilisateur\appdata\local\temp\nsz1c74.tmp\questbrwsearch.dll 07897380 Adware/OneStep Adware No 0 Yes No c:\users\utilisateur\appdata\local\temp\nsz1c74.tmp\uninstall.exe ;=================================================================================================================================================================================== SUSPECTS Sent Location ;=================================================================================================================================================================================== ;=================================================================================================================================================================================== VULNERABILITIES Id Severity Description ;=================================================================================================================================================================================== ;===================================================================================================================================================================================

Merci encore pour tout, j'ai tout nettoyé. J'espère que ça ira désormais.

Bon finalement, je ne suis pas sûre de m'être débarrassée de tout. Tout d'abord, antivir a retrouvé le rootkit dans c/Avenger, je suppose que c'est normal. Il me demande ce que je veux faire et pour l'instant, j'ai juste refusé l'accès. Pour ce qui est de "eset", voici le rapport : C:\Qoobox\Quarantine\[4]-Submit_2010-07-02_18.37.19.zip Win32/Bubnix.AO trojan C:\Qoobox\Quarantine\C\Windows\System32\drivers\_dufyvjd_.sys.zip Win32/Bubnix.AO trojan Tu m'avais déjà dit de supprimer le fichier Qoobox, ce que j'avais fait. Je suppose qu'il faut que je recommence. Merci vraiment pour l'aide précieuse que tu m'apportes.

Bonsoir, voilà le rapport. On dirait que tu as réussi à le désactiver car j'ai analysé le fichier drivers avec Malewarebyte's et antivir et tous deux ne trouvent plus rien ! Logfile of The Avenger Version 2.0, © by Swandog46 Swandog46's Public Anti-Malware Tools Platform: Windows Vista ******************* Script file opened successfully. Script file read successfully. Backups directory opened successfully at C:\Avenger ******************* Beginning to process script file: Rootkit scan active. No rootkits found! Driver "dufyvjd" disabled successfully. Driver "dufyvjd" deleted successfully. File "c:\windows\System32\drivers\dufyvjd.sys" deleted successfully. Completed script processing. ******************* Finished! Terminate.

Ok tout a réussi. Voilà le rapport : ComboFix 10-07-01.02 - christelle 02/07/2010 18:37:38.2.2 - x86 Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6002.2.1252.33.1036.18.3070.2003 [GMT 2:00] Lancé depuis: c:\users\christelle\Desktop\ComboFix.exe Commutateurs utilisés :: c:\users\christelle\Desktop\CFScript.txt SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46} file zipped: c:\windows\System32\drivers\dufyvjd.sys . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . c:\windows\system32\%appdata% c:\windows\System32\drivers\dufyvjd.sys . . . . impossible à supprimer . ((((((((((((((((((((((((((((((((((((((( Pilotes/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_dufyvjd -------\Service_dufyvjd ((((((((((((((((((((((((((((( Fichiers créés du 2010-06-02 au 2010-07-02 )))))))))))))))))))))))))))))))))))) . 2010-06-26 21:01 . 2010-06-26 21:01 -------- d-----w- c:\program files\Microsoft 2010-06-26 21:01 . 2010-06-26 21:01 -------- d-----w- c:\program files\Windows Live SkyDrive 2010-06-26 21:01 . 2010-06-26 21:01 -------- d-----w- c:\program files\Windows Live 2010-06-26 12:36 . 2010-06-26 12:36 -------- d-----w- C:\_OTL 2010-06-23 01:00 . 2009-11-08 08:55 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll 2010-06-23 01:00 . 2009-11-08 08:55 49472 ----a-w- c:\windows\system32\netfxperf.dll 2010-06-23 01:00 . 2009-11-08 08:55 297808 ----a-w- c:\windows\system32\mscoree.dll 2010-06-23 01:00 . 2009-11-08 08:55 295264 ----a-w- c:\windows\system32\PresentationHost.exe 2010-06-23 01:00 . 2009-11-08 08:55 1130824 ----a-w- c:\windows\system32\dfshim.dll 2010-06-22 18:21 . 2010-04-16 16:43 28672 ----a-w- c:\windows\system32\Apphlpdm.dll 2010-06-22 18:21 . 2010-04-16 14:39 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll 2010-06-22 12:57 . 2010-06-22 12:57 -------- d-----w- c:\programdata\F-Secure 2010-06-21 12:04 . 2010-06-21 12:04 -------- d-----w- c:\users\matthieu\AppData\Roaming\Malwarebytes 2010-06-10 06:02 . 2010-04-05 17:01 67072 ----a-w- c:\windows\system32\asycfilt.dll 2010-06-10 06:02 . 2010-05-26 17:06 34304 ----a-w- c:\windows\system32\atmlib.dll 2010-06-10 06:02 . 2010-05-26 14:47 289792 ----a-w- c:\windows\system32\atmfd.dll 2010-06-09 08:28 . 2010-06-09 08:31 -------- d-----w- c:\users\christelle\AppData\Roaming\ArchiFacile 2010-06-05 19:13 . 2010-06-05 19:13 -------- d-----w- c:\users\matthieu\AppData\Roaming\Media Player Classic . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2010-07-02 16:09 . 2009-12-28 18:40 -------- d-----w- c:\users\christelle\AppData\Roaming\BitTorrent 2010-07-01 20:30 . 2009-05-07 21:05 -------- d-----w- c:\programdata\Google Updater 2010-07-01 18:04 . 2010-07-01 17:57 52736 ----a-w- c:\windows\system32\drivers\rk_remover.sys 2010-06-29 21:02 . 2010-06-29 21:02 -------- d-----w- c:\program files\ESET 2010-06-28 15:14 . 2010-02-26 22:03 -------- d-----w- c:\program files\Spybot - Search & Destroy 2010-06-28 15:13 . 2010-02-26 22:03 -------- d-----w- c:\programdata\Spybot - Search & Destroy 2010-06-27 21:31 . 2009-05-09 00:06 -------- d-----w- c:\program files\trend micro 2010-06-27 19:10 . 2009-03-07 15:50 -------- d-----w- c:\program files\Common Files\aol 2010-06-27 19:06 . 2009-09-21 15:31 -------- d-----w- c:\program files\AOL 9.0 VR 2010-06-26 11:39 . 2010-05-28 18:02 -------- d-----w- c:\users\matthieu\AppData\Roaming\BitTorrent 2010-06-26 11:03 . 2008-01-21 08:40 678804 ----a-w- c:\windows\system32\perfh00C.dat 2010-06-26 11:03 . 2008-01-21 08:40 126420 ----a-w- c:\windows\system32\perfc00C.dat 2010-06-25 21:02 . 2009-03-07 17:35 -------- d-----w- c:\program files\Microsoft.NET 2010-06-23 17:36 . 2010-05-26 19:59 -------- d-----w- c:\program files\Common Files\Steam 2010-06-10 18:30 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail 2010-06-10 18:15 . 2009-03-07 17:33 -------- d-----w- c:\programdata\Microsoft Help 2010-06-09 08:06 . 2010-06-09 08:06 976832 ----a-w- c:\programdata\Adobe\Reader\9.3\ARM\4288\AdobeARM.exe 2010-06-09 08:06 . 2010-06-09 08:06 70584 ----a-w- c:\programdata\Adobe\Reader\9.3\ARM\4288\AdobeExtractFiles.dll 2010-06-09 08:06 . 2010-06-09 08:06 331176 ----a-w- c:\programdata\Adobe\Reader\9.3\ARM\4288\ReaderUpdater.exe 2010-06-09 08:06 . 2010-06-09 08:06 331176 ----a-w- c:\programdata\Adobe\Reader\9.3\ARM\4288\AcrobatUpdater.exe 2010-06-05 19:13 . 2010-04-10 13:20 -------- d-----w- c:\users\matthieu\AppData\Roaming\DivX 2010-06-05 07:32 . 2009-03-07 16:56 -------- d-----w- c:\program files\Microsoft Silverlight 2010-05-28 20:09 . 2010-05-26 15:02 53365 ----a-w- c:\programdata\nvModes.dat 2010-05-28 20:00 . 2009-03-05 17:22 -------- d-----w- c:\programdata\NVIDIA 2010-05-26 17:24 . 2010-05-26 17:24 -------- d-----w- c:\program files\Lexmark 2200 Series 2010-05-26 15:00 . 2010-05-26 14:58 -------- d-----w- c:\program files\NVIDIA Corporation 2010-05-26 14:05 . 2010-05-26 14:05 -------- d-----w- c:\program files\SystemRequirementsLab 2010-05-25 20:18 . 2010-05-25 20:18 -------- d-----w- c:\users\christelle\AppData\Roaming\Malwarebytes 2010-05-25 20:17 . 2010-05-25 20:17 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-05-25 20:17 . 2010-05-25 20:17 -------- d-----w- c:\programdata\Malwarebytes 2010-05-24 22:47 . 2009-12-28 18:40 -------- d-----w- c:\program files\BitTorrent 2010-05-24 22:41 . 2009-05-07 21:05 -------- d-----w- c:\program files\Google 2010-05-21 12:14 . 2009-10-02 16:24 221568 ------w- c:\windows\system32\MpSigStub.exe 2010-05-18 20:36 . 2010-05-18 20:31 -------- d-----w- c:\program files\WalterShop.com 2010-05-16 13:25 . 2010-05-16 13:25 -------- d-----w- c:\users\christelle\AppData\Roaming\Blender Foundation 2010-05-09 18:18 . 2009-03-25 21:53 106304 ----a-w- c:\users\matthieu\AppData\Local\GDIPFONTCACHEV1.DAT 2010-05-09 15:22 . 2009-03-05 16:21 106304 ----a-w- c:\users\christelle\AppData\Local\GDIPFONTCACHEV1.DAT 2010-05-09 15:01 . 2009-03-08 01:29 -------- d-----w- c:\program files\7-Zip 2010-05-09 15:00 . 2009-07-06 17:05 -------- d-----w- c:\users\christelle\AppData\Roaming\uTorrent 2010-05-09 08:59 . 2010-05-09 08:59 -------- d-----w- c:\programdata\DivX 2010-05-04 05:59 . 2010-06-10 06:01 916480 ----a-w- c:\windows\system32\wininet.dll 2010-05-04 05:55 . 2010-06-10 06:01 71680 ----a-w- c:\windows\system32\iesetup.dll 2010-05-04 05:55 . 2010-06-10 06:01 109056 ----a-w- c:\windows\system32\iesysprep.dll 2010-05-04 04:31 . 2010-06-10 06:01 133632 ----a-w- c:\windows\system32\ieUnatt.exe 2010-05-01 14:13 . 2010-06-10 06:01 2037248 ----a-w- c:\windows\system32\win32k.sys 2010-04-29 13:39 . 2010-05-25 20:17 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-04-29 13:39 . 2010-05-25 20:17 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-04-27 15:39 . 2010-04-27 15:35 56816 ----a-w- c:\windows\system32\drivers\avgntflt.sys 2010-04-23 14:13 . 2010-05-25 23:41 2048 ----a-w- c:\windows\system32\tzres.dll 2010-04-16 20:12 . 2010-04-16 20:12 48464 ----a-w- c:\windows\system32\sirenacm.dll 2010-04-16 16:43 . 2010-06-22 18:21 173056 ----a-w- c:\windows\AppPatch\AcXtrnal.dll 2010-04-16 16:43 . 2010-06-22 18:21 458752 ----a-w- c:\windows\AppPatch\AcSpecfc.dll 2010-04-16 16:43 . 2010-06-22 18:21 542720 ----a-w- c:\windows\AppPatch\AcLayers.dll 2010-04-16 16:43 . 2010-06-22 18:21 2159616 ----a-w- c:\windows\AppPatch\AcGenral.dll . ((((((((((((((((((((((((((((((((( Points de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{9ec204df-0e48-4c32-816e-2e928a4fd9c2}"= "mscoree.dll" [2009-11-08 297808] [HKEY_CLASSES_ROOT\clsid\{9ec204df-0e48-4c32-816e-2e928a4fd9c2}] [HKEY_CLASSES_ROOT\IEToolbar.Toolbar] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "AOL Fast Start"="c:\program files\AOL 9.0 VR\AOL.EXE" [2007-06-21 50480] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "aux"=wdmaud.drv [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend] @="Service" [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Rappels du Calendrier Microsoft Works.lnk] path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Rappels du Calendrier Microsoft Works.lnk backup=c:\windows\pss\Rappels du Calendrier Microsoft Works.lnk.CommonStartup backupExtension=.CommonStartup [HKLM\~\startupfolder\C:^Users^christelle^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Lanceur.lnk] path=c:\users\christelle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Lanceur.lnk backup=c:\windows\pss\Lanceur.lnk.Startup backupExtension=.Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM] 2010-06-09 08:06 976832 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] 2010-06-20 02:04 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOL Fast Start] 2007-06-21 11:44 50480 ----a-w- c:\program files\AOL 9.0 VR\aol.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HDAudDeck] 2008-08-26 03:18 16986112 ----a-r- c:\program files\VIA\VIAudioi\VDeck\VDeck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager] 2006-09-26 00:52 50736 ----a-w- c:\program files\Common Files\aol\1253547102\ee\aolsoftware.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Monitor] 2006-11-03 10:01 319488 ----a-w- c:\windows\PixArt\Pac207\Monitor.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter] 2010-04-03 16:27 110696 ----a-w- c:\windows\System32\nvmctray.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] 2009-11-10 22:08 417792 ----a-w- c:\program files\QuickTime\QTTask.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam] 2010-05-26 20:00 1238352 ----a-w- d:\program files\steam\Steam.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] 2009-05-04 16:09 148888 ----a-w- c:\program files\Java\jre6\bin\jusched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg] 2009-05-07 21:05 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender] 2008-01-21 02:23 1008184 ----a-w- c:\program files\Windows Defender\MSASCui.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WPCUMI] 2006-11-02 12:35 176128 ----a-w- c:\windows\System32\wpcumi.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc] "VistaSp2"=hex(b):28,1f,5b,23,a9,3c,ca,01 R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] R2 gupdate;Service Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-04-09 135664] R3 PAC207;SoC PC-Camera;c:\windows\system32\DRIVERS\PFC027.SYS [2006-12-05 507136] R3 rk_remover-boot;rk_remover-boot;c:\windows\system32\drivers\rk_remover.sys [2010-07-01 52736] R3 WPFFontCache_v0400;Cache de police de Windows Presentation Foundation 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504] R4 lxbv_device;lxbv_device;c:\windows\system32\lxbvcoms.exe [2007-04-25 537520] R4 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2010-04-03 240232] S2 AntiVirSchedulerService;Avira AntiVir Planificateur;c:\program files\Avira\AntiVir Desktop\sched.exe [2010-04-27 108289] S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [2008-07-25 870400] --- Autres Services/Pilotes en mémoire --- *NewlyCreated* - DUFYVJD *Deregistered* - dufyvjd [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache . Contenu du dossier 'Tâches planifiées' 2010-07-02 c:\windows\Tasks\Google Software Updater.job - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-05-07 21:05] 2010-07-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-04-09 15:38] 2010-07-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-04-09 15:38] . . ------- Examen supplémentaire ------- . uStart Page = hxxp://www.google.fr/ uDefault_Search_URL = hxxp://www.durable.com/recherche uSearchMigratedDefaultURL = hxxp://www.durable.com/result?cx=partner-pub-7902900401080901%3Azbljezwsgul&cof=FORID%3A10&ie=UTF-8&q={searchTerms} mStart Page = hxxp://www.durable.com/recherche uSearchAssistant = hxxp://www.durable.com/recherche uSearchURL,(Default) = hxxp://www.durable.com/recherche IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000 IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html LSP: c:\windows\system32\wpclsp.dll TCP: {02924309-208B-4A6F-91CF-664DF11306EC} = 84.103.237.140 86.64.145.140 . ************************************************************************** Recherche de processus cachés ... Recherche d'éléments en démarrage automatique cachés ... Recherche de fichiers cachés ... Scan terminé avec succès Fichiers cachés: ************************************************************************** [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\dufyvjd] . ------------------------ Autres processus actifs ------------------------ . c:\windows\system32\AUDIODG.EXE c:\program files\Avira\AntiVir Desktop\avguard.exe c:\program files\Common Files\AOL\ACS\AOLAcsd.exe c:\program files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe c:\windows\system32\conime.exe c:\program files\AOL 9.0 VR\waol.exe c:\program files\Windows Media Player\wmpnscfg.exe c:\windows\system32\wbem\unsecapp.exe c:\program files\Windows Media Player\wmpnetwk.exe c:\program files\AOL 9.0 VR\shellmon.exe c:\windows\servicing\TrustedInstaller.exe . ************************************************************************** . Heure de fin: 2010-07-02 18:47:47 - La machine a redémarré ComboFix-quarantined-files.txt 2010-07-02 16:47 Avant-CF: 41 192 067 072 octets libres Après-CF: 40 907 784 192 octets libres Current=1 Default=1 Failed=0 LastKnownGood=8 Sets=1,2,3,4,5,6,7,8 - - End Of File - - 61820F2992DF116F190F6E88FC2C1D5E L'envoi a r‚ussi

Manip impossible à réaliser, dès que je glisse le fichier dans combofix, le programme s'arrête et un message m'indique qu'il y a un problème et que Windows va fermer ce programme ! Ah une autre nouveauté, je viens de réactiver l'antivirus en attendant la réponse et voilà qu'il me détecte un "virus" dans combofix ! : "Dans le fichier 'C:\Users\christelle\Desktop\ComboFix.exe' un virus ou un programme indésirable 'TR/Crypt.ULPM.Gen' [trojan] a été détecté. Action exécutée : Refuser l'accès" C'est un vrai gag !

Bonsoir, décidément le sort s'acharne ! Impossible d'aller au bout de la démarche que tu m'as donnnée : quand je lance le scan, j'ai un écran bleu qui s'affiche. Je n'ai pas le temps de lire mais en gros, il semble que windows s'éteint pour ne pas causer de dommages à l'ordi. J'ai fait deux tentatives avec le même résultat : arrêt et redémarrage de la machine. Voilà ce que j'ai pu récupérer mais je ne sais pas si cela te sera utile. Dois-je poursuivre la manip avec combofix ? Du coup, je me suis arrêtée là. Ce rapport s'est mis sur le bureau sous le nom de rk_remover_debug_log.txt : .\main.cpp(4298) : Debug log started at 01.07.2010 - 18:04:44 .\main.cpp(4299) : Program Version: 1.7.5.1 .\main.cpp(4303) : OS Version: Microsoft Windows Vista Home Premium Edition Service Pack 2 (build 6002), 32-bit .\main.cpp(4311) : --------------------------------------- .\service.cpp(90) : Creating service... .\service.cpp(109) : Allready exists .\service.cpp(128) : Starting service... .\service.cpp(131) : OK .\service.cpp(22) : Opening '\\.\Global\tdrmvr'... .\driver.cpp(2384) : SDT.NtResumeThread : 0x011a .\driver.cpp(2390) : SDT.NtSuspendThread : 0x014b .\driver.cpp(2396) : SDT.NtShutdownSystem : 0x0146 .\driver.cpp(2402) : SDT.NtOpenFile : 0x00ba .\driver.cpp(2408) : SDT.NtCreateFile : 0x003c .\driver.cpp(1676) : SetUpDiskHooks(): '\Driver\PartMgr' at 0x84f7d770 .\driver.cpp(1677) : SetUpDiskHooks(): Hooking IRP_MJ_DEVICE_CONTROL: 0x807c01b0 -> 0x815d0c90 .\loader.cpp(536) : LoadSystemImage(): Loading '\Device\HarddiskVolume1\Windows\System32\ntkrnlpa.exe' .\loader.cpp(541) : 3600776 bytes of image readed .\loader.cpp(546) : Image loaded at 0x88753000 (size: 0x003b9000) .\loader.cpp(740) : UnhookModuleIat() 0x82086654 => 0x8879c654 ZwQueryValueKey .\loader.cpp(740) : UnhookModuleIat() 0x820857a4 => 0x8879b7a4 ZwCreateKey .\loader.cpp(740) : UnhookModuleIat() 0x82082548 => 0x88798548 RtlInitUnicodeString .\loader.cpp(740) : UnhookModuleIat() 0x8208667c => 0x8879c67c ZwQueryVolumeInformationFile .\loader.cpp(740) : UnhookModuleIat() 0x82081d7b => 0x88797d7b ObfDereferenceObject .\loader.cpp(740) : UnhookModuleIat() 0x820866cc => 0x8879c6cc ZwReadFile .\loader.cpp(740) : UnhookModuleIat() 0x82086a28 => 0x8879ca28 ZwSetInformationFile .\loader.cpp(740) : UnhookModuleIat() 0x82085e5c => 0x8879be5c ZwFsControlFile .\loader.cpp(740) : UnhookModuleIat() 0x82085c90 => 0x8879bc90 ZwDeviceIoControlFile .\loader.cpp(740) : UnhookModuleIat() 0x82253df0 => 0x88969df0 ObOpenObjectByPointer .\loader.cpp(740) : UnhookModuleIat() 0x82084a96 => 0x8879aa96 KeWaitForMutexObject .\loader.cpp(740) : UnhookModuleIat() 0x82081962 => 0x88797962 IofCallDriver .\loader.cpp(740) : UnhookModuleIat() 0x8221149e => 0x8892749e IoBuildSynchronousFsdRequest .\loader.cpp(740) : UnhookModuleIat() 0x820ef5c6 => 0x888055c6 KeInitializeEvent .\loader.cpp(740) : UnhookModuleIat() 0x8226aa35 => 0x88980a35 ObReferenceObjectByHandle .\loader.cpp(740) : UnhookModuleIat() 0x82086438 => 0x8879c438 ZwQueryInformationFile .\loader.cpp(740) : UnhookModuleIat() 0x8208612c => 0x8879c12c ZwOpenFile .\loader.cpp(740) : UnhookModuleIat() 0x820829c0 => 0x887989c0 _allmul .\loader.cpp(740) : UnhookModuleIat() 0x82081d4f => 0x88797d4f ObfReferenceObject .\loader.cpp(740) : UnhookModuleIat() 0x8221280d => 0x8892880d IoBuildDeviceIoControlRequest .\loader.cpp(740) : UnhookModuleIat() 0x82082820 => 0x88798820 _alldiv .\loader.cpp(740) : UnhookModuleIat() 0x82082a00 => 0x88798a00 _allrem .\loader.cpp(740) : UnhookModuleIat() 0x82203ee9 => 0x88919ee9 IoGetDeviceObjectPointer .\loader.cpp(740) : UnhookModuleIat() 0x820581ec => 0x8876e1ec ExInitializePushLock .\loader.cpp(740) : UnhookModuleIat() 0x8226b841 => 0x88981841 RtlEqualUnicodeString .\loader.cpp(740) : UnhookModuleIat() 0x82253262 => 0x88969262 RtlFreeAnsiString .\loader.cpp(740) : UnhookModuleIat() 0x82083640 => 0x88799640 strncpy .\loader.cpp(740) : UnhookModuleIat() 0x82253262 => 0x88969262 RtlFreeAnsiString .\loader.cpp(740) : UnhookModuleIat() 0x822867dd => 0x8899c7dd RtlUnicodeStringToAnsiString .\loader.cpp(740) : UnhookModuleIat() 0x8207aa78 => 0x88790a78 RtlAppendUnicodeToString .\loader.cpp(740) : UnhookModuleIat() 0x820f5033 => 0x8880b033 RtlCopyUnicodeString .\loader.cpp(740) : UnhookModuleIat() 0x82085d08 => 0x8879bd08 ZwEnumerateKey .\loader.cpp(740) : UnhookModuleIat() 0x82086168 => 0x8879c168 ZwOpenKey .\loader.cpp(740) : UnhookModuleIat() 0x820580f4 => 0x8876e0f4 wcsncmp .\loader.cpp(740) : UnhookModuleIat() 0x820863ac => 0x8879c3ac ZwQueryDirectoryFile .\loader.cpp(740) : UnhookModuleIat() 0x82277a26 => 0x8898da26 ObOpenObjectByName .\loader.cpp(740) : UnhookModuleIat() 0x820bb597 => 0x887d1597 MmIsAddressValid .\loader.cpp(740) : UnhookModuleIat() 0x82126662 => 0x8883c662 wcslen .\loader.cpp(740) : UnhookModuleIat() 0x82085c40 => 0x8879bc40 ZwDeleteKey .\loader.cpp(740) : UnhookModuleIat() 0x82085754 => 0x8879b754 ZwCreateFile .\loader.cpp(740) : UnhookModuleIat() 0x820e3e98 => 0x887f9e98 _except_handler3 .\loader.cpp(740) : UnhookModuleIat() 0x8212ab41 => 0x88840b41 ExAllocatePoolWithTag .\loader.cpp(740) : UnhookModuleIat() 0x82225b69 => 0x8893bb69 ObReferenceObjectByName .\loader.cpp(740) : UnhookModuleIat() 0x82174b68 => 0x8888ab68 IoDriverObjectType .\loader.cpp(740) : UnhookModuleIat() 0x820819cf => 0x887979cf IofCompleteRequest .\loader.cpp(740) : UnhookModuleIat() 0x8207ba4d => 0x88791a4d KeReleaseMutex .\loader.cpp(740) : UnhookModuleIat() 0x8225aa1d => 0x88970a1d RtlAnsiStringToUnicodeString .\loader.cpp(740) : UnhookModuleIat() 0x82082510 => 0x88798510 RtlInitAnsiString .\loader.cpp(740) : UnhookModuleIat() 0x8205014b => 0x8876614b IoDeleteDevice .\loader.cpp(740) : UnhookModuleIat() 0x821a1025 => 0x888b7025 IoCreateSymbolicLink .\loader.cpp(740) : UnhookModuleIat() 0x821ccbda => 0x888e2bda IoCreateDevice .\loader.cpp(740) : UnhookModuleIat() 0x8205606e => 0x8876c06e KeInitializeMutex .\loader.cpp(740) : UnhookModuleIat() 0x820df344 => 0x887f5344 NtBuildNumber .\loader.cpp(740) : UnhookModuleIat() 0x820eb465 => 0x88801465 PsGetCurrentProcessId .\loader.cpp(740) : UnhookModuleIat() 0x820eed2b => 0x88804d2b KeUnstackDetachProcess .\loader.cpp(740) : UnhookModuleIat() 0x820eeec9 => 0x88804ec9 KeStackAttachProcess .\loader.cpp(740) : UnhookModuleIat() 0x8225d22b => 0x8897322b PsLookupProcessByProcessId .\loader.cpp(740) : UnhookModuleIat() 0x8205fd7a => 0x88775d7a RtlEqualString .\loader.cpp(740) : UnhookModuleIat() 0x82174864 => 0x8888a864 MmHighestUserAddress .\loader.cpp(740) : UnhookModuleIat() 0x821992a4 => 0x888af2a4 IoRegisterFsRegistrationChange .\loader.cpp(740) : UnhookModuleIat() 0x82081956 => 0x88797956 KeGetCurrentThread .\loader.cpp(740) : UnhookModuleIat() 0x82086b2c => 0x8879cb2c ZwSetSecurityObject .\loader.cpp(740) : UnhookModuleIat() 0x82232d00 => 0x88948d00 RtlSetDaclSecurityDescriptor .\loader.cpp(740) : UnhookModuleIat() 0x822d43de => 0x889ea3de RtlSelfRelativeToAbsoluteSD2 .\loader.cpp(740) : UnhookModuleIat() 0x82232e5a => 0x88948e5a RtlAddAccessAllowedAce .\loader.cpp(740) : UnhookModuleIat() 0x82065a06 => 0x8877ba06 RtlLengthSid .\loader.cpp(740) : UnhookModuleIat() 0x82253d97 => 0x88969d97 RtlValidSid .\loader.cpp(740) : UnhookModuleIat() 0x82048f27 => 0x8875ef27 RtlGetDaclSecurityDescriptor .\loader.cpp(740) : UnhookModuleIat() 0x820865a0 => 0x8879c5a0 ZwQuerySecurityObject .\loader.cpp(740) : UnhookModuleIat() 0x8222b14e => 0x8894114e ObQueryNameString .\loader.cpp(740) : UnhookModuleIat() 0x82083500 => 0x88799500 strncat .\loader.cpp(740) : UnhookModuleIat() 0x82062860 => 0x88778860 strncmp .\loader.cpp(740) : UnhookModuleIat() 0x82086604 => 0x8879c604 ZwQuerySystemInformation .\loader.cpp(740) : UnhookModuleIat() 0x820fae02 => 0x88810e02 DbgPrint .\loader.cpp(740) : UnhookModuleIat() 0x82086e60 => 0x8879ce60 ZwWriteFile .\loader.cpp(740) : UnhookModuleIat() 0x82069430 => 0x8877f430 KeSetSystemAffinityThread .\loader.cpp(740) : UnhookModuleIat() 0x82212c9e => 0x88928c9e PsCreateSystemThread .\loader.cpp(740) : UnhookModuleIat() 0x8204b9fa => 0x887619fa KeQueryActiveProcessors .\loader.cpp(740) : UnhookModuleIat() 0x8212632f => 0x8883c32f sprintf .\loader.cpp(740) : UnhookModuleIat() 0x8212658c => 0x8883c58c vsprintf .\loader.cpp(740) : UnhookModuleIat() 0x82086bf4 => 0x8879cbf4 ZwSetValueKey .\loader.cpp(740) : UnhookModuleIat() 0x82085664 => 0x8879b664 ZwClose .\loader.cpp(740) : UnhookModuleIat() 0x820868c0 => 0x8879c8c0 ZwSaveKey .\loader.cpp(740) : UnhookModuleIat() 0x8212a005 => 0x88840005 ExFreePoolWithTag .\loader.cpp(536) : LoadSystemImage(): Loading '\Device\HarddiskVolume1\Windows\System32\hal.dll' .\loader.cpp(541) : 177128 bytes of image readed .\loader.cpp(546) : Image loaded at 0x8561d000 (size: 0x00033000) .\loader.cpp(740) : UnhookModuleIat() 0x8200dec0 => 0x85620ec0 KfAcquireSpinLock .\loader.cpp(740) : UnhookModuleIat() 0x8200df60 => 0x85620f60 KfReleaseSpinLock .\loader.cpp(740) : UnhookModuleIat() 0x8201126c => 0x8562426c KeGetCurrentIrql .\driver.cpp(2423) : Unhooked kernel image loaded at 0x88753000 .\diskio.cpp(667) : nt!IofCallDriver(): 0x82081962 .\main.cpp(4517) : 1 0x8203d000 \Device\HarddiskVolume1\Windows\System32\ntkrnlpa.exe .\main.cpp(4517) : 2 0x8200a000 \Device\HarddiskVolume1\Windows\System32\hal.dll .\main.cpp(4517) : 3 0x80409000 \Device\HarddiskVolume1\Windows\System32\kdcom.dll .\main.cpp(4517) : 4 0x80410000 \Device\HarddiskVolume1\Windows\System32\PSHED.DLL .\main.cpp(4517) : 5 0x80421000 \Device\HarddiskVolume1\Windows\System32\BOOTVID.DLL .\main.cpp(4517) : 6 0x80429000 \Device\HarddiskVolume1\Windows\System32\clfs.sys .\main.cpp(4517) : 7 0x8046a000 \Device\HarddiskVolume1\Windows\System32\ci.dll .\main.cpp(4517) : 8 0x8054a000 \Device\HarddiskVolume1\Windows\System32\drivers\Wdf01000.sys .\main.cpp(4517) : 9 0x805c6000 \Device\HarddiskVolume1\Windows\System32\drivers\WdfLdr.sys .\main.cpp(4517) : 10 0x8060a000 \Device\HarddiskVolume1\Windows\System32\drivers\acpi.sys .\main.cpp(4517) : 11 0x80650000 \Device\HarddiskVolume1\Windows\System32\drivers\wmilib.sys .\main.cpp(4517) : 12 0x80659000 \Device\HarddiskVolume1\Windows\System32\drivers\msisadrv.sys .\main.cpp(4517) : 13 0x80661000 \Device\HarddiskVolume1\Windows\System32\drivers\pci.sys .\main.cpp(4517) : 14 0x80688000 \SystemRoot\System32\Drivers\dufyvjd.sys .\main.cpp(4517) : 15 0x807bf000 \Device\HarddiskVolume1\Windows\System32\drivers\partmgr.sys .\main.cpp(4517) : 16 0x807ce000 \Device\HarddiskVolume1\Windows\System32\drivers\volmgr.sys .\main.cpp(4517) : 17 0x82606000 \Device\HarddiskVolume1\Windows\System32\drivers\volmgrx.sys .\main.cpp(4517) : 18 0x82650000 \Device\HarddiskVolume1\Windows\System32\drivers\pciide.sys .\main.cpp(4517) : 19 0x82657000 \Device\HarddiskVolume1\Windows\System32\drivers\pciidex.sys .\main.cpp(4517) : 20 0x82665000 \Device\HarddiskVolume1\Windows\System32\drivers\mountmgr.sys .\main.cpp(4517) : 21 0x82675000 \Device\HarddiskVolume1\Windows\System32\drivers\atapi.sys .\main.cpp(4517) : 22 0x8267d000 \Device\HarddiskVolume1\Windows\System32\drivers\ataport.sys .\main.cpp(4517) : 23 0x8269b000 \Device\HarddiskVolume1\Windows\System32\drivers\fltMgr.sys .\main.cpp(4517) : 24 0x826cd000 \Device\HarddiskVolume1\Windows\System32\drivers\fileinfo.sys .\main.cpp(4517) : 25 0x826dd000 \Device\HarddiskVolume1\Windows\System32\drivers\ksecdd.sys .\main.cpp(4517) : 26 0x82c05000 \Device\HarddiskVolume1\Windows\System32\drivers\ndis.sys .\main.cpp(4517) : 27 0x82d10000 \Device\HarddiskVolume1\Windows\System32\drivers\msrpc.sys .\main.cpp(4517) : 28 0x82d3b000 \Device\HarddiskVolume1\Windows\System32\drivers\netio.sys .\main.cpp(4517) : 29 0x82e08000 \Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys .\main.cpp(4517) : 30 0x82ef2000 \Device\HarddiskVolume1\Windows\System32\drivers\FWPKCLNT.SYS .\main.cpp(4517) : 31 0x8a60b000 \Device\HarddiskVolume1\Windows\System32\drivers\ntfs.sys .\main.cpp(4517) : 32 0x8a71b000 \Device\HarddiskVolume1\Windows\System32\drivers\volsnap.sys .\main.cpp(4517) : 33 0x8a754000 \Device\HarddiskVolume1\Windows\System32\drivers\spldr.sys .\main.cpp(4517) : 34 0x8a75c000 \Device\HarddiskVolume1\Windows\System32\drivers\mup.sys .\main.cpp(4517) : 35 0x8a76b000 \Device\HarddiskVolume1\Windows\System32\drivers\ecache.sys .\main.cpp(4517) : 36 0x8a792000 \Device\HarddiskVolume1\Windows\System32\drivers\disk.sys .\main.cpp(4517) : 37 0x8a7a3000 \Device\HarddiskVolume1\Windows\System32\drivers\Classpnp.sys .\main.cpp(4517) : 38 0x8a7c4000 \Device\HarddiskVolume1\Windows\System32\drivers\crcdisk.sys .\main.cpp(4517) : 39 0x8a7ed000 \Device\HarddiskVolume1\Windows\System32\drivers\tunnel.sys .\main.cpp(4517) : 40 0x8a600000 \Device\HarddiskVolume1\Windows\System32\drivers\TUNMP.SYS .\main.cpp(4517) : 41 0x82f0d000 \Device\HarddiskVolume1\Windows\System32\drivers\amdk8.sys .\main.cpp(4517) : 42 0x82f1d000 \Device\HarddiskVolume1\Windows\System32\drivers\parport.sys .\main.cpp(4517) : 43 0x8a7f8000 \Device\HarddiskVolume1\Windows\System32\drivers\ASACPI.sys .\main.cpp(4517) : 44 0x82f35000 \Device\HarddiskVolume1\Windows\System32\drivers\i8042prt.sys .\main.cpp(4517) : 45 0x82f48000 \Device\HarddiskVolume1\Windows\System32\drivers\kbdclass.sys .\main.cpp(4517) : 46 0x82f53000 \Device\HarddiskVolume1\Windows\System32\drivers\serial.sys .\main.cpp(4517) : 47 0x82f6d000 \Device\HarddiskVolume1\Windows\System32\drivers\serenum.sys .\main.cpp(4517) : 48 0x82f77000 \Device\HarddiskVolume1\Windows\System32\drivers\usbohci.sys .\main.cpp(4517) : 49 0x82f81000 \Device\HarddiskVolume1\Windows\System32\drivers\usbport.sys .\main.cpp(4517) : 50 0x82fbf000 \Device\HarddiskVolume1\Windows\System32\drivers\usbehci.sys .\main.cpp(4517) : 51 0x8274e000 \Device\HarddiskVolume1\Windows\System32\drivers\hdaudbus.sys .\main.cpp(4517) : 52 0x82fce000 \Device\HarddiskVolume1\Windows\System32\drivers\cdrom.sys .\main.cpp(4517) : 53 0x8e401000 \Device\HarddiskVolume1\Windows\System32\drivers\nvmfdx32.sys .\main.cpp(4517) : 54 0x8e605000 \Device\HarddiskVolume1\Windows\System32\drivers\nvlddmkm.sys .\main.cpp(4517) : 55 0x8f10d000 \Device\HarddiskVolume1\Windows\System32\drivers\nvBridge.kmd .\main.cpp(4517) : 56 0x8f10f000 \Device\HarddiskVolume1\Windows\System32\drivers\dxgkrnl.sys .\main.cpp(4517) : 57 0x8f1b0000 \Device\HarddiskVolume1\Windows\System32\drivers\watchdog.sys .\main.cpp(4517) : 58 0x8f1bc000 \Device\HarddiskVolume1\Windows\System32\drivers\msiscsi.sys .\main.cpp(4517) : 59 0x8e500000 \Device\HarddiskVolume1\Windows\System32\drivers\Storport.sys .\main.cpp(4517) : 60 0x8f1eb000 \Device\HarddiskVolume1\Windows\System32\drivers\tdi.sys .\main.cpp(4517) : 61 0x8e541000 \Device\HarddiskVolume1\Windows\System32\drivers\rasl2tp.sys .\main.cpp(4517) : 62 0x8e558000 \Device\HarddiskVolume1\Windows\System32\drivers\ndistapi.sys .\main.cpp(4517) : 63 0x8e563000 \Device\HarddiskVolume1\Windows\System32\drivers\ndiswan.sys .\main.cpp(4517) : 64 0x8e586000 \Device\HarddiskVolume1\Windows\System32\drivers\raspppoe.sys .\main.cpp(4517) : 65 0x8e595000 \Device\HarddiskVolume1\Windows\System32\drivers\raspptp.sys .\main.cpp(4517) : 66 0x8e5a9000 \Device\HarddiskVolume1\Windows\System32\drivers\rassstp.sys .\main.cpp(4517) : 67 0x8f1f6000 \Device\HarddiskVolume1\Windows\System32\drivers\wanatw4.sys .\main.cpp(4517) : 68 0x8e5be000 \Device\HarddiskVolume1\Windows\System32\drivers\termdd.sys .\main.cpp(4517) : 69 0x8e5ce000 \Device\HarddiskVolume1\Windows\System32\drivers\mouclass.sys .\main.cpp(4517) : 70 0x8f1fc000 \Device\HarddiskVolume1\Windows\System32\drivers\swenum.sys .\main.cpp(4517) : 71 0x82d76000 \Device\HarddiskVolume1\Windows\System32\drivers\ks.sys .\main.cpp(4517) : 72 0x8e5d9000 \Device\HarddiskVolume1\Windows\System32\drivers\mssmbios.sys .\main.cpp(4517) : 73 0x8e5e3000 \Device\HarddiskVolume1\Windows\System32\drivers\umbus.sys .\main.cpp(4517) : 74 0x82da0000 \Device\HarddiskVolume1\Windows\System32\drivers\usbhub.sys .\main.cpp(4517) : 75 0x82fe6000 \Device\HarddiskVolume1\Windows\System32\drivers\ndproxy.sys .\main.cpp(4517) : 76 0x8f404000 \Device\HarddiskVolume1\Windows\System32\drivers\viahduaa.sys .\main.cpp(4517) : 77 0x8f4e1000 \Device\HarddiskVolume1\Windows\System32\drivers\portcls.sys .\main.cpp(4517) : 78 0x8f50e000 \Device\HarddiskVolume1\Windows\System32\drivers\drmk.sys .\main.cpp(4517) : 79 0x8f533000 \Device\HarddiskVolume1\Windows\System32\drivers\fs_rec.sys .\main.cpp(4517) : 80 0x8f53c000 \Device\HarddiskVolume1\Windows\System32\drivers\null.sys .\main.cpp(4517) : 81 0x8f543000 \Device\HarddiskVolume1\Windows\System32\drivers\beep.sys .\main.cpp(4517) : 82 0x8f54a000 \Device\HarddiskVolume1\Windows\System32\drivers\vga.sys .\main.cpp(4517) : 83 0x8f556000 \Device\HarddiskVolume1\Windows\System32\drivers\videoprt.sys .\main.cpp(4517) : 84 0x8f577000 \Device\HarddiskVolume1\Windows\System32\drivers\RDPCDD.sys .\main.cpp(4517) : 85 0x8f57f000 \Device\HarddiskVolume1\Windows\System32\drivers\RDPENCDD.sys .\main.cpp(4517) : 86 0x8f587000 \Device\HarddiskVolume1\Windows\System32\drivers\msfs.sys .\main.cpp(4517) : 87 0x8f592000 \Device\HarddiskVolume1\Windows\System32\drivers\npfs.sys .\main.cpp(4517) : 88 0x8f5a0000 \Device\HarddiskVolume1\Windows\System32\drivers\rasacd.sys .\main.cpp(4517) : 89 0x8f5a9000 \Device\HarddiskVolume1\Windows\System32\drivers\tdx.sys .\main.cpp(4517) : 90 0x8f5bf000 \Device\HarddiskVolume1\Windows\System32\drivers\smb.sys .\main.cpp(4517) : 91 0x8f600000 \Device\HarddiskVolume1\Windows\System32\drivers\afd.sys .\main.cpp(4517) : 92 0x8f648000 \Device\HarddiskVolume1\Windows\System32\drivers\netbt.sys .\main.cpp(4517) : 93 0x8f67a000 \Device\HarddiskVolume1\Windows\System32\drivers\ws2ifsl.sys .\main.cpp(4517) : 94 0x8f683000 \Device\HarddiskVolume1\Windows\System32\drivers\pacer.sys .\main.cpp(4517) : 95 0x8f699000 \Device\HarddiskVolume1\Windows\System32\drivers\netbios.sys .\main.cpp(4517) : 96 0x8f6a7000 \Device\HarddiskVolume1\Windows\System32\drivers\wanarp.sys .\main.cpp(4517) : 97 0x8f6ba000 \Device\HarddiskVolume1\Windows\System32\drivers\ssmdrv.sys .\main.cpp(4517) : 98 0x8f6c0000 \Device\HarddiskVolume1\Windows\System32\drivers\rdbss.sys .\main.cpp(4517) : 99 0x8f6fc000 \Device\HarddiskVolume1\Windows\System32\drivers\nsiproxy.sys .\main.cpp(4517) : 100 0x8f706000 \Device\HarddiskVolume1\Windows\System32\drivers\dfsc.sys .\main.cpp(4517) : 101 0x8f71d000 \Device\HarddiskVolume1\Windows\System32\drivers\avipbb.sys .\main.cpp(4517) : 102 0x8f739000 \Device\HarddiskVolume1\Program Files\Avira\AntiVir Desktop\avgio.sys .\main.cpp(4517) : 103 0x8f73b000 \Device\HarddiskVolume1\Windows\System32\drivers\hidusb.sys .\main.cpp(4517) : 104 0x8f744000 \Device\HarddiskVolume1\Windows\System32\drivers\hidclass.sys .\main.cpp(4517) : 105 0x8f754000 \Device\HarddiskVolume1\Windows\System32\drivers\hidparse.sys .\main.cpp(4517) : 106 0x8f75b000 \Device\HarddiskVolume1\Windows\System32\drivers\usbd.sys .\main.cpp(4517) : 107 0x8f75d000 \Device\HarddiskVolume1\Windows\System32\drivers\mouhid.sys .\main.cpp(4517) : 108 0x8f765000 \Device\HarddiskVolume1\Windows\System32\drivers\crashdmp.sys .\main.cpp(4517) : 109 0x8f772000 \SystemRoot\System32\Drivers\dump_dumpata.sys .\main.cpp(4517) : 110 0x8f77d000 \SystemRoot\System32\Drivers\dump_atapi.sys .\main.cpp(4517) : 111 0x97450000 \Device\HarddiskVolume1\Windows\System32\win32k.sys .\main.cpp(4517) : 112 0x8f785000 \Device\HarddiskVolume1\Windows\System32\drivers\dxapi.sys .\main.cpp(4517) : 113 0x8f78f000 \Device\HarddiskVolume1\Windows\System32\drivers\monitor.sys .\main.cpp(4517) : 114 0x97670000 \Device\HarddiskVolume1\Windows\System32\tsddd.dll .\main.cpp(4517) : 115 0x97690000 \Device\HarddiskVolume1\Windows\System32\cdd.dll .\main.cpp(4517) : 116 0x8f79e000 \Device\HarddiskVolume1\Windows\System32\drivers\luafv.sys .\main.cpp(4517) : 117 0x8f7b9000 \Device\HarddiskVolume1\Windows\System32\drivers\avgntflt.sys .\main.cpp(4517) : 118 0x81402000 \Device\HarddiskVolume1\Windows\System32\drivers\spsys.sys .\main.cpp(4517) : 119 0x814b2000 \Device\HarddiskVolume1\Windows\System32\drivers\lltdio.sys .\main.cpp(4517) : 120 0x814c2000 \Device\HarddiskVolume1\Windows\System32\drivers\rspndr.sys .\main.cpp(4517) : 121 0x814d5000 \Device\HarddiskVolume1\Windows\System32\drivers\http.sys .\main.cpp(4517) : 122 0x81542000 \Device\HarddiskVolume1\Windows\System32\drivers\srvnet.sys .\main.cpp(4517) : 123 0x8155f000 \Device\HarddiskVolume1\Windows\System32\drivers\bowser.sys .\main.cpp(4517) : 124 0x81578000 \Device\HarddiskVolume1\Windows\System32\drivers\mpsdrv.sys .\main.cpp(4517) : 125 0x8158d000 \Device\HarddiskVolume1\Windows\System32\drivers\mrxdav.sys .\main.cpp(4517) : 126 0x815ae000 \Device\HarddiskVolume1\Windows\System32\drivers\mrxsmb.sys .\main.cpp(4517) : 127 0x9d00c000 \Device\HarddiskVolume1\Windows\System32\drivers\mrxsmb10.sys .\main.cpp(4517) : 128 0x9d045000 \Device\HarddiskVolume1\Windows\System32\drivers\mrxsmb20.sys .\main.cpp(4517) : 129 0x9d05d000 \Device\HarddiskVolume1\Windows\System32\drivers\srv2.sys .\main.cpp(4517) : 130 0x9d084000 \Device\HarddiskVolume1\Windows\System32\drivers\srv.sys .\main.cpp(4517) : 131 0x9d0d2000 \Device\HarddiskVolume1\Windows\System32\drivers\asyncmac.sys .\main.cpp(4517) : 132 0x9d0db000 \Device\HarddiskVolume1\Windows\System32\drivers\parvdm.sys .\main.cpp(4517) : 133 0x9d0e2000 \Device\HarddiskVolume1\Windows\System32\drivers\PEAuth.sys .\main.cpp(4517) : 134 0x9d1c0000 \Device\HarddiskVolume1\Windows\System32\drivers\secdrv.sys .\main.cpp(4517) : 135 0x9d1ca000 \Device\HarddiskVolume1\Windows\System32\drivers\tcpipreg.sys .\main.cpp(4517) : 136 0x9d1d6000 \Device\HarddiskVolume1\Windows\System32\drivers\cdfs.sys .\main.cpp(4517) : 137 0x9d1ec000 \Device\HarddiskVolume1\Windows\System32\drivers\atwpkt2.sys .\main.cpp(4517) : 138 0x815cd000 \Device\HarddiskVolume1\Windows\System32\drivers\rk_remover.sys .\main.cpp(1202) : Scanning '\Registry\Machine\SYSTEM\ControlSet001\Services'... .\driver.cpp(406) : ZwOpenKey() fails, status: 0xc0000001 .\driver.cpp(458) : ScanRegistryKey(): 1664 objects found .\main.cpp(1137) : RegOpenKey() fails, error: 0x0000001f .\main.cpp(1138) : Can't open key 'SYSTEM\ControlSet001\Services\dufyvjd' .\main.cpp(1106) : CheckForHiddenRegistryKeys() Blocked key: '\Registry\Machine\SYSTEM\ControlSet001\Services\dufyvjd' .\main.cpp(1261) : ScanObjectsDirectory(): AlertType=2, ObjectType=2, Path='\Registry\Machine\SYSTEM\ControlSet001\Services\dufyvjd' .\main.cpp(1202) : Scanning '\Registry\Machine\SYSTEM\ControlSet002\Services'... .\driver.cpp(406) : ZwOpenKey() fails, status: 0xc0000001 .\driver.cpp(458) : ScanRegistryKey(): 1341 objects found .\main.cpp(1137) : RegOpenKey() fails, error: 0x0000001f .\main.cpp(1138) : Can't open key 'SYSTEM\ControlSet002\Services\dufyvjd' .\main.cpp(1106) : CheckForHiddenRegistryKeys() Blocked key: '\Registry\Machine\SYSTEM\ControlSet002\Services\dufyvjd' .\main.cpp(1261) : ScanObjectsDirectory(): AlertType=2, ObjectType=2, Path='\Registry\Machine\SYSTEM\ControlSet002\Services\dufyvjd' .\main.cpp(1202) : Scanning '\Device\HarddiskVolume1\Windows\system32'... .\unhook.cpp(120) : ProcessFunctionIat(): IAT of 5 modules processed (0x82081962 => 0x88797962) .\unhook.cpp(120) : ProcessFunctionIat(): IAT of 5 modules processed (0x820819cf => 0x887979cf) .\unhook.cpp(606) : UnhookIrpFunc(): 'IofCompleteRequest' 0x820e40dc => 0x887fa0dc .\unhook.cpp(120) : ProcessFunctionIat(): IAT of 5 modules processed (0x88797962 => 0x82081962) .\unhook.cpp(120) : ProcessFunctionIat(): IAT of 5 modules processed (0x887979cf => 0x820819cf) .\unhook.cpp(675) : RevertUnhookedIrpFunc(): 'IofCompleteRequest' 0x887fa0dc => 0x820e40dc .\driver.cpp(715) : ScanDirectory(): 2624 objects found .\main.cpp(1024) : CheckForHiddenFiles() Blocked file: 'C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0' .\main.cpp(1024) : CheckForHiddenFiles() Blocked file: 'C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0' .\main.cpp(1261) : ScanObjectsDirectory(): AlertType=2, ObjectType=1, Path='\Device\HarddiskVolume1\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0' .\main.cpp(1261) : ScanObjectsDirectory(): AlertType=2, ObjectType=1, Path='\Device\HarddiskVolume1\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0' .\main.cpp(1202) : Scanning '\Device\HarddiskVolume1\Windows\system32\drivers'... .\unhook.cpp(120) : ProcessFunctionIat(): IAT of 5 modules processed (0x82081962 => 0x88797962) .\unhook.cpp(120) : ProcessFunctionIat(): IAT of 5 modules processed (0x820819cf => 0x887979cf) .\unhook.cpp(606) : UnhookIrpFunc(): 'IofCompleteRequest' 0x820e40dc => 0x887fa0dc .\unhook.cpp(120) : ProcessFunctionIat(): IAT of 5 modules processed (0x88797962 => 0x82081962) .\unhook.cpp(120) : ProcessFunctionIat(): IAT of 5 modules processed (0x887979cf => 0x820819cf) .\unhook.cpp(675) : RevertUnhookedIrpFunc(): 'IofCompleteRequest' 0x887fa0dc => 0x820e40dc .\driver.cpp(715) : ScanDirectory(): 281 objects found .\main.cpp(1024) : CheckForHiddenFiles() Blocked file: 'C:\Windows\system32\drivers\dufyvjd.sys' .\main.cpp(1261) : ScanObjectsDirectory(): AlertType=2, ObjectType=1, Path='\Device\HarddiskVolume1\Windows\system32\drivers\dufyvjd.sys' .\main.cpp(1197) : Scanning for hidden drivers... .\unhook.cpp(120) : ProcessFunctionIat(): IAT of 5 modules processed (0x82081962 => 0x88797962) .\unhook.cpp(120) : ProcessFunctionIat(): IAT of 5 modules processed (0x820819cf => 0x887979cf) .\unhook.cpp(606) : UnhookIrpFunc(): 'IofCompleteRequest' 0x820e40dc => 0x887fa0dc

Voilà le rapport OTL. Sinon si je lance une analyse du dossier avec antivir, il m'indique toujours que le rootkit est présent et qu'il ne peut pas le supprimer. All processes killed ========== FILES ========== File move failed. C:\Windows\System32\drivers\dufyvjd.sys scheduled to be moved on reboot. ========== SERVICES/DRIVERS ========== Error: No service named dufyvjd was found to stop! Service\Driver key dufyvjd not found. ========== REGISTRY ========== Registry key HKEY_LOCAL_MACHINE\system\ControlSet001\Services\dufyvjd\ not found. ========== COMMANDS ========== [EMPTYTEMP] User: All Users User: christelle ->Temp folder emptied: 28672406 bytes ->Temporary Internet Files folder emptied: 79690480 bytes ->Java cache emptied: 0 bytes ->Google Chrome cache emptied: 0 bytes ->Flash cache emptied: 2279 bytes User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: matthieu ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Java cache emptied: 0 bytes ->Flash cache emptied: 0 bytes User: Public ->Temp folder emptied: 0 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 2147761 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 105,00 mb [EMPTYFLASH] User: All Users User: christelle ->Flash cache emptied: 0 bytes User: Default User: Default User User: matthieu ->Flash cache emptied: 0 bytes User: Public Total Flash Files Cleaned = 0,00 mb C:\Windows\System32\drivers\etc\Hosts moved successfully. HOSTS file reset successfully OTL by OldTimer - Version 3.2.7.0 log created on 06302010_160224

Voilà, j'ai scanné mon ordi avec eset et il n'a rien trouvé. Du coup, aucun fichier n'a été généré, je ne peux donc rien poster. Je n'y comprends rien d'autant qu'Antivir a encore détecté le rootkit hier à 23h. Voilà le rapport généré par l'antivirus, peut-être que ça peut aider. Sinon, le PC ne plante plus,je n'ai plus eu de problème de démarrage qu'il a fallu que je répare avec le CD de Vista. Rapport Antivir : Avira AntiVir Personal Date de création du fichier de rapport : mardi 29 juin 2010 22:59 La recherche porte sur 2276624 souches de virus. Détenteur de la licence : Avira AntiVir Personal - FREE Antivirus Numéro de série : 0000149996-ADJIE-0000001 Plateforme : Windows Vista Version de Windows : (Service Pack 2) [6.0.6002] Mode Boot : Démarré normalement Identifiant : christelle Nom de l'ordinateur : PC-DE-CHRISTELL Informations de version : BUILD.DAT : 9.0.0.77 Bytes 09/06/2010 12:01:00 AVSCAN.EXE : 9.0.3.10 466689 Bytes 27/04/2010 15:39:10 AVSCAN.DLL : 9.0.3.0 49409 Bytes 03/03/2009 09:21:02 LUKE.DLL : 9.0.3.2 209665 Bytes 20/02/2009 10:35:11 LUKERES.DLL : 9.0.2.0 13569 Bytes 03/03/2009 09:21:31 VBASE000.VDF : 7.10.0.0 19875328 Bytes 06/11/2009 15:39:10 VBASE001.VDF : 7.10.1.0 1372672 Bytes 19/11/2009 15:39:10 VBASE002.VDF : 7.10.3.1 3143680 Bytes 20/01/2010 15:39:10 VBASE003.VDF : 7.10.3.75 996864 Bytes 26/01/2010 15:39:10 VBASE004.VDF : 7.10.4.203 1579008 Bytes 05/03/2010 15:39:10 VBASE005.VDF : 7.10.6.82 2494464 Bytes 15/04/2010 15:39:10 VBASE006.VDF : 7.10.7.218 2294784 Bytes 02/06/2010 22:19:50 VBASE007.VDF : 7.10.7.219 2048 Bytes 02/06/2010 22:19:50 VBASE008.VDF : 7.10.7.220 2048 Bytes 02/06/2010 22:19:50 VBASE009.VDF : 7.10.7.221 2048 Bytes 02/06/2010 22:19:50 VBASE010.VDF : 7.10.7.222 2048 Bytes 02/06/2010 22:19:50 VBASE011.VDF : 7.10.7.223 2048 Bytes 02/06/2010 22:19:50 VBASE012.VDF : 7.10.7.224 2048 Bytes 02/06/2010 22:19:50 VBASE013.VDF : 7.10.8.37 270336 Bytes 10/06/2010 22:19:45 VBASE014.VDF : 7.10.8.69 138752 Bytes 14/06/2010 04:43:46 VBASE015.VDF : 7.10.8.102 130560 Bytes 16/06/2010 10:12:57 VBASE016.VDF : 7.10.8.135 152064 Bytes 21/06/2010 07:42:51 VBASE017.VDF : 7.10.8.163 432128 Bytes 23/06/2010 07:42:54 VBASE018.VDF : 7.10.8.194 133632 Bytes 27/06/2010 07:43:03 VBASE019.VDF : 7.10.8.195 2048 Bytes 27/06/2010 07:43:03 VBASE020.VDF : 7.10.8.196 2048 Bytes 27/06/2010 07:43:03 VBASE021.VDF : 7.10.8.197 2048 Bytes 27/06/2010 07:43:03 VBASE022.VDF : 7.10.8.198 2048 Bytes 27/06/2010 07:43:04 VBASE023.VDF : 7.10.8.199 2048 Bytes 27/06/2010 07:43:04 VBASE024.VDF : 7.10.8.200 2048 Bytes 27/06/2010 07:43:04 VBASE025.VDF : 7.10.8.201 2048 Bytes 27/06/2010 07:43:04 VBASE026.VDF : 7.10.8.202 2048 Bytes 27/06/2010 07:43:04 VBASE027.VDF : 7.10.8.203 2048 Bytes 27/06/2010 07:43:04 VBASE028.VDF : 7.10.8.204 2048 Bytes 27/06/2010 07:43:04 VBASE029.VDF : 7.10.8.205 2048 Bytes 27/06/2010 07:43:04 VBASE030.VDF : 7.10.8.206 2048 Bytes 27/06/2010 07:43:04 VBASE031.VDF : 7.10.8.211 75776 Bytes 28/06/2010 07:43:05 Version du moteur : 8.2.4.2 AEVDF.DLL : 8.1.2.0 106868 Bytes 27/04/2010 15:39:10 AESCRIPT.DLL : 8.1.3.33 1356155 Bytes 24/06/2010 07:43:02 AESCN.DLL : 8.1.6.1 127347 Bytes 13/05/2010 15:49:15 AESBX.DLL : 8.1.3.1 254324 Bytes 27/04/2010 15:39:10 AERDL.DLL : 8.1.4.6 541043 Bytes 27/04/2010 15:39:10 AEPACK.DLL : 8.2.2.5 430453 Bytes 24/06/2010 07:43:01 AEOFFICE.DLL : 8.1.1.0 201081 Bytes 13/05/2010 15:49:14 AEHEUR.DLL : 8.1.1.38 2724214 Bytes 24/06/2010 07:43:00 AEHELP.DLL : 8.1.11.6 242038 Bytes 24/06/2010 07:42:57 AEGEN.DLL : 8.1.3.12 377204 Bytes 24/06/2010 07:42:57 AEEMU.DLL : 8.1.2.0 393588 Bytes 27/04/2010 15:39:10 AECORE.DLL : 8.1.15.3 192886 Bytes 13/05/2010 15:49:13 AEBB.DLL : 8.1.1.0 53618 Bytes 27/04/2010 15:39:10 AVWINLL.DLL : 9.0.0.3 18177 Bytes 12/12/2008 07:47:30 AVPREF.DLL : 9.0.3.0 44289 Bytes 27/04/2010 15:39:10 AVREP.DLL : 8.0.0.7 159784 Bytes 27/04/2010 15:39:10 AVREG.DLL : 9.0.0.0 36609 Bytes 07/11/2008 14:24:42 AVARKT.DLL : 9.0.0.3 292609 Bytes 24/03/2009 14:05:22 AVEVTLOG.DLL : 9.0.0.7 167169 Bytes 30/01/2009 09:36:37 SQLITE3.DLL : 3.6.1.0 326401 Bytes 28/01/2009 14:03:49 SMTPLIB.DLL : 9.2.0.25 28417 Bytes 02/02/2009 07:20:57 NETNT.DLL : 9.0.0.0 11521 Bytes 07/11/2008 14:40:59 RCIMAGE.DLL : 9.0.0.25 2438913 Bytes 27/04/2010 15:39:10 RCTEXT.DLL : 9.0.73.0 88321 Bytes 27/04/2010 15:39:10 Configuration pour la recherche actuelle : Nom de la tâche...............................: ShlExt Fichier de configuration......................: C:\Users\CHRIST~1\AppData\Local\Temp\e5deaad3.avp Documentation.................................: bas Action principale.............................: interactif Action secondaire.............................: ignorer Recherche sur les secteurs d'amorçage maître..: marche Recherche sur les secteurs d'amorçage.........: marche Secteurs d'amorçage...........................: C:, Recherche dans les programmes actifs..........: arrêt Recherche en cours sur l'enregistrement.......: arrêt Recherche de Rootkits.........................: arrêt Contrôle d'intégrité de fichiers système......: arrêt Fichier mode de recherche.....................: Sélection de fichiers intelligente Recherche sur les archives....................: marche Limiter la profondeur de récursivité..........: 20 Archive Smart Extensions......................: marche Heuristique de macrovirus.....................: marche Heuristique fichier...........................: moyen Catégories de dangers divergentes.............: +APPL,+GAME,+JOKE,+PCK,+SPR, Début de la recherche : mardi 29 juin 2010 22:59 La recherche sur les fichiers sélectionnés commence : Recherche débutant dans 'C:\Windows\System32\drivers' C:\Windows\System32\drivers\dufyvjd.sys [RESULTAT] Contient le cheval de Troie TR/Rootkit.Gen [AVERTISSEMENT] Impossible d'ouvrir le fichier ! Début de la désinfection : C:\Windows\System32\drivers\dufyvjd.sys [RESULTAT] Contient le cheval de Troie TR/Rootkit.Gen [AVERTISSEMENT] Fichier ignoré. Fin de la recherche : mardi 29 juin 2010 23:00 Temps nécessaire: 00:04 Minute(s) La recherche a été effectuée intégralement 5 Les répertoires ont été contrôlés 370 Des fichiers ont été contrôlés 1 Des virus ou programmes indésirables ont été trouvés 0 Des fichiers ont été classés comme suspects 0 Des fichiers ont été supprimés 0 Des virus ou programmes indésirables ont été réparés 0 Les fichiers ont été déplacés dans la quarantaine 0 Les fichiers ont été renommés 1 Impossible de contrôler des fichiers 368 Fichiers non infectés 0 Les archives ont été contrôlées 1 Avertissements 0 Consignes

Je n'ai pas trouvé Paramètres LAN, il y avait Paramètres et paramètres réseau. Dans les deux cas, la case "utiliser un proxy.." était désactivée. Mon PC n'a plus planté depuis mais le rootkit est toujours présent. Voilà le rapport OTL : All processes killed ========== FILES ========== c:\users\christelle\AppData\Local\2538050977.dat moved successfully. c:\programdata\Google\Google Toolbar\Update\gtb3FE1.tmp.exe moved successfully. File\Folder c:\users\CHRIST~1\AppData\Local\Temp\xmlAF32.tmp not found. ========== SERVICES/DRIVERS ========== Error: No service named dufyvjd was found to stop! Service\Driver key dufyvjd not found. ========== REGISTRY ========== Registry key HKEY_LOCAL_MACHINE\system\ControlSet001\Services\dufyvjd\ not found. ========== COMMANDS ========== [EMPTYTEMP] User: All Users User: christelle ->Temp folder emptied: 40319 bytes ->Temporary Internet Files folder emptied: 41455254 bytes ->Java cache emptied: 0 bytes ->Google Chrome cache emptied: 0 bytes ->Flash cache emptied: 3627 bytes User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: matthieu ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Java cache emptied: 0 bytes ->Flash cache emptied: 0 bytes User: Public ->Temp folder emptied: 0 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 2117601 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 42,00 mb [EMPTYFLASH] User: All Users User: christelle ->Flash cache emptied: 0 bytes User: Default User: Default User User: matthieu ->Flash cache emptied: 0 bytes User: Public Total Flash Files Cleaned = 0,00 mb C:\Windows\System32\drivers\etc\Hosts moved successfully. HOSTS file reset successfully OTL by OldTimer - Version 3.2.7.0 log created on 06292010_173411

Merci infiniment pour tout ce temps pris pour m'aider. Christelle

Voilà le rapport de Combofix : ComboFix 10-06-27.06 - christelle 28/06/2010 17:26:57.1.2 - x86 Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6002.2.1252.33.1036.18.3070.2186 [GMT 2:00] Lancé depuis: c:\users\christelle\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\A7LDQMO9\ComboFix.exe SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46} . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . c:\users\christelle\AUTORUN.INF c:\windows\system32\%appdata% c:\windows\system32\%appdata%\Microsoft\Windows\IETldCache\index.dat . . . . impossible à supprimer . ((((((((((((((((((((((((((((((((((((((( Pilotes/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Service_WinSvc ((((((((((((((((((((((((((((( Fichiers créés du 2010-05-28 au 2010-06-28 )))))))))))))))))))))))))))))))))))) . 2010-06-28 15:30 . 2010-06-28 15:32 -------- d-----w- c:\users\christelle\AppData\Local\temp 2010-06-28 15:30 . 2010-06-28 15:30 -------- d-----w- c:\users\matthieu\AppData\Local\temp 2010-06-26 21:01 . 2010-06-26 21:01 -------- d-----w- c:\program files\Microsoft 2010-06-26 21:01 . 2010-06-26 21:01 -------- d-----w- c:\program files\Windows Live SkyDrive 2010-06-26 21:01 . 2010-06-26 21:01 -------- d-----w- c:\program files\Windows Live 2010-06-26 12:36 . 2010-06-26 12:36 -------- d-----w- C:\_OTL 2010-06-23 01:00 . 2009-11-08 08:55 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll 2010-06-23 01:00 . 2009-11-08 08:55 49472 ----a-w- c:\windows\system32\netfxperf.dll 2010-06-23 01:00 . 2009-11-08 08:55 297808 ----a-w- c:\windows\system32\mscoree.dll 2010-06-23 01:00 . 2009-11-08 08:55 295264 ----a-w- c:\windows\system32\PresentationHost.exe 2010-06-23 01:00 . 2009-11-08 08:55 1130824 ----a-w- c:\windows\system32\dfshim.dll 2010-06-22 18:21 . 2010-04-16 16:43 28672 ----a-w- c:\windows\system32\Apphlpdm.dll 2010-06-22 18:21 . 2010-04-16 14:39 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll 2010-06-22 12:57 . 2010-06-22 12:57 -------- d-----w- c:\programdata\F-Secure 2010-06-21 12:04 . 2010-06-21 12:04 -------- d-----w- c:\users\matthieu\AppData\Roaming\Malwarebytes 2010-06-10 06:02 . 2010-04-05 17:01 67072 ----a-w- c:\windows\system32\asycfilt.dll 2010-06-10 06:02 . 2010-05-26 17:06 34304 ----a-w- c:\windows\system32\atmlib.dll 2010-06-10 06:02 . 2010-05-26 14:47 289792 ----a-w- c:\windows\system32\atmfd.dll 2010-06-09 08:28 . 2010-06-09 08:31 -------- d-----w- c:\users\christelle\AppData\Roaming\ArchiFacile 2010-06-05 19:13 . 2010-06-05 19:13 -------- d-----w- c:\users\matthieu\AppData\Roaming\Media Player Classic 2010-05-31 19:47 . 2010-05-31 20:16 -------- d-----w- c:\users\christelle\AdSigner . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2010-06-28 15:14 . 2010-02-26 22:03 -------- d-----w- c:\program files\Spybot - Search & Destroy 2010-06-28 15:13 . 2010-02-26 22:03 -------- d-----w- c:\programdata\Spybot - Search & Destroy 2010-06-27 21:31 . 2009-05-09 00:06 -------- d-----w- c:\program files\trend micro 2010-06-27 19:10 . 2009-03-07 15:50 -------- d-----w- c:\program files\Common Files\aol 2010-06-27 19:06 . 2009-09-21 15:31 -------- d-----w- c:\program files\AOL 9.0 VR 2010-06-27 16:26 . 2009-05-07 21:05 -------- d-----w- c:\programdata\Google Updater 2010-06-27 11:27 . 2009-12-28 18:40 -------- d-----w- c:\users\christelle\AppData\Roaming\BitTorrent 2010-06-26 11:39 . 2010-05-28 18:02 -------- d-----w- c:\users\matthieu\AppData\Roaming\BitTorrent 2010-06-26 11:03 . 2008-01-21 08:40 678804 ----a-w- c:\windows\system32\perfh00C.dat 2010-06-26 11:03 . 2008-01-21 08:40 126420 ----a-w- c:\windows\system32\perfc00C.dat 2010-06-25 21:02 . 2009-03-07 17:35 -------- d-----w- c:\program files\Microsoft.NET 2010-06-23 17:36 . 2010-05-26 19:59 -------- d-----w- c:\program files\Common Files\Steam 2010-06-10 18:30 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail 2010-06-10 18:15 . 2009-03-07 17:33 -------- d-----w- c:\programdata\Microsoft Help 2010-06-05 19:13 . 2010-04-10 13:20 -------- d-----w- c:\users\matthieu\AppData\Roaming\DivX 2010-06-05 07:32 . 2009-03-07 16:56 -------- d-----w- c:\program files\Microsoft Silverlight 2010-05-28 20:09 . 2010-05-26 15:02 53365 ----a-w- c:\programdata\nvModes.dat 2010-05-28 20:00 . 2009-03-05 17:22 -------- d-----w- c:\programdata\NVIDIA 2010-05-26 17:24 . 2010-05-26 17:24 -------- d-----w- c:\program files\Lexmark 2200 Series 2010-05-26 15:00 . 2010-05-26 14:58 -------- d-----w- c:\program files\NVIDIA Corporation 2010-05-26 14:05 . 2010-05-26 14:05 -------- d-----w- c:\program files\SystemRequirementsLab 2010-05-25 20:18 . 2010-05-25 20:18 -------- d-----w- c:\users\christelle\AppData\Roaming\Malwarebytes 2010-05-25 20:17 . 2010-05-25 20:17 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-05-25 20:17 . 2010-05-25 20:17 -------- d-----w- c:\programdata\Malwarebytes 2010-05-24 22:47 . 2009-12-28 18:40 -------- d-----w- c:\program files\BitTorrent 2010-05-24 22:41 . 2009-05-07 21:05 -------- d-----w- c:\program files\Google 2010-05-24 17:35 . 2010-05-24 17:34 213 --s-a-w- c:\users\christelle\AppData\Local\2538050977.dat 2010-05-21 12:14 . 2009-10-02 16:24 221568 ------w- c:\windows\system32\MpSigStub.exe 2010-05-18 20:36 . 2010-05-18 20:31 -------- d-----w- c:\program files\WalterShop.com 2010-05-16 13:25 . 2010-05-16 13:25 -------- d-----w- c:\users\christelle\AppData\Roaming\Blender Foundation 2010-05-09 18:18 . 2009-03-25 21:53 106304 ----a-w- c:\users\matthieu\AppData\Local\GDIPFONTCACHEV1.DAT 2010-05-09 15:22 . 2009-03-05 16:21 106304 ----a-w- c:\users\christelle\AppData\Local\GDIPFONTCACHEV1.DAT 2010-05-09 15:01 . 2009-03-08 01:29 -------- d-----w- c:\program files\7-Zip 2010-05-09 15:00 . 2009-07-06 17:05 -------- d-----w- c:\users\christelle\AppData\Roaming\uTorrent 2010-05-09 08:59 . 2010-05-09 08:59 -------- d-----w- c:\programdata\DivX 2010-05-04 05:59 . 2010-06-10 06:01 916480 ----a-w- c:\windows\system32\wininet.dll 2010-05-04 05:55 . 2010-06-10 06:01 71680 ----a-w- c:\windows\system32\iesetup.dll 2010-05-04 05:55 . 2010-06-10 06:01 109056 ----a-w- c:\windows\system32\iesysprep.dll 2010-05-04 04:31 . 2010-06-10 06:01 133632 ----a-w- c:\windows\system32\ieUnatt.exe 2010-05-01 14:13 . 2010-06-10 06:01 2037248 ----a-w- c:\windows\system32\win32k.sys 2010-04-29 13:39 . 2010-05-25 20:17 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-04-29 13:39 . 2010-05-25 20:17 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-04-27 15:39 . 2010-04-27 15:35 56816 ----a-w- c:\windows\system32\drivers\avgntflt.sys 2010-04-23 14:13 . 2010-05-25 23:41 2048 ----a-w- c:\windows\system32\tzres.dll 2010-04-16 20:12 . 2010-04-16 20:12 48464 ----a-w- c:\windows\system32\sirenacm.dll 2010-04-16 16:43 . 2010-06-22 18:21 173056 ----a-w- c:\windows\AppPatch\AcXtrnal.dll 2010-04-16 16:43 . 2010-06-22 18:21 458752 ----a-w- c:\windows\AppPatch\AcSpecfc.dll 2010-04-16 16:43 . 2010-06-22 18:21 542720 ----a-w- c:\windows\AppPatch\AcLayers.dll 2010-04-16 16:43 . 2010-06-22 18:21 2159616 ----a-w- c:\windows\AppPatch\AcGenral.dll 2010-04-09 15:37 . 2010-04-09 15:37 509552 ----a-w- c:\programdata\Google\Google Toolbar\Update\gtb3FE1.tmp.exe 2010-04-03 16:27 . 2010-04-03 16:27 985704 ----a-w- c:\windows\system32\nvsvc.dll 2010-04-03 16:27 . 2010-04-03 16:27 66664 ----a-w- c:\windows\system32\nvshext.dll 2010-04-03 16:27 . 2010-04-03 16:27 1515624 ----a-w- c:\windows\system32\nvsvcr.dll 2010-04-03 16:27 . 2010-04-03 16:27 13683816 ----a-w- c:\windows\system32\nvcpl.dll 2010-04-03 16:27 . 2010-04-03 16:27 129640 ----a-w- c:\windows\system32\nvvsvc.exe 2010-04-03 16:27 . 2010-04-03 16:27 110696 ----a-w- c:\windows\system32\nvmctray.dll 2010-04-02 14:54 . 2009-03-05 16:23 600680 ----a-w- c:\windows\system32\NVUNINST.EXE 2010-03-30 18:34 . 2009-03-05 16:21 1356 ----a-w- c:\users\christelle\AppData\Local\d3d9caps.dat . ((((((((((((((((((((((((((((((((( Points de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{9ec204df-0e48-4c32-816e-2e928a4fd9c2}"= "mscoree.dll" [2009-11-08 297808] [HKEY_CLASSES_ROOT\clsid\{9ec204df-0e48-4c32-816e-2e928a4fd9c2}] [HKEY_CLASSES_ROOT\IEToolbar.Toolbar] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "AOL Fast Start"="c:\program files\AOL 9.0 VR\AOL.EXE" [2007-06-21 50480] "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableLUA"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "aux"=wdmaud.drv [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend] @="Service" [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Rappels du Calendrier Microsoft Works.lnk] path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Rappels du Calendrier Microsoft Works.lnk backup=c:\windows\pss\Rappels du Calendrier Microsoft Works.lnk.CommonStartup backupExtension=.CommonStartup [HKLM\~\startupfolder\C:^Users^christelle^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Lanceur.lnk] path=c:\users\christelle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Lanceur.lnk backup=c:\windows\pss\Lanceur.lnk.Startup backupExtension=.Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM] 2010-03-24 18:17 952768 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] 2010-04-04 05:42 36272 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOL Fast Start] 2007-06-21 11:44 50480 ----a-w- c:\program files\AOL 9.0 VR\aol.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HDAudDeck] 2008-08-26 03:18 16986112 ----a-r- c:\program files\VIA\VIAudioi\VDeck\VDeck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager] 2006-09-26 00:52 50736 ----a-w- c:\program files\Common Files\aol\1253547102\ee\aolsoftware.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Monitor] 2006-11-03 10:01 319488 ----a-w- c:\windows\PixArt\Pac207\Monitor.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter] 2010-04-03 16:27 110696 ----a-w- c:\windows\System32\nvmctray.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] 2009-11-10 22:08 417792 ----a-w- c:\program files\QuickTime\QTTask.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam] 2010-05-26 20:00 1238352 ----a-w- d:\program files\steam\Steam.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] 2009-05-04 16:09 148888 ----a-w- c:\program files\Java\jre6\bin\jusched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg] 2009-05-07 21:05 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender] 2008-01-21 02:23 1008184 ----a-w- c:\program files\Windows Defender\MSASCui.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WPCUMI] 2006-11-02 12:35 176128 ----a-w- c:\windows\System32\wpcumi.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc] "VistaSp2"=hex(b):28,1f,5b,23,a9,3c,ca,01 R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] R2 gupdate;Service Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-04-09 135664] R3 PAC207;SoC PC-Camera;c:\windows\system32\DRIVERS\PFC027.SYS [2006-12-05 507136] R3 WPFFontCache_v0400;Cache de police de Windows Presentation Foundation 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504] R4 lxbv_device;lxbv_device;c:\windows\system32\lxbvcoms.exe [2007-04-25 537520] R4 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2010-04-03 240232] S2 AntiVirSchedulerService;Avira AntiVir Planificateur;c:\program files\Avira\AntiVir Desktop\sched.exe [2010-04-27 108289] S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [2008-07-25 870400] --- Autres Services/Pilotes en mémoire --- *Deregistered* - dufyvjd [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache . Contenu du dossier 'Tâches planifiées' 2010-06-28 c:\windows\Tasks\Google Software Updater.job - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-05-07 21:05] 2010-06-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-04-09 15:38] 2010-06-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-04-09 15:38] . . ------- Examen supplémentaire ------- . uStart Page = hxxp://www.google.fr/ uDefault_Search_URL = hxxp://www.durable.com/recherche uSearchMigratedDefaultURL = hxxp://www.durable.com/result?cx=partner-pub-7902900401080901%3Azbljezwsgul&cof=FORID%3A10&ie=UTF-8&q={searchTerms} mStart Page = hxxp://www.durable.com/recherche uInternet Settings,ProxyServer = http=127.0.0.1:5555 uInternet Settings,ProxyOverride = <local> uSearchAssistant = hxxp://www.durable.com/recherche uSearchURL,(Default) = hxxp://www.durable.com/recherche IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000 IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html . - - - - ORPHELINS SUPPRIMES - - - - MSConfigStartUp-hsfe8owijfisjhgs7ye39gjsoighsd7y3eu - c:\users\christelle\AppData\Local\Temp\khfn6bomha.exe MSConfigStartUp-SpybotSD TeaTimer - c:\program files\Spybot - Search & Destroy\TeaTimer.exe MSConfigStartUp-uTorrent - d:\program files\uTorrent.exe ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover Rootkit scan 2010-06-28 17:32 Windows 6.0.6002 Service Pack 2 NTFS Recherche de processus cachés ... Recherche d'éléments en démarrage automatique cachés ... Recherche de fichiers cachés ... c:\users\CHRIST~1\AppData\Local\Temp\xmlAF32.tmp 213 bytes Scan terminé avec succès Fichiers cachés: 1 ************************************************************************** [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\dufyvjd] . ------------------------ Autres processus actifs ------------------------ . c:\windows\system32\AUDIODG.EXE c:\windows\system32\conime.exe c:\program files\Avira\AntiVir Desktop\avguard.exe c:\program files\Common Files\AOL\ACS\AOLAcsd.exe c:\program files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe c:\program files\AOL 9.0 VR\waol.exe c:\program files\Windows Media Player\wmpnetwk.exe c:\windows\system32\wbem\unsecapp.exe . ************************************************************************** . Heure de fin: 2010-06-28 17:35:50 - La machine a redémarré ComboFix-quarantined-files.txt 2010-06-28 15:35 Avant-CF: 42 348 793 856 octets libres Après-CF: 42 135 150 592 octets libres Current=1 Default=1 Failed=0 LastKnownGood=8 Sets=1,2,3,4,5,6,7,8 - - End Of File - - CD6D4AA8D08CC320A8116719FE6274B0

Il n'y a aucun triangle jaune, ni aucun fichier ADS. Pour ce qui est des problèmes d'origine, rien de changé. J'ai analysé le dossier avec Malwarebyte's et antivir, le rootkit est toujours là et, après redémarage de l'ordi n'a pas été supprimé. Voilà le rapport OTL : OTL logfile created on: 27/06/2010 23:35:10 - Run 3 OTL by OldTimer - Version 3.2.7.0 Folder = C:\Users\christelle\Desktop Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18928) Locale: 0000040c | Country: France | Language: FRA | Date Format: dd/MM/yyyy 3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 61,00% Memory free 6,00 Gb Paging File | 5,00 Gb Available in Paging File | 81,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 97,66 Gb Total Space | 39,10 Gb Free Space | 40,04% Space Free | Partition Type: NTFS Drive D: | 200,43 Gb Total Space | 166,75 Gb Free Space | 83,19% Space Free | Partition Type: NTFS E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: PC-DE-CHRISTELL Current User Name: christelle Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Standard ========== Processes (SafeList) ========== PRC - [2010/06/26 12:49:13 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Users\christelle\Desktop\OTL.exe PRC - [2010/04/27 17:39:10 | 000,185,089 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe PRC - [2010/04/27 17:39:10 | 000,108,289 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe PRC - [2009/04/11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2009/04/11 08:27:20 | 000,088,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\audiodg.exe PRC - [2009/03/02 13:08:11 | 000,209,153 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe PRC - [2007/06/21 13:44:34 | 000,054,576 | ---- | M] (AOL) -- C:\Program Files\AOL 9.0 VR\shellmon.exe PRC - [2007/05/24 10:15:27 | 000,039,472 | ---- | M] (AOL, LLC.) -- C:\Program Files\AOL 9.0 VR\waol.exe PRC - [2007/04/02 14:33:32 | 000,063,120 | ---- | M] (AOL LLC) -- C:\Program Files\Common Files\AOL\Topspeed\3.0\aoltpsd3.exe PRC - [2006/10/23 14:50:35 | 000,046,640 | R--- | M] (AOL LLC) -- C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe PRC - [2006/09/26 02:52:48 | 000,050,736 | ---- | M] (America Online, Inc.) -- C:\Program Files\Common Files\AOL\1253547102\ee\aolsoftware.exe ========== Modules (SafeList) ========== MOD - [2010/06/26 12:49:13 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Users\christelle\Desktop\OTL.exe MOD - [2009/04/11 08:21:38 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll MOD - [2008/01/21 04:24:37 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msscript.ocx MOD - [2007/05/24 09:55:02 | 000,006,144 | ---- | M] (AOL, LLC.) -- C:\Program Files\AOL 9.0 VR\idleproc.dll MOD - [2003/08/13 03:17:04 | 000,348,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msvcr71.dll ========== Win32 Services (SafeList) ========== SRV - File not found [Auto | Stopped] -- -- (WinSvc) SRV - [2010/06/18 20:29:22 | 000,395,048 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2010/04/27 17:39:10 | 000,185,089 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2010/04/27 17:39:10 | 000,108,289 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2010/04/03 16:59:00 | 000,240,232 | ---- | M] (NVIDIA Corporation) [Disabled | Stopped] -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service) SRV - [2010/03/18 13:16:28 | 000,753,504 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe -- (WPFFontCache_v0400) SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2009/09/25 03:27:04 | 000,793,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache) SRV - [2009/01/26 16:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Disabled | Stopped] -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService) SRV - [2008/10/20 21:18:26 | 000,071,096 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\CDBurnerXP\NMSAccessU.exe -- (NMSAccessU) SRV - [2008/01/21 04:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend) SRV - [2007/04/25 14:18:48 | 000,537,520 | ---- | M] ( ) [Disabled | Stopped] -- C:\Windows\System32\lxbvcoms.exe -- (lxbv_device) SRV - [2006/10/23 14:50:35 | 000,046,640 | R--- | M] (AOL LLC) [Auto | Running] -- C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe -- (AOL ACS) ========== Driver Services (SafeList) ========== DRV - [2010/04/27 17:39:10 | 000,056,816 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt) DRV - [2010/04/27 17:39:10 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2010/04/04 00:55:31 | 011,573,800 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm) DRV - [2009/03/30 10:32:47 | 000,096,104 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb) DRV - [2009/02/13 12:34:33 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio) DRV - [2008/07/25 14:09:50 | 000,870,400 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\viahduaa.sys -- (VIAHdAudAddService) DRV - [2008/03/25 23:38:20 | 001,048,480 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvmfdx32.sys -- (NVENETFD) DRV - [2008/01/21 04:23:27 | 000,386,616 | ---- | M] (LSI Corporation, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasr.sys -- (MegaSR) DRV - [2008/01/21 04:23:27 | 000,149,560 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320) DRV - [2008/01/21 04:23:27 | 000,031,288 | ---- | M] (LSI Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas) DRV - [2008/01/21 04:23:26 | 000,101,432 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m) DRV - [2008/01/21 04:23:26 | 000,074,808 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4) DRV - [2008/01/21 04:23:26 | 000,040,504 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs) DRV - [2008/01/21 04:23:25 | 000,300,600 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci) DRV - [2008/01/21 04:23:25 | 000,089,656 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS) DRV - [2008/01/21 04:23:24 | 001,122,360 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300) DRV - [2008/01/21 04:23:24 | 000,118,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel® DRV - [2008/01/21 04:23:24 | 000,079,928 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas) DRV - [2008/01/21 04:23:23 | 000,235,064 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV) DRV - [2008/01/21 04:23:23 | 000,130,616 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid) DRV - [2008/01/21 04:23:23 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2) DRV - [2008/01/21 04:23:23 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI) DRV - [2008/01/21 04:23:23 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC) DRV - [2008/01/21 04:23:23 | 000,079,416 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc) DRV - [2008/01/21 04:23:22 | 000,342,584 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor) DRV - [2008/01/21 04:23:21 | 000,422,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx) DRV - [2008/01/21 04:23:21 | 000,102,968 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid) DRV - [2008/01/21 04:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor) DRV - [2008/01/21 04:23:20 | 000,238,648 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci) DRV - [2008/01/21 04:23:00 | 000,020,024 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide) DRV - [2008/01/21 04:23:00 | 000,019,000 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide) DRV - [2008/01/21 04:23:00 | 000,017,464 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide) DRV - [2007/04/13 19:30:39 | 000,025,136 | ---- | M] (America Online) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atwpkt2.sys -- (ATWPKT2) DRV - [2006/12/05 12:34:42 | 000,507,136 | ---- | M] (PixArt Imaging Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\PFC027.SYS -- (PAC207) DRV - [2006/11/30 00:24:57 | 000,033,588 | ---- | M] (America Online, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\wanatw4.sys -- (wanatw) WAN Miniport (ATW) DRV - [2006/11/02 11:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx) DRV - [2006/11/02 11:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata) DRV - [2006/11/02 11:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960) DRV - [2006/11/02 11:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp) DRV - [2006/11/02 11:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx) DRV - [2006/11/02 11:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid) DRV - [2006/11/02 11:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi) DRV - [2006/11/02 11:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx) DRV - [2006/11/02 11:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3) DRV - [2006/11/02 11:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x) DRV - [2006/11/02 11:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi) DRV - [2006/11/02 10:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM) DRV - [2006/11/02 10:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer) DRV - [2006/11/02 10:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp) DRV - [2006/11/02 10:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo) DRV - [2006/11/02 10:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm) DRV - [2006/11/02 10:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm) DRV - [2006/11/02 09:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi) DRV - [2006/10/18 07:44:48 | 000,007,680 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ASACPI.sys -- (MTsensor) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = Recherche écologique sur Durable.com IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Recherche écologique sur Durable.com IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = Recherche écologique sur Durable.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = Recherche écologique sur Durable.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = Recherche écologique sur Durable.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Durable.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.durable.com/result?cx=partner-pub-7902900401080901%3Azbljezwsgul&cof=FORID%3A10&ie=UTF-8&q={searchTerms} IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Google IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = Recherche écologique sur Durable.com IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 O1 HOSTS File: ([2010/06/27 21:28:38 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll (Safer Networking Limited) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (jZip Webmail plugin) - {647FD14A-C4F1-46F4-8FC3-0B40F54226F7} - C:\Program Files\jZip\WebmailPlugin.dll (Discordia Limited) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll (Google Inc.) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKCU..\Run: [AOL Fast Start] C:\Program Files\AOL 9.0 VR\AOL.EXE (AOL) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 28 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1 O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.) O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll (Google Inc.) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll (Safer Networking Limited) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation) O13 - gopher Prefix: missing O15 - HKCU\..Trusted Domains: aol.com ([objects] * is out of zone range - 5) O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} http://www.zebulon.fr/outils/antivirus/kavwebscan_unicode.cab (Reg Error: Key error.) O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} http://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab (System Requirements Lab Class) O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} http://download.bitdefender.com/resources/scanner/sources/fr/scan8/oscan8.cab (BDSCANONLINE Control) O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} http://www.virustraq.com/img/scan_virus/webscan.cab (WScanCtl Class) O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Facebook Photo Uploader 5 Control) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.138 O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Users\christelle\AppData\Roaming\Microsoft\Windows Photo Gallery\Papier peint de la Galerie de photos Windows.jpg O24 - Desktop BackupWallPaper: C:\Users\christelle\AppData\Roaming\Microsoft\Windows Photo Gallery\Papier peint de la Galerie de photos Windows.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006/09/18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2010/06/27 21:21:58 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT [2010/06/26 23:01:59 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft [2010/06/26 23:01:44 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live SkyDrive [2010/06/26 23:01:28 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live [2010/06/26 14:36:09 | 000,000,000 | ---D | C] -- C:\_OTL [2010/06/26 12:49:10 | 000,574,464 | ---- | C] (OldTimer Tools) -- C:\Users\christelle\Desktop\OTL.exe [2010/06/26 10:09:09 | 000,000,000 | ---D | C] -- C:\Users\christelle\Documents\RIMG0226 [2010/06/26 10:07:35 | 000,000,000 | ---D | C] -- C:\Users\christelle\Documents\RIMG0219 [2010/06/23 03:00:16 | 000,295,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationHost.exe [2010/06/23 03:00:16 | 000,099,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationHostProxy.dll [2010/06/23 03:00:16 | 000,049,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netfxperf.dll [2010/06/22 20:21:48 | 004,240,384 | ---- | C] (Microsoft) -- C:\Windows\System32\GameUXLegacyGDFs.dll [2010/06/22 20:21:48 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Apphlpdm.dll [2010/06/22 14:57:32 | 000,000,000 | ---D | C] -- C:\ProgramData\F-Secure [2010/06/20 20:13:04 | 000,000,000 | ---D | C] -- C:\Users\christelle\Documents\EDTélèves [2010/06/18 18:14:33 | 000,000,000 | ---D | C] -- C:\Users\christelle\Documents\AUJOURLEJOUR21.06 [2010/06/16 21:31:31 | 000,000,000 | --SD | C] -- C:\Users\christelle\Documents\Mes sources de données [2010/06/11 23:15:47 | 000,000,000 | ---D | C] -- C:\Users\christelle\Documents\AUJOURLEJOUR14.06 [2010/06/10 08:02:17 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\asycfilt.dll [2010/06/10 08:02:15 | 000,289,792 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll [2010/06/10 08:02:15 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll [2010/06/10 08:01:59 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb [2010/06/10 08:01:59 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl [2010/06/10 08:01:59 | 000,611,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll [2010/06/10 08:01:59 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll [2010/06/10 08:01:59 | 000,387,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll [2010/06/10 08:01:59 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll [2010/06/10 08:01:59 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe [2010/06/10 08:01:59 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll [2010/06/10 08:01:59 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe [2010/06/10 08:01:59 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll [2010/06/10 08:01:59 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll [2010/06/10 08:01:59 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll [2010/06/10 08:01:59 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll [2010/06/10 08:01:59 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll [2010/06/10 08:01:59 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe [2010/06/10 08:01:37 | 002,037,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys [2010/06/09 10:28:28 | 000,000,000 | ---D | C] -- C:\Users\christelle\AppData\Roaming\ArchiFacile [2010/06/08 18:02:32 | 000,000,000 | ---D | C] -- C:\Users\christelle\Documents\AR-M351U_20100608_133448_Compressed [2010/06/03 18:31:41 | 000,000,000 | ---D | C] -- C:\Users\christelle\Documents\PLANNINGDERESTITUTIONDESMANUELSSCOLAIRES [2010/05/31 21:47:13 | 000,000,000 | ---D | C] -- C:\Users\christelle\AdSigner [2010/05/26 19:24:25 | 000,323,584 | ---- | C] ( ) -- C:\Windows\System32\LXBVhcp.dll [2007/04/04 12:40:30 | 000,643,072 | ---- | C] ( ) -- C:\Windows\System32\lxbvpmui.dll [2007/04/04 12:39:22 | 001,224,704 | ---- | C] ( ) -- C:\Windows\System32\lxbvserv.dll [2007/04/04 12:34:14 | 000,421,888 | ---- | C] ( ) -- C:\Windows\System32\lxbvcomm.dll [2007/04/04 12:32:50 | 000,585,728 | ---- | C] ( ) -- C:\Windows\System32\lxbvlmpm.dll [2007/04/04 12:31:40 | 000,397,312 | ---- | C] ( ) -- C:\Windows\System32\lxbviesc.dll [2007/04/04 12:29:30 | 000,094,208 | ---- | C] ( ) -- C:\Windows\System32\lxbvpplc.dll [2007/04/04 12:28:44 | 000,684,032 | ---- | C] ( ) -- C:\Windows\System32\lxbvcomc.dll [2007/04/04 12:28:12 | 000,163,840 | ---- | C] ( ) -- C:\Windows\System32\lxbvprox.dll [2007/04/04 12:22:26 | 000,413,696 | ---- | C] ( ) -- C:\Windows\System32\lxbvinpa.dll [2007/04/04 12:21:52 | 000,995,328 | ---- | C] ( ) -- C:\Windows\System32\lxbvusb1.dll [2007/04/04 12:18:20 | 000,696,320 | ---- | C] ( ) -- C:\Windows\System32\lxbvhbn3.dll ========== Files - Modified Within 30 Days ========== [2010/06/27 23:35:52 | 000,823,808 | ---- | M] () -- C:\Windows\System32\drivers\dufyvjd.sys [2010/06/27 23:35:08 | 010,223,616 | -HS- | M] () -- C:\Users\christelle\ntuser.dat [2010/06/27 23:31:17 | 000,001,874 | ---- | M] () -- C:\Users\christelle\Desktop\HijackThis.lnk [2010/06/27 23:29:47 | 000,003,712 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2010/06/27 23:29:47 | 000,003,712 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2010/06/27 23:29:23 | 000,053,365 | ---- | M] () -- C:\ProgramData\nvModes.001 [2010/06/27 22:53:00 | 000,001,054 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2010/06/27 21:44:57 | 000,000,290 | RHS- | M] () -- C:\ProgramData\ntuser.pol [2010/06/27 21:34:43 | 000,284,915 | ---- | M] () -- C:\Users\christelle\Desktop\gmer.zip [2010/06/27 21:32:14 | 000,001,000 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job [2010/06/27 21:30:03 | 000,000,576 | ---- | M] () -- C:\Windows\win.ini [2010/06/27 21:29:56 | 000,001,050 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2010/06/27 21:29:48 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT [2010/06/27 21:29:43 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2010/06/27 21:28:43 | 000,524,288 | -HS- | M] () -- C:\Users\christelle\ntuser.dat{2b29ccfc-f2ec-11de-b8ad-00038a000015}.TMContainer00000000000000000001.regtrans-ms [2010/06/27 21:28:43 | 000,065,536 | -HS- | M] () -- C:\Users\christelle\ntuser.dat{2b29ccfc-f2ec-11de-b8ad-00038a000015}.TM.blf [2010/06/27 21:28:38 | 000,000,098 | ---- | M] () -- C:\Windows\System32\drivers\etc\Hosts [2010/06/27 21:15:21 | 373,209,258 | ---- | M] () -- C:\Users\christelle\Desktop\base registre.reg [2010/06/27 21:04:24 | 002,248,417 | -H-- | M] () -- C:\Users\christelle\AppData\Local\IconCache.db [2010/06/27 15:15:12 | 002,294,857 | ---- | M] () -- C:\Users\christelle\Documents\EnregistrementAuto_Sans titre_3.skp [2010/06/27 12:08:55 | 000,001,809 | ---- | M] () -- C:\Users\christelle\Documents\défautdelivre.eml [2010/06/26 20:00:00 | 000,000,414 | ---- | M] () -- C:\Windows\tasks\Registry Winner Schedule.job [2010/06/26 13:03:25 | 001,513,406 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI [2010/06/26 13:03:25 | 000,678,804 | ---- | M] () -- C:\Windows\System32\perfh00C.dat [2010/06/26 13:03:25 | 000,595,798 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2010/06/26 13:03:25 | 000,126,420 | ---- | M] () -- C:\Windows\System32\perfc00C.dat [2010/06/26 13:03:25 | 000,103,872 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2010/06/26 12:49:13 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Users\christelle\Desktop\OTL.exe [2010/06/26 10:09:09 | 006,206,040 | ---- | M] () -- C:\Users\christelle\Documents\RIMG0226.zip [2010/06/26 10:07:35 | 006,214,674 | ---- | M] () -- C:\Users\christelle\Documents\RIMG0219.zip [2010/06/24 00:23:25 | 000,002,687 | ---- | M] () -- C:\Users\christelle\Desktop\Microsoft Office Word 2007.lnk [2010/06/21 00:20:20 | 000,064,307 | ---- | M] () -- C:\Users\christelle\Documents\TROP_FORT1.pdf [2010/06/20 20:40:58 | 000,944,350 | ---- | M] () -- C:\Users\christelle\Documents\quentin.skp [2010/06/20 20:13:04 | 000,482,513 | ---- | M] () -- C:\Users\christelle\Documents\EDTélèves.zip [2010/06/20 17:27:31 | 000,058,368 | ---- | M] () -- C:\Users\christelle\Documents\Fiche profs mardi.doc [2010/06/18 18:14:33 | 000,568,157 | ---- | M] () -- C:\Users\christelle\Documents\AUJOURLEJOUR21.06.zip [2010/06/18 01:09:30 | 000,000,664 | RHS- | M] () -- C:\Users\christelle\ntuser.pol [2010/06/18 01:06:02 | 000,006,460 | ---- | M] () -- C:\Users\christelle\Documents\élèves inscrits.odt [2010/06/16 19:19:09 | 004,321,386 | ---- | M] () -- C:\Users\christelle\Documents\Maison Camille.skp [2010/06/16 15:08:59 | 066,594,580 | ---- | M] () -- C:\Users\christelle\Documents\Maisons Camille et Quentin.skp [2010/06/14 23:03:37 | 000,060,273 | ---- | M] () -- C:\Users\christelle\Documents\organisationsemainederévision.pdf [2010/06/14 19:56:16 | 046,778,819 | ---- | M] () -- C:\Users\christelle\Documents\1.skb [2010/06/14 19:54:37 | 066,614,278 | ---- | M] () -- C:\Users\christelle\Documents\EnregistrementAuto_Maison Camille.skp [2010/06/13 20:36:32 | 063,450,158 | ---- | M] () -- C:\Users\christelle\Documents\Maison Camille.skb [2010/06/13 18:07:27 | 000,010,389 | ---- | M] () -- C:\Users\christelle\Documents\ne de révisions Christelle.odt [2010/06/13 12:04:46 | 031,542,335 | ---- | M] () -- C:\Users\christelle\Documents\0.skb [2010/06/13 11:58:22 | 032,630,210 | ---- | M] () -- C:\Users\christelle\Documents\EnregistrementAuto_Sketchup 4.skp [2010/06/12 23:40:17 | 027,832,074 | ---- | M] () -- C:\Users\christelle\Documents\Sketchup 4.skp [2010/06/12 11:50:42 | 000,000,000 | ---- | M] () -- C:\Users\christelle\Desktop\0.skb [2010/06/12 11:44:58 | 021,145,675 | ---- | M] () -- C:\Users\christelle\Documents\EnregistrementAuto_Sans titre_2.skp [2010/06/12 10:47:55 | 006,877,421 | ---- | M] () -- C:\Users\christelle\Documents\EnregistrementAuto_Sans titre_1.skp [2010/06/11 23:15:47 | 000,267,656 | ---- | M] () -- C:\Users\christelle\Documents\AUJOURLEJOUR14.06.zip [2010/06/11 21:17:34 | 055,713,681 | ---- | M] () -- C:\Users\christelle\Documents\EnregistrementAuto_Sans titre.skp [2010/06/11 19:38:59 | 000,022,016 | ---- | M] () -- C:\Users\christelle\Documents\Akim.doc [2010/06/10 20:31:49 | 000,387,776 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2010/06/09 10:42:20 | 000,001,498 | ---- | M] () -- C:\Users\Public\Desktop\Google SketchUp 7.lnk [2010/06/08 18:02:32 | 000,293,385 | ---- | M] () -- C:\Users\christelle\Documents\AR-M351U_20100608_133448_Compressed.zip [2010/06/04 18:20:12 | 000,049,664 | ---- | M] () -- C:\Users\christelle\Documents\AUJOURLEJOUR07.06.doc [2010/06/04 18:19:41 | 000,493,568 | ---- | M] () -- C:\Users\christelle\Documents\NDSn°104ChallengeDavini.doc [2010/06/03 22:42:56 | 000,067,584 | ---- | M] () -- C:\Users\christelle\Documents\Fichedevoeux.doc [2010/06/03 22:42:34 | 000,178,197 | ---- | M] () -- C:\Users\christelle\Documents\Fichedevoeux.pdf [2010/06/03 21:29:08 | 000,000,214 | ---- | M] () -- C:\Users\christelle\Desktop\Ricochet Infinity.url [2010/06/03 18:31:41 | 000,863,673 | ---- | M] () -- C:\Users\christelle\Documents\PLANNINGDERESTITUTIONDESMANUELSSCOLAIRES.zip [2010/06/03 18:25:19 | 000,714,752 | ---- | M] () -- C:\Users\christelle\Documents\Etupensidifareunbruttolavoro.pps [2010/06/01 20:39:20 | 000,081,408 | ---- | M] () -- C:\Users\christelle\Documents\Résultats3°.xls ========== Files Created - No Company Name ========== [2010/06/27 23:31:17 | 000,001,874 | ---- | C] () -- C:\Users\christelle\Desktop\HijackThis.lnk [2010/06/27 21:44:57 | 000,000,290 | RHS- | C] () -- C:\ProgramData\ntuser.pol [2010/06/27 21:37:16 | 000,293,376 | ---- | C] () -- C:\Users\christelle\Desktop\gmer.exe [2010/06/27 21:34:33 | 000,284,915 | ---- | C] () -- C:\Users\christelle\Desktop\gmer.zip [2010/06/27 21:19:27 | 000,157,696 | ---- | C] () -- C:\Users\christelle\Documents\ERUNT.EXE [2010/06/27 21:19:19 | 000,157,696 | ---- | C] () -- C:\Users\christelle\Desktop\ERUNT.EXE [2010/06/27 21:19:19 | 000,140,288 | ---- | C] () -- C:\Users\christelle\Desktop\NTREGOPT.EXE [2010/06/27 21:19:19 | 000,038,912 | ---- | C] () -- C:\Users\christelle\Desktop\AUTOBACK.EXE [2010/06/27 21:19:19 | 000,001,960 | ---- | C] () -- C:\Users\christelle\Desktop\NTREGOPT.LOC [2010/06/27 21:15:04 | 373,209,258 | ---- | C] () -- C:\Users\christelle\Desktop\base registre.reg [2010/06/27 15:15:12 | 002,294,857 | ---- | C] () -- C:\Users\christelle\Documents\EnregistrementAuto_Sans titre_3.skp [2010/06/26 10:07:59 | 006,206,040 | ---- | C] () -- C:\Users\christelle\Documents\RIMG0226.zip [2010/06/26 10:06:22 | 006,214,674 | ---- | C] () -- C:\Users\christelle\Documents\RIMG0219.zip [2010/06/21 00:20:17 | 000,064,307 | ---- | C] () -- C:\Users\christelle\Documents\TROP_FORT1.pdf [2010/06/20 20:40:57 | 000,944,350 | ---- | C] () -- C:\Users\christelle\Documents\quentin.skp [2010/06/20 20:12:57 | 000,482,513 | ---- | C] () -- C:\Users\christelle\Documents\EDTélèves.zip [2010/06/20 17:27:31 | 000,058,368 | ---- | C] () -- C:\Users\christelle\Documents\Fiche profs mardi.doc [2010/06/18 18:14:19 | 000,568,157 | ---- | C] () -- C:\Users\christelle\Documents\AUJOURLEJOUR21.06.zip [2010/06/18 01:05:51 | 000,006,460 | ---- | C] () -- C:\Users\christelle\Documents\élèves inscrits.odt [2010/06/16 15:08:20 | 066,594,580 | ---- | C] () -- C:\Users\christelle\Documents\Maisons Camille et Quentin.skp [2010/06/14 23:03:35 | 000,060,273 | ---- | C] () -- C:\Users\christelle\Documents\organisationsemainederévision.pdf [2010/06/14 19:55:53 | 063,450,158 | ---- | C] () -- C:\Users\christelle\Documents\Maison Camille.skb [2010/06/14 19:55:53 | 046,778,819 | ---- | C] () -- C:\Users\christelle\Documents\1.skb [2010/06/14 19:54:10 | 066,614,278 | ---- | C] () -- C:\Users\christelle\Documents\EnregistrementAuto_Maison Camille.skp [2010/06/13 20:35:55 | 004,321,386 | ---- | C] () -- C:\Users\christelle\Documents\Maison Camille.skp [2010/06/13 18:07:26 | 000,010,389 | ---- | C] () -- C:\Users\christelle\Documents\ne de révisions Christelle.odt [2010/06/13 12:03:27 | 031,542,335 | ---- | C] () -- C:\Users\christelle\Documents\0.skb [2010/06/13 11:23:48 | 032,630,210 | ---- | C] () -- C:\Users\christelle\Documents\EnregistrementAuto_Sketchup 4.skp [2010/06/12 23:39:50 | 027,832,074 | ---- | C] () -- C:\Users\christelle\Documents\Sketchup 4.skp [2010/06/12 11:50:42 | 000,000,000 | ---- | C] () -- C:\Users\christelle\Desktop\0.skb [2010/06/12 11:19:04 | 021,145,675 | ---- | C] () -- C:\Users\christelle\Documents\EnregistrementAuto_Sans titre_2.skp [2010/06/12 10:39:36 | 006,877,421 | ---- | C] () -- C:\Users\christelle\Documents\EnregistrementAuto_Sans titre_1.skp [2010/06/11 23:15:43 | 000,267,656 | ---- | C] () -- C:\Users\christelle\Documents\AUJOURLEJOUR14.06.zip [2010/06/11 19:38:59 | 000,022,016 | ---- | C] () -- C:\Users\christelle\Documents\Akim.doc [2010/06/11 17:39:46 | 055,713,681 | ---- | C] () -- C:\Users\christelle\Documents\EnregistrementAuto_Sans titre.skp [2010/06/09 10:42:20 | 000,001,498 | ---- | C] () -- C:\Users\Public\Desktop\Google SketchUp 7.lnk [2010/06/08 18:02:27 | 000,293,385 | ---- | C] () -- C:\Users\christelle\Documents\AR-M351U_20100608_133448_Compressed.zip [2010/06/04 18:20:11 | 000,049,664 | ---- | C] () -- C:\Users\christelle\Documents\AUJOURLEJOUR07.06.doc [2010/06/04 18:19:35 | 000,493,568 | ---- | C] () -- C:\Users\christelle\Documents\NDSn°104ChallengeDavini.doc [2010/06/03 22:42:33 | 000,178,197 | ---- | C] () -- C:\Users\christelle\Documents\Fichedevoeux.pdf [2010/06/03 18:31:30 | 000,863,673 | ---- | C] () -- C:\Users\christelle\Documents\PLANNINGDERESTITUTIONDESMANUELSSCOLAIRES.zip [2010/06/03 18:25:09 | 000,714,752 | ---- | C] () -- C:\Users\christelle\Documents\Etupensidifareunbruttolavoro.pps [2010/06/01 20:39:19 | 000,081,408 | ---- | C] () -- C:\Users\christelle\Documents\Résultats3°.xls [2010/05/26 19:24:25 | 000,274,432 | ---- | C] () -- C:\Windows\System32\LXBVinst.dll [2010/05/24 19:34:52 | 000,823,808 | ---- | C] () -- C:\Windows\System32\drivers\dufyvjd.sys [2009/10/28 14:29:40 | 000,000,940 | ---- | C] () -- C:\Windows\bdoscandellang.ini [2009/10/08 01:33:24 | 000,000,021 | ---- | C] () -- C:\Windows\Progs_.ini [2009/09/24 01:07:49 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll [2009/07/09 17:15:50 | 000,000,006 | ---- | C] () -- C:\Windows\msoffice.ini [2009/04/22 22:59:36 | 000,000,004 | ---- | C] () -- C:\Windows\System32\Vbbd.dll [2009/03/30 13:40:31 | 000,044,544 | ---- | C] () -- C:\Windows\System32\GIF89.DLL [2009/03/18 18:40:12 | 000,000,384 | ---- | C] () -- C:\Windows\disney.ini [2009/03/08 16:49:06 | 000,000,330 | ---- | C] () -- C:\Windows\Lexstat.ini [2009/03/05 18:23:35 | 000,027,115 | ---- | C] () -- C:\Windows\Ascd_log.ini [2009/03/05 18:22:55 | 000,007,680 | ---- | C] () -- C:\Windows\System32\drivers\ASACPI.sys [2009/03/05 18:22:49 | 000,026,874 | ---- | C] () -- C:\Windows\Ascd_tmp.ini [2008/03/28 18:41:32 | 000,007,680 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll [2007/12/29 01:22:02 | 000,010,296 | ---- | C] () -- C:\Windows\System32\drivers\ASUSHWIO.SYS [2007/07/10 17:10:12 | 000,000,547 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll.manifest [2007/04/24 12:47:28 | 000,413,696 | ---- | C] () -- C:\Windows\System32\lxbvutil.dll [2007/02/22 19:32:00 | 000,344,064 | ---- | C] () -- C:\Windows\System32\lxbvcoin.dll [2006/11/02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll [2006/11/02 10:27:46 | 000,000,518 | ---- | C] () -- C:\Windows\System32\SP207.INI [2006/11/02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini [2005/10/26 04:12:10 | 000,040,960 | ---- | C] () -- C:\Windows\System32\lxbvvs.dll ========== Alternate Data Streams ========== @Alternate Data Stream - 1225 bytes -> C:\Users\christelle\Documents\défautdelivre.eml:OECustomProperty < End of report >

Voilà pour ODT : All processes killed ========== FILES ========== File\Folder C:\Program Files\Winsudate not found. Unable to delete ADS C:\Users\christelle\clic.avi:TOC.WMV . Unable to delete ADS C:\ProgramData\TEMP:DFC5A2B2 . ========== SERVICES/DRIVERS ========== Service WinSvc stopped successfully! Service WinSvc deleted successfully! ========== REGISTRY ========== Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSvc\ not found. ========== COMMANDS ========== [EMPTYTEMP] User: All Users User: christelle ->Temp folder emptied: 41561 bytes ->Temporary Internet Files folder emptied: 58054464 bytes ->Java cache emptied: 0 bytes ->Google Chrome cache emptied: 0 bytes ->Flash cache emptied: 3474 bytes User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: matthieu ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Java cache emptied: 0 bytes ->Flash cache emptied: 0 bytes User: Public %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 1228940 bytes RecycleBin emptied: 1120523798 bytes Total Files Cleaned = 1 125,00 mb [EMPTYFLASH] User: All Users User: christelle ->Flash cache emptied: 0 bytes User: Default User: Default User User: matthieu ->Flash cache emptied: 0 bytes User: Public Total Flash Files Cleaned = 0,00 mb Et voilà pour GMER : GMER 1.0.15.15281 - GMER - Rootkit Detector and Remover Rootkit scan 2010-06-27 22:03:25 Windows 6.0.6002 Service Pack 2 Running: gmer.exe; Driver: C:\Users\CHRIST~1\AppData\Local\Temp\kgnoipoc.sys ---- Kernel code sections - GMER 1.0.15 ---- .text ntkrnlpa.exe!KeSetEvent + 221 820E1984 4 Bytes [6C, BA, AF, 9B] .text ntkrnlpa.exe!KeSetEvent + 3F1 820E1B54 4 Bytes [58, BA, AF, 9B] .text ntkrnlpa.exe!KeSetEvent + 40D 820E1B70 4 Bytes [5D, BA, AF, 9B] .text ntkrnlpa.exe!KeSetEvent + 621 820E1D84 4 Bytes [67, BA, AF, 9B] ? System32\Drivers\dufyvjd.sys Un périphérique attaché au système ne fonctionne pas correctement. ! ---- EOF - GMER 1.0.15 ----

Est-ce cela que je dois copier-coller ? En fait, à la fin OTL m'a indiqué que je devais redémarrer l'ordi pour terminer le processus mais aucune boîte ne s'est ouverte. All processes killed ========== OTL ========== Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found. Registry value HKEY_USERS\S-1-5-21-3384554939-569170500-819879126-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}\ not found. Unable to delete ADS C:\Users\christelle\clic.avi:TOC.WMV . ADS C:\Users\christelle\Documents\défautdelivre.eml:OECustomProperty deleted successfully. Unable to delete ADS C:\ProgramData\TEMP:DFC5A2B2 . ========== FILES ========== File move failed. C:\Windows\System32\drivers\dufyvjd.sys scheduled to be moved on reboot. ========== COMMANDS ========== [EMPTYTEMP] User: All Users User: christelle ->Temp folder emptied: 186083 bytes ->Temporary Internet Files folder emptied: 70741757 bytes ->Java cache emptied: 0 bytes ->Google Chrome cache emptied: 0 bytes ->Flash cache emptied: 2639 bytes User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: matthieu ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Java cache emptied: 0 bytes ->Flash cache emptied: 0 bytes User: Public %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 2005701 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 70,00 mb [EMPTYFLASH] User: All Users User: christelle ->Flash cache emptied: 0 bytes User: Default User: Default User User: matthieu ->Flash cache emptied: 0 bytes User: Public Total Flash Files Cleaned = 0,00 mb C:\Windows\System32\drivers\etc\Hosts moved successfully. HOSTS file reset successfully OTL by OldTimer - Version 3.2.7.0 log created on 06272010_120854 Files\Folders moved on Reboot... File\Folder C:\Windows\System32\drivers\dufyvjd.sys not found! Registry entries deleted on Reboot...

Voilà le rapport, je l'envoie avant de redémarrer l'ordi. Je referai un scan si les éléments ont été ou non supprimés car j'avais déjà tenté de les supprimer avec malwarebyte's mais ça n'avait pas fonctionné. alwarebytes' Anti-Malware 1.46 www.malwarebytes.org Version de la base de données: 4243 Windows 6.0.6002 Service Pack 2 Internet Explorer 8.0.6001.18928 26/06/2010 18:18:15 mbam-log-2010-06-26 (18-18-15).txt Type d'examen: Examen rapide Elément(s) analysé(s): 134462 Temps écoulé: 3 minute(s), 41 seconde(s) Processus mémoire infecté(s): 0 Module(s) mémoire infecté(s): 0 Clé(s) du Registre infectée(s): 1 Valeur(s) du Registre infectée(s): 0 Elément(s) de données du Registre infecté(s): 0 Dossier(s) infecté(s): 0 Fichier(s) infecté(s): 1 Processus mémoire infecté(s): (Aucun élément nuisible détecté) Module(s) mémoire infecté(s): (Aucun élément nuisible détecté) Clé(s) du Registre infectée(s): HKEY_CURRENT_USER\Software\Winsudate (Adware.édité) -> Quarantined and deleted successfully. Valeur(s) du Registre infectée(s): (Aucun élément nuisible détecté) Elément(s) de données du Registre infecté(s): (Aucun élément nuisible détecté) Dossier(s) infecté(s): (Aucun élément nuisible détecté) Fichier(s) infecté(s): C:\Windows\system32\Drivers\dufyvjd.sys (Rootkit.Agent) -> Quarantined and deleted successfully. Après redémarrage de la machine, le rootkit n'est toujours pas supprimé même si c'est annoncé : Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Version de la base de données: 4243 Windows 6.0.6002 Service Pack 2 Internet Explorer 8.0.6001.18928 27/06/2010 00:36:34 mbam-log-2010-06-27 (00-36-34).txt Type d'examen: Examen rapide Elément(s) analysé(s): 134761 Temps écoulé: 3 minute(s), 25 seconde(s) Processus mémoire infecté(s): 0 Module(s) mémoire infecté(s): 0 Clé(s) du Registre infectée(s): 0 Valeur(s) du Registre infectée(s): 0 Elément(s) de données du Registre infecté(s): 0 Dossier(s) infecté(s): 0 Fichier(s) infecté(s): 1 Processus mémoire infecté(s): (Aucun élément nuisible détecté) Module(s) mémoire infecté(s): (Aucun élément nuisible détecté) Clé(s) du Registre infectée(s): (Aucun élément nuisible détecté) Valeur(s) du Registre infectée(s): (Aucun élément nuisible détecté) Elément(s) de données du Registre infecté(s): (Aucun élément nuisible détecté) Dossier(s) infecté(s): (Aucun élément nuisible détecté) Fichier(s) infecté(s): C:\Windows\system32\Drivers\dufyvjd.sys (Rootkit.Agent) -> No action taken.

Il a fallu que je répare avec Vista car le fichier dans lequel ce rootkit est placé semblait avoir endommagé le démarrage de Windows. J'ai fait ce que tu m'as dit : ici OTL.Txt OTL logfile created on: 26/06/2010 12:49:59 - Run 1 OTL by OldTimer - Version 3.2.7.0 Folder = C:\Users\christelle\Desktop Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18928) Locale: 0000040c | Country: France | Language: FRA | Date Format: dd/MM/yyyy 3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 67,00% Memory free 6,00 Gb Paging File | 5,00 Gb Available in Paging File | 83,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 97,66 Gb Total Space | 37,22 Gb Free Space | 38,12% Space Free | Partition Type: NTFS Drive D: | 200,43 Gb Total Space | 166,84 Gb Free Space | 83,24% Space Free | Partition Type: NTFS Drive E: | 2,84 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: PC-DE-CHRISTELL Current User Name: christelle Logged in as Administrator. Current Boot Mode: Normal Scan Mode: All users Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Standard ========== Processes (SafeList) ========== PRC - [2010/06/26 12:49:13 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Users\christelle\Desktop\OTL.exe PRC - [2010/04/27 17:39:10 | 000,185,089 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe PRC - [2010/04/27 17:39:10 | 000,108,289 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe PRC - [2009/04/11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2009/04/11 08:27:20 | 000,088,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\audiodg.exe PRC - [2009/03/02 13:08:11 | 000,209,153 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe PRC - [2007/06/21 13:44:34 | 000,054,576 | ---- | M] (AOL) -- C:\Program Files\AOL 9.0 VR\shellmon.exe PRC - [2007/05/24 10:15:27 | 000,039,472 | ---- | M] (AOL, LLC.) -- C:\Program Files\AOL 9.0 VR\waol.exe PRC - [2007/04/02 14:33:32 | 000,063,120 | ---- | M] (AOL LLC) -- C:\Program Files\Common Files\AOL\Topspeed\3.0\aoltpsd3.exe PRC - [2006/10/23 14:50:35 | 000,046,640 | R--- | M] (AOL LLC) -- C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe PRC - [2006/09/26 02:52:48 | 000,050,736 | ---- | M] (America Online, Inc.) -- C:\Program Files\Common Files\AOL\1253547102\ee\aolsoftware.exe ========== Modules (SafeList) ========== MOD - [2010/06/26 12:49:13 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Users\christelle\Desktop\OTL.exe MOD - [2009/04/11 08:21:38 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll MOD - [2008/01/21 04:24:37 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msscript.ocx ========== Win32 Services (SafeList) ========== SRV - File not found [Auto | Stopped] -- -- (WinSvc) SRV - [2010/06/18 20:29:22 | 000,395,048 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2010/04/27 17:39:10 | 000,185,089 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2010/04/27 17:39:10 | 000,108,289 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2010/04/03 16:59:00 | 000,240,232 | ---- | M] (NVIDIA Corporation) [Disabled | Stopped] -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service) SRV - [2009/09/25 03:27:04 | 000,793,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache) SRV - [2009/01/26 16:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Disabled | Stopped] -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService) SRV - [2008/10/20 21:18:26 | 000,071,096 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\CDBurnerXP\NMSAccessU.exe -- (NMSAccessU) SRV - [2008/01/21 04:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend) SRV - [2007/04/25 14:18:48 | 000,537,520 | ---- | M] ( ) [Disabled | Stopped] -- C:\Windows\System32\lxbvcoms.exe -- (lxbv_device) SRV - [2006/10/23 14:50:35 | 000,046,640 | R--- | M] (AOL LLC) [Auto | Running] -- C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe -- (AOL ACS) ========== Driver Services (SafeList) ========== DRV - [2010/04/27 17:39:10 | 000,056,816 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt) DRV - [2010/04/27 17:39:10 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2010/04/04 00:55:31 | 011,573,800 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm) DRV - [2009/03/30 10:32:47 | 000,096,104 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb) DRV - [2009/02/13 12:34:33 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio) DRV - [2008/07/25 14:09:50 | 000,870,400 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\viahduaa.sys -- (VIAHdAudAddService) DRV - [2008/03/25 23:38:20 | 001,048,480 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvmfdx32.sys -- (NVENETFD) DRV - [2008/01/21 04:23:27 | 000,386,616 | ---- | M] (LSI Corporation, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasr.sys -- (MegaSR) DRV - [2008/01/21 04:23:27 | 000,149,560 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320) DRV - [2008/01/21 04:23:27 | 000,031,288 | ---- | M] (LSI Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas) DRV - [2008/01/21 04:23:26 | 000,101,432 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m) DRV - [2008/01/21 04:23:26 | 000,074,808 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4) DRV - [2008/01/21 04:23:26 | 000,040,504 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs) DRV - [2008/01/21 04:23:25 | 000,300,600 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci) DRV - [2008/01/21 04:23:25 | 000,089,656 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS) DRV - [2008/01/21 04:23:24 | 001,122,360 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300) DRV - [2008/01/21 04:23:24 | 000,118,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel® DRV - [2008/01/21 04:23:24 | 000,079,928 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas) DRV - [2008/01/21 04:23:23 | 000,235,064 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV) DRV - [2008/01/21 04:23:23 | 000,130,616 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid) DRV - [2008/01/21 04:23:23 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2) DRV - [2008/01/21 04:23:23 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI) DRV - [2008/01/21 04:23:23 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC) DRV - [2008/01/21 04:23:23 | 000,079,416 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc) DRV - [2008/01/21 04:23:22 | 000,342,584 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor) DRV - [2008/01/21 04:23:21 | 000,422,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx) DRV - [2008/01/21 04:23:21 | 000,102,968 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid) DRV - [2008/01/21 04:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor) DRV - [2008/01/21 04:23:20 | 000,238,648 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci) DRV - [2008/01/21 04:23:00 | 000,020,024 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide) DRV - [2008/01/21 04:23:00 | 000,019,000 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide) DRV - [2008/01/21 04:23:00 | 000,017,464 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide) DRV - [2007/04/13 19:30:39 | 000,025,136 | ---- | M] (America Online) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atwpkt2.sys -- (ATWPKT2) DRV - [2006/12/05 12:34:42 | 000,507,136 | ---- | M] (PixArt Imaging Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\PFC027.SYS -- (PAC207) DRV - [2006/11/30 00:24:57 | 000,033,588 | ---- | M] (America Online, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\wanatw4.sys -- (wanatw) WAN Miniport (ATW) DRV - [2006/11/02 11:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx) DRV - [2006/11/02 11:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata) DRV - [2006/11/02 11:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960) DRV - [2006/11/02 11:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp) DRV - [2006/11/02 11:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx) DRV - [2006/11/02 11:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid) DRV - [2006/11/02 11:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi) DRV - [2006/11/02 11:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx) DRV - [2006/11/02 11:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3) DRV - [2006/11/02 11:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x) DRV - [2006/11/02 11:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi) DRV - [2006/11/02 10:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM) DRV - [2006/11/02 10:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer) DRV - [2006/11/02 10:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp) DRV - [2006/11/02 10:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo) DRV - [2006/11/02 10:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm) DRV - [2006/11/02 10:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm) DRV - [2006/11/02 09:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi) DRV - [2006/10/18 07:44:48 | 000,007,680 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ASACPI.sys -- (MTsensor) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = Recherche écologique sur Durable.com IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Recherche écologique sur Durable.com IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = Recherche écologique sur Durable.com IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-3384554939-569170500-819879126-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = Recherche écologique sur Durable.com IE - HKU\S-1-5-21-3384554939-569170500-819879126-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = Recherche écologique sur Durable.com IE - HKU\S-1-5-21-3384554939-569170500-819879126-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Durable.com IE - HKU\S-1-5-21-3384554939-569170500-819879126-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.durable.com/result?cx=partner-pub-7902900401080901%3Azbljezwsgul&cof=FORID%3A10&ie=UTF-8&q={searchTerms} IE - HKU\S-1-5-21-3384554939-569170500-819879126-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Google IE - HKU\S-1-5-21-3384554939-569170500-819879126-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKU\S-1-5-21-3384554939-569170500-819879126-1000\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = Recherche écologique sur Durable.com IE - HKU\S-1-5-21-3384554939-569170500-819879126-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 O1 HOSTS File: ([2010/02/27 00:18:02 | 000,380,255 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: ::1 localhost O1 - Hosts: 127.0.0.1 www.007guard.com O1 - Hosts: 127.0.0.1 007guard.com O1 - Hosts: 127.0.0.1 008i.com O1 - Hosts: 127.0.0.1 www.008k.com O1 - Hosts: 127.0.0.1 008k.com O1 - Hosts: 127.0.0.1 www.00hq.com O1 - Hosts: 127.0.0.1 00hq.com O1 - Hosts: 127.0.0.1 010402.com O1 - Hosts: 127.0.0.1 www.032439.com O1 - Hosts: 127.0.0.1 032439.com O1 - Hosts: 127.0.0.1 www.0scan.com O1 - Hosts: 127.0.0.1 0scan.com O1 - Hosts: 127.0.0.1 1000gratisproben.com O1 - Hosts: 127.0.0.1 www.1000gratisproben.com O1 - Hosts: 127.0.0.1 1001namen.com O1 - Hosts: 127.0.0.1 www.1001namen.com O1 - Hosts: 127.0.0.1 100888290cs.com O1 - Hosts: 127.0.0.1 www.100888290cs.com O1 - Hosts: 127.0.0.1 www.100sexlinks.com O1 - Hosts: 127.0.0.1 100sexlinks.com O1 - Hosts: 127.0.0.1 10sek.com O1 - Hosts: 127.0.0.1 www.10sek.com O1 - Hosts: 127.0.0.1 www.1-2005-search.com O1 - Hosts: 127.0.0.1 1-2005-search.com O1 - Hosts: 13102 more lines... O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found. O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll (Safer Networking Limited) O2 - BHO: (jZip Webmail plugin) - {647FD14A-C4F1-46F4-8FC3-0B40F54226F7} - C:\Program Files\jZip\WebmailPlugin.dll (Discordia Limited) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll (Google Inc.) O3 - HKU\S-1-5-21-3384554939-569170500-819879126-1000\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found. O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation) O4 - HKU\S-1-5-21-3384554939-569170500-819879126-1000..\Run: [AOL Fast Start] C:\Program Files\AOL 9.0 VR\AOL.EXE (AOL) O4 - HKLM..\RunOnce: [*WerKernelReporting] C:\Windows\System32\WerFault.exe (Microsoft Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 28 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-3384554939-569170500-819879126-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-3384554939-569170500-819879126-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2 O7 - HKU\S-1-5-21-3384554939-569170500-819879126-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1 O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.) O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll (Google Inc.) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll (Safer Networking Limited) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation) O13 - gopher Prefix: missing O15 - HKU\S-1-5-21-3384554939-569170500-819879126-1000\..Trusted Domains: aol.com ([objects] * is out of zone range - 5) O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} http://www.zebulon.fr/outils/antivirus/kavwebscan_unicode.cab (Reg Error: Key error.) O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} http://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab (System Requirements Lab Class) O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} http://download.bitdefender.com/resources/scanner/sources/fr/scan8/oscan8.cab (BDSCANONLINE Control) O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} http://www.virustraq.com/img/scan_virus/webscan.cab (WScanCtl Class) O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Facebook Photo Uploader 5 Control) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.138 O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Users\christelle\AppData\Roaming\Microsoft\Windows Photo Gallery\Papier peint de la Galerie de photos Windows.jpg O24 - Desktop BackupWallPaper: C:\Users\christelle\AppData\Roaming\Microsoft\Windows Photo Gallery\Papier peint de la Galerie de photos Windows.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006/09/18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O32 - AutoRun File - [2008/01/19 22:00:00 | 000,000,043 | R--- | M] () - E:\autorun.inf -- [ UDF ] O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2010/06/26 12:49:10 | 000,574,464 | ---- | C] (OldTimer Tools) -- C:\Users\christelle\Desktop\OTL.exe [2010/06/26 10:09:09 | 000,000,000 | ---D | C] -- C:\Users\christelle\Documents\RIMG0226 [2010/06/26 10:07:35 | 000,000,000 | ---D | C] -- C:\Users\christelle\Documents\RIMG0219 [2010/06/23 03:00:16 | 000,295,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationHost.exe [2010/06/23 03:00:16 | 000,099,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationHostProxy.dll [2010/06/23 03:00:16 | 000,049,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netfxperf.dll [2010/06/22 20:21:48 | 004,240,384 | ---- | C] (Microsoft) -- C:\Windows\System32\GameUXLegacyGDFs.dll [2010/06/22 20:21:48 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Apphlpdm.dll [2010/06/22 14:57:32 | 000,000,000 | ---D | C] -- C:\ProgramData\F-Secure [2010/06/20 20:13:04 | 000,000,000 | ---D | C] -- C:\Users\christelle\Documents\EDTélèves [2010/06/18 18:14:33 | 000,000,000 | ---D | C] -- C:\Users\christelle\Documents\AUJOURLEJOUR21.06 [2010/06/16 21:31:31 | 000,000,000 | --SD | C] -- C:\Users\christelle\Documents\Mes sources de données [2010/06/11 23:15:47 | 000,000,000 | ---D | C] -- C:\Users\christelle\Documents\AUJOURLEJOUR14.06 [2010/06/10 08:02:17 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\asycfilt.dll [2010/06/10 08:02:15 | 000,289,792 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll [2010/06/10 08:02:15 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll [2010/06/10 08:01:59 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb [2010/06/10 08:01:59 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl [2010/06/10 08:01:59 | 000,611,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll [2010/06/10 08:01:59 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll [2010/06/10 08:01:59 | 000,387,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll [2010/06/10 08:01:59 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll [2010/06/10 08:01:59 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe [2010/06/10 08:01:59 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll [2010/06/10 08:01:59 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe [2010/06/10 08:01:59 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll [2010/06/10 08:01:59 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll [2010/06/10 08:01:59 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll [2010/06/10 08:01:59 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll [2010/06/10 08:01:59 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll [2010/06/10 08:01:59 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe [2010/06/10 08:01:37 | 002,037,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys [2010/06/09 10:28:28 | 000,000,000 | ---D | C] -- C:\Users\christelle\AppData\Roaming\ArchiFacile [2010/06/08 18:02:32 | 000,000,000 | ---D | C] -- C:\Users\christelle\Documents\AR-M351U_20100608_133448_Compressed [2010/06/03 18:31:41 | 000,000,000 | ---D | C] -- C:\Users\christelle\Documents\PLANNINGDERESTITUTIONDESMANUELSSCOLAIRES [2010/05/31 21:47:13 | 000,000,000 | ---D | C] -- C:\Users\christelle\AdSigner [2010/05/26 19:24:25 | 000,323,584 | ---- | C] ( ) -- C:\Windows\System32\LXBVhcp.dll [2007/04/04 12:40:30 | 000,643,072 | ---- | C] ( ) -- C:\Windows\System32\lxbvpmui.dll [2007/04/04 12:39:22 | 001,224,704 | ---- | C] ( ) -- C:\Windows\System32\lxbvserv.dll [2007/04/04 12:34:14 | 000,421,888 | ---- | C] ( ) -- C:\Windows\System32\lxbvcomm.dll [2007/04/04 12:32:50 | 000,585,728 | ---- | C] ( ) -- C:\Windows\System32\lxbvlmpm.dll [2007/04/04 12:31:40 | 000,397,312 | ---- | C] ( ) -- C:\Windows\System32\lxbviesc.dll [2007/04/04 12:29:30 | 000,094,208 | ---- | C] ( ) -- C:\Windows\System32\lxbvpplc.dll [2007/04/04 12:28:44 | 000,684,032 | ---- | C] ( ) -- C:\Windows\System32\lxbvcomc.dll [2007/04/04 12:28:12 | 000,163,840 | ---- | C] ( ) -- C:\Windows\System32\lxbvprox.dll [2007/04/04 12:22:26 | 000,413,696 | ---- | C] ( ) -- C:\Windows\System32\lxbvinpa.dll [2007/04/04 12:21:52 | 000,995,328 | ---- | C] ( ) -- C:\Windows\System32\lxbvusb1.dll [2007/04/04 12:18:20 | 000,696,320 | ---- | C] ( ) -- C:\Windows\System32\lxbvhbn3.dll [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2010/06/26 12:51:16 | 000,823,808 | ---- | M] () -- C:\Windows\System32\drivers\dufyvjd.sys [2010/06/26 12:50:48 | 010,223,616 | -HS- | M] () -- C:\Users\christelle\ntuser.dat [2010/06/26 12:49:13 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Users\christelle\Desktop\OTL.exe [2010/06/26 12:43:32 | 000,001,000 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job [2010/06/26 12:41:15 | 000,001,050 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2010/06/26 12:41:07 | 000,003,712 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2010/06/26 12:41:07 | 000,003,712 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2010/06/26 12:41:05 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT [2010/06/26 12:41:03 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2010/06/26 10:09:09 | 006,206,040 | ---- | M] () -- C:\Users\christelle\Documents\RIMG0226.zip [2010/06/26 10:07:35 | 006,214,674 | ---- | M] () -- C:\Users\christelle\Documents\RIMG0219.zip [2010/06/26 01:47:10 | 000,524,288 | -HS- | M] () -- C:\Users\christelle\ntuser.dat{2b29ccfc-f2ec-11de-b8ad-00038a000015}.TMContainer00000000000000000001.regtrans-ms [2010/06/26 01:47:10 | 000,065,536 | -HS- | M] () -- C:\Users\christelle\ntuser.dat{2b29ccfc-f2ec-11de-b8ad-00038a000015}.TM.blf [2010/06/25 22:53:00 | 000,001,054 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2010/06/25 09:08:48 | 001,470,810 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI [2010/06/25 09:08:48 | 000,669,328 | ---- | M] () -- C:\Windows\System32\perfh00C.dat [2010/06/25 09:08:48 | 000,586,980 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2010/06/25 09:08:48 | 000,123,350 | ---- | M] () -- C:\Windows\System32\perfc00C.dat [2010/06/25 09:08:48 | 000,101,052 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2010/06/24 19:10:36 | 001,542,075 | -H-- | M] () -- C:\Users\christelle\AppData\Local\IconCache.db [2010/06/24 00:23:25 | 000,002,687 | ---- | M] () -- C:\Users\christelle\Desktop\Microsoft Office Word 2007.lnk [2010/06/21 00:20:20 | 000,064,307 | ---- | M] () -- C:\Users\christelle\Documents\TROP_FORT1.pdf [2010/06/20 20:40:58 | 000,944,350 | ---- | M] () -- C:\Users\christelle\Documents\quentin.skp [2010/06/20 20:13:04 | 000,482,513 | ---- | M] () -- C:\Users\christelle\Documents\EDTélèves.zip [2010/06/20 17:27:31 | 000,058,368 | ---- | M] () -- C:\Users\christelle\Documents\Fiche profs mardi.doc [2010/06/19 20:00:00 | 000,000,414 | ---- | M] () -- C:\Windows\tasks\Registry Winner Schedule.job [2010/06/18 18:14:33 | 000,568,157 | ---- | M] () -- C:\Users\christelle\Documents\AUJOURLEJOUR21.06.zip [2010/06/18 09:07:02 | 346,173,701 | ---- | M] () -- C:\Windows\MEMORY.DMP [2010/06/18 01:09:30 | 000,000,664 | RHS- | M] () -- C:\Users\christelle\ntuser.pol [2010/06/18 01:06:02 | 000,006,460 | ---- | M] () -- C:\Users\christelle\Documents\élèves inscrits.odt [2010/06/16 19:19:09 | 004,321,386 | ---- | M] () -- C:\Users\christelle\Documents\Maison Camille.skp [2010/06/16 15:08:59 | 066,594,580 | ---- | M] () -- C:\Users\christelle\Documents\Maisons Camille et Quentin.skp [2010/06/14 23:03:37 | 000,060,273 | ---- | M] () -- C:\Users\christelle\Documents\organisationsemainederévision.pdf [2010/06/14 19:56:16 | 046,778,819 | ---- | M] () -- C:\Users\christelle\Documents\1.skb [2010/06/14 19:54:37 | 066,614,278 | ---- | M] () -- C:\Users\christelle\Documents\EnregistrementAuto_Maison Camille.skp [2010/06/13 20:36:32 | 063,450,158 | ---- | M] () -- C:\Users\christelle\Documents\Maison Camille.skb [2010/06/13 18:07:27 | 000,010,389 | ---- | M] () -- C:\Users\christelle\Documents\ne de révisions Christelle.odt [2010/06/13 12:04:46 | 031,542,335 | ---- | M] () -- C:\Users\christelle\Documents\0.skb [2010/06/13 11:58:22 | 032,630,210 | ---- | M] () -- C:\Users\christelle\Documents\EnregistrementAuto_Sketchup 4.skp [2010/06/12 23:40:17 | 027,832,074 | ---- | M] () -- C:\Users\christelle\Documents\Sketchup 4.skp [2010/06/12 11:50:42 | 000,000,000 | ---- | M] () -- C:\Users\christelle\Desktop\0.skb [2010/06/12 11:44:58 | 021,145,675 | ---- | M] () -- C:\Users\christelle\Documents\EnregistrementAuto_Sans titre_2.skp [2010/06/12 10:47:55 | 006,877,421 | ---- | M] () -- C:\Users\christelle\Documents\EnregistrementAuto_Sans titre_1.skp [2010/06/11 23:15:47 | 000,267,656 | ---- | M] () -- C:\Users\christelle\Documents\AUJOURLEJOUR14.06.zip [2010/06/11 21:17:34 | 055,713,681 | ---- | M] () -- C:\Users\christelle\Documents\EnregistrementAuto_Sans titre.skp [2010/06/11 19:38:59 | 000,022,016 | ---- | M] () -- C:\Users\christelle\Documents\Akim.doc [2010/06/10 20:31:49 | 000,387,776 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2010/06/09 10:42:20 | 000,001,498 | ---- | M] () -- C:\Users\Public\Desktop\Google SketchUp 7.lnk [2010/06/08 18:02:32 | 000,293,385 | ---- | M] () -- C:\Users\christelle\Documents\AR-M351U_20100608_133448_Compressed.zip [2010/06/04 18:20:12 | 000,049,664 | ---- | M] () -- C:\Users\christelle\Documents\AUJOURLEJOUR07.06.doc [2010/06/04 18:19:41 | 000,493,568 | ---- | M] () -- C:\Users\christelle\Documents\NDSn°104ChallengeDavini.doc [2010/06/03 22:42:56 | 000,067,584 | ---- | M] () -- C:\Users\christelle\Documents\Fichedevoeux.doc [2010/06/03 22:42:34 | 000,178,197 | ---- | M] () -- C:\Users\christelle\Documents\Fichedevoeux.pdf [2010/06/03 21:29:08 | 000,000,214 | ---- | M] () -- C:\Users\christelle\Desktop\Ricochet Infinity.url [2010/06/03 18:31:41 | 000,863,673 | ---- | M] () -- C:\Users\christelle\Documents\PLANNINGDERESTITUTIONDESMANUELSSCOLAIRES.zip [2010/06/03 18:25:19 | 000,714,752 | ---- | M] () -- C:\Users\christelle\Documents\Etupensidifareunbruttolavoro.pps [2010/06/01 20:39:20 | 000,081,408 | ---- | M] () -- C:\Users\christelle\Documents\Résultats3°.xls [2010/05/28 22:09:41 | 000,053,365 | ---- | M] () -- C:\ProgramData\nvModes.dat [2010/05/28 22:09:41 | 000,053,365 | ---- | M] () -- C:\ProgramData\nvModes.001 [2010/05/27 15:28:55 | 000,495,104 | ---- | M] () -- C:\Users\christelle\Documents\NDSn°99Conférencemaths.doc [2010/05/27 13:01:32 | 000,494,592 | ---- | M] () -- C:\Users\christelle\Documents\NDSn°98PP5ème.doc [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2010/06/26 10:07:59 | 006,206,040 | ---- | C] () -- C:\Users\christelle\Documents\RIMG0226.zip [2010/06/26 10:06:22 | 006,214,674 | ---- | C] () -- C:\Users\christelle\Documents\RIMG0219.zip [2010/06/21 00:20:17 | 000,064,307 | ---- | C] () -- C:\Users\christelle\Documents\TROP_FORT1.pdf [2010/06/20 20:40:57 | 000,944,350 | ---- | C] () -- C:\Users\christelle\Documents\quentin.skp [2010/06/20 20:12:57 | 000,482,513 | ---- | C] () -- C:\Users\christelle\Documents\EDTélèves.zip [2010/06/20 17:27:31 | 000,058,368 | ---- | C] () -- C:\Users\christelle\Documents\Fiche profs mardi.doc [2010/06/18 18:14:19 | 000,568,157 | ---- | C] () -- C:\Users\christelle\Documents\AUJOURLEJOUR21.06.zip [2010/06/18 01:05:51 | 000,006,460 | ---- | C] () -- C:\Users\christelle\Documents\élèves inscrits.odt [2010/06/16 15:08:20 | 066,594,580 | ---- | C] () -- C:\Users\christelle\Documents\Maisons Camille et Quentin.skp [2010/06/14 23:03:35 | 000,060,273 | ---- | C] () -- C:\Users\christelle\Documents\organisationsemainederévision.pdf [2010/06/14 19:55:53 | 063,450,158 | ---- | C] () -- C:\Users\christelle\Documents\Maison Camille.skb [2010/06/14 19:55:53 | 046,778,819 | ---- | C] () -- C:\Users\christelle\Documents\1.skb [2010/06/14 19:54:10 | 066,614,278 | ---- | C] () -- C:\Users\christelle\Documents\EnregistrementAuto_Maison Camille.skp [2010/06/13 20:35:55 | 004,321,386 | ---- | C] () -- C:\Users\christelle\Documents\Maison Camille.skp [2010/06/13 18:07:26 | 000,010,389 | ---- | C] () -- C:\Users\christelle\Documents\ne de révisions Christelle.odt [2010/06/13 12:03:27 | 031,542,335 | ---- | C] () -- C:\Users\christelle\Documents\0.skb [2010/06/13 11:23:48 | 032,630,210 | ---- | C] () -- C:\Users\christelle\Documents\EnregistrementAuto_Sketchup 4.skp [2010/06/12 23:39:50 | 027,832,074 | ---- | C] () -- C:\Users\christelle\Documents\Sketchup 4.skp [2010/06/12 11:50:42 | 000,000,000 | ---- | C] () -- C:\Users\christelle\Desktop\0.skb [2010/06/12 11:19:04 | 021,145,675 | ---- | C] () -- C:\Users\christelle\Documents\EnregistrementAuto_Sans titre_2.skp [2010/06/12 10:39:36 | 006,877,421 | ---- | C] () -- C:\Users\christelle\Documents\EnregistrementAuto_Sans titre_1.skp [2010/06/11 23:15:43 | 000,267,656 | ---- | C] () -- C:\Users\christelle\Documents\AUJOURLEJOUR14.06.zip [2010/06/11 19:38:59 | 000,022,016 | ---- | C] () -- C:\Users\christelle\Documents\Akim.doc [2010/06/11 17:39:46 | 055,713,681 | ---- | C] () -- C:\Users\christelle\Documents\EnregistrementAuto_Sans titre.skp [2010/06/09 10:42:20 | 000,001,498 | ---- | C] () -- C:\Users\Public\Desktop\Google SketchUp 7.lnk [2010/06/08 18:02:27 | 000,293,385 | ---- | C] () -- C:\Users\christelle\Documents\AR-M351U_20100608_133448_Compressed.zip [2010/06/04 18:20:11 | 000,049,664 | ---- | C] () -- C:\Users\christelle\Documents\AUJOURLEJOUR07.06.doc [2010/06/04 18:19:35 | 000,493,568 | ---- | C] () -- C:\Users\christelle\Documents\NDSn°104ChallengeDavini.doc [2010/06/03 22:42:33 | 000,178,197 | ---- | C] () -- C:\Users\christelle\Documents\Fichedevoeux.pdf [2010/06/03 18:31:30 | 000,863,673 | ---- | C] () -- C:\Users\christelle\Documents\PLANNINGDERESTITUTIONDESMANUELSSCOLAIRES.zip [2010/06/03 18:25:09 | 000,714,752 | ---- | C] () -- C:\Users\christelle\Documents\Etupensidifareunbruttolavoro.pps [2010/06/01 20:39:19 | 000,081,408 | ---- | C] () -- C:\Users\christelle\Documents\Résultats3°.xls [2010/05/27 15:28:49 | 000,495,104 | ---- | C] () -- C:\Users\christelle\Documents\NDSn°99Conférencemaths.doc [2010/05/27 13:01:26 | 000,494,592 | ---- | C] () -- C:\Users\christelle\Documents\NDSn°98PP5ème.doc [2010/05/26 19:24:25 | 000,274,432 | ---- | C] () -- C:\Windows\System32\LXBVinst.dll [2010/05/24 19:34:52 | 000,823,808 | ---- | C] () -- C:\Windows\System32\drivers\dufyvjd.sys [2009/10/28 14:29:40 | 000,000,940 | ---- | C] () -- C:\Windows\bdoscandellang.ini [2009/10/08 01:33:24 | 000,000,021 | ---- | C] () -- C:\Windows\Progs_.ini [2009/09/24 01:07:49 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll [2009/07/09 17:15:50 | 000,000,006 | ---- | C] () -- C:\Windows\msoffice.ini [2009/04/22 22:59:36 | 000,000,004 | ---- | C] () -- C:\Windows\System32\Vbbd.dll [2009/03/30 13:40:31 | 000,044,544 | ---- | C] () -- C:\Windows\System32\GIF89.DLL [2009/03/18 18:40:12 | 000,000,384 | ---- | C] () -- C:\Windows\disney.ini [2009/03/08 16:49:06 | 000,000,330 | ---- | C] () -- C:\Windows\Lexstat.ini [2009/03/05 18:23:35 | 000,027,115 | ---- | C] () -- C:\Windows\Ascd_log.ini [2009/03/05 18:22:55 | 000,007,680 | ---- | C] () -- C:\Windows\System32\drivers\ASACPI.sys [2009/03/05 18:22:49 | 000,026,874 | ---- | C] () -- C:\Windows\Ascd_tmp.ini [2008/03/28 18:41:32 | 000,007,680 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll [2007/12/29 01:22:02 | 000,010,296 | ---- | C] () -- C:\Windows\System32\drivers\ASUSHWIO.SYS [2007/07/10 17:10:12 | 000,000,547 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll.manifest [2007/04/24 12:47:28 | 000,413,696 | ---- | C] () -- C:\Windows\System32\lxbvutil.dll [2007/02/22 19:32:00 | 000,344,064 | ---- | C] () -- C:\Windows\System32\lxbvcoin.dll [2006/11/02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll [2006/11/02 10:27:46 | 000,000,518 | ---- | C] () -- C:\Windows\System32\SP207.INI [2006/11/02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini [2005/10/26 04:12:10 | 000,040,960 | ---- | C] () -- C:\Windows\System32\lxbvvs.dll ========== LOP Check ========== [2010/06/09 10:31:48 | 000,000,000 | ---D | M] -- C:\Users\christelle\AppData\Roaming\ArchiFacile [2010/05/31 19:15:07 | 000,000,000 | ---D | M] -- C:\Users\christelle\AppData\Roaming\BitTorrent [2010/05/16 15:25:53 | 000,000,000 | ---D | M] -- C:\Users\christelle\AppData\Roaming\Blender Foundation [2009/06/26 00:31:55 | 000,000,000 | ---D | M] -- C:\Users\christelle\AppData\Roaming\Canneverbe_Limited [2009/03/30 13:35:26 | 000,000,000 | ---D | M] -- C:\Users\christelle\AppData\Roaming\DeepBurner [2010/03/02 07:49:54 | 000,000,000 | ---D | M] -- C:\Users\christelle\AppData\Roaming\foobar2000 [2009/12/17 22:29:07 | 000,000,000 | ---D | M] -- C:\Users\christelle\AppData\Roaming\Icones [2009/09/08 23:49:09 | 000,000,000 | ---D | M] -- C:\Users\christelle\AppData\Roaming\IndexEducation [2009/10/30 16:37:31 | 000,000,000 | ---D | M] -- C:\Users\christelle\AppData\Roaming\MagicBall3 [2010/02/18 23:10:08 | 000,000,000 | ---D | M] -- C:\Users\christelle\AppData\Roaming\PhotoFiltre [2010/02/11 20:59:07 | 000,000,000 | ---D | M] -- C:\Users\christelle\AppData\Roaming\Pixia [2009/04/22 21:57:22 | 000,000,000 | ---D | M] -- C:\Users\christelle\AppData\Roaming\URSE Games [2010/05/09 17:00:23 | 000,000,000 | ---D | M] -- C:\Users\christelle\AppData\Roaming\uTorrent [2010/06/26 13:39:57 | 000,000,000 | ---D | M] -- C:\Users\matthieu\AppData\Roaming\BitTorrent [2010/04/13 13:32:14 | 000,000,000 | ---D | M] -- C:\Users\matthieu\AppData\Roaming\foobar2000 [2010/04/18 11:40:21 | 000,000,000 | ---D | M] -- C:\Users\matthieu\AppData\Roaming\IndexEducation [2010/04/10 14:07:01 | 000,000,000 | ---D | M] -- C:\Users\matthieu\AppData\Roaming\PhotoFiltre [2010/04/15 00:25:28 | 000,000,000 | ---D | M] -- C:\Users\matthieu\AppData\Roaming\uTorrent [2010/06/19 20:00:00 | 000,000,414 | ---- | M] () -- C:\Windows\Tasks\Registry Winner Schedule.job [2010/06/23 03:16:18 | 000,032,506 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 64 bytes -> C:\Users\christelle\clic.avi:TOC.WMV @Alternate Data Stream - 1225 bytes -> C:\Users\christelle\Documents\défautdelivre.eml:OECustomProperty @Alternate Data Stream - 110 bytes -> C:\ProgramData\TEMP:DFC5A2B2 < End of report > Puis Extras.Txt : OTL Extras logfile created on: 26/06/2010 12:49:59 - Run 1 OTL by OldTimer - Version 3.2.7.0 Folder = C:\Users\christelle\Desktop Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18928) Locale: 0000040c | Country: France | Language: FRA | Date Format: dd/MM/yyyy 3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 67,00% Memory free 6,00 Gb Paging File | 5,00 Gb Available in Paging File | 83,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 97,66 Gb Total Space | 37,22 Gb Free Space | 38,12% Space Free | Partition Type: NTFS Drive D: | 200,43 Gb Total Space | 166,84 Gb Free Space | 83,24% Space Free | Partition Type: NTFS Drive E: | 2,84 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: PC-DE-CHRISTELL Current User Name: christelle Logged in as Administrator. Current Boot Mode: Normal Scan Mode: All users Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Standard ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation) .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation) htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation) scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 "VistaSp1" = Reg Error: Unknown registry data type -- File not found "VistaSp2" = Reg Error: Unknown registry data type -- File not found [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 ========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{04AB354C-568B-433A-AC39-38A35D0393A1}" = protocol=17 | dir=in | app=c:\windows\system32\lxbvcoms.exe | "{095C5948-75EA-4125-9A1B-121FFC80933B}" = protocol=6 | dir=in | app=c:\windows\system32\lxbvcoms.exe | "{177C2C21-6C48-4A29-A92C-2E9D8711CA75}" = protocol=17 | dir=in | app=c:\program files\common files\aol\system information\sinf.exe | "{17E73C74-2EF0-4127-8590-7E55A66F4C26}" = protocol=6 | dir=in | app=d:\jeux\steamapps\common\ricochet lost worlds\ricochet.exe | "{27C20A0A-86AC-4D18-8C23-612233D489B6}" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\lxbvpswx.exe | "{2BF1B870-A7A6-4B79-97AA-64E11E1A5CB1}" = protocol=17 | dir=in | app=c:\program files\common files\aol\topspeed\3.0\aoltpsd3.exe | "{331F0AE4-E29A-42F2-9725-1F097A54551A}" = protocol=6 | dir=in | app=c:\program files\common files\aol\1247152857\ee\aolsoftware.exe | "{397D252E-9738-4E41-9654-7894F130C064}" = protocol=6 | dir=in | app=d:\program files\steam\steamapps\common\ricochet infinity\ricochetinfinity.exe | "{3A7DC470-934E-4103-9028-1A0E75CD908D}" = protocol=17 | dir=in | app=c:\program files\common files\aol\1250697521\ee\aolsoftware.exe | "{3E230437-E36D-446D-AAC0-0C7E868D53D7}" = protocol=6 | dir=in | app=c:\program files\common files\aol\1236441032\ee\aolsoftware.exe | "{4674834F-DC9A-4F15-8D9A-39ECB1EF11DB}" = protocol=17 | dir=in | app=c:\program files\common files\aol\1236441032\ee\aolsoftware.exe | "{47934411-C86E-4AF0-823B-AD928AF6EC5B}" = protocol=6 | dir=in | app=c:\program files\common files\aol\1253547102\ee\aolsoftware.exe | "{48400C4B-3920-4027-8406-F9F887BDF24B}" = protocol=17 | dir=in | app=c:\program files\common files\aol\1247152857\ee\aolsoftware.exe | "{4B753CBE-8C5D-418F-A449-C3F99C374367}" = protocol=6 | dir=in | app=d:\program files\steam\steam.exe | "{51A42CFD-999C-44DA-9F6E-A93F0510B7A1}" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\lxbvpswx.exe | "{51C59FBC-4F39-474A-874C-0121A98CC09C}" = protocol=6 | dir=in | app=c:\program files\aol 9.0 vr\waol.exe | "{6F614D8A-4E59-4B59-A173-01753B7111DA}" = protocol=6 | dir=in | app=c:\program files\common files\aol\topspeed\3.0\aoltpsd3.exe | "{70E56CFB-2E9E-4A24-A928-4EA3EE104605}" = protocol=17 | dir=in | app=c:\windows\system32\lxbvcoms.exe | "{7FC960E5-5B8C-4AA9-A184-3D5003B3C1AB}" = protocol=17 | dir=in | app=d:\program files\steam\steamapps\common\ricochet lost worlds\ricochet.exe | "{82FFC04B-D5D8-4998-B843-E456DED04742}" = protocol=17 | dir=in | app=d:\jeux\steamapps\common\ricochet lost worlds\ricochet.exe | "{8500AAEE-9A79-4252-ACA9-BAEF0C0E72F3}" = protocol=6 | dir=in | app=d:\program files\steam\steamapps\common\ricochet lost worlds\ricochet.exe | "{8AB9F075-337C-4823-806A-B0076568992C}" = protocol=17 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe | "{8CD6022C-5C03-4F22-8131-FCE68CF9D27C}" = protocol=17 | dir=in | app=d:\program files\steam\steam.exe | "{9C864AB1-1D4C-47D9-BEA3-4E171DE17636}" = protocol=17 | dir=in | app=c:\program files\common files\aol\1253547102\ee\aolsoftware.exe | "{A503FB20-DF7A-4F96-9E25-B63B1856488D}" = protocol=6 | dir=in | app=c:\program files\common files\aol\system information\sinf.exe | "{A5BD2D0B-EC88-4CC0-9B8B-5F66042EDEE6}" = protocol=6 | dir=in | app=c:\windows\system32\lxbvcoms.exe | "{AD78D276-DCC8-40AF-AEDF-0FD790293055}" = protocol=17 | dir=in | app=c:\program files\common files\aol\acs\aolacsd.exe | "{BAABBABB-BD8F-4C27-A029-F123797B2CB7}" = protocol=17 | dir=in | app=d:\program files\steam\steam.exe | "{C1C37FD2-733C-464C-819C-1953F49C360A}" = protocol=6 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe | "{CFDA0302-2968-4387-98F4-9116D2E0934F}" = protocol=6 | dir=in | app=d:\program files\steam\steam.exe | "{D05C0DE0-0722-40C7-92AF-F350B6165C91}" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\lxbvpswx.exe | "{DDA1C03A-CF24-4770-802F-A28789098619}" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\lxbvpswx.exe | "{E6B33E2C-BA2B-492A-8175-E3EC591B93F3}" = protocol=17 | dir=in | app=d:\program files\steam\steamapps\common\ricochet infinity\ricochetinfinity.exe | "{EA4B7919-A413-4158-B3FF-22343E33A170}" = protocol=17 | dir=in | app=c:\program files\aol 9.0 vr\waol.exe | "{EB8451BE-6C9E-4741-90F6-BF7FC3BA94F5}" = protocol=17 | dir=in | app=d:\jeux\steamapps\common\ricochet infinity\ricochetinfinity.exe | "{F0555552-8202-479C-8FC4-B2DC5D64ED6D}" = protocol=6 | dir=in | app=c:\program files\common files\aol\acs\aolacsd.exe | "{F59A8CF5-9E96-49D4-8FB1-17A6D1C0784A}" = protocol=6 | dir=in | app=d:\jeux\steamapps\common\ricochet infinity\ricochetinfinity.exe | "{F5C2CBDE-ED58-4761-BA2D-14E20715F71B}" = protocol=6 | dir=in | app=c:\program files\common files\aol\1250697521\ee\aolsoftware.exe | "TCP Query User{025D6CC5-C7B8-4057-B194-9CA229F4F833}C:\program files\aol 9.0 vr\waol.exe" = protocol=6 | dir=in | app=c:\program files\aol 9.0 vr\waol.exe | "TCP Query User{129956D5-7814-439F-91A1-53BF39ECB350}C:\program files\emule\emule.exe" = protocol=6 | dir=in | app=c:\program files\emule\emule.exe | "TCP Query User{1446FBAE-88E8-4C91-95F5-90AF1C2A5AD4}C:\program files\utorrent\utorrent.exe" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe | "TCP Query User{1EEDFC8C-5772-4D8D-9059-6D616CABA338}C:\program files\bittorrent\bittorrent.exe" = protocol=6 | dir=in | app=c:\program files\bittorrent\bittorrent.exe | "TCP Query User{36C248BF-78A9-48A1-9DE5-5B82FB6F1329}C:\program files\emule\emule.exe" = protocol=6 | dir=in | app=c:\program files\emule\emule.exe | "TCP Query User{723D4124-07BC-465A-B176-52E1811B3F75}C:\users\christelle\appdata\local\temp\st_ng_setupwizard\stinstall.exe" = protocol=6 | dir=in | app=c:\users\christelle\appdata\local\temp\st_ng_setupwizard\stinstall.exe | "TCP Query User{89B49252-A931-462B-A2ED-123C358B27EF}D:\program files\utorrent.exe" = protocol=6 | dir=in | app=d:\program files\utorrent.exe | "TCP Query User{DCC5D5F1-B5EE-447E-8835-3523926650A3}D:\program files\utorrent.exe" = protocol=6 | dir=in | app=d:\program files\utorrent.exe | "UDP Query User{1DD0B0EA-7F26-4E58-A125-A33E756F7132}C:\program files\bittorrent\bittorrent.exe" = protocol=17 | dir=in | app=c:\program files\bittorrent\bittorrent.exe | "UDP Query User{35074599-2224-43F1-A037-8E52F661C553}C:\program files\aol 9.0 vr\waol.exe" = protocol=17 | dir=in | app=c:\program files\aol 9.0 vr\waol.exe | "UDP Query User{44AF02D8-2251-4A90-A71D-098B8C7AB254}D:\program files\utorrent.exe" = protocol=17 | dir=in | app=d:\program files\utorrent.exe | "UDP Query User{6FEF8767-9D10-45DF-825C-8D0E122A8E03}C:\program files\utorrent\utorrent.exe" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe | "UDP Query User{71EEE631-3F4C-4692-81AA-25C3D0AB35EA}C:\program files\emule\emule.exe" = protocol=17 | dir=in | app=c:\program files\emule\emule.exe | "UDP Query User{C76B3531-07FA-4C5A-A35C-C4576888D48B}C:\program files\emule\emule.exe" = protocol=17 | dir=in | app=c:\program files\emule\emule.exe | "UDP Query User{CC40305A-3928-43AB-A003-E3BD116BA93E}D:\program files\utorrent.exe" = protocol=17 | dir=in | app=d:\program files\utorrent.exe | "UDP Query User{FDB5C9BB-9779-44FC-B88C-7FC0B140CA65}C:\users\christelle\appdata\local\temp\st_ng_setupwizard\stinstall.exe" = protocol=17 | dir=in | app=c:\users\christelle\appdata\local\temp\st_ng_setupwizard\stinstall.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 "{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam "{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter "{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime "{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate "{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform "{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java 6 Update 13 "{35CB6715-41F8-4F99-8881-6FC75BF054B0}" = Oblivion "{3E31821C-7917-367E-938E-E65FC413EA31}" = Microsoft .NET Framework 3.5 Language Pack SP1 - fra "{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support "{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker "{44CDBD1B-89FB-4E02-8319-2A4C550F664A}" = RTC Client API v1.2 "{5AD045DF-11AA-473D-B4AA-2A4F0E213047}" = Google SketchUp 7 "{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update "{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762 "{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec "{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player "{90120000-0015-040C-0000-0000000FF1CE}" = Microsoft Office Access MUI (French) 2007 "{90120000-0015-040C-0000-0000000FF1CE}_PROR_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0016-040C-0000-0000000FF1CE}" = Microsoft Office Excel MUI (French) 2007 "{90120000-0016-040C-0000-0000000FF1CE}_PROR_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0018-040C-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (French) 2007 "{90120000-0018-040C-0000-0000000FF1CE}_PROR_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0019-040C-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (French) 2007 "{90120000-0019-040C-0000-0000000FF1CE}_PROR_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001A-040C-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (French) 2007 "{90120000-001A-040C-0000-0000000FF1CE}_PROR_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001B-040C-0000-0000000FF1CE}" = Microsoft Office Word MUI (French) 2007 "{90120000-001B-040C-0000-0000000FF1CE}_PROR_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001F-0401-0000-0000000FF1CE}" = Microsoft Office Proof (Arabic) 2007 "{90120000-001F-0401-0000-0000000FF1CE}_PROR_{14809F99-C601-4D4A-9391-F1E8FAA964C5}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007 "{90120000-001F-0407-0000-0000000FF1CE}_PROR_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-0409-0000-0000000FF1CE}_PROR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007 "{90120000-001F-040C-0000-0000000FF1CE}_PROR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-0413-0000-0000000FF1CE}" = Microsoft Office Proof (Dutch) 2007 "{90120000-001F-0413-0000-0000000FF1CE}_PROR_{D66D5A44-E480-4BA4-B4F2-C554F6B30EBB}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007 "{90120000-001F-0C0A-0000-0000000FF1CE}_PROR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-002C-040C-0000-0000000FF1CE}" = Microsoft Office Proofing (French) 2007 "{90120000-006E-040C-0000-0000000FF1CE}" = Microsoft Office Shared MUI (French) 2007 "{90120000-006E-040C-0000-0000000FF1CE}_PROR_{B165D3C2-40AE-4D39-86F7-E5C87C4264C0}" = Microsoft Office 2007 Service Pack 2 (SP2) "{91120000-0014-0000-0000-0000000FF1CE}" = Microsoft Office Professional 2007 "{91120000-0014-0000-0000-0000000FF1CE}_PROR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{91120000-0014-0000-0000-0000000FF1CE}_PROR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581) "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{A3088CD2-612B-11D3-AF43-00C04F443448}" = Microsoft Works 2000 "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder "{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter "{AC76BA86-7AD7-1036-7B44-A93000000001}" = Adobe Reader 9.3.2 - Français "{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9 "{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder "{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter "{B213D0D7-7190-4D49-A72C-5DC57CA70D69}" = INDEX EDUCATION - Client PRONOTE 2009 "{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy "{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player "{C06EFB22-B5DB-46C5-9215-BCB5C19C0858}" = LauncherMA "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{DEA314C4-0929-4250-BC92-98E4C105F28D}" = NVIDIA PhysX "{F7B0939E-58DF-11DF-B3A6-005056806466}" = Google Earth "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Adobe SVG Viewer" = Adobe SVG Viewer 3.0 "Audacity_is1" = Audacity 1.2.6 "Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus "Blender" = Blender (remove only) "CCleaner" = CCleaner (remove only) "DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters "eMule" = eMule "foobar2000" = foobar2000 v0.9.6.3 "Google Updater" = Outil de mise à jour Google "InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Gestionnaire de périphériques de plate-forme "jZip" = jZip "Lexmark 2200 Series" = Lexmark 2200 Series "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware "Microsoft .NET Framework 3.5 Language Pack SP1 - fra" = Module linguistique Microsoft .NET Framework 3.5 SP1- fra "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "NVIDIA Display Control Panel" = NVIDIA Display Control Panel "NVIDIA Drivers" = NVIDIA Drivers "NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver "Patch Darluok2.4.2" = Patch Darluok "Picasa 3" = Picasa 3 "Programme de désinstallation AOL" = AOL - Assistant de désinstallation "PROR" = Microsoft Office Professional 2007 "Satsuki Decoder Pack" = Satsuki Decoder Pack 4000 "Steam App 7400" = Ricochet: Lost Worlds "Steam App 7450" = Ricochet Infinity "SystemRequirementsLab" = System Requirements Lab "Uninstall_is1" = Uninstall 1.0.0.0 "ViewpointMediaPlayer" = Viewpoint Media Player "WalterShop" = WalterShop "WinRAR archiver" = WinRAR archiver ========== HKEY_USERS Uninstall List ========== [HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] ========== HKEY_USERS Uninstall List ========== [HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] ========== HKEY_USERS Uninstall List ========== [HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] ========== HKEY_USERS Uninstall List ========== [HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] ========== HKEY_USERS Uninstall List ========== [HKEY_USERS\S-1-5-21-3384554939-569170500-819879126-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "7000d0b67f2f1c34" = PackBarre "PhotoFiltre" = PhotoFiltre "Pixia 4.3a FR" = Pixia 4.3a FR ========== Last 10 Event Log Errors ========== [ Application Events ] Error - 21/06/2010 11:48:54 | Computer Name = PC-de-christell | Source = WinMgmt | ID = 10 Description = Error - 22/06/2010 08:36:55 | Computer Name = PC-de-christell | Source = Application Error | ID = 1000 Description = Application défaillante iexplore.exe, version 8.0.6001.18928, horodatage 0x4bdfa327, module défaillant Flash10d.ocx, version 10.0.42.34, horodatage 0x4ae7baed, code d’exception 0xc0000005, décalage d’erreur 0x0015843d, ID du processus 0x1200, heure de début de l’application 0x01cb11f6adb2b20d. Error - 22/06/2010 21:18:59 | Computer Name = PC-de-christell | Source = WinMgmt | ID = 10 Description = Error - 23/06/2010 00:41:33 | Computer Name = PC-de-christell | Source = WinMgmt | ID = 10 Description = Error - 23/06/2010 13:09:44 | Computer Name = PC-de-christell | Source = WinMgmt | ID = 10 Description = Error - 23/06/2010 13:47:17 | Computer Name = PC-de-christell | Source = WinDefendRtp | ID = 3003 Description = Le point de contrôle de la protection en temps réel %%827 a rencontré une erreur et n’a pas pu démarrer. Utilisateur : PC-de-christell\christelle Agent : 57 Code de l’erreur : 0x80070005 Description de l’erreur : Accès refusé. Error - 24/06/2010 13:12:12 | Computer Name = PC-de-christell | Source = WinMgmt | ID = 10 Description = Error - 24/06/2010 14:53:42 | Computer Name = PC-de-christell | Source = Application Hang | ID = 1002 Description = Le programme Steam.exe version 1.0.843.387 a cessé d’interagir avec Windows et a été fermé. Pour déterminer si des informations supplémentaires sont disponibles, consultez l’historique du problème dans l’application Rapports et solutions aux problèmes du Panneau de configuration. ID de processus : 1490 Heure de début : 01cb13ce748435e0 Heure de fin : 11 Error - 25/06/2010 17:08:10 | Computer Name = PC-de-christell | Source = WinMgmt | ID = 10 Description = Error - 26/06/2010 06:41:25 | Computer Name = PC-de-christell | Source = WinMgmt | ID = 10 Description = [ OSession Events ] Error - 15/05/2009 10:48:49 | Computer Name = PC-de-christell | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6341.5001, Microsoft Office Version: 12.0.6215.1000. This session lasted 343450 seconds with 0 seconds of active time. This session ended with a crash. Error - 03/09/2009 11:49:46 | Computer Name = PC-de-christell | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6504.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 17 seconds with 0 seconds of active time. This session ended with a crash. [ System Events ] Error - 25/06/2010 17:04:23 | Computer Name = PC-de-christell | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20 Description = Error - 25/06/2010 17:08:10 | Computer Name = PC-de-christell | Source = Service Control Manager | ID = 7000 Description = Error - 26/06/2010 04:08:54 | Computer Name = PC-de-christell | Source = DCOM | ID = 10016 Description = Error - 26/06/2010 04:39:01 | Computer Name = PC-de-christell | Source = DCOM | ID = 10016 Description = Error - 26/06/2010 04:48:19 | Computer Name = PC-de-christell | Source = DCOM | ID = 10016 Description = Error - 26/06/2010 05:17:35 | Computer Name = PC-de-christell | Source = DCOM | ID = 10016 Description = Error - 26/06/2010 05:18:08 | Computer Name = PC-de-christell | Source = DCOM | ID = 10016 Description = Error - 26/06/2010 05:36:39 | Computer Name = PC-de-christell | Source = DCOM | ID = 10016 Description = Error - 26/06/2010 06:17:31 | Computer Name = PC-de-christell | Source = DCOM | ID = 10016 Description = Error - 26/06/2010 06:41:25 | Computer Name = PC-de-christell | Source = Service Control Manager | ID = 7000 Description = < End of report >

Bonjour, mon antivirus "Avira" m'affiche ce message depuis plusieurs jours : Le fichier 'C:\Windows\System32\drivers\dufyvjd.sys' contenait un virus ou un programme indésirable 'TR/Rootkit.Gen' [trojan]. Or, quand je veux supprimer ou mettre en quarantaine ce programme, on m'informe que c'est un échec. Comment m'en débarrasser ? Je vous poste le rapport HijackThis Merci d'avance Christelle Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 17:26:28, on 24/06/2010 Platform: Windows Vista SP2 (WinNT 6.00.1906) MSIE: Internet Explorer v8.00 (8.00.6001.18928) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\system32\taskeng.exe C:\Program Files\Avira\AntiVir Desktop\avgnt.exe C:\Program Files\AOL 9.0 VR\waol.exe C:\Program Files\Common Files\AOL\1253547102\ee\aolsoftware.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Windows\system32\wbem\unsecapp.exe C:\Program Files\Windows Defender\MSASCui.exe C:\Program Files\AOL 9.0 VR\shellmon.exe C:\Program Files\Common Files\AOL\Topspeed\3.0\aoltpsd3.exe C:\Users\christelle\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UKJ1N9WZ\hijackthis-2.0.4[2].exe C:\Users\CHRIST~1\AppData\Local\Temp\hijackthis-2.0.4.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Recherche écologique sur Durable.com R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Recherche écologique sur Durable.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN : Hotmail, Messenger, Actualité, Sport et Vidéo R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Recherche écologique sur Durable.com R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Recherche écologique sur Durable.com R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = Recherche écologique sur Durable.com R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = Recherche écologique sur Durable.com R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = Recherche écologique sur Durable.com R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O1 - Hosts: ::1 localhost O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file) O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: EmailBHO - {647FD14A-C4F1-46F4-8FC3-0B40F54226F7} - C:\Program Files\jZip\WebmailPlugin.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O3 - Toolbar: WalterShop - {9ec204df-0e48-4c32-816e-2e928a4fd9c2} - mscoree.dll (file missing) O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKLM\..\RunOnce: [*WerKernelReporting] %SYSTEMROOT%\SYSTEM32\WerFault.exe -k -rq O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\AOL 9.0 VR\AOL.EXE" -b O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU') O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} - http://www.zebulon.fr/outils/antivirus/kavwebscan_unicode.cab O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scanner/sources/fr/scan8/oscan8.cab O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www.virustraq.com/img/scan_virus/webscan.cab O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{21E50DC7-B6A4-4301-A47F-B360BD6105C2}: NameServer = 86.64.233.85 109.0.64.243 O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll O23 - Service: @%SystemRoot%\system32\aelupsvc.dll,-1 (AeLookupSvc) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe O23 - Service: Avira AntiVir Planificateur (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe O23 - Service: @%systemroot%\system32\appinfo.dll,-100 (Appinfo) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\audiosrv.dll,-204 (AudioEndpointBuilder) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\system32\audiosrv.dll,-200 (Audiosrv) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\system32\bfe.dll,-1001 (BFE) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\qmgr.dll,-1000 (BITS) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%systemroot%\system32\browser.dll,-100 (Browser) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\System32\certprop.dll,-11 (CertPropSvc) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\cryptsvc.dll,-1001 (CryptSvc) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @oleres.dll,-5012 (DcomLaunch) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe O23 - Service: @%SystemRoot%\system32\dhcpcsvc.dll,-100 (Dhcp) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\System32\dnsapi.dll,-101 (Dnscache) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%systemroot%\system32\dot3svc.dll,-1102 (dot3svc) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%systemroot%\system32\dps.dll,-500 (DPS) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%systemroot%\system32\eapsvc.dll,-1 (EapHost) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\ehome\ehrecvr.exe,-101 (ehRecvr) - Unknown owner - C:\Windows\ehome\ehRecvr.exe O23 - Service: @%SystemRoot%\ehome\ehsched.exe,-101 (ehSched) - Unknown owner - C:\Windows\ehome\ehsched.exe O23 - Service: @%SystemRoot%\ehome\ehstart.dll,-101 (ehstart) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\emdmgmt.dll,-1000 (EMDMgmt) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\wevtsvc.dll,-200 (Eventlog) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @comres.dll,-2450 (EventSystem) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%systemroot%\system32\fdPHost.dll,-100 (fdPHost) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%systemroot%\system32\fdrespub.dll,-100 (FDResPub) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%systemroot%\system32\FntCache.dll,-100 (FontCache) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @gpapi.dll,-112 (gpsvc) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: Service Google Update (gupdate) (gupdate) - Unknown owner - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: @%SystemRoot%\System32\hidserv.dll,-101 (hidserv) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\kmsvc.dll,-6 (hkmsvc) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\system32\ikeext.dll,-501 (IKEEXT) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%systemroot%\system32\IPBusEnum.dll,-102 (IPBusEnum) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\iphlpsvc.dll,-200 (iphlpsvc) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe O23 - Service: @comres.dll,-2946 (KtmRm) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%systemroot%\system32\srvsvc.dll,-100 (LanmanServer) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%systemroot%\system32\wkssvc.dll,-100 (LanmanWorkstation) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\system32\lltdres.dll,-1 (lltdsvc) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\system32\lmhsvc.dll,-101 (lmhosts) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%systemroot%\system32\mmcss.dll,-100 (MMCSS) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\FirewallAPI.dll,-23090 (MpsSvc) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe O23 - Service: @%SystemRoot%\system32\iscsidsc.dll,-5000 (MSiSCSI) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\msimsg.dll,-27 (msiserver) - Unknown owner - C:\Windows\system32\msiexec.exe O23 - Service: @%SystemRoot%\system32\qagentrt.dll,-6 (napagent) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe O23 - Service: @%SystemRoot%\system32\netman.dll,-109 (Netman) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\system32\netprof.dll,-246 (netprofm) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\System32\nlasvc.dll,-1 (NlaSvc) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\system32\nsisvc.dll,-200 (nsi) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\p2psvc.dll,-8004 (p2pimsvc) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\system32\p2psvc.dll,-8006 (p2psvc) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\system32\pcasvc.dll,-1 (PcaSvc) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%systemroot%\system32\pla.dll,-500 (pla) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\system32\umpnpmgr.dll,-100 (PlugPlay) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\p2psvc.dll,-8002 (PNRPAutoReg) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\system32\p2psvc.dll,-8000 (PNRPsvc) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\System32\polstore.dll,-5010 (PolicyAgent) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%systemroot%\system32\profsvc.dll,-300 (ProfSvc) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%Systemroot%\system32\rasauto.dll,-200 (RasAuto) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%Systemroot%\system32\rasmans.dll,-200 (RasMan) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @regsvc.dll,-1 (RemoteRegistry) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe O23 - Service: @oleres.dll,-5010 (RpcSs) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe O23 - Service: @%SystemRoot%\System32\SCardSvr.dll,-1 (SCardSvr) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\schedsvc.dll,-100 (Schedule) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\System32\certprop.dll,-13 (SCPolicySvc) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\sdrsvc.dll,-107 (SDRSVC) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\Sens.dll,-200 (SENS) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\System32\SessEnv.dll,-1026 (SessionEnv) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\system32\ipnathlp.dll,-106 (SharedAccess) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\System32\shsvcs.dll,-12288 (ShellHWDetection) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe O23 - Service: @%SystemRoot%\system32\SLUINotify.dll,-103 (SLUINotify) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe O23 - Service: @%systemroot%\system32\ssdpsrv.dll,-100 (SSDPSRV) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\sstpsvc.dll,-200 (SstpSvc) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe O23 - Service: @%SystemRoot%\system32\wiaservc.dll,-9 (stisvc) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\System32\swprv.dll,-103 (swprv) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\system32\sysmain.dll,-1000 (SysMain) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\TabSvc.dll,-100 (TabletInputService) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\system32\tapisrv.dll,-10100 (TapiSrv) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\system32\tbssvc.dll,-100 (TBS) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\System32\termsrv.dll,-268 (TermService) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\System32\shsvcs.dll,-8192 (Themes) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%systemroot%\system32\mmcss.dll,-102 (THREADORDER) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\trkwks.dll,-1 (TrkWks) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\servicing\TrustedInstaller.exe,-100 (TrustedInstaller) - Unknown owner - C:\Windows\servicing\TrustedInstaller.exe O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe O23 - Service: @%systemroot%\system32\upnphost.dll,-213 (upnphost) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\dwm.exe,-2000 (UxSms) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe O23 - Service: @%SystemRoot%\system32\w32time.dll,-200 (W32Time) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\wcncsvc.dll,-3 (wcncsvc) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\system32\WcsPlugInService.dll,-200 (WcsPlugInService) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%systemroot%\system32\wdi.dll,-502 (WdiServiceHost) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%systemroot%\system32\wdi.dll,-500 (WdiSystemHost) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%systemroot%\system32\webclnt.dll,-100 (WebClient) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\wecsvc.dll,-200 (Wecsvc) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\System32\wercplsupport.dll,-101 (wercplsupport) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\System32\wersvc.dll,-100 (WerSvc) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%ProgramFiles%\Windows Defender\MsMpRes.dll,-103 (WinDefend) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\system32\winhttp.dll,-100 (WinHttpAutoProxySvc) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%Systemroot%\system32\wbem\wmisvc.dll,-205 (Winmgmt) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%Systemroot%\system32\wsmsvc.dll,-101 (WinRM) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: Gestionnaire de mise à jour Winsudate (WinSvc) - Unknown owner - C:\Program Files\Winsudate\gibsvc.exe (file missing) O23 - Service: @%SystemRoot%\System32\wlansvc.dll,-257 (Wlansvc) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files\Windows Media Player\wmpnetwk.exe O23 - Service: @%SystemRoot%\system32\wpcsvc.dll,-100 (WPCSvc) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\wpdbusenum.dll,-100 (WPDBusEnum) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\System32\wscsvc.dll,-200 (wscsvc) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%systemroot%\system32\SearchIndexer.exe,-103 (WSearch) - Unknown owner - C:\Windows\system32\SearchIndexer.exe O23 - Service: @%systemroot%\system32\wuaueng.dll,-105 (wuauserv) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\wudfsvc.dll,-1000 (wudfsvc) - Unknown owner - C:\Windows\system32\svchost.exe -- End of file - 20952 bytes

Suite du rapport : C:\Windows\tasks\Google Software Updater.job ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}] &Yahoo! Toolbar Helper - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [2008-05-15 817936] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}] Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{647FD14A-C4F1-46F4-8FC3-0B40F54226F7}] jZip Webmail plugin - C:\Program Files\jZip\WebmailPlugin.dll [2009-03-02 591296] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}] Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll [2009-05-07 668656] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}] Java Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-05-04 35840] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [2008-05-15 817936] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2008-01-21 1008184] "HDAudDeck"=C:\Program Files\VIA\VIAudioi\VDeck\VDeck.exe [2008-08-26 16986112] "NvCplDaemon"=C:\Windows\system32\NvCpl.dll [2008-09-18 13580832] "NvMediaCenter"=C:\Windows\system32\NvMcTray.dll [2008-09-18 92704] "HostManager"=C:\Program Files\Common Files\AOL\1236441032\ee\AOLSoftware.exe [2006-09-26 50736] "WPCUMI"=C:\Windows\system32\WpcUmi.exe [2006-11-02 176128] "Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-02-27 35696] "SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-05-04 148888] "avgnt"=C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [2009-03-02 209153] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2008-01-21 1233920] "AOL Fast Start"=C:\Program Files\AOL 9.0 VR\AOL.EXE [2007-06-21 50480] "swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2009-05-07 39408] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup Rappels du Calendrier Microsoft Works.lnk - C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System] "LogonHoursAction"=2 "DontDisplayLogonHoursWarnings"=1 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 "EnableUIADesktopToggle"=0 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveTypeAutoRun"=145 [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] ======List of files/folders created in the last 1 months====== 2009-05-09 02:06:10 ----D---- C:\rsit 2009-05-09 02:06:10 ----D---- C:\Program Files\trend micro 2009-05-08 17:08:55 ----D---- C:\ProgramData\Avira 2009-05-08 17:08:55 ----D---- C:\Program Files\Avira 2009-05-08 16:58:17 ----D---- C:\Program Files\Hijack this 2 2009-05-08 16:45:30 ----D---- C:\Program Files\HijackThis 2009-05-08 16:14:27 ----A---- C:\Windows\ntbtlog.txt 2009-05-07 23:09:23 ----AD---- C:\ProgramData\TEMP 2009-05-07 23:06:28 ----D---- C:\Program Files\Common Files\PX Storage Engine 2009-05-07 23:06:27 ----D---- C:\Windows\system32\IOSUBSYS 2009-05-07 23:05:34 ----D---- C:\ProgramData\Google Updater 2009-05-07 23:05:33 ----D---- C:\Program Files\Google 2009-05-07 22:40:59 ----D---- C:\Program Files\Panda Security 2009-05-06 16:04:56 ----D---- C:\Windows\BDOSCAN8 2009-05-04 18:10:04 ----A---- C:\Windows\system32\javaws.exe 2009-05-04 18:10:04 ----A---- C:\Windows\system32\javaw.exe 2009-05-04 18:10:04 ----A---- C:\Windows\system32\java.exe 2009-05-04 18:10:04 ----A---- C:\Windows\system32\deploytk.dll 2009-05-04 18:09:49 ----D---- C:\Program Files\Java 2009-04-26 20:42:15 ----D---- C:\Program Files\Common Files\Steam 2009-04-26 01:37:06 ----D---- C:\Program Files\ReflexiveArcade 2009-04-24 22:29:19 ----D---- C:\Users\christelle\AppData\Roaming\WinRAR 2009-04-24 22:29:06 ----D---- C:\Program Files\WinRAR 2009-04-22 22:59:36 ----A---- C:\Windows\system32\Vbbd.dll 2009-04-22 21:57:22 ----D---- C:\Users\christelle\AppData\Roaming\URSE Games 2009-04-15 07:47:22 ----A---- C:\Windows\system32\winhttp.dll 2009-04-15 07:47:21 ----A---- C:\Windows\system32\xolehlp.dll 2009-04-15 07:47:21 ----A---- C:\Windows\system32\msdtcprx.dll 2009-04-15 07:47:14 ----A---- C:\Windows\system32\rpcss.dll 2009-04-15 07:47:14 ----A---- C:\Windows\system32\ntoskrnl.exe 2009-04-15 07:47:14 ----A---- C:\Windows\system32\ntkrnlpa.exe 2009-04-15 07:47:13 ----A---- C:\Windows\system32\sdohlp.dll 2009-04-15 07:47:13 ----A---- C:\Windows\system32\printfilterpipelinesvc.exe 2009-04-15 07:47:13 ----A---- C:\Windows\system32\printfilterpipelineprxy.dll 2009-04-15 07:47:13 ----A---- C:\Windows\system32\iasrecst.dll 2009-04-15 07:47:13 ----A---- C:\Windows\system32\iashost.exe 2009-04-15 07:47:13 ----A---- C:\Windows\system32\iasdatastore.dll 2009-04-15 07:47:13 ----A---- C:\Windows\system32\iasads.dll 2009-04-15 07:46:25 ----A---- C:\Windows\system32\secur32.dll 2009-04-15 07:46:25 ----A---- C:\Windows\system32\lsasrv.dll 2009-04-15 07:46:25 ----A---- C:\Windows\system32\kernel32.dll 2009-04-15 07:46:25 ----A---- C:\Windows\system32\apilogen.dll 2009-04-15 07:46:25 ----A---- C:\Windows\system32\amxread.dll 2009-04-15 07:46:21 ----A---- C:\Windows\system32\mshtml.dll 2009-04-15 07:46:21 ----A---- C:\Windows\system32\ieframe.dll 2009-04-15 07:46:20 ----A---- C:\Windows\system32\wininet.dll 2009-04-15 07:46:20 ----A---- C:\Windows\system32\urlmon.dll 2009-04-15 07:46:20 ----A---- C:\Windows\system32\occache.dll 2009-04-15 07:46:20 ----A---- C:\Windows\system32\mstime.dll 2009-04-15 07:46:20 ----A---- C:\Windows\system32\msfeeds.dll 2009-04-15 07:46:20 ----A---- C:\Windows\system32\jsproxy.dll 2009-04-15 07:46:20 ----A---- C:\Windows\system32\ieUnatt.exe 2009-04-15 07:46:20 ----A---- C:\Windows\system32\iertutil.dll 2009-04-15 07:46:20 ----A---- C:\Windows\system32\ieencode.dll 2009-04-15 07:46:20 ----A---- C:\Windows\system32\iedkcs32.dll 2009-04-15 07:46:20 ----A---- C:\Windows\system32\ieaksie.dll ======List of files/folders modified in the last 1 months====== 2009-05-09 02:06:10 ----RD---- C:\Program Files 2009-05-09 02:06:08 ----D---- C:\Windows\Temp 2009-05-09 01:07:22 ----D---- C:\Windows\Tasks 2009-05-08 17:57:30 ----D---- C:\Windows\System32 2009-05-08 17:57:30 ----D---- C:\Windows\inf 2009-05-08 17:57:30 ----A---- C:\Windows\system32\PerfStringBackup.INI 2009-05-08 17:40:07 ----D---- C:\Windows 2009-05-08 17:40:01 ----SHD---- C:\System Volume Information 2009-05-08 17:08:58 ----D---- C:\Windows\system32\drivers 2009-05-08 17:08:55 ----HD---- C:\ProgramData 2009-05-08 17:07:32 ----SHD---- C:\Windows\Installer 2009-05-08 17:07:32 ----D---- C:\Windows\winsxs 2009-05-08 17:07:15 ----D---- C:\Program Files\Common Files\microsoft shared 2009-05-08 16:31:39 ----SD---- C:\ProgramData\Microsoft 2009-05-08 16:22:53 ----SD---- C:\Windows\Downloaded Program Files 2009-05-08 15:22:15 ----A---- C:\Windows\Lexstat.ini 2009-05-08 15:15:24 ----D---- C:\Program Files\Common Files 2009-05-08 13:18:18 ----D---- C:\Windows\system32\Tasks 2009-05-08 11:23:53 ----D---- C:\Windows\Debug 2009-05-07 23:17:58 ----D---- C:\Windows\system32\catroot2 2009-05-06 17:45:24 ----D---- C:\Windows\system32\WDI 2009-05-05 18:24:47 ----D---- C:\Windows\Prefetch 2009-05-02 18:55:56 ----D---- C:\ProgramData\Microsoft Help 2009-05-02 01:45:47 ----D---- C:\Users\christelle\AppData\Roaming\foobar2000 2009-05-01 00:05:02 ----D---- C:\Windows\system32\catroot 2009-04-26 12:09:36 ----A---- C:\Windows\win.ini 2009-04-25 11:48:49 ----D---- C:\Program Files\Microsoft Works 2009-04-25 11:48:40 ----RSD---- C:\Windows\Fonts 2009-04-19 23:14:54 ----SD---- C:\Users\christelle\AppData\Roaming\Microsoft 2009-04-15 15:14:42 ----D---- C:\Program Files\Windows Mail 2009-04-15 15:14:41 ----D---- C:\Windows\system32\wbem 2009-04-15 15:14:41 ----D---- C:\Windows\system32\manifeststore 2009-04-15 15:14:41 ----D---- C:\Windows\AppPatch 2009-04-15 15:14:40 ----D---- C:\Program Files\Internet Explorer ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys [2009-02-13 11608] R1 avipbb;avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [2009-03-30 96104] R1 ssmdrv;ssmdrv; C:\Windows\system32\DRIVERS\ssmdrv.sys [2009-02-13 28376] R2 avgntflt;avgntflt; C:\Windows\system32\DRIVERS\avgntflt.sys [2009-03-24 55640] R3 ATWPKT2;ATWPKT2; \??\C:\Windows\system32\drivers\ATWPKT2.SYS [2007-04-13 25136] R3 MTsensor;ATK0110 ACPI UTILITY; C:\Windows\system32\DRIVERS\ASACPI.sys [2006-10-18 7680] R3 NVENETFD;NVIDIA nForce 10/100/1000 Mbps Ethernet ; C:\Windows\system32\DRIVERS\nvmfdx32.sys [2008-03-25 1048480] R3 nvlddmkm;nvlddmkm; C:\Windows\system32\DRIVERS\nvlddmkm.sys [2008-09-18 7379872] R3 usbscan;Pilote de scanneur USB; C:\Windows\system32\DRIVERS\usbscan.sys [2008-01-21 35328] R3 VIAHdAudAddService;VIA High Definition Audio Driver Service; C:\Windows\system32\drivers\viahduaa.sys [2008-07-25 870400] R3 wanatw;WAN Miniport (ATW); C:\Windows\system32\DRIVERS\wanatw4.sys [2006-11-30 33588] S3 drmkaud;Filtre de décodeur DRM (Noyau Microsoft); C:\Windows\system32\drivers\drmkaud.sys [2008-01-21 5632] S3 HdAudAddService;Pilote de fonction UAA 1.1 Microsoft pour le service High Definition Audio; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520] S3 MSKSSRV;Proxy de service de répartition Microsoft; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-21 8192] S3 MSPCLOCK;Proxy d'horloge de répartition Microsoft; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-21 5888] S3 MSPQM;Proxy de gestion de qualité de répartition Microsoft; C:\Windows\system32\drivers\MSPQM.sys [2008-01-21 5504] S3 MSTEE;Convertisseur en T/site-à-site de répartition Microsoft; C:\Windows\system32\drivers\MSTEE.sys [2008-01-21 6016] S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2008-01-21 39936] S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-21 83328] S4 ErrDev;Microsoft Hardware Error Device Driver; C:\Windows\system32\drivers\errdev.sys [2008-01-21 6656] S4 MegaSR;MegaSR; C:\Windows\system32\drivers\megasr.sys [2008-01-21 386616] S4 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\drivers\wmiacpi.sys [2008-01-21 11264] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 AntiVirSchedulerService;Avira AntiVir Planificateur; C:\Program Files\Avira\AntiVir Desktop\sched.exe [2009-04-01 108289] R2 AntiVirService;Avira AntiVir Guard; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [2009-03-02 185089] R2 AOL ACS;AOL Connectivity Service; C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe [2006-10-23 46640] R2 lxbv_device;lxbv_device; C:\Windows\system32\lxbvcoms.exe [2007-04-25 537520] R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe [2006-10-26 335872] R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2008-09-18 196608] S2 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-05-07 183280] S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2007-08-24 443776] S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184] S3 Steam Client Service;Steam Client Service; C:\Program Files\Common Files\Steam\SteamService.exe [2009-04-26 322032] -----------------EOF-----------------

Bonsoir, tout d'abord merci pour votre aide. Il est normal qu'il y n'y aucun antivirus car dans la procédure que j'ai suivie il fallait le désinstaller avant de faire le rapport. J'ai Antivir que j'ai réinstallé ensuite. Je ne pense pas être infecté mais la dernière fois que ces ralentissements sont intervenus, j'avais un cheval de troie qui prenait en photo mon écran environ toutes les 5 minutes. Depuis, je me méfie. J'ai exécuté RSIT et voilà les rapports (le deuxième est à suivre) : Logfile of random's system information tool 1.06 (written by random/random) Run by christelle at 2009-05-09 02:06:10 Microsoft® Windows Vista™ Édition Familiale Premium Service Pack 1 System drive C: has 65 GB (65%) free of 100 GB Total RAM: 3070 MB (66% free) Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 02:06:14, on 09/05/2009 Platform: Windows Vista SP1 (WinNT 6.00.1905) MSIE: Internet Explorer v7.00 (7.00.6001.18226) Boot mode: Normal Running processes: C:\Windows\system32\taskeng.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Windows Defender\MSASCui.exe C:\Program Files\VIA\VIAudioi\VDeck\VDeck.exe C:\Windows\System32\rundll32.exe C:\Program Files\Common Files\aol\1236441032\ee\aolsoftware.exe C:\Windows\System32\wpcumi.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\Avira\AntiVir Desktop\avgnt.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\AOL 9.0 VR\waol.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe C:\Program Files\Common Files\Microsoft Shared\Works Shared\WksCal.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Windows\system32\wbem\unsecapp.exe C:\Program Files\AOL 9.0 VR\shellmon.exe C:\Program Files\Common Files\AOL\Topspeed\3.0\aoltpsd3.exe C:\Program Files\Common Files\Microsoft Shared\Works Shared\WksCal.exe C:\Windows\system32\SearchFilterHost.exe C:\Users\christelle\Documents\RSIT.exe C:\Program Files\trend micro\christelle.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://french.icrfast.com/fr/index.php?rvs=hompag R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://french.icrfast.com/fr/index.php?rvs=hompag R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://french.icrfast.com/fr/index.php?rvs=hompag R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O1 - Hosts: ::1 localhost O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: EmailBHO - {647FD14A-C4F1-46F4-8FC3-0B40F54226F7} - C:\Program Files\jZip\WebmailPlugin.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [HDAudDeck] C:\Program Files\VIA\VIAudioi\VDeck\VDeck.exe -r O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1236441032\ee\AOLSoftware.exe O4 - HKLM\..\Run: [WPCUMI] C:\Windows\system32\WpcUmi.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\AOL 9.0 VR\AOL.EXE" -b O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-21-3384554939-569170500-819879126-1002\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun (User 'matthieu') O4 - Global Startup: Rappels du Calendrier Microsoft Works.lnk = ? O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe (file missing) O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe (file missing) O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll O13 - Gopher Prefix: O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://sdlc-esd.sun.com/ESD7/JSCDL/jdk/6u1...=javadl.sun.com O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{78C680F6-5D97-4852-9894-9E5AB62E60C2}: NameServer = 86.64.145.148 84.103.237.148 O23 - Service: Avira AntiVir Planificateur (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: lxbv_device - - C:\Windows\system32\lxbvcoms.exe O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe -- End of file - 7721 bytes ======Scheduled tasks folder======