Rootkit.Gen [Résolu]

[christelsina]

Bonjour,

mon antivirus "Avira" m'affiche ce message depuis plusieurs jours :

 

Le fichier 'C:\Windows\System32\drivers\dufyvjd.sys'

contenait un virus ou un programme indésirable 'TR/Rootkit.Gen' [trojan].

 

Or, quand je veux supprimer ou mettre en quarantaine ce programme, on m'informe que c'est un échec. Comment m'en débarrasser ?

 

Je vous poste le rapport HijackThis

 

Merci d'avance

 

Christelle

 

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 17:26:28, on 24/06/2010

Platform: Windows Vista SP2 (WinNT 6.00.1906)

MSIE: Internet Explorer v8.00 (8.00.6001.18928)

Boot mode: Normal

 

Running processes:

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\system32\taskeng.exe

C:\Program Files\Avira\AntiVir Desktop\avgnt.exe

C:\Program Files\AOL 9.0 VR\waol.exe

C:\Program Files\Common Files\AOL\1253547102\ee\aolsoftware.exe

C:\Program Files\Windows Media Player\wmpnscfg.exe

C:\Windows\system32\wbem\unsecapp.exe

C:\Program Files\Windows Defender\MSASCui.exe

C:\Program Files\AOL 9.0 VR\shellmon.exe

C:\Program Files\Common Files\AOL\Topspeed\3.0\aoltpsd3.exe

C:\Users\christelle\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UKJ1N9WZ\hijackthis-2.0.4[2].exe

C:\Users\CHRIST~1\AppData\Local\Temp\hijackthis-2.0.4.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Recherche écologique sur Durable.com

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Recherche écologique sur Durable.com

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN : Hotmail, Messenger, Actualité, Sport et Vidéo

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Recherche écologique sur Durable.com

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Recherche écologique sur Durable.com

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = Recherche écologique sur Durable.com

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = Recherche écologique sur Durable.com

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = Recherche écologique sur Durable.com

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O1 - Hosts: ::1 localhost

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: EmailBHO - {647FD14A-C4F1-46F4-8FC3-0B40F54226F7} - C:\Program Files\jZip\WebmailPlugin.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O3 - Toolbar: WalterShop - {9ec204df-0e48-4c32-816e-2e928a4fd9c2} - mscoree.dll (file missing)

O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min

O4 - HKLM\..\RunOnce: [*WerKernelReporting] %SYSTEMROOT%\SYSTEM32\WerFault.exe -k -rq

O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\AOL 9.0 VR\AOL.EXE" -b

O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')

O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')

O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200

O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000

O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html

O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe

O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll

O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} - http://www.zebulon.fr/outils/antivirus/kavwebscan_unicode.cab

O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab

O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scanner/sources/fr/scan8/oscan8.cab

O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www.virustraq.com/img/scan_virus/webscan.cab

O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{21E50DC7-B6A4-4301-A47F-B360BD6105C2}: NameServer = 86.64.233.85 109.0.64.243

O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll

O23 - Service: @%SystemRoot%\system32\aelupsvc.dll,-1 (AeLookupSvc) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe

O23 - Service: Avira AntiVir Planificateur (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe

O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe

O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe

O23 - Service: @%systemroot%\system32\appinfo.dll,-100 (Appinfo) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\system32\audiosrv.dll,-204 (AudioEndpointBuilder) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\system32\audiosrv.dll,-200 (Audiosrv) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\system32\bfe.dll,-1001 (BFE) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\system32\qmgr.dll,-1000 (BITS) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%systemroot%\system32\browser.dll,-100 (Browser) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\System32\certprop.dll,-11 (CertPropSvc) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\system32\cryptsvc.dll,-1001 (CryptSvc) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @oleres.dll,-5012 (DcomLaunch) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe

O23 - Service: @%SystemRoot%\system32\dhcpcsvc.dll,-100 (Dhcp) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\System32\dnsapi.dll,-101 (Dnscache) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%systemroot%\system32\dot3svc.dll,-1102 (dot3svc) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%systemroot%\system32\dps.dll,-500 (DPS) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%systemroot%\system32\eapsvc.dll,-1 (EapHost) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\ehome\ehrecvr.exe,-101 (ehRecvr) - Unknown owner - C:\Windows\ehome\ehRecvr.exe

O23 - Service: @%SystemRoot%\ehome\ehsched.exe,-101 (ehSched) - Unknown owner - C:\Windows\ehome\ehsched.exe

O23 - Service: @%SystemRoot%\ehome\ehstart.dll,-101 (ehstart) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\system32\emdmgmt.dll,-1000 (EMDMgmt) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\system32\wevtsvc.dll,-200 (Eventlog) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @comres.dll,-2450 (EventSystem) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%systemroot%\system32\fdPHost.dll,-100 (fdPHost) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%systemroot%\system32\fdrespub.dll,-100 (FDResPub) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%systemroot%\system32\FntCache.dll,-100 (FontCache) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @gpapi.dll,-112 (gpsvc) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: Service Google Update (gupdate) (gupdate) - Unknown owner - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: @%SystemRoot%\System32\hidserv.dll,-101 (hidserv) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\system32\kmsvc.dll,-6 (hkmsvc) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\system32\ikeext.dll,-501 (IKEEXT) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%systemroot%\system32\IPBusEnum.dll,-102 (IPBusEnum) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\system32\iphlpsvc.dll,-200 (iphlpsvc) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe

O23 - Service: @comres.dll,-2946 (KtmRm) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%systemroot%\system32\srvsvc.dll,-100 (LanmanServer) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%systemroot%\system32\wkssvc.dll,-100 (LanmanWorkstation) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\system32\lltdres.dll,-1 (lltdsvc) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\system32\lmhsvc.dll,-101 (lmhosts) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%systemroot%\system32\mmcss.dll,-100 (MMCSS) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\system32\FirewallAPI.dll,-23090 (MpsSvc) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe

O23 - Service: @%SystemRoot%\system32\iscsidsc.dll,-5000 (MSiSCSI) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\system32\msimsg.dll,-27 (msiserver) - Unknown owner - C:\Windows\system32\msiexec.exe

O23 - Service: @%SystemRoot%\system32\qagentrt.dll,-6 (napagent) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe

O23 - Service: @%SystemRoot%\system32\netman.dll,-109 (Netman) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\system32\netprof.dll,-246 (netprofm) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\System32\nlasvc.dll,-1 (NlaSvc) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\system32\nsisvc.dll,-200 (nsi) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\system32\p2psvc.dll,-8004 (p2pimsvc) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\system32\p2psvc.dll,-8006 (p2psvc) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\system32\pcasvc.dll,-1 (PcaSvc) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%systemroot%\system32\pla.dll,-500 (pla) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\system32\umpnpmgr.dll,-100 (PlugPlay) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\system32\p2psvc.dll,-8002 (PNRPAutoReg) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\system32\p2psvc.dll,-8000 (PNRPsvc) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\System32\polstore.dll,-5010 (PolicyAgent) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%systemroot%\system32\profsvc.dll,-300 (ProfSvc) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe

O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%Systemroot%\system32\rasauto.dll,-200 (RasAuto) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%Systemroot%\system32\rasmans.dll,-200 (RasMan) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @regsvc.dll,-1 (RemoteRegistry) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe

O23 - Service: @oleres.dll,-5010 (RpcSs) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe

O23 - Service: @%SystemRoot%\System32\SCardSvr.dll,-1 (SCardSvr) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\system32\schedsvc.dll,-100 (Schedule) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\System32\certprop.dll,-13 (SCPolicySvc) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\system32\sdrsvc.dll,-107 (SDRSVC) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\system32\Sens.dll,-200 (SENS) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\System32\SessEnv.dll,-1026 (SessionEnv) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\system32\ipnathlp.dll,-106 (SharedAccess) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\System32\shsvcs.dll,-12288 (ShellHWDetection) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe

O23 - Service: @%SystemRoot%\system32\SLUINotify.dll,-103 (SLUINotify) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe

O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe

O23 - Service: @%systemroot%\system32\ssdpsrv.dll,-100 (SSDPSRV) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\system32\sstpsvc.dll,-200 (SstpSvc) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe

O23 - Service: @%SystemRoot%\system32\wiaservc.dll,-9 (stisvc) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\System32\swprv.dll,-103 (swprv) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\system32\sysmain.dll,-1000 (SysMain) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\system32\TabSvc.dll,-100 (TabletInputService) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\system32\tapisrv.dll,-10100 (TapiSrv) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\system32\tbssvc.dll,-100 (TBS) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\System32\termsrv.dll,-268 (TermService) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\System32\shsvcs.dll,-8192 (Themes) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%systemroot%\system32\mmcss.dll,-102 (THREADORDER) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\system32\trkwks.dll,-1 (TrkWks) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\servicing\TrustedInstaller.exe,-100 (TrustedInstaller) - Unknown owner - C:\Windows\servicing\TrustedInstaller.exe

O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe

O23 - Service: @%systemroot%\system32\upnphost.dll,-213 (upnphost) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\system32\dwm.exe,-2000 (UxSms) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe

O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe

O23 - Service: @%SystemRoot%\system32\w32time.dll,-200 (W32Time) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\system32\wcncsvc.dll,-3 (wcncsvc) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\system32\WcsPlugInService.dll,-200 (WcsPlugInService) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%systemroot%\system32\wdi.dll,-502 (WdiServiceHost) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%systemroot%\system32\wdi.dll,-500 (WdiSystemHost) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%systemroot%\system32\webclnt.dll,-100 (WebClient) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\system32\wecsvc.dll,-200 (Wecsvc) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\System32\wercplsupport.dll,-101 (wercplsupport) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\System32\wersvc.dll,-100 (WerSvc) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%ProgramFiles%\Windows Defender\MsMpRes.dll,-103 (WinDefend) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\system32\winhttp.dll,-100 (WinHttpAutoProxySvc) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%Systemroot%\system32\wbem\wmisvc.dll,-205 (Winmgmt) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%Systemroot%\system32\wsmsvc.dll,-101 (WinRM) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: Gestionnaire de mise à jour Winsudate (WinSvc) - Unknown owner - C:\Program Files\Winsudate\gibsvc.exe (file missing)

O23 - Service: @%SystemRoot%\System32\wlansvc.dll,-257 (Wlansvc) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe

O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files\Windows Media Player\wmpnetwk.exe

O23 - Service: @%SystemRoot%\system32\wpcsvc.dll,-100 (WPCSvc) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\system32\wpdbusenum.dll,-100 (WPDBusEnum) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\System32\wscsvc.dll,-200 (wscsvc) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%systemroot%\system32\SearchIndexer.exe,-103 (WSearch) - Unknown owner - C:\Windows\system32\SearchIndexer.exe

O23 - Service: @%systemroot%\system32\wuaueng.dll,-105 (wuauserv) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\system32\wudfsvc.dll,-1000 (wudfsvc) - Unknown owner - C:\Windows\system32\svchost.exe

 

--

End of file - 20952 bytes

Modifié le 3 juillet 2010 par christelsina

[no.ppp]

Salut,

 

On va cerner un peu mieux le problème et on attaque !

 

Télécharge OTL sur ton Bureau

• Double-clique sur OTL.exe pour le lancer.
  
• Coche la case Tous les utilisateurs
  
• Fais de même avec Recherche Lop et Recherche Purity.
  
• Clique ensuite sur Analyse puis patiente pendant qu'il scanne le registre et les fichiers.
  
• Quand l'analyse est terminée, deux fenêtres du Bloc-notes vont s'ouvrir. OTL.Txt et Extras.Txt. Ces fichiers sont sauvegardés au même endroit que OTL.
  
• Copie-colle les dans ta prochaine réponse.

[christelsina]

Il a fallu que je répare avec Vista car le fichier dans lequel ce rootkit est placé semblait avoir endommagé le démarrage de Windows.

J'ai fait ce que tu m'as dit : ici OTL.Txt

 

OTL logfile created on: 26/06/2010 12:49:59 - Run 1

OTL by OldTimer - Version 3.2.7.0 Folder = C:\Users\christelle\Desktop

Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18928)

Locale: 0000040c | Country: France | Language: FRA | Date Format: dd/MM/yyyy

 

3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 67,00% Memory free

6,00 Gb Paging File | 5,00 Gb Available in Paging File | 83,00% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 97,66 Gb Total Space | 37,22 Gb Free Space | 38,12% Space Free | Partition Type: NTFS

Drive D: | 200,43 Gb Total Space | 166,84 Gb Free Space | 83,24% Space Free | Partition Type: NTFS

Drive E: | 2,84 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

 

Computer Name: PC-DE-CHRISTELL

Current User Name: christelle

Logged in as Administrator.

 

Current Boot Mode: Normal

Scan Mode: All users

Company Name Whitelist: Off

Skip Microsoft Files: Off

File Age = 30 Days

Output = Standard

 

========== Processes (SafeList) ==========

 

PRC - [2010/06/26 12:49:13 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Users\christelle\Desktop\OTL.exe

PRC - [2010/04/27 17:39:10 | 000,185,089 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe

PRC - [2010/04/27 17:39:10 | 000,108,289 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe

PRC - [2009/04/11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe

PRC - [2009/04/11 08:27:20 | 000,088,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\audiodg.exe

PRC - [2009/03/02 13:08:11 | 000,209,153 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe

PRC - [2007/06/21 13:44:34 | 000,054,576 | ---- | M] (AOL) -- C:\Program Files\AOL 9.0 VR\shellmon.exe

PRC - [2007/05/24 10:15:27 | 000,039,472 | ---- | M] (AOL, LLC.) -- C:\Program Files\AOL 9.0 VR\waol.exe

PRC - [2007/04/02 14:33:32 | 000,063,120 | ---- | M] (AOL LLC) -- C:\Program Files\Common Files\AOL\Topspeed\3.0\aoltpsd3.exe

PRC - [2006/10/23 14:50:35 | 000,046,640 | R--- | M] (AOL LLC) -- C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe

PRC - [2006/09/26 02:52:48 | 000,050,736 | ---- | M] (America Online, Inc.) -- C:\Program Files\Common Files\AOL\1253547102\ee\aolsoftware.exe

 

 

========== Modules (SafeList) ==========

 

MOD - [2010/06/26 12:49:13 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Users\christelle\Desktop\OTL.exe

MOD - [2009/04/11 08:21:38 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll

MOD - [2008/01/21 04:24:37 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msscript.ocx

 

 

========== Win32 Services (SafeList) ==========

 

SRV - File not found [Auto | Stopped] -- -- (WinSvc)

SRV - [2010/06/18 20:29:22 | 000,395,048 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)

SRV - [2010/04/27 17:39:10 | 000,185,089 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)

SRV - [2010/04/27 17:39:10 | 000,108,289 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)

SRV - [2010/04/03 16:59:00 | 000,240,232 | ---- | M] (NVIDIA Corporation) [Disabled | Stopped] -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)

SRV - [2009/09/25 03:27:04 | 000,793,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache)

SRV - [2009/01/26 16:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Disabled | Stopped] -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)

SRV - [2008/10/20 21:18:26 | 000,071,096 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\CDBurnerXP\NMSAccessU.exe -- (NMSAccessU)

SRV - [2008/01/21 04:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)

SRV - [2007/04/25 14:18:48 | 000,537,520 | ---- | M] ( ) [Disabled | Stopped] -- C:\Windows\System32\lxbvcoms.exe -- (lxbv_device)

SRV - [2006/10/23 14:50:35 | 000,046,640 | R--- | M] (AOL LLC) [Auto | Running] -- C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe -- (AOL ACS)

 

 

========== Driver Services (SafeList) ==========

 

DRV - [2010/04/27 17:39:10 | 000,056,816 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)

DRV - [2010/04/27 17:39:10 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)

DRV - [2010/04/04 00:55:31 | 011,573,800 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)

DRV - [2009/03/30 10:32:47 | 000,096,104 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)

DRV - [2009/02/13 12:34:33 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)

DRV - [2008/07/25 14:09:50 | 000,870,400 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\viahduaa.sys -- (VIAHdAudAddService)

DRV - [2008/03/25 23:38:20 | 001,048,480 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvmfdx32.sys -- (NVENETFD)

DRV - [2008/01/21 04:23:27 | 000,386,616 | ---- | M] (LSI Corporation, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasr.sys -- (MegaSR)

DRV - [2008/01/21 04:23:27 | 000,149,560 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)

DRV - [2008/01/21 04:23:27 | 000,031,288 | ---- | M] (LSI Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)

DRV - [2008/01/21 04:23:26 | 000,101,432 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)

DRV - [2008/01/21 04:23:26 | 000,074,808 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)

DRV - [2008/01/21 04:23:26 | 000,040,504 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)

DRV - [2008/01/21 04:23:25 | 000,300,600 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)

DRV - [2008/01/21 04:23:25 | 000,089,656 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)

DRV - [2008/01/21 04:23:24 | 001,122,360 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)

DRV - [2008/01/21 04:23:24 | 000,118,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel®

DRV - [2008/01/21 04:23:24 | 000,079,928 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)

DRV - [2008/01/21 04:23:23 | 000,235,064 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)

DRV - [2008/01/21 04:23:23 | 000,130,616 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)

DRV - [2008/01/21 04:23:23 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)

DRV - [2008/01/21 04:23:23 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)

DRV - [2008/01/21 04:23:23 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)

DRV - [2008/01/21 04:23:23 | 000,079,416 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc)

DRV - [2008/01/21 04:23:22 | 000,342,584 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)

DRV - [2008/01/21 04:23:21 | 000,422,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)

DRV - [2008/01/21 04:23:21 | 000,102,968 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)

DRV - [2008/01/21 04:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)

DRV - [2008/01/21 04:23:20 | 000,238,648 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)

DRV - [2008/01/21 04:23:00 | 000,020,024 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)

DRV - [2008/01/21 04:23:00 | 000,019,000 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)

DRV - [2008/01/21 04:23:00 | 000,017,464 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)

DRV - [2007/04/13 19:30:39 | 000,025,136 | ---- | M] (America Online) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atwpkt2.sys -- (ATWPKT2)

DRV - [2006/12/05 12:34:42 | 000,507,136 | ---- | M] (PixArt Imaging Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\PFC027.SYS -- (PAC207)

DRV - [2006/11/30 00:24:57 | 000,033,588 | ---- | M] (America Online, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\wanatw4.sys -- (wanatw) WAN Miniport (ATW)

DRV - [2006/11/02 11:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)

DRV - [2006/11/02 11:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)

DRV - [2006/11/02 11:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)

DRV - [2006/11/02 11:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)

DRV - [2006/11/02 11:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)

DRV - [2006/11/02 11:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)

DRV - [2006/11/02 11:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)

DRV - [2006/11/02 11:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)

DRV - [2006/11/02 11:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)

DRV - [2006/11/02 11:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)

DRV - [2006/11/02 11:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)

DRV - [2006/11/02 10:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)

DRV - [2006/11/02 10:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)

DRV - [2006/11/02 10:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)

DRV - [2006/11/02 10:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)

DRV - [2006/11/02 10:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)

DRV - [2006/11/02 10:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)

DRV - [2006/11/02 09:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)

DRV - [2006/10/18 07:44:48 | 000,007,680 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ASACPI.sys -- (MTsensor)

 

 

========== Standard Registry (SafeList) ==========

 

 

========== Internet Explorer ==========

 

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = Recherche écologique sur Durable.com

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Recherche écologique sur Durable.com

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = Recherche écologique sur Durable.com

 

 

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

 

 

IE - HKU\S-1-5-21-3384554939-569170500-819879126-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = Recherche écologique sur Durable.com

IE - HKU\S-1-5-21-3384554939-569170500-819879126-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = Recherche écologique sur Durable.com

IE - HKU\S-1-5-21-3384554939-569170500-819879126-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Durable.com

IE - HKU\S-1-5-21-3384554939-569170500-819879126-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.durable.com/result?cx=partner-pub-7902900401080901%3Azbljezwsgul&cof=FORID%3A10&ie=UTF-8&q={searchTerms}

IE - HKU\S-1-5-21-3384554939-569170500-819879126-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Google

IE - HKU\S-1-5-21-3384554939-569170500-819879126-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1

IE - HKU\S-1-5-21-3384554939-569170500-819879126-1000\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = Recherche écologique sur Durable.com

IE - HKU\S-1-5-21-3384554939-569170500-819879126-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

 

 

O1 HOSTS File: ([2010/02/27 00:18:02 | 000,380,255 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts

O1 - Hosts: ::1 localhost

O1 - Hosts: 127.0.0.1 www.007guard.com

O1 - Hosts: 127.0.0.1 007guard.com

O1 - Hosts: 127.0.0.1 008i.com

O1 - Hosts: 127.0.0.1 www.008k.com

O1 - Hosts: 127.0.0.1 008k.com

O1 - Hosts: 127.0.0.1 www.00hq.com

O1 - Hosts: 127.0.0.1 00hq.com

O1 - Hosts: 127.0.0.1 010402.com

O1 - Hosts: 127.0.0.1 www.032439.com

O1 - Hosts: 127.0.0.1 032439.com

O1 - Hosts: 127.0.0.1 www.0scan.com

O1 - Hosts: 127.0.0.1 0scan.com

O1 - Hosts: 127.0.0.1 1000gratisproben.com

O1 - Hosts: 127.0.0.1 www.1000gratisproben.com

O1 - Hosts: 127.0.0.1 1001namen.com

O1 - Hosts: 127.0.0.1 www.1001namen.com

O1 - Hosts: 127.0.0.1 100888290cs.com

O1 - Hosts: 127.0.0.1 www.100888290cs.com

O1 - Hosts: 127.0.0.1 www.100sexlinks.com

O1 - Hosts: 127.0.0.1 100sexlinks.com

O1 - Hosts: 127.0.0.1 10sek.com

O1 - Hosts: 127.0.0.1 www.10sek.com

O1 - Hosts: 127.0.0.1 www.1-2005-search.com

O1 - Hosts: 127.0.0.1 1-2005-search.com

O1 - Hosts: 13102 more lines...

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.

O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll (Safer Networking Limited)

O2 - BHO: (jZip Webmail plugin) - {647FD14A-C4F1-46F4-8FC3-0B40F54226F7} - C:\Program Files\jZip\WebmailPlugin.dll (Discordia Limited)

O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll (Google Inc.)

O3 - HKU\S-1-5-21-3384554939-569170500-819879126-1000\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.

O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)

O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)

O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)

O4 - HKU\S-1-5-21-3384554939-569170500-819879126-1000..\Run: [AOL Fast Start] C:\Program Files\AOL 9.0 VR\AOL.EXE (AOL)

O4 - HKLM..\RunOnce: [*WerKernelReporting] C:\Windows\System32\WerFault.exe (Microsoft Corporation)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 28

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-21-3384554939-569170500-819879126-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-21-3384554939-569170500-819879126-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2

O7 - HKU\S-1-5-21-3384554939-569170500-819879126-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1

O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)

O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll (Google Inc.)

O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll (Safer Networking Limited)

O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)

O13 - gopher Prefix: missing

O15 - HKU\S-1-5-21-3384554939-569170500-819879126-1000\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)

O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} http://www.zebulon.fr/outils/antivirus/kavwebscan_unicode.cab (Reg Error: Key error.)

O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} http://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab (System Requirements Lab Class)

O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} http://download.bitdefender.com/resources/scanner/sources/fr/scan8/oscan8.cab (BDSCANONLINE Control)

O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} http://www.virustraq.com/img/scan_virus/webscan.cab (WScanCtl Class)

O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Facebook Photo Uploader 5 Control)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.138

O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)

O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O24 - Desktop WallPaper: C:\Users\christelle\AppData\Roaming\Microsoft\Windows Photo Gallery\Papier peint de la Galerie de photos Windows.jpg

O24 - Desktop BackupWallPaper: C:\Users\christelle\AppData\Roaming\Microsoft\Windows Photo Gallery\Papier peint de la Galerie de photos Windows.jpg

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2006/09/18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]

O32 - AutoRun File - [2008/01/19 22:00:00 | 000,000,043 | R--- | M] () - E:\autorun.inf -- [ UDF ]

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

 

========== Files/Folders - Created Within 30 Days ==========

 

[2010/06/26 12:49:10 | 000,574,464 | ---- | C] (OldTimer Tools) -- C:\Users\christelle\Desktop\OTL.exe

[2010/06/26 10:09:09 | 000,000,000 | ---D | C] -- C:\Users\christelle\Documents\RIMG0226

[2010/06/26 10:07:35 | 000,000,000 | ---D | C] -- C:\Users\christelle\Documents\RIMG0219

[2010/06/23 03:00:16 | 000,295,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationHost.exe

[2010/06/23 03:00:16 | 000,099,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationHostProxy.dll

[2010/06/23 03:00:16 | 000,049,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netfxperf.dll

[2010/06/22 20:21:48 | 004,240,384 | ---- | C] (Microsoft) -- C:\Windows\System32\GameUXLegacyGDFs.dll

[2010/06/22 20:21:48 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Apphlpdm.dll

[2010/06/22 14:57:32 | 000,000,000 | ---D | C] -- C:\ProgramData\F-Secure

[2010/06/20 20:13:04 | 000,000,000 | ---D | C] -- C:\Users\christelle\Documents\EDTélèves

[2010/06/18 18:14:33 | 000,000,000 | ---D | C] -- C:\Users\christelle\Documents\AUJOURLEJOUR21.06

[2010/06/16 21:31:31 | 000,000,000 | --SD | C] -- C:\Users\christelle\Documents\Mes sources de données

[2010/06/11 23:15:47 | 000,000,000 | ---D | C] -- C:\Users\christelle\Documents\AUJOURLEJOUR14.06

[2010/06/10 08:02:17 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\asycfilt.dll

[2010/06/10 08:02:15 | 000,289,792 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll

[2010/06/10 08:02:15 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll

[2010/06/10 08:01:59 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb

[2010/06/10 08:01:59 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl

[2010/06/10 08:01:59 | 000,611,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll

[2010/06/10 08:01:59 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll

[2010/06/10 08:01:59 | 000,387,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll

[2010/06/10 08:01:59 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll

[2010/06/10 08:01:59 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe

[2010/06/10 08:01:59 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll

[2010/06/10 08:01:59 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe

[2010/06/10 08:01:59 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll

[2010/06/10 08:01:59 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll

[2010/06/10 08:01:59 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll

[2010/06/10 08:01:59 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll

[2010/06/10 08:01:59 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll

[2010/06/10 08:01:59 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe

[2010/06/10 08:01:37 | 002,037,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys

[2010/06/09 10:28:28 | 000,000,000 | ---D | C] -- C:\Users\christelle\AppData\Roaming\ArchiFacile

[2010/06/08 18:02:32 | 000,000,000 | ---D | C] -- C:\Users\christelle\Documents\AR-M351U_20100608_133448_Compressed

[2010/06/03 18:31:41 | 000,000,000 | ---D | C] -- C:\Users\christelle\Documents\PLANNINGDERESTITUTIONDESMANUELSSCOLAIRES

[2010/05/31 21:47:13 | 000,000,000 | ---D | C] -- C:\Users\christelle\AdSigner

[2010/05/26 19:24:25 | 000,323,584 | ---- | C] ( ) -- C:\Windows\System32\LXBVhcp.dll

[2007/04/04 12:40:30 | 000,643,072 | ---- | C] ( ) -- C:\Windows\System32\lxbvpmui.dll

[2007/04/04 12:39:22 | 001,224,704 | ---- | C] ( ) -- C:\Windows\System32\lxbvserv.dll

[2007/04/04 12:34:14 | 000,421,888 | ---- | C] ( ) -- C:\Windows\System32\lxbvcomm.dll

[2007/04/04 12:32:50 | 000,585,728 | ---- | C] ( ) -- C:\Windows\System32\lxbvlmpm.dll

[2007/04/04 12:31:40 | 000,397,312 | ---- | C] ( ) -- C:\Windows\System32\lxbviesc.dll

[2007/04/04 12:29:30 | 000,094,208 | ---- | C] ( ) -- C:\Windows\System32\lxbvpplc.dll

[2007/04/04 12:28:44 | 000,684,032 | ---- | C] ( ) -- C:\Windows\System32\lxbvcomc.dll

[2007/04/04 12:28:12 | 000,163,840 | ---- | C] ( ) -- C:\Windows\System32\lxbvprox.dll

[2007/04/04 12:22:26 | 000,413,696 | ---- | C] ( ) -- C:\Windows\System32\lxbvinpa.dll

[2007/04/04 12:21:52 | 000,995,328 | ---- | C] ( ) -- C:\Windows\System32\lxbvusb1.dll

[2007/04/04 12:18:20 | 000,696,320 | ---- | C] ( ) -- C:\Windows\System32\lxbvhbn3.dll

[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

 

========== Files - Modified Within 30 Days ==========

 

[2010/06/26 12:51:16 | 000,823,808 | ---- | M] () -- C:\Windows\System32\drivers\dufyvjd.sys

[2010/06/26 12:50:48 | 010,223,616 | -HS- | M] () -- C:\Users\christelle\ntuser.dat

[2010/06/26 12:49:13 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Users\christelle\Desktop\OTL.exe

[2010/06/26 12:43:32 | 000,001,000 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job

[2010/06/26 12:41:15 | 000,001,050 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

[2010/06/26 12:41:07 | 000,003,712 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0

[2010/06/26 12:41:07 | 000,003,712 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0

[2010/06/26 12:41:05 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT

[2010/06/26 12:41:03 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2010/06/26 10:09:09 | 006,206,040 | ---- | M] () -- C:\Users\christelle\Documents\RIMG0226.zip

[2010/06/26 10:07:35 | 006,214,674 | ---- | M] () -- C:\Users\christelle\Documents\RIMG0219.zip

[2010/06/26 01:47:10 | 000,524,288 | -HS- | M] () -- C:\Users\christelle\ntuser.dat{2b29ccfc-f2ec-11de-b8ad-00038a000015}.TMContainer00000000000000000001.regtrans-ms

[2010/06/26 01:47:10 | 000,065,536 | -HS- | M] () -- C:\Users\christelle\ntuser.dat{2b29ccfc-f2ec-11de-b8ad-00038a000015}.TM.blf

[2010/06/25 22:53:00 | 000,001,054 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

[2010/06/25 09:08:48 | 001,470,810 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI

[2010/06/25 09:08:48 | 000,669,328 | ---- | M] () -- C:\Windows\System32\perfh00C.dat

[2010/06/25 09:08:48 | 000,586,980 | ---- | M] () -- C:\Windows\System32\perfh009.dat

[2010/06/25 09:08:48 | 000,123,350 | ---- | M] () -- C:\Windows\System32\perfc00C.dat

[2010/06/25 09:08:48 | 000,101,052 | ---- | M] () -- C:\Windows\System32\perfc009.dat

[2010/06/24 19:10:36 | 001,542,075 | -H-- | M] () -- C:\Users\christelle\AppData\Local\IconCache.db

[2010/06/24 00:23:25 | 000,002,687 | ---- | M] () -- C:\Users\christelle\Desktop\Microsoft Office Word 2007.lnk

[2010/06/21 00:20:20 | 000,064,307 | ---- | M] () -- C:\Users\christelle\Documents\TROP_FORT1.pdf

[2010/06/20 20:40:58 | 000,944,350 | ---- | M] () -- C:\Users\christelle\Documents\quentin.skp

[2010/06/20 20:13:04 | 000,482,513 | ---- | M] () -- C:\Users\christelle\Documents\EDTélèves.zip

[2010/06/20 17:27:31 | 000,058,368 | ---- | M] () -- C:\Users\christelle\Documents\Fiche profs mardi.doc

[2010/06/19 20:00:00 | 000,000,414 | ---- | M] () -- C:\Windows\tasks\Registry Winner Schedule.job

[2010/06/18 18:14:33 | 000,568,157 | ---- | M] () -- C:\Users\christelle\Documents\AUJOURLEJOUR21.06.zip

[2010/06/18 09:07:02 | 346,173,701 | ---- | M] () -- C:\Windows\MEMORY.DMP

[2010/06/18 01:09:30 | 000,000,664 | RHS- | M] () -- C:\Users\christelle\ntuser.pol

[2010/06/18 01:06:02 | 000,006,460 | ---- | M] () -- C:\Users\christelle\Documents\élèves inscrits.odt

[2010/06/16 19:19:09 | 004,321,386 | ---- | M] () -- C:\Users\christelle\Documents\Maison Camille.skp

[2010/06/16 15:08:59 | 066,594,580 | ---- | M] () -- C:\Users\christelle\Documents\Maisons Camille et Quentin.skp

[2010/06/14 23:03:37 | 000,060,273 | ---- | M] () -- C:\Users\christelle\Documents\organisationsemainederévision.pdf

[2010/06/14 19:56:16 | 046,778,819 | ---- | M] () -- C:\Users\christelle\Documents\1.skb

[2010/06/14 19:54:37 | 066,614,278 | ---- | M] () -- C:\Users\christelle\Documents\EnregistrementAuto_Maison Camille.skp

[2010/06/13 20:36:32 | 063,450,158 | ---- | M] () -- C:\Users\christelle\Documents\Maison Camille.skb

[2010/06/13 18:07:27 | 000,010,389 | ---- | M] () -- C:\Users\christelle\Documents\ne de révisions Christelle.odt

[2010/06/13 12:04:46 | 031,542,335 | ---- | M] () -- C:\Users\christelle\Documents\0.skb

[2010/06/13 11:58:22 | 032,630,210 | ---- | M] () -- C:\Users\christelle\Documents\EnregistrementAuto_Sketchup 4.skp

[2010/06/12 23:40:17 | 027,832,074 | ---- | M] () -- C:\Users\christelle\Documents\Sketchup 4.skp

[2010/06/12 11:50:42 | 000,000,000 | ---- | M] () -- C:\Users\christelle\Desktop\0.skb

[2010/06/12 11:44:58 | 021,145,675 | ---- | M] () -- C:\Users\christelle\Documents\EnregistrementAuto_Sans titre_2.skp

[2010/06/12 10:47:55 | 006,877,421 | ---- | M] () -- C:\Users\christelle\Documents\EnregistrementAuto_Sans titre_1.skp

[2010/06/11 23:15:47 | 000,267,656 | ---- | M] () -- C:\Users\christelle\Documents\AUJOURLEJOUR14.06.zip

[2010/06/11 21:17:34 | 055,713,681 | ---- | M] () -- C:\Users\christelle\Documents\EnregistrementAuto_Sans titre.skp

[2010/06/11 19:38:59 | 000,022,016 | ---- | M] () -- C:\Users\christelle\Documents\Akim.doc

[2010/06/10 20:31:49 | 000,387,776 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT

[2010/06/09 10:42:20 | 000,001,498 | ---- | M] () -- C:\Users\Public\Desktop\Google SketchUp 7.lnk

[2010/06/08 18:02:32 | 000,293,385 | ---- | M] () -- C:\Users\christelle\Documents\AR-M351U_20100608_133448_Compressed.zip

[2010/06/04 18:20:12 | 000,049,664 | ---- | M] () -- C:\Users\christelle\Documents\AUJOURLEJOUR07.06.doc

[2010/06/04 18:19:41 | 000,493,568 | ---- | M] () -- C:\Users\christelle\Documents\NDSn°104ChallengeDavini.doc

[2010/06/03 22:42:56 | 000,067,584 | ---- | M] () -- C:\Users\christelle\Documents\Fichedevoeux.doc

[2010/06/03 22:42:34 | 000,178,197 | ---- | M] () -- C:\Users\christelle\Documents\Fichedevoeux.pdf

[2010/06/03 21:29:08 | 000,000,214 | ---- | M] () -- C:\Users\christelle\Desktop\Ricochet Infinity.url

[2010/06/03 18:31:41 | 000,863,673 | ---- | M] () -- C:\Users\christelle\Documents\PLANNINGDERESTITUTIONDESMANUELSSCOLAIRES.zip

[2010/06/03 18:25:19 | 000,714,752 | ---- | M] () -- C:\Users\christelle\Documents\Etupensidifareunbruttolavoro.pps

[2010/06/01 20:39:20 | 000,081,408 | ---- | M] () -- C:\Users\christelle\Documents\Résultats3°.xls

[2010/05/28 22:09:41 | 000,053,365 | ---- | M] () -- C:\ProgramData\nvModes.dat

[2010/05/28 22:09:41 | 000,053,365 | ---- | M] () -- C:\ProgramData\nvModes.001

[2010/05/27 15:28:55 | 000,495,104 | ---- | M] () -- C:\Users\christelle\Documents\NDSn°99Conférencemaths.doc

[2010/05/27 13:01:32 | 000,494,592 | ---- | M] () -- C:\Users\christelle\Documents\NDSn°98PP5ème.doc

[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

 

========== Files Created - No Company Name ==========

 

[2010/06/26 10:07:59 | 006,206,040 | ---- | C] () -- C:\Users\christelle\Documents\RIMG0226.zip

[2010/06/26 10:06:22 | 006,214,674 | ---- | C] () -- C:\Users\christelle\Documents\RIMG0219.zip

[2010/06/21 00:20:17 | 000,064,307 | ---- | C] () -- C:\Users\christelle\Documents\TROP_FORT1.pdf

[2010/06/20 20:40:57 | 000,944,350 | ---- | C] () -- C:\Users\christelle\Documents\quentin.skp

[2010/06/20 20:12:57 | 000,482,513 | ---- | C] () -- C:\Users\christelle\Documents\EDTélèves.zip

[2010/06/20 17:27:31 | 000,058,368 | ---- | C] () -- C:\Users\christelle\Documents\Fiche profs mardi.doc

[2010/06/18 18:14:19 | 000,568,157 | ---- | C] () -- C:\Users\christelle\Documents\AUJOURLEJOUR21.06.zip

[2010/06/18 01:05:51 | 000,006,460 | ---- | C] () -- C:\Users\christelle\Documents\élèves inscrits.odt

[2010/06/16 15:08:20 | 066,594,580 | ---- | C] () -- C:\Users\christelle\Documents\Maisons Camille et Quentin.skp

[2010/06/14 23:03:35 | 000,060,273 | ---- | C] () -- C:\Users\christelle\Documents\organisationsemainederévision.pdf

[2010/06/14 19:55:53 | 063,450,158 | ---- | C] () -- C:\Users\christelle\Documents\Maison Camille.skb

[2010/06/14 19:55:53 | 046,778,819 | ---- | C] () -- C:\Users\christelle\Documents\1.skb

[2010/06/14 19:54:10 | 066,614,278 | ---- | C] () -- C:\Users\christelle\Documents\EnregistrementAuto_Maison Camille.skp

[2010/06/13 20:35:55 | 004,321,386 | ---- | C] () -- C:\Users\christelle\Documents\Maison Camille.skp

[2010/06/13 18:07:26 | 000,010,389 | ---- | C] () -- C:\Users\christelle\Documents\ne de révisions Christelle.odt

[2010/06/13 12:03:27 | 031,542,335 | ---- | C] () -- C:\Users\christelle\Documents\0.skb

[2010/06/13 11:23:48 | 032,630,210 | ---- | C] () -- C:\Users\christelle\Documents\EnregistrementAuto_Sketchup 4.skp

[2010/06/12 23:39:50 | 027,832,074 | ---- | C] () -- C:\Users\christelle\Documents\Sketchup 4.skp

[2010/06/12 11:50:42 | 000,000,000 | ---- | C] () -- C:\Users\christelle\Desktop\0.skb

[2010/06/12 11:19:04 | 021,145,675 | ---- | C] () -- C:\Users\christelle\Documents\EnregistrementAuto_Sans titre_2.skp

[2010/06/12 10:39:36 | 006,877,421 | ---- | C] () -- C:\Users\christelle\Documents\EnregistrementAuto_Sans titre_1.skp

[2010/06/11 23:15:43 | 000,267,656 | ---- | C] () -- C:\Users\christelle\Documents\AUJOURLEJOUR14.06.zip

[2010/06/11 19:38:59 | 000,022,016 | ---- | C] () -- C:\Users\christelle\Documents\Akim.doc

[2010/06/11 17:39:46 | 055,713,681 | ---- | C] () -- C:\Users\christelle\Documents\EnregistrementAuto_Sans titre.skp

[2010/06/09 10:42:20 | 000,001,498 | ---- | C] () -- C:\Users\Public\Desktop\Google SketchUp 7.lnk

[2010/06/08 18:02:27 | 000,293,385 | ---- | C] () -- C:\Users\christelle\Documents\AR-M351U_20100608_133448_Compressed.zip

[2010/06/04 18:20:11 | 000,049,664 | ---- | C] () -- C:\Users\christelle\Documents\AUJOURLEJOUR07.06.doc

[2010/06/04 18:19:35 | 000,493,568 | ---- | C] () -- C:\Users\christelle\Documents\NDSn°104ChallengeDavini.doc

[2010/06/03 22:42:33 | 000,178,197 | ---- | C] () -- C:\Users\christelle\Documents\Fichedevoeux.pdf

[2010/06/03 18:31:30 | 000,863,673 | ---- | C] () -- C:\Users\christelle\Documents\PLANNINGDERESTITUTIONDESMANUELSSCOLAIRES.zip

[2010/06/03 18:25:09 | 000,714,752 | ---- | C] () -- C:\Users\christelle\Documents\Etupensidifareunbruttolavoro.pps

[2010/06/01 20:39:19 | 000,081,408 | ---- | C] () -- C:\Users\christelle\Documents\Résultats3°.xls

[2010/05/27 15:28:49 | 000,495,104 | ---- | C] () -- C:\Users\christelle\Documents\NDSn°99Conférencemaths.doc

[2010/05/27 13:01:26 | 000,494,592 | ---- | C] () -- C:\Users\christelle\Documents\NDSn°98PP5ème.doc

[2010/05/26 19:24:25 | 000,274,432 | ---- | C] () -- C:\Windows\System32\LXBVinst.dll

[2010/05/24 19:34:52 | 000,823,808 | ---- | C] () -- C:\Windows\System32\drivers\dufyvjd.sys

[2009/10/28 14:29:40 | 000,000,940 | ---- | C] () -- C:\Windows\bdoscandellang.ini

[2009/10/08 01:33:24 | 000,000,021 | ---- | C] () -- C:\Windows\Progs_.ini

[2009/09/24 01:07:49 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll

[2009/07/09 17:15:50 | 000,000,006 | ---- | C] () -- C:\Windows\msoffice.ini

[2009/04/22 22:59:36 | 000,000,004 | ---- | C] () -- C:\Windows\System32\Vbbd.dll

[2009/03/30 13:40:31 | 000,044,544 | ---- | C] () -- C:\Windows\System32\GIF89.DLL

[2009/03/18 18:40:12 | 000,000,384 | ---- | C] () -- C:\Windows\disney.ini

[2009/03/08 16:49:06 | 000,000,330 | ---- | C] () -- C:\Windows\Lexstat.ini

[2009/03/05 18:23:35 | 000,027,115 | ---- | C] () -- C:\Windows\Ascd_log.ini

[2009/03/05 18:22:55 | 000,007,680 | ---- | C] () -- C:\Windows\System32\drivers\ASACPI.sys

[2009/03/05 18:22:49 | 000,026,874 | ---- | C] () -- C:\Windows\Ascd_tmp.ini

[2008/03/28 18:41:32 | 000,007,680 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll

[2007/12/29 01:22:02 | 000,010,296 | ---- | C] () -- C:\Windows\System32\drivers\ASUSHWIO.SYS

[2007/07/10 17:10:12 | 000,000,547 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll.manifest

[2007/04/24 12:47:28 | 000,413,696 | ---- | C] () -- C:\Windows\System32\lxbvutil.dll

[2007/02/22 19:32:00 | 000,344,064 | ---- | C] () -- C:\Windows\System32\lxbvcoin.dll

[2006/11/02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll

[2006/11/02 10:27:46 | 000,000,518 | ---- | C] () -- C:\Windows\System32\SP207.INI

[2006/11/02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini

[2005/10/26 04:12:10 | 000,040,960 | ---- | C] () -- C:\Windows\System32\lxbvvs.dll

 

========== LOP Check ==========

 

[2010/06/09 10:31:48 | 000,000,000 | ---D | M] -- C:\Users\christelle\AppData\Roaming\ArchiFacile

[2010/05/31 19:15:07 | 000,000,000 | ---D | M] -- C:\Users\christelle\AppData\Roaming\BitTorrent

[2010/05/16 15:25:53 | 000,000,000 | ---D | M] -- C:\Users\christelle\AppData\Roaming\Blender Foundation

[2009/06/26 00:31:55 | 000,000,000 | ---D | M] -- C:\Users\christelle\AppData\Roaming\Canneverbe_Limited

[2009/03/30 13:35:26 | 000,000,000 | ---D | M] -- C:\Users\christelle\AppData\Roaming\DeepBurner

[2010/03/02 07:49:54 | 000,000,000 | ---D | M] -- C:\Users\christelle\AppData\Roaming\foobar2000

[2009/12/17 22:29:07 | 000,000,000 | ---D | M] -- C:\Users\christelle\AppData\Roaming\Icones

[2009/09/08 23:49:09 | 000,000,000 | ---D | M] -- C:\Users\christelle\AppData\Roaming\IndexEducation

[2009/10/30 16:37:31 | 000,000,000 | ---D | M] -- C:\Users\christelle\AppData\Roaming\MagicBall3

[2010/02/18 23:10:08 | 000,000,000 | ---D | M] -- C:\Users\christelle\AppData\Roaming\PhotoFiltre

[2010/02/11 20:59:07 | 000,000,000 | ---D | M] -- C:\Users\christelle\AppData\Roaming\Pixia

[2009/04/22 21:57:22 | 000,000,000 | ---D | M] -- C:\Users\christelle\AppData\Roaming\URSE Games

[2010/05/09 17:00:23 | 000,000,000 | ---D | M] -- C:\Users\christelle\AppData\Roaming\uTorrent

[2010/06/26 13:39:57 | 000,000,000 | ---D | M] -- C:\Users\matthieu\AppData\Roaming\BitTorrent

[2010/04/13 13:32:14 | 000,000,000 | ---D | M] -- C:\Users\matthieu\AppData\Roaming\foobar2000

[2010/04/18 11:40:21 | 000,000,000 | ---D | M] -- C:\Users\matthieu\AppData\Roaming\IndexEducation

[2010/04/10 14:07:01 | 000,000,000 | ---D | M] -- C:\Users\matthieu\AppData\Roaming\PhotoFiltre

[2010/04/15 00:25:28 | 000,000,000 | ---D | M] -- C:\Users\matthieu\AppData\Roaming\uTorrent

[2010/06/19 20:00:00 | 000,000,414 | ---- | M] () -- C:\Windows\Tasks\Registry Winner Schedule.job

[2010/06/23 03:16:18 | 000,032,506 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

 

========== Purity Check ==========

 

 

 

========== Alternate Data Streams ==========

 

@Alternate Data Stream - 64 bytes -> C:\Users\christelle\clic.avi:TOC.WMV

@Alternate Data Stream - 1225 bytes -> C:\Users\christelle\Documents\défautdelivre.eml:OECustomProperty

@Alternate Data Stream - 110 bytes -> C:\ProgramData\TEMP:DFC5A2B2

< End of report >

 

Puis Extras.Txt :

 

 

OTL Extras logfile created on: 26/06/2010 12:49:59 - Run 1

OTL by OldTimer - Version 3.2.7.0 Folder = C:\Users\christelle\Desktop

Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18928)

Locale: 0000040c | Country: France | Language: FRA | Date Format: dd/MM/yyyy

 

3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 67,00% Memory free

6,00 Gb Paging File | 5,00 Gb Available in Paging File | 83,00% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 97,66 Gb Total Space | 37,22 Gb Free Space | 38,12% Space Free | Partition Type: NTFS

Drive D: | 200,43 Gb Total Space | 166,84 Gb Free Space | 83,24% Space Free | Partition Type: NTFS

Drive E: | 2,84 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

 

Computer Name: PC-DE-CHRISTELL

Current User Name: christelle

Logged in as Administrator.

 

Current Boot Mode: Normal

Scan Mode: All users

Company Name Whitelist: Off

Skip Microsoft Files: Off

File Age = 30 Days

Output = Standard

 

========== Extra Registry (SafeList) ==========

 

 

========== File Associations ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)

.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

 

========== Shell Spawning ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)

htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)

htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

 

========== Security Center Settings ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 1

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

"VistaSp1" = Reg Error: Unknown registry data type -- File not found

"VistaSp2" = Reg Error: Unknown registry data type -- File not found

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"EnableFirewall" = 1

"DisableNotifications" = 0

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = 1

"DisableNotifications" = 0

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

"EnableFirewall" = 1

"DisableNotifications" = 0

 

========== Authorized Applications List ==========

 

 

========== Vista Active Open Ports Exception List ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

 

========== Vista Active Application Exception List ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{04AB354C-568B-433A-AC39-38A35D0393A1}" = protocol=17 | dir=in | app=c:\windows\system32\lxbvcoms.exe |

"{095C5948-75EA-4125-9A1B-121FFC80933B}" = protocol=6 | dir=in | app=c:\windows\system32\lxbvcoms.exe |

"{177C2C21-6C48-4A29-A92C-2E9D8711CA75}" = protocol=17 | dir=in | app=c:\program files\common files\aol\system information\sinf.exe |

"{17E73C74-2EF0-4127-8590-7E55A66F4C26}" = protocol=6 | dir=in | app=d:\jeux\steamapps\common\ricochet lost worlds\ricochet.exe |

"{27C20A0A-86AC-4D18-8C23-612233D489B6}" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\lxbvpswx.exe |

"{2BF1B870-A7A6-4B79-97AA-64E11E1A5CB1}" = protocol=17 | dir=in | app=c:\program files\common files\aol\topspeed\3.0\aoltpsd3.exe |

"{331F0AE4-E29A-42F2-9725-1F097A54551A}" = protocol=6 | dir=in | app=c:\program files\common files\aol\1247152857\ee\aolsoftware.exe |

"{397D252E-9738-4E41-9654-7894F130C064}" = protocol=6 | dir=in | app=d:\program files\steam\steamapps\common\ricochet infinity\ricochetinfinity.exe |

"{3A7DC470-934E-4103-9028-1A0E75CD908D}" = protocol=17 | dir=in | app=c:\program files\common files\aol\1250697521\ee\aolsoftware.exe |

"{3E230437-E36D-446D-AAC0-0C7E868D53D7}" = protocol=6 | dir=in | app=c:\program files\common files\aol\1236441032\ee\aolsoftware.exe |

"{4674834F-DC9A-4F15-8D9A-39ECB1EF11DB}" = protocol=17 | dir=in | app=c:\program files\common files\aol\1236441032\ee\aolsoftware.exe |

"{47934411-C86E-4AF0-823B-AD928AF6EC5B}" = protocol=6 | dir=in | app=c:\program files\common files\aol\1253547102\ee\aolsoftware.exe |

"{48400C4B-3920-4027-8406-F9F887BDF24B}" = protocol=17 | dir=in | app=c:\program files\common files\aol\1247152857\ee\aolsoftware.exe |

"{4B753CBE-8C5D-418F-A449-C3F99C374367}" = protocol=6 | dir=in | app=d:\program files\steam\steam.exe |

"{51A42CFD-999C-44DA-9F6E-A93F0510B7A1}" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\lxbvpswx.exe |

"{51C59FBC-4F39-474A-874C-0121A98CC09C}" = protocol=6 | dir=in | app=c:\program files\aol 9.0 vr\waol.exe |

"{6F614D8A-4E59-4B59-A173-01753B7111DA}" = protocol=6 | dir=in | app=c:\program files\common files\aol\topspeed\3.0\aoltpsd3.exe |

"{70E56CFB-2E9E-4A24-A928-4EA3EE104605}" = protocol=17 | dir=in | app=c:\windows\system32\lxbvcoms.exe |

"{7FC960E5-5B8C-4AA9-A184-3D5003B3C1AB}" = protocol=17 | dir=in | app=d:\program files\steam\steamapps\common\ricochet lost worlds\ricochet.exe |

"{82FFC04B-D5D8-4998-B843-E456DED04742}" = protocol=17 | dir=in | app=d:\jeux\steamapps\common\ricochet lost worlds\ricochet.exe |

"{8500AAEE-9A79-4252-ACA9-BAEF0C0E72F3}" = protocol=6 | dir=in | app=d:\program files\steam\steamapps\common\ricochet lost worlds\ricochet.exe |

"{8AB9F075-337C-4823-806A-B0076568992C}" = protocol=17 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |

"{8CD6022C-5C03-4F22-8131-FCE68CF9D27C}" = protocol=17 | dir=in | app=d:\program files\steam\steam.exe |

"{9C864AB1-1D4C-47D9-BEA3-4E171DE17636}" = protocol=17 | dir=in | app=c:\program files\common files\aol\1253547102\ee\aolsoftware.exe |

"{A503FB20-DF7A-4F96-9E25-B63B1856488D}" = protocol=6 | dir=in | app=c:\program files\common files\aol\system information\sinf.exe |

"{A5BD2D0B-EC88-4CC0-9B8B-5F66042EDEE6}" = protocol=6 | dir=in | app=c:\windows\system32\lxbvcoms.exe |

"{AD78D276-DCC8-40AF-AEDF-0FD790293055}" = protocol=17 | dir=in | app=c:\program files\common files\aol\acs\aolacsd.exe |

"{BAABBABB-BD8F-4C27-A029-F123797B2CB7}" = protocol=17 | dir=in | app=d:\program files\steam\steam.exe |

"{C1C37FD2-733C-464C-819C-1953F49C360A}" = protocol=6 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |

"{CFDA0302-2968-4387-98F4-9116D2E0934F}" = protocol=6 | dir=in | app=d:\program files\steam\steam.exe |

"{D05C0DE0-0722-40C7-92AF-F350B6165C91}" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\lxbvpswx.exe |

"{DDA1C03A-CF24-4770-802F-A28789098619}" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\lxbvpswx.exe |

"{E6B33E2C-BA2B-492A-8175-E3EC591B93F3}" = protocol=17 | dir=in | app=d:\program files\steam\steamapps\common\ricochet infinity\ricochetinfinity.exe |

"{EA4B7919-A413-4158-B3FF-22343E33A170}" = protocol=17 | dir=in | app=c:\program files\aol 9.0 vr\waol.exe |

"{EB8451BE-6C9E-4741-90F6-BF7FC3BA94F5}" = protocol=17 | dir=in | app=d:\jeux\steamapps\common\ricochet infinity\ricochetinfinity.exe |

"{F0555552-8202-479C-8FC4-B2DC5D64ED6D}" = protocol=6 | dir=in | app=c:\program files\common files\aol\acs\aolacsd.exe |

"{F59A8CF5-9E96-49D4-8FB1-17A6D1C0784A}" = protocol=6 | dir=in | app=d:\jeux\steamapps\common\ricochet infinity\ricochetinfinity.exe |

"{F5C2CBDE-ED58-4761-BA2D-14E20715F71B}" = protocol=6 | dir=in | app=c:\program files\common files\aol\1250697521\ee\aolsoftware.exe |

"TCP Query User{025D6CC5-C7B8-4057-B194-9CA229F4F833}C:\program files\aol 9.0 vr\waol.exe" = protocol=6 | dir=in | app=c:\program files\aol 9.0 vr\waol.exe |

"TCP Query User{129956D5-7814-439F-91A1-53BF39ECB350}C:\program files\emule\emule.exe" = protocol=6 | dir=in | app=c:\program files\emule\emule.exe |

"TCP Query User{1446FBAE-88E8-4C91-95F5-90AF1C2A5AD4}C:\program files\utorrent\utorrent.exe" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |

"TCP Query User{1EEDFC8C-5772-4D8D-9059-6D616CABA338}C:\program files\bittorrent\bittorrent.exe" = protocol=6 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |

"TCP Query User{36C248BF-78A9-48A1-9DE5-5B82FB6F1329}C:\program files\emule\emule.exe" = protocol=6 | dir=in | app=c:\program files\emule\emule.exe |

"TCP Query User{723D4124-07BC-465A-B176-52E1811B3F75}C:\users\christelle\appdata\local\temp\st_ng_setupwizard\stinstall.exe" = protocol=6 | dir=in | app=c:\users\christelle\appdata\local\temp\st_ng_setupwizard\stinstall.exe |

"TCP Query User{89B49252-A931-462B-A2ED-123C358B27EF}D:\program files\utorrent.exe" = protocol=6 | dir=in | app=d:\program files\utorrent.exe |

"TCP Query User{DCC5D5F1-B5EE-447E-8835-3523926650A3}D:\program files\utorrent.exe" = protocol=6 | dir=in | app=d:\program files\utorrent.exe |

"UDP Query User{1DD0B0EA-7F26-4E58-A125-A33E756F7132}C:\program files\bittorrent\bittorrent.exe" = protocol=17 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |

"UDP Query User{35074599-2224-43F1-A037-8E52F661C553}C:\program files\aol 9.0 vr\waol.exe" = protocol=17 | dir=in | app=c:\program files\aol 9.0 vr\waol.exe |

"UDP Query User{44AF02D8-2251-4A90-A71D-098B8C7AB254}D:\program files\utorrent.exe" = protocol=17 | dir=in | app=d:\program files\utorrent.exe |

"UDP Query User{6FEF8767-9D10-45DF-825C-8D0E122A8E03}C:\program files\utorrent\utorrent.exe" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |

"UDP Query User{71EEE631-3F4C-4692-81AA-25C3D0AB35EA}C:\program files\emule\emule.exe" = protocol=17 | dir=in | app=c:\program files\emule\emule.exe |

"UDP Query User{C76B3531-07FA-4C5A-A35C-C4576888D48B}C:\program files\emule\emule.exe" = protocol=17 | dir=in | app=c:\program files\emule\emule.exe |

"UDP Query User{CC40305A-3928-43AB-A003-E3BD116BA93E}D:\program files\utorrent.exe" = protocol=17 | dir=in | app=d:\program files\utorrent.exe |

"UDP Query User{FDB5C9BB-9779-44FC-B88C-7FC0B140CA65}C:\users\christelle\appdata\local\temp\st_ng_setupwizard\stinstall.exe" = protocol=17 | dir=in | app=c:\users\christelle\appdata\local\temp\st_ng_setupwizard\stinstall.exe |

 

========== HKEY_LOCAL_MACHINE Uninstall List ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148

"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam

"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter

"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime

"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate

"{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform

"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java 6 Update 13

"{35CB6715-41F8-4F99-8881-6FC75BF054B0}" = Oblivion

"{3E31821C-7917-367E-938E-E65FC413EA31}" = Microsoft .NET Framework 3.5 Language Pack SP1 - fra

"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support

"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker

"{44CDBD1B-89FB-4E02-8319-2A4C550F664A}" = RTC Client API v1.2

"{5AD045DF-11AA-473D-B4AA-2A4F0E213047}" = Google SketchUp 7

"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update

"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762

"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec

"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player

"{90120000-0015-040C-0000-0000000FF1CE}" = Microsoft Office Access MUI (French) 2007

"{90120000-0015-040C-0000-0000000FF1CE}_PROR_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0016-040C-0000-0000000FF1CE}" = Microsoft Office Excel MUI (French) 2007

"{90120000-0016-040C-0000-0000000FF1CE}_PROR_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0018-040C-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (French) 2007

"{90120000-0018-040C-0000-0000000FF1CE}_PROR_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0019-040C-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (French) 2007

"{90120000-0019-040C-0000-0000000FF1CE}_PROR_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-001A-040C-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (French) 2007

"{90120000-001A-040C-0000-0000000FF1CE}_PROR_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-001B-040C-0000-0000000FF1CE}" = Microsoft Office Word MUI (French) 2007

"{90120000-001B-040C-0000-0000000FF1CE}_PROR_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-001F-0401-0000-0000000FF1CE}" = Microsoft Office Proof (Arabic) 2007

"{90120000-001F-0401-0000-0000000FF1CE}_PROR_{14809F99-C601-4D4A-9391-F1E8FAA964C5}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007

"{90120000-001F-0407-0000-0000000FF1CE}_PROR_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007

"{90120000-001F-0409-0000-0000000FF1CE}_PROR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007

"{90120000-001F-040C-0000-0000000FF1CE}_PROR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

"{90120000-001F-0413-0000-0000000FF1CE}" = Microsoft Office Proof (Dutch) 2007

"{90120000-001F-0413-0000-0000000FF1CE}_PROR_{D66D5A44-E480-4BA4-B4F2-C554F6B30EBB}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007

"{90120000-001F-0C0A-0000-0000000FF1CE}_PROR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

"{90120000-002C-040C-0000-0000000FF1CE}" = Microsoft Office Proofing (French) 2007

"{90120000-006E-040C-0000-0000000FF1CE}" = Microsoft Office Shared MUI (French) 2007

"{90120000-006E-040C-0000-0000000FF1CE}_PROR_{B165D3C2-40AE-4D39-86F7-E5C87C4264C0}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{91120000-0014-0000-0000-0000000FF1CE}" = Microsoft Office Professional 2007

"{91120000-0014-0000-0000-0000000FF1CE}_PROR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{91120000-0014-0000-0000-0000000FF1CE}_PROR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)

"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting

"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

"{A3088CD2-612B-11D3-AF43-00C04F443448}" = Microsoft Works 2000

"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper

"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder

"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter

"{AC76BA86-7AD7-1036-7B44-A93000000001}" = Adobe Reader 9.3.2 - Français

"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9

"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder

"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter

"{B213D0D7-7190-4D49-A72C-5DC57CA70D69}" = INDEX EDUCATION - Client PRONOTE 2009

"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy

"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player

"{C06EFB22-B5DB-46C5-9215-BCB5C19C0858}" = LauncherMA

"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1

"{DEA314C4-0929-4250-BC92-98E4C105F28D}" = NVIDIA PhysX

"{F7B0939E-58DF-11DF-B3A6-005056806466}" = Google Earth

"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX

"Adobe SVG Viewer" = Adobe SVG Viewer 3.0

"Audacity_is1" = Audacity 1.2.6

"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus

"Blender" = Blender (remove only)

"CCleaner" = CCleaner (remove only)

"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters

"eMule" = eMule

"foobar2000" = foobar2000 v0.9.6.3

"Google Updater" = Outil de mise à jour Google

"InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Gestionnaire de périphériques de plate-forme

"jZip" = jZip

"Lexmark 2200 Series" = Lexmark 2200 Series

"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware

"Microsoft .NET Framework 3.5 Language Pack SP1 - fra" = Module linguistique Microsoft .NET Framework 3.5 SP1- fra

"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1

"NVIDIA Display Control Panel" = NVIDIA Display Control Panel

"NVIDIA Drivers" = NVIDIA Drivers

"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver

"Patch Darluok2.4.2" = Patch Darluok

"Picasa 3" = Picasa 3

"Programme de désinstallation AOL" = AOL - Assistant de désinstallation

"PROR" = Microsoft Office Professional 2007

"Satsuki Decoder Pack" = Satsuki Decoder Pack 4000

"Steam App 7400" = Ricochet: Lost Worlds

"Steam App 7450" = Ricochet Infinity

"SystemRequirementsLab" = System Requirements Lab

"Uninstall_is1" = Uninstall 1.0.0.0

"ViewpointMediaPlayer" = Viewpoint Media Player

"WalterShop" = WalterShop

"WinRAR archiver" = WinRAR archiver

 

========== HKEY_USERS Uninstall List ==========

 

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

 

========== HKEY_USERS Uninstall List ==========

 

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

 

========== HKEY_USERS Uninstall List ==========

 

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

 

========== HKEY_USERS Uninstall List ==========

 

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

 

========== HKEY_USERS Uninstall List ==========

 

[HKEY_USERS\S-1-5-21-3384554939-569170500-819879126-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"7000d0b67f2f1c34" = PackBarre

"PhotoFiltre" = PhotoFiltre

"Pixia 4.3a FR" = Pixia 4.3a FR

 

========== Last 10 Event Log Errors ==========

 

[ Application Events ]

Error - 21/06/2010 11:48:54 | Computer Name = PC-de-christell | Source = WinMgmt | ID = 10

Description =

 

Error - 22/06/2010 08:36:55 | Computer Name = PC-de-christell | Source = Application Error | ID = 1000

Description = Application défaillante iexplore.exe, version 8.0.6001.18928, horodatage

0x4bdfa327, module défaillant Flash10d.ocx, version 10.0.42.34, horodatage 0x4ae7baed,

code d’exception 0xc0000005, décalage d’erreur 0x0015843d, ID du processus 0x1200,

heure de début de l’application 0x01cb11f6adb2b20d.

 

Error - 22/06/2010 21:18:59 | Computer Name = PC-de-christell | Source = WinMgmt | ID = 10

Description =

 

Error - 23/06/2010 00:41:33 | Computer Name = PC-de-christell | Source = WinMgmt | ID = 10

Description =

 

Error - 23/06/2010 13:09:44 | Computer Name = PC-de-christell | Source = WinMgmt | ID = 10

Description =

 

Error - 23/06/2010 13:47:17 | Computer Name = PC-de-christell | Source = WinDefendRtp | ID = 3003

Description = Le point de contrôle de la protection en temps réel %%827 a rencontré

une erreur et n’a pas pu démarrer. Utilisateur : PC-de-christell\christelle Agent :

57 Code de l’erreur : 0x80070005 Description de l’erreur : Accès refusé.

 

Error - 24/06/2010 13:12:12 | Computer Name = PC-de-christell | Source = WinMgmt | ID = 10

Description =

 

Error - 24/06/2010 14:53:42 | Computer Name = PC-de-christell | Source = Application Hang | ID = 1002

Description = Le programme Steam.exe version 1.0.843.387 a cessé d’interagir avec

Windows et a été fermé. Pour déterminer si des informations supplémentaires sont

disponibles, consultez l’historique du problème dans l’application Rapports et

solutions aux problèmes du Panneau de configuration. ID de processus : 1490 Heure

de début : 01cb13ce748435e0 Heure de fin : 11

 

Error - 25/06/2010 17:08:10 | Computer Name = PC-de-christell | Source = WinMgmt | ID = 10

Description =

 

Error - 26/06/2010 06:41:25 | Computer Name = PC-de-christell | Source = WinMgmt | ID = 10

Description =

 

[ OSession Events ]

Error - 15/05/2009 10:48:49 | Computer Name = PC-de-christell | Source = Microsoft Office 12 Sessions | ID = 7001

Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:

12.0.6341.5001, Microsoft Office Version: 12.0.6215.1000. This session lasted 343450

seconds with 0 seconds of active time. This session ended with a crash.

 

Error - 03/09/2009 11:49:46 | Computer Name = PC-de-christell | Source = Microsoft Office 12 Sessions | ID = 7001

Description = ID: 0, Application Name: Microsoft Office Word, Application Version:

12.0.6504.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 17

seconds with 0 seconds of active time. This session ended with a crash.

 

[ System Events ]

Error - 25/06/2010 17:04:23 | Computer Name = PC-de-christell | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20

Description =

 

Error - 25/06/2010 17:08:10 | Computer Name = PC-de-christell | Source = Service Control Manager | ID = 7000

Description =

 

Error - 26/06/2010 04:08:54 | Computer Name = PC-de-christell | Source = DCOM | ID = 10016

Description =

 

Error - 26/06/2010 04:39:01 | Computer Name = PC-de-christell | Source = DCOM | ID = 10016

Description =

 

Error - 26/06/2010 04:48:19 | Computer Name = PC-de-christell | Source = DCOM | ID = 10016

Description =

 

Error - 26/06/2010 05:17:35 | Computer Name = PC-de-christell | Source = DCOM | ID = 10016

Description =

 

Error - 26/06/2010 05:18:08 | Computer Name = PC-de-christell | Source = DCOM | ID = 10016

Description =

 

Error - 26/06/2010 05:36:39 | Computer Name = PC-de-christell | Source = DCOM | ID = 10016

Description =

 

Error - 26/06/2010 06:17:31 | Computer Name = PC-de-christell | Source = DCOM | ID = 10016

Description =

 

Error - 26/06/2010 06:41:25 | Computer Name = PC-de-christell | Source = Service Control Manager | ID = 7000

Description =

 

 

< End of report >

[no.ppp]

Salut,

 

Relance OTL.exe.

 

• Copie-colle le code suivant dans la fenêtre Personnalisation
   

  
  :OTL
  O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
  O3 - HKU\S-1-5-21-3384554939-569170500-819879126-1000\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
  @Alternate Data Stream - 64 bytes -> C:\Users\christelle\clic.avi:TOC.WMV
  @Alternate Data Stream - 1225 bytes -> C:\Users\christelle\Documents\défautdelivre.eml:OECustomProperty
  @Alternate Data Stream - 110 bytes -> C:\ProgramData\TEMP:DFC5A2B2
  :files
  C:\Windows\System32\drivers\dufyvjd.sys
   
  :commands
  [EmptyTemp]
  [EmptyFlash]
  [Purity]
  [CREATERESTOREPOINT]
  [ResetHosts]
  [Reboot]
  

• Clique ensuite sur Correction et patiente pendant que l'outil travaille.
  
• Copie-colle le contenu du rapport qui s'ouvre (C\_OTL\MovedFiles) dans ta prochaine réponse.

 

Télécharge Malwarebytes' Anti-Malware (MBAM)

 

• Double clique sur le fichier téléchargé pour lancer le processus d'installation.
  
• Dans l'onglet "Mise à jour", clique sur le bouton "Recherche de mise à jour": si le pare-feu demande l'autorisation à MBAM de se connecter, accepte.
  
• Une fois la mise à jour terminée, rends-toi dans l'onglet "Recherche".
  
• Sélectionne "Exécuter un examen rapide"
  
• Clique sur "Rechercher"
  
• L'analyse démarre, le scan est relativement long, c'est normal.
  
• A la fin de l'analyse, un message s'affiche :

  L'examen s'est terminé normalement. Clique sur 'Afficher les résultats' pour afficher tous les objets trouvés.

  Clique sur "Ok" pour poursuivre. Si MBAM n'a rien trouvé, il te le dira aussi.
  
• Ferme tes navigateurs.
  
• Si des malwares ont été détectés, clique sur Afficher les résultats.
  Sélectionne tout (ou laisse coché) et clique sur Supprimer la sélection, MBAM va détruire les fichiers et clés de registre et en mettre une copie dans la quarantaine.
  
• MBAM va ouvrir le Bloc-notes et y copier le rapport d'analyse. Copie-colle ce rapport et poste-le dans ta prochaine réponse.

[christelsina]

Voilà le rapport, je l'envoie avant de redémarrer l'ordi. Je referai un scan si les éléments ont été ou non supprimés car j'avais déjà tenté de les supprimer avec malwarebyte's mais ça n'avait pas fonctionné.

 

alwarebytes' Anti-Malware 1.46

www.malwarebytes.org

 

Version de la base de données: 4243

 

Windows 6.0.6002 Service Pack 2

Internet Explorer 8.0.6001.18928

 

26/06/2010 18:18:15

mbam-log-2010-06-26 (18-18-15).txt

 

Type d'examen: Examen rapide

Elément(s) analysé(s): 134462

Temps écoulé: 3 minute(s), 41 seconde(s)

 

Processus mémoire infecté(s): 0

Module(s) mémoire infecté(s): 0

Clé(s) du Registre infectée(s): 1

Valeur(s) du Registre infectée(s): 0

Elément(s) de données du Registre infecté(s): 0

Dossier(s) infecté(s): 0

Fichier(s) infecté(s): 1

 

Processus mémoire infecté(s):

(Aucun élément nuisible détecté)

 

Module(s) mémoire infecté(s):

(Aucun élément nuisible détecté)

 

Clé(s) du Registre infectée(s):

HKEY_CURRENT_USER\Software\Winsudate (Adware.édité) -> Quarantined and deleted successfully.

 

Valeur(s) du Registre infectée(s):

(Aucun élément nuisible détecté)

 

Elément(s) de données du Registre infecté(s):

(Aucun élément nuisible détecté)

 

Dossier(s) infecté(s):

(Aucun élément nuisible détecté)

 

Fichier(s) infecté(s):

C:\Windows\system32\Drivers\dufyvjd.sys (Rootkit.Agent) -> Quarantined and deleted successfully.

 

Après redémarrage de la machine, le rootkit n'est toujours pas supprimé même si c'est annoncé :

 

Malwarebytes' Anti-Malware 1.46

www.malwarebytes.org

 

Version de la base de données: 4243

 

Windows 6.0.6002 Service Pack 2

Internet Explorer 8.0.6001.18928

 

27/06/2010 00:36:34

mbam-log-2010-06-27 (00-36-34).txt

 

Type d'examen: Examen rapide

Elément(s) analysé(s): 134761

Temps écoulé: 3 minute(s), 25 seconde(s)

 

Processus mémoire infecté(s): 0

Module(s) mémoire infecté(s): 0

Clé(s) du Registre infectée(s): 0

Valeur(s) du Registre infectée(s): 0

Elément(s) de données du Registre infecté(s): 0

Dossier(s) infecté(s): 0

Fichier(s) infecté(s): 1

 

Processus mémoire infecté(s):

(Aucun élément nuisible détecté)

 

Module(s) mémoire infecté(s):

(Aucun élément nuisible détecté)

 

Clé(s) du Registre infectée(s):

(Aucun élément nuisible détecté)

 

Valeur(s) du Registre infectée(s):

(Aucun élément nuisible détecté)

 

Elément(s) de données du Registre infecté(s):

(Aucun élément nuisible détecté)

 

Dossier(s) infecté(s):

(Aucun élément nuisible détecté)

 

Fichier(s) infecté(s):

C:\Windows\system32\Drivers\dufyvjd.sys (Rootkit.Agent) -> No action taken.

Modifié le 24 novembre 2010 par Yann

[no.ppp]

Salut,

 

Il manque le scan OTL...

[christelsina]

Est-ce cela que je dois copier-coller ? En fait, à la fin OTL m'a indiqué que je devais redémarrer l'ordi pour terminer le processus mais aucune boîte ne s'est ouverte.

 

All processes killed

========== OTL ==========

Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found.

Registry value HKEY_USERS\S-1-5-21-3384554939-569170500-819879126-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}\ not found.

Unable to delete ADS C:\Users\christelle\clic.avi:TOC.WMV .

ADS C:\Users\christelle\Documents\défautdelivre.eml:OECustomProperty deleted successfully.

Unable to delete ADS C:\ProgramData\TEMP:DFC5A2B2 .

========== FILES ==========

File move failed. C:\Windows\System32\drivers\dufyvjd.sys scheduled to be moved on reboot.

========== COMMANDS ==========

 

[EMPTYTEMP]

 

User: All Users

 

User: christelle

->Temp folder emptied: 186083 bytes

->Temporary Internet Files folder emptied: 70741757 bytes

->Java cache emptied: 0 bytes

->Google Chrome cache emptied: 0 bytes

->Flash cache emptied: 2639 bytes

 

User: Default

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

 

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

 

User: matthieu

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

->Java cache emptied: 0 bytes

->Flash cache emptied: 0 bytes

 

User: Public

 

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 2005701 bytes

RecycleBin emptied: 0 bytes

 

Total Files Cleaned = 70,00 mb

 

 

[EMPTYFLASH]

 

User: All Users

 

User: christelle

->Flash cache emptied: 0 bytes

 

User: Default

 

User: Default User

 

User: matthieu

->Flash cache emptied: 0 bytes

 

User: Public

 

Total Flash Files Cleaned = 0,00 mb

 

 

C:\Windows\System32\drivers\etc\Hosts moved successfully.

HOSTS file reset successfully

 

OTL by OldTimer - Version 3.2.7.0 log created on 06272010_120854

 

Files\Folders moved on Reboot...

File\Folder C:\Windows\System32\drivers\dufyvjd.sys not found!

 

Registry entries deleted on Reboot...

[no.ppp]

Salut,

 

Oui, c'est bien çà.

 

Sauvegarde ta Base de Registre : Sauvegarde de la base de registre

 

Relance OTL.exe.

• Copie-colle le code suivant dans la fenêtre Personnalisation

  
  :files
  C:\Program Files\Winsudate
  @C:\Users\christelle\clic.avi:TOC.WMV
  @C:\ProgramData\TEMP:DFC5A2B2
   
  :services
  WinSvc
   
  :reg
  [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSvc]
   
  :commands
  [EmptyTemp]
  [EmptyFlash]
  [Purity]
  [CREATERESTOREPOINT]
  [ResetHosts]
  [Reboot]
  

• Clique ensuite sur Correction et patiente pendant que l'outil travaille.
  
• Copie-colle le contenu du rapport qui s'ouvre (C\_OTL\MovedFiles) dans ta prochaine réponse.

 

 

Télécharge gmer sur ton Bureau et dézippe-le (clic droit et extraire ici).

• Double-clique sur gmer.exe sur le Bureau. Si ton antivirus réagit, ne t'inquiète et ignore l'alerte.
  
• Clique sur l'onglet "rootkit", puis coche Sections et Files
  
• Clique sur scan.
  
• A la fin du scan, clique sur le bouton copy.
  
• Ouvre le Bloc-notes et clique sur CTRL+V afin de coller le rapport. Enregistre-le.
  
• Édite ce rapport dans ta prochaine réponse.
  

[christelsina]

Voilà pour ODT :

 

All processes killed

========== FILES ==========

File\Folder C:\Program Files\Winsudate not found.

Unable to delete ADS C:\Users\christelle\clic.avi:TOC.WMV .

Unable to delete ADS C:\ProgramData\TEMP:DFC5A2B2 .

========== SERVICES/DRIVERS ==========

Service WinSvc stopped successfully!

Service WinSvc deleted successfully!

========== REGISTRY ==========

Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSvc\ not found.

========== COMMANDS ==========

 

[EMPTYTEMP]

 

User: All Users

 

User: christelle

->Temp folder emptied: 41561 bytes

->Temporary Internet Files folder emptied: 58054464 bytes

->Java cache emptied: 0 bytes

->Google Chrome cache emptied: 0 bytes

->Flash cache emptied: 3474 bytes

 

User: Default

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

 

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

 

User: matthieu

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

->Java cache emptied: 0 bytes

->Flash cache emptied: 0 bytes

 

User: Public

 

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 1228940 bytes

RecycleBin emptied: 1120523798 bytes

 

Total Files Cleaned = 1 125,00 mb

 

 

[EMPTYFLASH]

 

User: All Users

 

User: christelle

->Flash cache emptied: 0 bytes

 

User: Default

 

User: Default User

 

User: matthieu

->Flash cache emptied: 0 bytes

 

User: Public

 

Total Flash Files Cleaned = 0,00 mb

 

 

Et voilà pour GMER :

 

GMER 1.0.15.15281 - GMER - Rootkit Detector and Remover

Rootkit scan 2010-06-27 22:03:25

Windows 6.0.6002 Service Pack 2

Running: gmer.exe; Driver: C:\Users\CHRIST~1\AppData\Local\Temp\kgnoipoc.sys

 

 

---- Kernel code sections - GMER 1.0.15 ----

 

.text ntkrnlpa.exe!KeSetEvent + 221 820E1984 4 Bytes [6C, BA, AF, 9B]

.text ntkrnlpa.exe!KeSetEvent + 3F1 820E1B54 4 Bytes [58, BA, AF, 9B]

.text ntkrnlpa.exe!KeSetEvent + 40D 820E1B70 4 Bytes [5D, BA, AF, 9B]

.text ntkrnlpa.exe!KeSetEvent + 621 820E1D84 4 Bytes [67, BA, AF, 9B]

? System32\Drivers\dufyvjd.sys Un périphérique attaché au système ne fonctionne pas correctement. !

 

---- EOF - GMER 1.0.15 ----

[no.ppp]

Re,

 

Rends-toi dans le gestionnaire de périphérique et regarde si tu as un triangle jaune quelque part. Si oui, réinstalle le pilote et redémarre.

 

Télécharge HijackThis sur ton Bureau

• 
   
  
• Dans la fenêtre d'HijackThis, clique sur le bouton à droite Config
  
• Clique sur le bouton Misc Tools Button
  
• Clique sur le bouton ADS Spy
  
• Dans la nouvelle fenêtre, clique sur le bouton Scan
  
• Si des fichiers ADS sont trouvés, ces derniers seront affichés dans la liste
  
• Pour supprimer un fichier, coche le ou les fichiers puis clique sur le bouton Remove selected
  

Relance OTL et copie-colle le rapport.

 

Où en es-tu des problèmes initiaux ?

Modifié le 27 juin 2010 par no.ppp