Aller au contenu

  • Pas encore inscrit ?

    Pourquoi ne pas vous inscrire ? C'est simple, rapide et gratuit.
    Pour en savoir plus, lisez Les avantages de l'inscription... et la Charte de Zébulon.
    De plus, les messages que vous postez en tant qu'invité restent invisibles tant qu'un modérateur ne les a pas validés. Inscrivez-vous, ce sera un gain de temps pour tout le monde, vous, les helpeurs et les modérateurs ! :wink:

[RESOLU] pc infecté par pup dealio

mananou

Par mananou
dans Analyses et éradication malwares

 Partager

Messages recommandés

mananou Junior Member

mananou

Posté(e)
Posté(e) (modifié)

Bonsoir,

 

J'ai besoin d'aide.

A chaque fois que j'effectue un examen rapide, Malwarebytes me trouve deux pup dealio.

Je ne sais pas comment enlever ça de mon pc.

 

 

Voici le rapport:

 

Malwarebytes' Anti-Malware 1.50.1.1100

www.malwarebytes.org

 

Version de la base de données: 5647

 

Windows 6.0.6001 Service Pack 1

Internet Explorer 7.0.6001.18000

 

01/02/2011 18:35:30

mbam-log-2011-02-01 (18-35-30).txt

 

Type d'examen: Examen rapide

Elément(s) analysé(s): 154390

Temps écoulé: 5 minute(s), 5 seconde(s)

 

Processus mémoire infecté(s): 0

Module(s) mémoire infecté(s): 0

Clé(s) du Registre infectée(s): 0

Valeur(s) du Registre infectée(s): 2

Elément(s) de données du Registre infecté(s): 0

Dossier(s) infecté(s): 0

Fichier(s) infecté(s): 0

 

Processus mémoire infecté(s):

(Aucun élément nuisible détecté)

 

Module(s) mémoire infecté(s):

(Aucun élément nuisible détecté)

 

Clé(s) du Registre infectée(s):

(Aucun élément nuisible détecté)

 

Valeur(s) du Registre infectée(s):

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\{E312764E-7706-43F1-8DAB-FCDD2B1E416D} (PUP.Dealio) -> Value: {E312764E-7706-43F1-8DAB-FCDD2B1E416D} -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\{E312764E-7706-43F1-8DAB-FCDD2B1E416D} (PUP.Dealio) -> Value: {E312764E-7706-43F1-8DAB-FCDD2B1E416D} -> Quarantined and deleted successfully.

 

Elément(s) de données du Registre infecté(s):

(Aucun élément nuisible détecté)

 

Dossier(s) infecté(s):

(Aucun élément nuisible détecté)

 

Fichier(s) infecté(s):

(Aucun élément nuisible détecté)

 

Merci d'avance pour vos aides.

Modifié par mananou

bernard53 Godlike Member

bernard53

Posté(e)
Posté(e)

bonsoir

 

fait ceci pour voir plus alors.

 

 

* Télécharge >> OTL <<sur ton bureau.

 

* Fait un double-clic sur l'icône d'OTL pour le lancer

/!\ pour Vista/Seven fais un clic-droit sur l'icône d'OTL et choisis "Exécuter en tant qu'administrateur"

 

* Assure-toi d'avoir fermé toutes les applications en court de fonctionnement.

 

* Quand la fenêtre d'OTL apparaît, assure toi que dans la section "Rapport" (en haut à droite) la case "Rapport minimal " soit cochée.

 

* Copies et colles le contenue de cette citation dans la partie inférieure d'OTL " Personnalisation"

netsvcs

%SYSTEMDRIVE%\*.exe

/md5start

eventlog.dll

scecli.dll

netlogon.dll

cngaudit.dll

sceclt.dll

ntelogon.dll

logevent.dll

iaStor.sys

nvstor.sys

atapi.sys

IdeChnDr.sys

viasraid.sys

AGP440.sys

vaxscsi.sys

nvatabus.sys

viamraid.sys

nvata.sys

nvgts.sys

iastorv.sys

ViPrt.sys

eNetHook.dll

ahcix86.sys

KR10N.sys

vstor32.sys

ahcix86s.sys

nvrd32.sys

/md5stop

%systemroot%\*. /mp /s

%systemroot%\system32\*.dll /lockedfiles

%systemroot%\Tasks\*.job /lockedfiles

* Cliques sur l'icône "Analyse" (en haut à gauche) .

* Laisse le scan aller à son terme sans te servir du PC

* A la fin du scan un ou deux rapports vont s'ouvrir "OTL.Txt" et ( ou ) "Extras.Txt"( dans certains cas).

* Copie et colle le ou les rapports dans ta réponse stp...

* Au cas où, tu peux les retrouver dans le dossier C:\OTL ou sur ton bureau en fonction des cas rencontrés

Mets le rapport ici car il prend bien de la place.

Cijoint.fr - Service gratuit de dépôt de fichiers

mananou Junior Member

mananou

Posté(e)
  • Auteur
Posté(e)

Je viens de faire ce que vous avez écrit. Voici les deux rapports.

 

OTL logfile created on: 01/02/2011 20:49:21 - Run 1

OTL by OldTimer - Version 3.2.20.6 Folder = D:\Downloads

Windows Vista Business Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation

Internet Explorer (Version = 7.0.6001.18000)

Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy

 

2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 55,00% Memory free

4,00 Gb Paging File | 3,00 Gb Available in Paging File | 74,00% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 30,00 Gb Total Space | 1,05 Gb Free Space | 3,51% Space Free | Partition Type: NTFS

Drive D: | 66,73 Gb Total Space | 65,13 Gb Free Space | 97,61% Space Free | Partition Type: NTFS

 

Computer Name: PC-MANOUNA | User Name: manouna | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 

========== Processes (SafeList) ==========

 

PRC - D:\Downloads\OTL.exe (OldTimer Tools)

PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)

PRC - c:\PROGRA~1\mcafee\SITEAD~1\McSACore.exe (McAfee, Inc.)

PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)

PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)

PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

PRC - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)

PRC - C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH)

PRC - C:\Program Files\DAEMON Tools Lite\daemon.exe (DT Soft Ltd)

PRC - C:\Windows\explorer.exe (Microsoft Corporation)

PRC - C:\Program Files\CDBurnerXP\NMSAccessU.exe ()

PRC - c:\program files\lenovo\system update\suservice.exe (Lenovo Group Limited)

PRC - C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)

PRC - C:\Program Files\Lenovo\Client Security Solution\cssauth.exe (Lenovo Group Limited)

PRC - C:\Program Files\Lenovo\Client Security Solution\tvttcsd.exe (Lenovo)

PRC - C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe (Lenovo Group Limited)

PRC - C:\Program Files\ThinkPad\Utilities\PWMDBSVC.EXE (Lenovo)

PRC - C:\Program Files\Search Settings\SearchSettings.exe (Vendio Services, Inc.)

PRC - C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe (Sun Microsystems, Inc.)

PRC - C:\Program Files\Lenovo\NPDIRECT\tpfnf7sp.exe (Lenovo Group Limited)

PRC - C:\Program Files\ThinkVantage\PrdCtr\LPMGR.EXE (Lenovo Group Limited)

PRC - C:\Program Files\ThinkVantage\PrdCtr\LPMLCHK.EXE (Lenovo Group Limited)

PRC - C:\Windows\System32\TpShocks.exe (Lenovo.)

PRC - C:\Windows\System32\TPHDEXLG.exe (Lenovo.)

PRC - C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe (Lenovo)

PRC - C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe (Lenovo)

PRC - C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe (Lenovo)

PRC - C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe (Lenovo)

PRC - C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe (Lenovo)

PRC - C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe (Lenovo Group Limited)

PRC - c:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe (Lenovo Group Limited)

PRC - C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)

PRC - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe (Intel Corporation)

PRC - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe (Intel Corporation)

PRC - C:\Windows\System32\ibmpmsvc.exe (Lenovo)

PRC - C:\Program Files\Apoint2K\ApRunSvc.exe ()

PRC - C:\Program Files\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.)

PRC - C:\Program Files\ThinkPad\Utilities\EZEJMNAP.EXE (Lenovo Group Ltd.)

PRC - C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe (Lenovo Group Limited)

PRC - C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe (Lenovo Group Limited)

PRC - C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe ()

PRC - C:\Windows\System32\AEADISRV.EXE (Andrea Electronics Corporation)

PRC - C:\Windows\System32\IPSSVC.EXE (Lenovo Group Limited)

PRC - C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe ()

PRC - C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe (Lenovo Group Limited)

PRC - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo)

PRC - C:\Windows\vsnp2uvc.exe (Sonix)

PRC - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe (Diskeeper Corporation)

PRC - C:\Program Files\Lenovo\AwayTask\AwaySch.EXE (Lenovo Group Limited)

PRC - C:\Program Files\Digital Line Detect\DLG.exe (Avanquest Software )

PRC - C:\Program Files\Lenovo\Zoom\TpScrex.exe (Lenovo Group Limited)

 

 

========== Modules (SafeList) ==========

 

MOD - D:\Downloads\OTL.exe (OldTimer Tools)

MOD - c:\PROGRA~1\mcafee\SITEAD~1\saHook.dll (McAfee, Inc.)

MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18523_none_5cdd65e20837faf2\comctl32.dll (Microsoft Corporation)

 

 

========== Win32 Services (SafeList) ==========

 

SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)

SRV - (McAfee SiteAdvisor Service) -- c:\PROGRA~1\mcafee\SITEAD~1\McSACore.exe (McAfee, Inc.)

SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)

SRV - (fsssvc) -- C:\Program Files\Windows Live\Family Safety\fsssvc.exe (Microsoft Corporation)

SRV - (WPFFontCache_v0400) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe (Microsoft Corporation)

SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)

SRV - (NMSAccessU) -- C:\Program Files\CDBurnerXP\NMSAccessU.exe ()

SRV - (SUService) -- c:\program files\lenovo\system update\suservice.exe (Lenovo Group Limited)

SRV - (TSSCoreService) -- C:\Program Files\Lenovo\Client Security Solution\tvttcsd.exe (Lenovo)

SRV - (ThinkVantage Registry Monitor Service) -- C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe (Lenovo Group Limited)

SRV - (Power Manager DBC Service) -- C:\Program Files\ThinkPad\Utilities\PWMDBSVC.EXE (Lenovo)

SRV - (TPHDEXLGSVC) -- C:\Windows\System32\TPHDEXLG.exe (Lenovo.)

SRV - (AcSvc) -- C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe (Lenovo)

SRV - (AcPrfMgrSvc) -- C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe (Lenovo)

SRV - (TVT Scheduler) -- c:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe (Lenovo Group Limited)

SRV - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)

SRV - (EvtEng) Intel® -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe (Intel Corporation)

SRV - (RegSrvc) Intel® -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe (Intel Corporation)

SRV - (IBMPMSVC) -- C:\Windows\System32\ibmpmsvc.exe (Lenovo)

SRV - (ApRunSvc) -- C:\Program Files\Apoint2K\ApRunSvc.exe ()

SRV - (TPHKSVC) -- C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe ()

SRV - (AEADIFilters) -- C:\Windows\System32\AEADISRV.EXE (Andrea Electronics Corporation)

SRV - (IPSSVC) -- C:\Windows\System32\IPSSVC.EXE (Lenovo Group Limited)

SRV - (TVT Backup Protection Service) -- C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe ()

SRV - (TVT Backup Service) -- C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe (Lenovo Group Limited)

SRV - (IviRegMgr) -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo)

SRV - (Diskeeper) -- C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe (Diskeeper Corporation)

 

 

========== Driver Services (SafeList) ==========

 

DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)

DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)

DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)

DRV - (fssfltr) -- C:\Windows\System32\drivers\fssfltr.sys (Microsoft Corporation)

DRV - (sptd) -- C:\Windows\System32\Drivers\sptd.sys ()

DRV - (psadd) -- C:\Windows\System32\drivers\psadd.sys (Lenovo (United States) Inc.)

DRV - (tvtfilter) -- C:\Windows\System32\drivers\tvtfilter.sys (Lenovo)

DRV - (TPPWRIF) -- C:\Windows\System32\drivers\TPPWR32V.SYS ()

DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)

DRV - (Shockprf) -- C:\Windows\System32\DRIVERS\Apsx86.sys (Lenovo.)

DRV - (TPDIGIMN) -- C:\Windows\System32\DRIVERS\ApsHM86.sys (Lenovo.)

DRV - (lenovo.smi) -- C:\Windows\System32\drivers\smiif32.sys (Lenovo Group Limited)

DRV - (e1express) Intel® -- C:\Windows\System32\drivers\e1e6032.sys (Intel Corporation)

DRV - (TVTI2C) -- C:\Windows\System32\drivers\tvti2c.sys (Lenovo (United States) Inc.)

DRV - (MegaSR) -- C:\Windows\system32\drivers\megasr.sys (LSI Corporation, Inc.)

DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.)

DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems)

DRV - (TPM) Module de plateforme sécurisée (TPM) -- C:\Windows\System32\drivers\tpm.sys (Microsoft Corporation)

DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company)

DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Corporation)

DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.)

DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.)

DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic)

DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation)

DRV - (E1G60) Intel® -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation)

DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.)

DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd)

DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic)

DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.)

DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation)

DRV - (HSFHWAZL) -- C:\Windows\System32\drivers\VSTAZL3.SYS (Conexant Systems, Inc.)

DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.)

DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic)

DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex)

DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.)

DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.)

DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation)

DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation)

DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.)

DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.)

DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.)

DRV - (NETw4v32) Pilote de carte Intel® -- C:\Windows\System32\drivers\NETw4v32.sys (Intel Corporation)

DRV - (ApfiltrService) -- C:\Windows\System32\drivers\Apfiltr.sys (Alps Electric Co., Ltd.)

DRV - (IBMPMDRV) -- C:\Windows\System32\drivers\ibmpmdrv.sys (Lenovo.)

DRV - (HSF_DPV) -- C:\Windows\System32\drivers\HSX_DPV.sys (Conexant Systems, Inc.)

DRV - (HSXHWAZL) -- C:\Windows\System32\drivers\HSXHWAZL.sys (Conexant Systems, Inc.)

DRV - (winachsf) -- C:\Windows\System32\drivers\HSX_CNXT.sys (Conexant Systems, Inc.)

DRV - (XAudio) -- C:\Windows\System32\drivers\XAudio.sys (Conexant Systems, Inc.)

DRV - (ADIHdAudAddService) -- C:\Windows\System32\drivers\ADIHdAud.sys (Analog Devices, Inc.)

DRV - (iaStor) -- C:\Windows\system32\DRIVERS\iaStor.sys (Intel Corporation)

DRV - (rimmptsk) -- C:\Windows\System32\drivers\rimmptsk.sys (REDC)

DRV - (rismxdp) -- C:\Windows\System32\drivers\rixdptsk.sys (REDC)

DRV - (rimsptsk) -- C:\Windows\System32\drivers\rimsptsk.sys (REDC)

DRV - (DLADResM) -- C:\Windows\System32\DLA\DLADResM.SYS (Roxio)

DRV - (DLABMFSM) -- C:\Windows\System32\DLA\DLABMFSM.SYS (Roxio)

DRV - (DLAUDF_M) -- C:\Windows\System32\DLA\DLAUDF_M.SYS (Roxio)

DRV - (DLAUDFAM) -- C:\Windows\System32\DLA\DLAUDFAM.SYS (Roxio)

DRV - (DLAOPIOM) -- C:\Windows\System32\DLA\DLAOPIOM.SYS (Roxio)

DRV - (DLABOIOM) -- C:\Windows\System32\DLA\DLABOIOM.SYS (Roxio)

DRV - (DLAPoolM) -- C:\Windows\System32\DLA\DLAPoolM.SYS (Roxio)

DRV - (DLAIFS_M) -- C:\Windows\System32\DLA\DLAIFS_M.SYS (Roxio)

DRV - (DRVMCDB) -- C:\Windows\System32\Drivers\DRVMCDB.SYS (Sonic Solutions)

DRV - (SNP2UVC) USB2.0 PC Camera (SNP2UVC) -- C:\Windows\System32\drivers\snp2uvc.sys ()

DRV - (DRVNDDM) -- C:\Windows\System32\drivers\DRVNDDM.SYS (Roxio)

DRV - (DLARTL_M) -- C:\Windows\System32\drivers\DLARTL_M.SYS (Roxio)

DRV - (DLACDBHM) -- C:\Windows\System32\drivers\DLACDBHM.SYS (Roxio)

DRV - (WimFltr) -- C:\Windows\System32\drivers\WimFltr.sys (Microsoft Corporation)

DRV - (PROCDD) -- C:\Windows\System32\drivers\PROCDD.SYS (Lenovo Group Limited)

DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation)

DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.)

DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation)

DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH)

DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.)

DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.)

DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.)

DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic)

DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic)

DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation)

DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic)

DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.)

DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.)

DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.)

DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.)

DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.)

DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.)

DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies)

DRV - (ss_mdm) -- C:\Windows\System32\drivers\ss_mdm.sys (MCCI)

DRV - (ss_mdfl) -- C:\Windows\System32\drivers\ss_mdfl.sys (MCCI)

DRV - (ss_bus) SAMSUNG Mobile USB Device 1.0 driver (WDM) -- C:\Windows\System32\drivers\ss_bus.sys (MCCI)

DRV - (ssm_bus) SAMSUNG Mobile USB Device II 1.0 driver (WDM) -- C:\Windows\System32\drivers\ssm_bus.sys (MCCI)

DRV - (Aspi32) -- C:\Windows\System32\drivers\aspi32.sys (Adaptec)

 

 

========== Standard Registry (SafeList) ==========

 

 

========== Internet Explorer ==========

 

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = Lenovo | MSN.fr

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

 

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = Lenovo | MSN.fr

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = Lenovo - Welcome - Country selection [binary data]

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Google

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1

IE - HKCU\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.)

IE - HKCU\..\URLSearchHook: {4daac69c-cba7-45e2-9bc8-1044483d3352} - Reg Error: Key error. File not found

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "AutoConfigURL" = http://www.univ-orleans.fr/proxy/nomade-scd.pac

 

FF - HKLM\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor [2011/01/13 23:35:44 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.0.19\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/12/25 16:18:34 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.0.19\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/04/02 16:03:38 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.16\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2010/12/25 12:56:26 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.16\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2009/04/23 21:31:16 | 000,000,000 | ---D | M]

 

[2009/08/09 17:57:05 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\extensions

[2009/02/05 19:09:58 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0015-0000-0016-ABCDEFFEDCBA}

[2007/03/27 10:50:58 | 001,093,632 | ---- | M] (UNISYS France) -- C:\Program Files\mozilla firefox\plugins\npornap.dll

[2010/01/14 20:29:47 | 000,001,516 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-france.xml

[2010/01/14 20:29:47 | 000,000,757 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-france.xml

[2010/08/20 15:11:22 | 000,002,027 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\McSiteAdvisor.xml

[2010/01/14 20:29:47 | 000,000,748 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\MediaDICO-fr.xml

[2010/01/14 20:29:48 | 000,001,426 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-fr.xml

[2010/01/14 20:29:48 | 000,000,652 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-france.xml

 

O1 HOSTS File: ([2006/09/18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O1 - Hosts: ::1 localhost

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.

O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)

O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.)

O2 - BHO: (IePasswordManagerHelper Class) - {BF468356-BB7E-42D7-9F15-4F3B9BCFCED2} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll (Lenovo Group Limited)

O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.)

O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {4DAAC69C-CBA7-45E2-9BC8-1044483D3352} - No CLSID value found.

O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F} - No CLSID value found.

O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {F2E259E8-0FC8-438C-A6E0-342DD80FA53E} - No CLSID value found.

O4 - HKLM..\Run: [] File not found

O4 - HKLM..\Run: [ACTray] C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe (Lenovo)

O4 - HKLM..\Run: [ACWLIcon] C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe (Lenovo)

O4 - HKLM..\Run: [AMSG] C:\Program Files\ThinkVantage\AMSG\Amsg.exe (LENOVO)

O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)

O4 - HKLM..\Run: [AwaySch] C:\Program Files\Lenovo\AwayTask\AwaySch.EXE (Lenovo Group Limited)

O4 - HKLM..\Run: File not found

O4 - HKLM..\Run: [CameraApplicationLauncher] C:\Program Files\Lenovo\Camera Center\bin\CameraApplicationLaunchpadLauncher.exe ()

O4 - HKLM..\Run: [cssauth] C:\Program Files\Lenovo\Client Security Solution\cssauth.exe (Lenovo Group Limited)

O4 - HKLM..\Run: [DiskeeperSystray] C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe (Diskeeper Corporation)

O4 - HKLM..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe (Lenovo Group Ltd.)

O4 - HKLM..\Run: [LenovoOobeOffers] c:\SWTOOLS\LenovoWelcome\LenovoOobeOffers.exe (lenovo)

O4 - HKLM..\Run: [LPMailChecker] C:\PROGRA~1\THINKV~1\PrdCtr\LPMLCHK.exe (Lenovo Group Limited)

O4 - HKLM..\Run: [LPManager] C:\PROGRA~1\THINKV~1\PrdCtr\LPMGR.exe (Lenovo Group Limited)

O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)

O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)

O4 - HKLM..\Run: [PWMTRV] File not found

O4 - HKLM..\Run: [searchSettings] C:\Program Files\Search Settings\SearchSettings.exe (Vendio Services, Inc.)

O4 - HKLM..\Run: [snp2uvc] C:\Windows\vsnp2uvc.exe (Sonix)

O4 - HKLM..\Run: [soundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.)

O4 - HKLM..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe (Sun Microsystems, Inc.)

O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)

O4 - HKLM..\Run: [TPFNF7] File not found

O4 - HKLM..\Run: [TPHOTKEY] C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe (Lenovo Group Limited)

O4 - HKLM..\Run: [TPKMAPHELPER] C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe (Lenovo)

O4 - HKLM..\Run: [TpShocks] C:\Windows\System32\TpShocks.exe (Lenovo.)

O4 - HKLM..\Run: [TVT Scheduler Proxy] C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe (Lenovo Group Limited)

O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)

O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\daemon.exe (DT Soft Ltd)

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O9 - Extra 'Tools' menuitem : Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\npjpi160_04.dll (Sun Microsystems, Inc.)

O9 - Extra Button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)

O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : Lenovo Password Manager... - {F4F55DC8-0B69-4DFE-BA94-CB677B88B2A3} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll (Lenovo Group Limited)

O13 - gopher Prefix: missing

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)

O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)

O16 - DPF: {CAFEEFAC-0015-0000-0016-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_16-windows-i586.cab (Java Plug-in 1.5.0_16)

O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab (Java Plug-in 1.6.0_02)

O16 - DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab (Java Plug-in 1.6.0_04)

O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 212.27.40.240 212.27.40.241

O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.)

O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)

O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)

O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\10\OWC10.DLL (Microsoft Corporation)

O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL (Microsoft Corporation)

O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.)

O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O24 - Desktop WallPaper: C:\Users\memouna\AppData\Roaming\Microsoft\Windows Photo Gallery\Papier peint de la Galerie de photos Windows.jpg

O24 - Desktop BackupWallPaper: C:\Users\memouna\AppData\Roaming\Microsoft\Windows Photo Gallery\Papier peint de la Galerie de photos Windows.jpg

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2006/09/18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]

O33 - MountPoints2\{1459519f-0b3d-11df-a165-001e37da2aae}\Shell - "" = AutoRun

O33 - MountPoints2\{1459519f-0b3d-11df-a165-001e37da2aae}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a

O33 - MountPoints2\{3d2f5b4d-ed32-11dd-a08d-001e37da2aae}\Shell - "" = AutoRun

O33 - MountPoints2\{3d2f5b4d-ed32-11dd-a08d-001e37da2aae}\Shell\AutoRun\command - "" = G:\SETUP.EXE /AUTORUN

O33 - MountPoints2\{3d2f5b4d-ed32-11dd-a08d-001e37da2aae}\Shell\configure\command - "" = G:\SETUP.EXE

O33 - MountPoints2\{3d2f5b4d-ed32-11dd-a08d-001e37da2aae}\Shell\install\command - "" = G:\SETUP.EXE

O33 - MountPoints2\{78c0303e-0ff1-11df-bf16-001e37da2aae}\Shell\AutoRun\command - "" = xmor.exe

O33 - MountPoints2\{78c0303e-0ff1-11df-bf16-001e37da2aae}\Shell\open\Command - "" = xmor.exe

O33 - MountPoints2\{e39ab89f-160b-11de-b175-001e37da2aae}\Shell\AutoRun\command - "" = hm1bfpuj.exe

O33 - MountPoints2\{e39ab89f-160b-11de-b175-001e37da2aae}\Shell\open\Command - "" = hm1bfpuj.exe

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

 

NetSvcs: FastUserSwitchingCompatibility - File not found

NetSvcs: Ias - File not found

NetSvcs: Nla - File not found

NetSvcs: Ntmssvc - File not found

NetSvcs: NWCWorkstation - File not found

NetSvcs: Nwsapagent - File not found

NetSvcs: SRService - File not found

NetSvcs: WmdmPmSp - File not found

NetSvcs: LogonHours - File not found

NetSvcs: PCAudit - File not found

NetSvcs: helpsvc - File not found

NetSvcs: uploadmgr - File not found

 

========== Files/Folders - Created Within 30 Days ==========

 

[2011/01/31 11:27:03 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys

[2011/01/31 11:27:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware

[2011/01/31 11:27:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes

[2011/01/31 11:26:59 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys

[2011/01/31 11:26:59 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware

[2011/01/23 12:57:35 | 000,000,000 | ---D | C] -- C:\Users\Administrateur\AppData\Local\Temp

[2011/01/12 08:16:18 | 000,409,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\odbc32.dll

[2011/01/12 08:16:11 | 001,169,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sdclt.exe

[2008/08/11 22:45:13 | 000,167,936 | ---- | C] ( ) -- C:\Windows\System32\rsnp2uvc.dll

[2008/08/11 22:45:13 | 000,053,248 | ---- | C] ( ) -- C:\Windows\System32\csnp2uvc.dll

 

========== Files - Modified Within 30 Days ==========

 

[2011/02/01 20:32:09 | 000,234,889 | ---- | M] () -- C:\ProgramData\nvModes.001

[2011/02/01 20:32:04 | 000,234,889 | ---- | M] () -- C:\ProgramData\nvModes.dat

[2011/02/01 20:31:53 | 000,025,269 | ---- | M] () -- C:\Windows\System32\PROCDB.INI

[2011/02/01 20:31:41 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0

[2011/02/01 20:31:41 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0

[2011/02/01 20:31:37 | 000,000,380 | ---- | M] () -- C:\Windows\System32\IPSCtrl.INI

[2011/02/01 20:31:30 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2011/02/01 19:14:55 | 000,002,717 | ---- | M] () -- C:\Users\Public\Documents\AcVistaWlAutoconfig.html

[2011/01/31 11:27:03 | 000,000,913 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk

[2011/01/13 22:40:03 | 000,723,018 | ---- | M] () -- C:\Windows\System32\perfh00C.dat

[2011/01/13 22:40:03 | 000,634,400 | ---- | M] () -- C:\Windows\System32\perfh009.dat

[2011/01/13 22:40:03 | 000,146,612 | ---- | M] () -- C:\Windows\System32\perfc00C.dat

[2011/01/13 22:40:03 | 000,119,964 | ---- | M] () -- C:\Windows\System32\perfc009.dat

 

========== Files Created - No Company Name ==========

 

[2011/01/31 11:27:03 | 000,000,913 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk

[2011/01/31 10:59:16 | 000,002,717 | ---- | C] () -- C:\Users\Public\Documents\AcVistaWlAutoconfig.html

[2010/06/20 14:50:58 | 000,004,986 | ---- | C] () -- C:\ProgramData\xqkcebzs.dik

[2010/06/02 17:35:16 | 000,000,000 | ---- | C] () -- C:\ProgramData\LauncherAccess.dt

[2010/03/10 14:01:31 | 000,000,232 | ---- | C] () -- C:\Windows\ODBCINST.INI

[2009/04/04 11:00:21 | 000,484,352 | ---- | C] () -- C:\Windows\System32\lame_enc.dll

[2009/01/28 13:01:30 | 000,000,501 | ---- | C] () -- C:\Windows\ODBC.INI

[2009/01/28 12:52:19 | 000,717,296 | ---- | C] () -- C:\Windows\System32\drivers\sptd.sys

[2008/08/12 20:58:03 | 000,087,552 | ---- | C] () -- C:\Windows\System32\cpwmon2k.dll

[2008/08/12 20:35:51 | 000,164,352 | ---- | C] () -- C:\Windows\System32\unrar.dll

[2008/08/12 20:35:49 | 000,755,027 | ---- | C] () -- C:\Windows\System32\xvidcore.dll

[2008/08/12 20:35:49 | 000,159,839 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll

[2008/08/12 20:35:48 | 003,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll

[2008/08/12 20:35:47 | 000,007,680 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll

[2008/08/12 01:36:23 | 000,234,889 | ---- | C] () -- C:\ProgramData\nvModes.001

[2008/08/12 01:36:20 | 000,234,889 | ---- | C] () -- C:\ProgramData\nvModes.dat

[2008/08/11 23:09:11 | 000,204,800 | ---- | C] () -- C:\Windows\System32\IVIresizeW7.dll

[2008/08/11 23:09:11 | 000,200,704 | ---- | C] () -- C:\Windows\System32\IVIresizeA6.dll

[2008/08/11 23:09:11 | 000,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeP6.dll

[2008/08/11 23:09:11 | 000,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeM6.dll

[2008/08/11 23:09:11 | 000,188,416 | ---- | C] () -- C:\Windows\System32\IVIresizePX.dll

[2008/08/11 23:09:11 | 000,020,480 | ---- | C] () -- C:\Windows\System32\IVIresize.dll

[2008/08/11 23:06:45 | 000,056,056 | ---- | C] () -- C:\Windows\System32\DLAAPI_W.DLL

[2008/08/11 23:06:45 | 000,000,120 | ---- | C] () -- C:\Windows\wininit.ini

[2008/08/11 23:00:35 | 002,115,816 | ---- | C] () -- C:\Windows\System32\NPSWF32.dll

[2008/08/11 22:45:15 | 000,015,497 | ---- | C] () -- C:\Windows\snp2uvc.ini

[2008/08/11 22:45:14 | 009,598,080 | ---- | C] () -- C:\Windows\System32\drivers\snp2uvc.sys

[2008/08/11 22:41:05 | 000,012,080 | ---- | C] () -- C:\Windows\System32\drivers\TPPWR32V.SYS

[2008/01/04 14:13:58 | 000,073,728 | ---- | C] () -- C:\Windows\System32\DEVMAN.DLL

[2007/11/19 13:55:18 | 000,958,464 | ---- | C] () -- C:\Windows\System32\WLIHVUI.dll

[2007/08/03 14:14:30 | 000,000,000 | ---- | C] () -- C:\Windows\System32\px.ini

[2007/07/27 07:37:40 | 000,025,269 | ---- | C] () -- C:\Windows\System32\PROCDB.INI

[2007/07/27 07:37:29 | 000,000,380 | ---- | C] () -- C:\Windows\System32\IPSCtrl.INI

[2006/12/13 22:01:36 | 000,520,192 | ---- | C] () -- C:\Windows\System32\CddbPlaylist2Roxio.dll

[2006/12/13 22:01:36 | 000,204,800 | ---- | C] () -- C:\Windows\System32\CddbFileTaggerRoxio.dll

[2006/11/02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini

 

========== Custom Scans ==========

 

 

< %SYSTEMDRIVE%\*.exe >

 

 

< MD5 for: AGP440.SYS >

[2008/01/21 03:23:26 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\drivers\AGP440.sys

[2008/01/21 03:23:26 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys

[2008/01/21 03:23:26 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys

[2008/01/21 03:23:26 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys

[2006/11/02 10:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys

 

< MD5 for: ATAPI.SYS >

[2008/01/21 03:23:26 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\drivers\atapi.sys

[2008/01/21 03:23:26 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys

[2008/01/21 03:23:26 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys

[2006/11/02 10:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys

 

< MD5 for: CNGAUDIT.DLL >

[2006/11/02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll

[2006/11/02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll

 

< MD5 for: IASTOR.SYS >

[2007/09/29 22:03:12 | 000,308,248 | ---- | M] (Intel Corporation) MD5=E5A0034847537EAEE3C00349D5C34C5F -- C:\Program Files\Lenovo\System Update\session\7tim04ww\iastor.sys

[2007/09/29 22:03:12 | 000,308,248 | ---- | M] (Intel Corporation) MD5=E5A0034847537EAEE3C00349D5C34C5F -- C:\Windows\System32\drivers\iaStor.sys

[2007/09/29 22:03:12 | 000,308,248 | ---- | M] (Intel Corporation) MD5=E5A0034847537EAEE3C00349D5C34C5F -- C:\Windows\System32\DriverStore\FileRepository\iaahci.inf_7baf6192\iaStor.sys

[2007/02/12 05:36:54 | 000,277,784 | ---- | M] (Intel Corporation) MD5=FD7F9D74C2B35DBDA400804A3F5ED5D8 -- C:\DRIVERS\other\iastor.sys

[2007/02/12 05:36:54 | 000,277,784 | ---- | M] (Intel Corporation) MD5=FD7F9D74C2B35DBDA400804A3F5ED5D8 -- C:\SWTOOLS\DRIVERS\IMSM\iastor.sys

[2007/02/12 05:36:54 | 000,277,784 | ---- | M] (Intel Corporation) MD5=FD7F9D74C2B35DBDA400804A3F5ED5D8 -- C:\Windows\System32\DriverStore\FileRepository\iaahci.inf_1cb29a96\iaStor.sys

 

< MD5 for: IASTORV.SYS >

[2008/01/21 03:23:47 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\drivers\iaStorV.sys

[2008/01/21 03:23:47 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys

[2008/01/21 03:23:47 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys

[2006/11/02 10:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys

 

< MD5 for: NETLOGON.DLL >

[2008/01/21 03:24:31 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\System32\netlogon.dll

[2008/01/21 03:24:31 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll

 

< MD5 for: NVSTOR.SYS >

[2006/11/02 10:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys

[2008/01/21 03:23:45 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\drivers\nvstor.sys

[2008/01/21 03:23:45 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys

[2008/01/21 03:23:45 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys

 

< MD5 for: SCECLI.DLL >

[2008/01/21 03:25:18 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\System32\scecli.dll

[2008/01/21 03:25:18 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll

 

< %systemroot%\*. /mp /s >

 

< %systemroot%\system32\*.dll /lockedfiles >

[2008/01/21 03:25:06 | 000,242,744 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\rsaenh.dll

[2008/01/21 03:25:02 | 000,225,792 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\SLC.dll

 

< %systemroot%\Tasks\*.job /lockedfiles >

 

< End of report >

 

 

 

OTL Extras logfile created on: 01/02/2011 20:49:21 - Run 1

OTL by OldTimer - Version 3.2.20.6 Folder = D:\Downloads

Windows Vista Business Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation

Internet Explorer (Version = 7.0.6001.18000)

Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy

 

2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 55,00% Memory free

4,00 Gb Paging File | 3,00 Gb Available in Paging File | 74,00% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 30,00 Gb Total Space | 1,05 Gb Free Space | 3,51% Space Free | Partition Type: NTFS

Drive D: | 66,73 Gb Total Space | 65,13 Gb Free Space | 97,61% Space Free | Partition Type: NTFS

 

Computer Name: PC-MANOUNA | User Name: manouna | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 

========== Extra Registry (SafeList) ==========

 

 

========== File Associations ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)

.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

 

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]

.html [@ = htmlfile] -- Reg Error: Key error. File not found

 

========== Shell Spawning ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [AddToPlaylistVLC] -- C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --playlist-enqueue "%1" ()

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [PlayWithVLC] -- C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --no-playlist-enqueue "%1" ()

Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

 

========== Security Center Settings ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 1

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

"VistaSp1" = Reg Error: Unknown registry data type -- File not found

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

 

========== Firewall Settings ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"EnableFirewall" = 1

"DisableNotifications" = 0

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = 1

"DisableNotifications" = 0

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

"EnableFirewall" = 1

"DisableNotifications" = 0

 

========== Authorized Applications List ==========

 

 

========== Vista Active Open Ports Exception List ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{0031D6FE-0342-4C8B-B20A-5565EF6C20E9}" = rport=445 | protocol=6 | dir=out | app=system |

"{106684DA-A630-49C9-8832-4CFC97C79FF0}" = rport=139 | protocol=6 | dir=out | app=system |

"{116EE13A-BC25-4FBC-8067-DD4775B446C1}" = rport=137 | protocol=17 | dir=out | app=system |

"{33461659-2196-4B3F-A800-40450FB3FC2F}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |

"{5D1CB923-9E03-4E7B-A25A-D6996413AD94}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |

"{6B245EFA-BEDA-4E2F-8931-B3C77C0C230E}" = lport=2869 | protocol=6 | dir=in | app=system |

"{717DCCA4-4B36-4273-80B4-5AB9969B15F3}" = lport=137 | protocol=17 | dir=in | app=system |

"{960DFADC-C358-4173-9948-EEECA7CD2631}" = lport=445 | protocol=6 | dir=in | app=system |

"{9CA6C0AD-1659-438A-B771-5429D4CF83CA}" = lport=139 | protocol=6 | dir=in | app=system |

"{DC52AFB9-8E48-48B5-8E14-35CCA0560625}" = lport=138 | protocol=17 | dir=in | app=system |

"{E8F1393D-2B39-4BF9-B5CD-4418806FE34C}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |

"{F6030A8F-B51C-441B-97D0-AEFB7281B45C}" = rport=138 | protocol=17 | dir=out | app=system |

 

========== Vista Active Application Exception List ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{2FFED454-C466-4AC9-BB41-9B133861526A}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |

"{3FB90A97-9A50-411B-BB3E-DBAB9E0B74AB}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |

"{42E6EDD5-3AE6-414A-8BFC-B6DFE58C12A8}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |

"{71AF7A5B-F2B7-4AB0-905C-3FE1D79F7278}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |

"{814B533A-53AC-4867-82AB-B8B6D9CF2A8F}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |

"{8AA63101-2EC2-49C7-B686-5EDDEA5371C9}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |

"{D39654E9-2D02-433A-877B-B8D39F2205DC}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |

"{D5CB214A-E221-4C49-88AF-95AC416A00AF}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |

"TCP Query User{0B701C2C-7ACB-4F61-B1C7-96FDD236A04A}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |

"TCP Query User{32E7D305-7084-4CEE-A999-0FDE5C0E6DEB}C:\program files\easyphp 3.0\mysql\bin\mysqld.exe" = protocol=6 | dir=in | app=c:\program files\easyphp 3.0\mysql\bin\mysqld.exe |

"UDP Query User{051150EF-0607-46E3-AE9B-60950F3EDA81}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |

"UDP Query User{9DA85639-841F-4A10-8B18-B260D9E95A29}C:\program files\easyphp 3.0\mysql\bin\mysqld.exe" = protocol=17 | dir=in | app=c:\program files\easyphp 3.0\mysql\bin\mysqld.exe |

 

========== HKEY_LOCAL_MACHINE Uninstall List ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{0F5B4A82-9DAF-3D13-8CB8-AEB25E4A614E}" = Microsoft .NET Framework 4 Client Profile FRA Language Pack

"{1007F41F-7D69-468E-8017-3849A5A973C2}" = ThinkVantage Technologies Welcome Message

"{1297C681-92D7-40EF-93BF-03F66EC5105C}" = Utilitaire ThinkPad EasyEject

"{133742BA-6F46-4D3E-85AF-78631D9AD8B8}" = Installation Windows Live

"{16E79B1D-D1C2-4CA6-8B23-F4D890E0DCB9}" = Orange Plug-in messagerie vocale 888

"{17CBC505-D1AE-459D-B445-3D2000A85842}" = Utilitaire ThinkPad UltraNav

"{1EE04769-91C4-4A06-92B7-FCAFE6BABDD9}" = Galerie de photos Windows Live

"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Outil de téléchargement Windows Live

"{2111B23F-7FDA-4A41-8309-E5A1663CA296}" = Utilitaire de personnalisation du clavier ThinkPad

"{216AB108-2AE1-4130-B3D5-20B2C4C80F8F}" = QuickTime

"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT

"{230B83A5-7D88-4B95-B71E-F44C0C78B002}" = Windows Live Movie Maker

"{23170F69-40C1-2701-0457-000001000000}" = 7-Zip 4.57

"{29042B1C-0713-4575-B7CA-5C8E7B0899D4}" = MySQL Connector/ODBC 5.1

"{2F4C24E6-CBD4-4AAC-B56F-C9FD44DE5668}" = Drag-to-Disc

"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform

"{3248F0A8-6813-11D6-A77B-00B0D0150160}" = J2SE Runtime Environment 5.0 Update 16

"{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java 6 Update 2

"{3248F0A8-6813-11D6-A77B-00B0D0160040}" = Java 6 Update 4

"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java 6 Update 7

"{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}" = McAfee SiteAdvisor

"{399C37FB-08AF-493B-BFED-20FBD85EDF7F}" = Integrated Camera

"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile

"{3E31821C-7917-367E-938E-E65FC413EA31}" = Microsoft .NET Framework 3.5 Language Pack SP1 - fra

"{445B183D-F4F1-45C8-B9DB-F11355CA657B}" = Windows Live Messenger

"{44E9D4C2-946C-4378-9354-558803C47A68}" = Client Security - Password Manager

"{4634B21A-CC07-4396-890C-2B8168661FEA}" = Windows Live Writer

"{46A84694-59EC-48F0-964C-7E76E9F8A2ED}" = Système de protection active ThinkVantage

"{4AB5764A-3894-49A2-BAA8-C4665F74CD4C}" = Registry patch to improve USB device detection on resume from sleep for Windows Vista

"{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}" = Microsoft Office Live Add-in 1.3

"{58BAA8D0-404E-4585-9FD3-ED1BB72AC2EE}" = Adobe Flash Player 9 ActiveX

"{59F6A514-9813-47A3-948C-8A155460CC2A}" = RICOH R5C83x/84x Flash Media Controller Driver Ver.3.52.02

"{5DD76286-9BE7-4894-A990-E905E91AC818}" = Windows Live Mail

"{5EFCBB42-36AB-4FF9-B90C-E78C7B9EE7B3}" = iTunes

"{65706020-7B6F-41F2-8047-FC69579E386A}" = Gestionnaire de présentation

"{668ACF05-E455-4932-A2D2-5822A8206FEB}" = Camera Center

"{69333A04-5134-40A5-A055-9166A7AA1EC8}" =

"{76810709-A7D3-468D-9167-A1780C1E766C}" = Windows Live FolderShare

"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

"{796E076A-82F7-4D49-98C8-DEC0C3BC733A}" = Diskeeper Home

"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP

"{7E4C16B8-8F76-4940-8505-98E93C00BF19}" = Rescue and Recovery

"{7EB114D8-207F-45AE-BABD-1669715F2630}" = ThinkVantage Access Connections

"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable

"{8675339C-128C-44DD-83BF-0A5D6ABD8297}" = System Update

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}" = mPfMgr

"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update

"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003

"{90120000-0020-040C-0000-0000000FF1CE}" = Module de compatibilité pour Microsoft Office System 2007

"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD

"{92AD5564-AFE0-4CED-B7D1-370896752872}" = ThinkPad Mobility Center Customization

"{938B1CD7-7C60-491E-AA90-1F1888168240}" = Multimedia Center For Think Offerings

"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting

"{986F64DC-FF15-449D-998F-EE3BCEC6666A}" = Help Center

"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = ThinkPad UltraNav Driver

"{9FF9FDF7-F84A-4F99-B4BB-066B6F95F33D}" = Windows Live Contrôle parental

"{A0F925BF-5C55-44C2-A4E7-5A4C59791C29}" = mDriver

"{A122962F-331A-4C2E-93DB-AD92D8A4FB14}" = OpenOffice.org 2.4

"{A7894110-9C15-43EF-89E9-060363290188}" = Samsung PC Studio

"{A945BD16-4774-4A1F-96A7-118BEC004881}" = mCorev32.ism_new

"{AC76BA86-7AD7-1036-7B44-A90000000001}" = Adobe Reader 9 - Français

"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9

"{B334D9AE-1393-423E-97C0-3BDC3360E692}" = Sonic Icons for Lenovo

"{B3B487E7-6171-4376-9074-B28082CEB504}" = Windows Live Call

"{C4A4722E-79F9-417C-BD72-8D359A090C97}" = Samsung PC Studio

"{C6FA39A7-26B1-480A-BC74-6D17531AC222}" = Access - Aide

"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1

"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1

"{CF5737AF-8550-4546-A69B-0EA9EF5A9B55}" = ThinkVantage Productivity Center

"{D0C73318-7B4A-4D16-A0C4-3B83F075EA88}" = Search Settings 1.2

"{D728E945-256D-4477-B377-6BBA693714AC}" = Supplément à Productivity Center pour ThinkPad

"{DAC01CEE-5BAE-42D5-81FC-B687E84E8405}" = Gestionnaire d'alimentation ThinkPad

"{DCE8CD14-FBF5-4464-B9A4-E18E473546C7}" = Assistant de connexion Windows Live

"{E7E836B8-4BDD-454F-82E6-5FEA17C83AD4}" = Message Center

"{EBA29752-DDD2-4B62-B2E3-9841F92A3E3A}" = Samsung PC Studio 3 USB Driver Installer

"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX

"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]

"{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}" = mMHouse

"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard

"{F18DB86D-BC16-4E01-BCCE-63F62B931D82}" = InterVideo Register Manager

"{F32ED8B1-2442-4B0E-8DEC-3F3BFC1C2B7F}" = mCPlug

"{F705E3E1-A471-426B-9A09-73429F3418EE}" = System Migration Assistant

"1A96FF9D9E5F19776E6749D8F6557FCC437EB294" = Windows Driver Package - Ricoh Company MS Host Controller (07/30/2007 6.00.01.11)

"1B609D7E6D10BAF8F2B5CB6A0A89867EF7F61A3E" = Windows Driver Package - Intel (e1express) Net (04/26/2007 9.7.240.0)

"2B6D818F3939804B01D509A4234EFE979CAAADCA" = Windows Driver Package - Intel hdc (11/15/2006 8.2.0.1011)

"33B90F7893A16FA92E149B05C5B46C501B4202CD" = Windows Driver Package - Lenovo (IBMPMDRV) System (05/31/2007 1.43)

"38884E3EBEF76FE8FCF8DF8349FE73E84B85632C" = Windows Driver Package - Ricoh Company MMC Host Controller (08/08/2007 6.00.03.02)

"38C8E8384B1D0355BE6B7A0EE5ACD9EA7122E268" = Windows Driver Package - Intel hdc (11/15/2006 8.2.0.1011)

"4CF15B23EAB3D8AAA1E32F8ED986D8811D81835D" = Windows Driver Package - Intel System (09/15/2006 8.0.0.1008)

"530B366ABB8F4E0087E6FB2DE3609611DF9D8D27" = Windows Driver Package - Intel USB (09/15/2006 8.0.0.1008)

"5B35493BBF3623E997EADC90AFF8AA66DF7A114F" = Windows Driver Package - Intel System (09/15/2006 8.2.0.1000)

"67CCAA793684CADDDCD55BAD807632E611CA05D2" = Windows Driver Package - Intel (iaStor) hdc (02/12/2007 7.0.0.1020)

"778DAA8FB0D52FC214BC306BBDC33E26ACAB6F44" = Windows Driver Package - Ricoh Company xD Host Controller (07/30/2007 6.00.01.13)

"787E3A824531CE2DB2180F5CFAD00B052D0E389E" = Windows Driver Package - Intel System (09/15/2006 8.0.0.1010)

"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin

"Adobe Shockwave Player" = Adobe Shockwave Player 11

"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus

"AwayTask" = Maintenance Manager

"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_10140588" = ThinkPad Modem

"CutePDF Writer Installation" = CutePDF Writer 2.7

"Dipmon" = Registry Patch of Enabling Device Initiated Power Management(DIPM) on SATA for Windows Vista

"E40782D0B0D2A7F661A275F639A54DDA57386FB8" = Windows Driver Package - Intel hdc (12/06/2006 6.8.0.3002)

"E6CEFD9A59425A2A27E92572AB367B28C371D3D8" = Windows Driver Package - Intel System (09/15/2006 7.0.0.1011)

"FileZilla Client" = FileZilla Client 3.1.1.1

"FPIRPOn" = Registry patch of Changing Timing of IDLE IRP by Finger Print Driver for Windows Vista

"Free Mp3 Wma Converter_is1" = Free Mp3 Wma Converter V 1.8.0

"KLiteCodecPack_is1" = K-Lite Codec Pack 4.0.0 (Full)

"Lenovo Registration" = Lenovo Registration

"LENOVO.SMIIF" = Lenovo System Interface Driver

"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware

"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1

"Microsoft .NET Framework 3.5 Language Pack SP1 - fra" = Module linguistique Microsoft .NET Framework 3.5 SP1- fra

"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1

"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile

"Microsoft .NET Framework 4 Client Profile FRA Language Pack" = Module linguistique Microsoft .NET Framework 4 Client Profile FRA

"Mozilla Firefox (3.0.19)" = Mozilla Firefox (3.0.19)

"Mozilla Thunderbird (2.0.0.16)" = Mozilla Thunderbird (2.0.0.16)

"Notepad++" = Notepad++

"NVIDIA Drivers" = NVIDIA Drivers

"OnScreenDisplay" = Incrustation

"PC-Doctor 5 for Windows" = PC-Doctor 5 pour Windows

"Picasa2" = Picasa 2

"Power Management Driver" = ThinkPad Power Management Driver

"ProInst" = Logiciel Intel® PROSet/Wireless

"PROSet" = Intel® PRO Network Connections Drivers

"RealPlayer 6.0" = RealPlayer

"SAMSUNG CDMA Modem" = SAMSUNG CDMA Modem Driver Set

"SAMSUNG Mobile USB Modem" = SAMSUNG Mobile USB Modem Software

"SAMSUNG Mobile USB Modem 1.0" = SAMSUNG Mobile USB Modem 1.0 Software

"ThinkPad FullScreen Magnifier" = ThinkPad FullScreen Magnifier

"USBPMon" = Registry patch for Windows Vista USB S3 PM Enablement

"VLC media player" = VideoLAN VLC media player 0.8.6i

"Vodafone WCDMA Composite Device Drive" = Vodafone WCDMA Composite Device Drive Software

"WinGimp-2.0_is1" = GIMP 2.4.6

"WinLiveSuite_Wave3" = Installation Windows Live

"WinRAR archiver" = Logiciel d'archivage WinRAR

 

========== Last 10 Event Log Errors ==========

 

[ Application Events ]

Error - 01/02/2011 13:23:38 | Computer Name = PC-manouna | Source = Windows Search Service | ID = 3013

Description =

 

Error - 01/02/2011 13:23:38 | Computer Name = PC-manouna | Source = Windows Search Service | ID = 3013

Description =

 

Error - 01/02/2011 13:23:38 | Computer Name = PC-manouna | Source = Windows Search Service | ID = 3013

Description =

 

Error - 01/02/2011 13:23:38 | Computer Name = PC-manouna | Source = Windows Search Service | ID = 3013

Description =

 

Error - 01/02/2011 13:23:38 | Computer Name = PC-manouna | Source = Windows Search Service | ID = 3013

Description =

 

Error - 01/02/2011 13:23:38 | Computer Name = PC-manouna | Source = Windows Search Service | ID = 3013

Description =

 

Error - 01/02/2011 13:23:38 | Computer Name = PC-manouna | Source = Windows Search Service | ID = 3013

Description =

 

Error - 01/02/2011 13:23:38 | Computer Name = PC-manouna | Source = Windows Search Service | ID = 3013

Description =

 

Error - 01/02/2011 13:23:38 | Computer Name = PC-manouna | Source = Windows Search Service | ID = 3013

Description =

 

Error - 01/02/2011 15:32:58 | Computer Name = PC-manouna | Source = WinMgmt | ID = 10

Description =

 

[ System Events ]

Error - 01/02/2011 07:21:46 | Computer Name = PC-manouna | Source = HTTP | ID = 15016

Description =

 

Error - 01/02/2011 07:22:12 | Computer Name = PC-manouna | Source = Service Control Manager | ID = 7000

Description =

 

Error - 01/02/2011 07:23:38 | Computer Name = PC-manouna | Source = Service Control Manager | ID = 7011

Description =

 

Error - 01/02/2011 13:21:39 | Computer Name = PC-manouna | Source = HTTP | ID = 15016

Description =

 

Error - 01/02/2011 13:22:09 | Computer Name = PC-manouna | Source = Service Control Manager | ID = 7000

Description =

 

Error - 01/02/2011 13:23:33 | Computer Name = PC-manouna | Source = Service Control Manager | ID = 7011

Description =

 

Error - 01/02/2011 15:31:35 | Computer Name = PC-manouna | Source = HTTP | ID = 15016

Description =

 

Error - 01/02/2011 15:32:59 | Computer Name = PC-manouna | Source = Service Control Manager | ID = 7000

Description =

 

Error - 01/02/2011 15:33:29 | Computer Name = PC-manouna | Source = Service Control Manager | ID = 7011

Description =

 

Error - 01/02/2011 15:34:14 | Computer Name = PC-manouna | Source = Service Control Manager | ID = 7011

Description =

 

 

< End of report >

bernard53 Godlike Member

bernard53

Posté(e)
Posté(e) (modifié)

bonjour

 

OK divers choses a résoudre donc fait ceci dans cet ordre s.t.p

 

1-* Fait un double-clic sur l'icône d'OTL pour le lancer

/!\ pour Vista/Seven fais un clic-droit sur l'icône d'OTL et choisis "Exécuter en tant qu'administrateur"

 

* Assure-toi d'avoir fermé toutes les applications en court de fonctionnement.

 

* Quand la fenêtre d'OTL apparaît, assure toi que dans la section "Rapport" (en haut à droite) la case " Rapport minimal" soit cochée.

 

* Copies et colles le contenue de cette citation dans la partie inférieure d'OTL "Personnalisation"

:OTL

PRC - C:\Program Files\Search Settings\SearchSettings.exe (Vendio Services, Inc.)

IE - HKCU\..\URLSearchHook: {4daac69c-cba7-45e2-9bc8-1044483d3352} - Reg Error: Key error. File not found

O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {4DAAC69C-CBA7-45E2-9BC8-1044483D3352} - No CLSID value found.

O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F} - No CLSID value found.

O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {F2E259E8-0FC8-438C-A6E0-342DD80FA53E} - No CLSID value found.

O4 - HKLM\..\Run: [] File not found

O4 - HKLM\..\Run: File not found

O4 - HKLM\..\Run: [searchSettings] C:\Program Files\Search Settings\SearchSettings.exe (Vendio Services, Inc.)

O4 - HKLM\..\Run: [TPFNF7] File not found

:Files

C:\Program Files\Search Settings

:Commands

[emptytemp]

 

* Cliques sur l'icône Correction (en haut à gauche) .

* Laisse le scan aller à son terme sans te servir du PC

* A la fin du scan un rapport s'ouvrir "OTL.Txt"

* Copie et colle le ou les rapports dans ta réponse stp...

* Au cas où, tu peux les retrouver dans le dossier C:\OTL ou sur ton bureau en fonction des cas rencontrés

Mets le rapport ici car il prend bien de la place.

Cijoint.fr - Service gratuit de dépôt de fichiers

 

 

 

2-Désactive ton anti Virus avant le scan car il bloque sur la désinfection

 

Télécharge USBFix depuis ce lien : <<ICI>>

 

Double cliquez sur "UsbFix.exe" présent sur votre bureau.

L'installation est automatique.

 

Branche tes lecteurs externes

 

Valide Suppression

 

 

Une fois l'analyse terminée, un rapport de scan vous est proposé...

 

 

Ensuite ceci pour mettre ta version de Java à jour.

 

 

 

** Télécharge JavaRA

 

**Aide en images

Pour Vista : Clic-droit sur setup et choisis "Exécuter en tant qu'administrateur".

Modifié par bernard53
mananou Junior Member

mananou

Posté(e)
  • Auteur
Posté(e) (modifié)

Bonjour,

 

Alors pour la partie 1 voilà le rapport

 

All processes killed

========== OTL ==========

No active process named SearchSettings.exe was found!

Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{4daac69c-cba7-45e2-9bc8-1044483d3352} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4daac69c-cba7-45e2-9bc8-1044483d3352}\ not found.

Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{4DAAC69C-CBA7-45E2-9BC8-1044483D3352} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4DAAC69C-CBA7-45E2-9BC8-1044483D3352}\ not found.

Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F}\ not found.

Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{F2E259E8-0FC8-438C-A6E0-342DD80FA53E} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F2E259E8-0FC8-438C-A6E0-342DD80FA53E}\ not found.

Registry key HKEY_LOCAL_MACHINE\\Software\Microsoft\Windows\CurrentVersion\Run\ not found.

Registry key HKEY_LOCAL_MACHINE\\Software\Microsoft\Windows\CurrentVersion\Run not found.

Registry key HKEY_LOCAL_MACHINE\\Software\Microsoft\Windows\CurrentVersion\Run not found.

C:\Program Files\Search Settings\SearchSettings.exe moved successfully.

Registry key HKEY_LOCAL_MACHINE\\Software\Microsoft\Windows\CurrentVersion\Run not found.

========== FILES ==========

C:\Program Files\Search Settings\kb127\temp folder moved successfully.

C:\Program Files\Search Settings\kb127\res folder moved successfully.

C:\Program Files\Search Settings\kb127 folder moved successfully.

C:\Program Files\Search Settings folder moved successfully.

========== COMMANDS ==========

 

[EMPTYTEMP]

 

User: Administrateur

 

User: All Users

 

User: Default

 

User: Default User

 

User: manouna

 

User: Public

 

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 40036002 bytes

%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes

RecycleBin emptied: 591193 bytes

 

Total Files Cleaned = 39,00 mb

 

 

OTL by OldTimer - Version 3.2.20.6 log created on 02022011_155319

 

Files\Folders moved on Reboot...

 

Registry entries deleted on Reboot...

Modifié par mananou
mananou Junior Member

mananou

Posté(e)
  • Auteur
Posté(e)

Le rapport de la partie 2:

 

############################## | UsbFix 7.038 | [Recherche]

 

Utilisateur: manouna (Administrateur) # PC-MANOUNA [LENOVO 8927A59]

Mis à jour le 14/01/2011 par El Desaparecido / C_XX

Lancé à 16:08:56 | 02/02/2011

Site Web: TeamXscript : AD-Remover - FindyKill - UsbFix

Contact: eldesaparecido@teamxscript.org

 

CPU: Intel® Pentium® Dual CPU T2390 @ 1.86GHz

CPU 2: Intel® Pentium® Dual CPU T2390 @ 1.86GHz

Microsoft® Windows Vista Professionnel (6.0.6001 32-Bit) # Service Pack 1

Internet Explorer 7.0.6001.18000

 

Pare-feu Windows: Activé

RAM -> 2046 Mo

C:\ (%systemdrive%) -> Disque fixe # 30 Go (1 Go libre(s) - 4%) [système] # NTFS

D:\ -> Disque fixe # 67 Go (65 Go libre(s) - 98%) [Données] # NTFS

E:\ -> CD-ROM

G:\ -> CD-ROM

I:\ -> Disque amovible # 967 Mo (890 Mo libre(s) - 92%) [MANOUNA] # FAT

 

################## | Éléments infectieux |

 

 

 

################## | Registre |

 

Présent! HKLM\software\microsoft\windows nt\currentversion\winlogon|Taskman

 

################## | Mountpoints2 |

 

HKCU\.\.\.\.\Explorer\MountPoints2\{1459519f-0b3d-11df-a165-001e37da2aae}

Shell\AutoRun\Command = F:\LaunchU3.exe -a

 

HKCU\.\.\.\.\Explorer\MountPoints2\{3d2f5b4d-ed32-11dd-a08d-001e37da2aae}

Shell\AutoRun\Command = G:\SETUP.EXE /AUTORUN

Shell\configure\Command = G:\SETUP.EXE

Shell\install\Command = G:\SETUP.EXE

 

HKCU\.\.\.\.\Explorer\MountPoints2\{78c0303e-0ff1-11df-bf16-001e37da2aae}

Shell\AutoRun\Command = xmor.exe

Shell\open\Command = xmor.exe

 

HKCU\.\.\.\.\Explorer\MountPoints2\{e39ab89f-160b-11de-b175-001e37da2aae}

Shell\AutoRun\Command = hm1bfpuj.exe

Shell\open\Command = hm1bfpuj.exe

 

 

################## | Vaccin |

 

(!) Cet ordinateur n'est pas vacciné!

 

################## | E.O.F |

bernard53 Godlike Member

bernard53

Posté(e)
Posté(e)

ok USBFIX a bien trouvé des lignes suspecte comme je pensais donc ceci s.t.p

 

Relance USBFIX

 

Branche tes lecteurs externes

 

Valide Suppression

 

 

Une fois l'analyse terminée, un rapport de scan vous est proposé...

Citation

CTRL+A pour tout sélectionner

CTRL+C pour copier

CTRL+V pour coller dans la réponse

mananou Junior Member

mananou

Posté(e)
  • Auteur
Posté(e)

Bonjour,

 

Voilà le rapport :

 

############################## | UsbFix 7.038 | [suppression]

 

Utilisateur: manouna (Administrateur) # PC-MANOUNA [LENOVO 8927A59]

Mis à jour le 14/01/2011 par El Desaparecido / C_XX

Lancé à 11:33:36 | 03/02/2011

Site Web: TeamXscript : AD-Remover - FindyKill - UsbFix

Contact: eldesaparecido@teamxscript.org

 

CPU: Intel® Pentium® Dual CPU T2390 @ 1.86GHz

CPU 2: Intel® Pentium® Dual CPU T2390 @ 1.86GHz

Microsoft® Windows Vista Professionnel (6.0.6001 32-Bit) # Service Pack 1

Internet Explorer 7.0.6001.18000

 

Pare-feu Windows: Activé

RAM -> 2046 Mo

C:\ (%systemdrive%) -> Disque fixe # 30 Go (1 Go libre(s) - 4%) [système] # NTFS

D:\ -> Disque fixe # 67 Go (65 Go libre(s) - 98%) [Données] # NTFS

E:\ -> CD-ROM

G:\ -> CD-ROM

I:\ -> Disque amovible # 967 Mo (890 Mo libre(s) - 92%) [MANOUNA] # FAT

 

################## | Éléments infectieux |

 

 

Supprimé! C:\$RECYCLE.BIN\S-1-5-21-3687312281-1749664057-3574801715-1002

Supprimé! C:\$RECYCLE.BIN\S-1-5-21-3687312281-1749664057-3574801715-1003

Supprimé! C:\$RECYCLE.BIN\S-1-5-21-3687312281-1749664057-3574801715-1004

Supprimé! C:\$RECYCLE.BIN\S-1-5-21-3687312281-1749664057-3574801715-1005

Supprimé! C:\$RECYCLE.BIN\S-1-5-21-3687312281-1749664057-3574801715-1006

Supprimé! C:\$RECYCLE.BIN\S-1-5-21-3687312281-1749664057-3574801715-1007

Supprimé! C:\$RECYCLE.BIN\S-1-5-21-3687312281-1749664057-3574801715-1008

Supprimé! C:\$RECYCLE.BIN\S-1-5-21-3687312281-1749664057-3574801715-1009

Supprimé! C:\$RECYCLE.BIN\S-1-5-21-3687312281-1749664057-3574801715-1010

Supprimé! C:\$RECYCLE.BIN\S-1-5-21-3687312281-1749664057-3574801715-1011

Supprimé! C:\$RECYCLE.BIN\S-1-5-21-3687312281-1749664057-3574801715-1012

Supprimé! C:\$RECYCLE.BIN\S-1-5-21-3687312281-1749664057-3574801715-1013

Supprimé! C:\$RECYCLE.BIN\S-1-5-21-3687312281-1749664057-3574801715-500

Supprimé! D:\$RECYCLE.BIN\S-1-5-21-3687312281-1749664057-3574801715-1005

Supprimé! D:\$RECYCLE.BIN\S-1-5-21-3687312281-1749664057-3574801715-1006

Supprimé! D:\$RECYCLE.BIN\S-1-5-21-3687312281-1749664057-3574801715-1007

Supprimé! D:\$RECYCLE.BIN\S-1-5-21-3687312281-1749664057-3574801715-1008

Supprimé! D:\$RECYCLE.BIN\S-1-5-21-3687312281-1749664057-3574801715-1009

Supprimé! D:\$RECYCLE.BIN\S-1-5-21-3687312281-1749664057-3574801715-1010

Supprimé! D:\$RECYCLE.BIN\S-1-5-21-3687312281-1749664057-3574801715-1011

Supprimé! D:\$RECYCLE.BIN\S-1-5-21-3687312281-1749664057-3574801715-1012

Supprimé! D:\$RECYCLE.BIN\S-1-5-21-3687312281-1749664057-3574801715-1013

Supprimé! D:\$RECYCLE.BIN\S-1-5-21-3687312281-1749664057-3574801715-500

 

################## | Registre |

 

Supprimé! HKLM\software\microsoft\windows nt\currentversion\winlogon|Taskman

 

################## | Mountpoints2 |

 

Supprimé! HKCU\.\.\.\.\Explorer\MountPoints2\{1459519f-0b3d-11df-a165-001e37da2aae}

Supprimé! HKCU\.\.\.\.\Explorer\MountPoints2\{3d2f5b4d-ed32-11dd-a08d-001e37da2aae}

Supprimé! HKCU\.\.\.\.\Explorer\MountPoints2\{78c0303e-0ff1-11df-bf16-001e37da2aae}

Supprimé! HKCU\.\.\.\.\Explorer\MountPoints2\{e39ab89f-160b-11de-b175-001e37da2aae}

 

################## | Listing |

 

[03/02/2011 - 11:34:05 | SHD ] C:\$Recycle.Bin

[29/12/2010 - 19:21:46 | D ] C:\A

[18/09/2006 - 22:43:36 | N | 24] C:\autoexec.bat

[11/08/2008 - 22:19:21 | D ] C:\Boot

[21/01/2008 - 03:25:06 | RASH | 333203] C:\bootmgr

[05/02/2008 - 21:53:28 | N | 8192] C:\BOOTSECT.BAK

[18/09/2006 - 22:43:37 | N | 10] C:\config.sys

[02/11/2006 - 14:02:24 | SHD ] C:\Documents and Settings

[11/08/2008 - 23:18:46 | D ] C:\DRIVERS

[11/08/2008 - 22:58:56 | D ] C:\Icons

[02/02/2011 - 16:38:14 | N | 129] C:\JavaRa.log

[03/02/2011 - 11:21:14 | ASH | 2459463680] C:\pagefile.sys

[21/01/2008 - 03:33:10 | D ] C:\PerfLogs

[02/02/2011 - 15:53:22 | D ] C:\Program Files

[02/02/2011 - 17:04:08 | HD ] C:\ProgramData

[11/08/2008 - 23:30:03 | RSHD ] C:\RRbackups

[11/08/2008 - 22:44:55 | N | 86] C:\setup.log

[12/08/2008 - 20:54:24 | N | 268] C:\sqmdata00.sqm

[12/08/2008 - 20:54:24 | N | 244] C:\sqmnoopt00.sqm

[12/08/2008 - 00:55:28 | D ] C:\SWSHARE

[12/08/2008 - 19:01:42 | D ] C:\SWTOOLS

[12/08/2008 - 08:10:34 | N | 57] C:\syslevel.lgl

[03/02/2011 - 11:22:53 | SHD ] C:\System Volume Information

[11/08/2008 - 23:28:32 | N | 1732] C:\tvtpktfilter.dat

[03/02/2011 - 11:34:05 | D ] C:\UsbFix

[03/02/2011 - 11:33:37 | A | 4312] C:\UsbFix.txt

[13/02/2009 - 14:05:33 | D ] C:\Users

[31/01/2011 - 10:16:09 | D ] C:\Windows

[03/02/2011 - 11:34:05 | SHD ] D:\$RECYCLE.BIN

[30/12/2010 - 18:24:10 | SH | 85] D:\desktop.ini

[02/02/2011 - 17:47:01 | D ] D:\Downloads

[28/01/2009 - 12:57:26 | RHD ] D:\MSOCache

[01/01/2011 - 11:02:29 | D ] D:\musique

[21/01/2008 - 02:46:30 | N | 671] D:\Sample Pictures.lnk

[09/08/2009 - 17:58:46 | SHD ] D:\System Volume Information

[02/02/2011 - 15:53:19 | D ] D:\_OTL

 

################## | Vaccin |

 

C:\Autorun.inf -> Dossier créé par UsbFix (El Desaparecido & C_XX)

D:\Autorun.inf -> Dossier créé par UsbFix (El Desaparecido & C_XX)

 

################## | Upload |

 

Veuillez envoyer le fichier: C:\UsbFix_Upload_Me_PC-MANOUNA.zip

Upload TeamXscript

Merci de votre contribution.

 

################## | E.O.F |

bernard53 Godlike Member

bernard53

Posté(e)
Posté(e)

OK pour moi tout va bien :super:

 

si de ton coté cela fonctionne aussi sans soucis.

 

 

Fait ceci pour supprimer les logiciels qui ont servis à cette désinfection.

 

Télécharge << DelFix >> de Xplode pour supprimer les logiciels qui ont servis a cette désinfection.

 

 

* Lance-le.

 

* A l'invite, [suppression] ()

 

* Un rapport va s'ouvrir à la fin, colle le dans la réponse

 

Ensuite pour le désinstaller ; tu relances et tu passes à l'option [Désinstallation]

 

 

Puis::

 

 

Bon maintenant on va mettre la restauration du système propre.

Pour cela:

 

1- Valides les touches Windows et Pause en même temps.

 

Puis Protection du système

 

Sur cette fenêtre décoches la case concernant le DD ou est installé ton système normalement C:

 

Valide et acceptes les demandes suivantes.

 

***Pour Windows 7** il faut valider l'onglet Configurer puis valider la désactivation de la restauration.

 

**Toujours sur cette même fenêtre : Il te faut donc maintenant recrée un nouveau point de restauration.

 

Coche cette même case et valides cela par l’onglet APPLIQUER puis onglet « CREER »

 

Nommes ce point PC- Clean: Valides.

 

Vous pouvez maintenant fermer toutes les fenêtres.

 

 

Et ceci pour valider ton post comme résolu.

 

http://forum.zebulon.fr/comment-afficher-son-sujet-comme-resolu-t180253.html

:hello2:

Rejoindre la conversation

Vous pouvez publier maintenant et vous inscrire plus tard. Si vous avez un compte, connectez-vous maintenant pour publier avec votre compte.
Remarque : votre message nécessitera l’approbation d’un modérateur avant de pouvoir être visible.

Invité
Répondre à ce sujet…

×   Collé en tant que texte enrichi.   Coller en tant que texte brut à la place

  Seulement 75 émoticônes maximum sont autorisées.

×   Votre lien a été automatiquement intégré.   Afficher plutôt comme un lien

×   Votre contenu précédent a été rétabli.   Vider l’éditeur

×   Vous ne pouvez pas directement coller des images. Envoyez-les depuis votre ordinateur ou insérez-les depuis une URL.

×
 Partager
Aller sur la liste des sujets

  • En ligne récemment   0 membre est en ligne

    • Aucun utilisateur enregistré regarde cette page.
×
×
  • Créer...