Plus d'Explorer.exe

arriabelle · le 6 décembre 2011

Bonjour à tous,

Je résumes un peu les symptômes de ce pc (il n'est pas à moi) qui est visiblement infecté par au moins 2 infections différentes. J'ai fait un scan avec Antivir qui m'as dis que le processus Winlogon.exe et Explorer.exe sont infectés par TROJ/Patched.gen. Il me dis aussi que Svchost est infecté par un adware suivi de tout plein de chiffres. J'ai aussi essayer Rescue me d'antivir qui lui me dis qu'il y a une infection adware/RegRevive.A dans une ligne contenant application data/opencandy/pleins de chiffres. Il m'as dis qu'il y avais un exploit java dans un fichier nommé apache/adidas.class. Il y avais aussi une autre infection dont je me rappelles pas, je n'ai pas été capable de terminer le scan avec Rescue me parce-qu'après un moment il me disait que je manquais de mémoire vive.

Les symptômes autres que le fait de ne plus avoir de processus Explorer.exe et de ne pas être capable de l'éxécuter comme nouvelle tâche, on entendais des publicités qui n'étaient pas visibles et le pc fermais de manière aléatoire.

Voici le rapport HJT:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:14:03, on 2011-12-05

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\Program Files\Avira\AntiVir Desktop\avguard.exe

C:\Program Files\Avira\AntiVir Desktop\avshadow.exe

C:\WINDOWS\system32\taskmgr.exe

F:\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = GameTop Search - Find Free Full Version Games

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

R3 - URLSearchHook: uTorrentBar_FR Toolbar - {05eeb91a-aef7-4f8a-978f-fb83e7b03f8e} - C:\Program Files\uTorrentBar_FR\prxtbuTo2.dll

O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll

O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll

O3 - Toolbar: uTorrentBar_FR Toolbar - {05eeb91a-aef7-4f8a-978f-fb83e7b03f8e} - C:\Program Files\uTorrentBar_FR\prxtbuTo2.dll

O4 - HKLM\..\Run: [combofix] C:\ComboFix\CF3734.3XE /c C:\ComboFix\Combobatch.bat

O4 - HKLM\..\RunOnce: [combofix] C:\ComboFix\CF3734.3XE /c C:\ComboFixCombobatch.bat

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User '?')

O4 - HKUS\S-1-5-18\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil11c_ActiveX.exe -update activex (User '?')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - HKUS\.DEFAULT\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil11c_ActiveX.exe -update activex (User 'Default user')

O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html

O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} (MUCatalogWebControl Class) - http://catalog.update.microsoft.com/v7/site/ClientControl/en/x86/MuCatalogWebControl.cab?1301171279171

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1301161140734

O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} - http://fichiers.touslesdrivers.com/maconfig/MaConfig_5_1_1_0.cab

O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - file:///C:/Program%20Files/Elf%20Bowling%207%2017%20-%20The%20Last%20Insult/Images/armhelper.ocx

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

O23 - Service: Avira AntiVir Planificateur (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe

O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe

--

End of file - 4473 bytes

et le rapport OTL:

OTL logfile created on: 2011-12-05 22:44:45 - Run 2
OTL by OldTimer - Version 3.2.31.0 Folder = F:\

Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000C0C | Country: Canada | Language: FRC | Date Format: yyyy-MM-dd

511,42 Mb Total Physical Memory | 288,23 Mb Available Physical Memory | 56,36% Memory free

1,22 Gb Paging File | 1,04 Gb Available in Paging File | 84,93% Paging File free

Paging file location(s): C:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 37,26 Gb Total Space | 20,29 Gb Free Space | 54,46% Space Free | Partition Type: NTFS

Drive F: | 1,96 Gb Total Space | 1,63 Gb Free Space | 83,46% Space Free | Partition Type: FAT

Computer Name: CLOCLO-4D55E9C4 | User Name: claudine simard | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011-12-04 23:15:04 | 000,584,192 | ---- | M] (OldTimer Tools) -- F:\OTL.exe

PRC - [2011-07-21 12:20:40 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe

PRC - [2011-07-21 12:20:29 | 000,400,040 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avcenter.exe

PRC - [2011-04-21 07:55:54 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe

PRC - [2008-04-14 07:00:00 | 000,548,864 | ---- | M] () -- C:\WINDOWS\system32\winlogon.exe

PRC - [2008-04-14 07:00:00 | 000,013,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\savedump.exe

========== Modules (No Company Name) ==========

MOD - [2011-07-21 15:12:32 | 000,355,688 | ---- | M] () -- C:\Program Files\Avira\AntiVir Desktop\sqlite3.dll

MOD - [2008-04-14 07:00:00 | 000,548,864 | ---- | M] () -- C:\WINDOWS\system32\winlogon.exe

========== Win32 Services (SafeList) ==========

SRV - [2011-07-21 12:20:40 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)

SRV - [2011-04-21 07:55:37 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Stopped] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)

SRV - [2010-03-04 21:38:00 | 000,071,096 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\CDBurnerXP\NMSAccessU.exe -- (NMSAccess)

========== Driver Services (SafeList) ==========

DRV - [2011-07-21 12:22:41 | 000,138,192 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)

DRV - [2011-07-21 12:22:40 | 000,066,616 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)

DRV - [2010-06-17 15:28:02 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)

DRV - [2010-06-17 15:27:52 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)

DRV - [2010-04-28 01:44:02 | 000,054,760 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\fssfltr_tdi.sys -- (fssfltr)

DRV - [2010-02-11 07:02:15 | 000,226,880 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tcpip6.sys -- (Tcpip6)

DRV - [2009-11-12 12:48:56 | 000,007,168 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\StarOpen.sys -- (StarOpen)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = GameTop Search - Find Free Full Version Games

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = fr-ca

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 14 F8 F2 E8 F9 EB CB 01 [binary data]

IE - HKCU\..\URLSearchHook: {05eeb91a-aef7-4f8a-978f-fb83e7b03f8e} - C:\Program Files\uTorrentBar_FR\prxtbuTo2.dll (Conduit Ltd.)

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()

FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll File not found

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.647: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.647: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=12.0.1.647: C:\Documents and Settings\All Users.WINDOWS\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.647: C:\Documents and Settings\All Users.WINDOWS\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.647: c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=8: C:\Program Files\Google\Update\1.2.183.13\npGoogleOneClick8.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users.WINDOWS\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011-04-13 00:28:19 | 000,000,000 | ---D | M]

O1 HOSTS File: ([2011-12-05 15:50:18 | 000,000,021 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O3 - HKLM\..\Toolbar: (uTorrentBar_FR Toolbar) - {05eeb91a-aef7-4f8a-978f-fb83e7b03f8e} - C:\Program Files\uTorrentBar_FR\prxtbuTo2.dll (Conduit Ltd.)

O3 - HKCU\..\Toolbar\WebBrowser: (uTorrentBar_FR Toolbar) - {05EEB91A-AEF7-4F8A-978F-FB83E7B03F8E} - C:\Program Files\uTorrentBar_FR\prxtbuTo2.dll (Conduit Ltd.)

O4 - HKLM..\Run: [combofix] C:\ComboFix\CF3734.3XE (Microsoft Corporation)

O4 - HKLM..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k File not found

O4 - HKLM..\RunOnce: [combofix] C:\ComboFix\CF3734.3XE (Microsoft Corporation)

O4 - HKLM..\RunOnceEx: [flags] Reg Error: Invalid data type. File not found

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll (Google Inc.)

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)

O16 - DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} http://catalog.update.microsoft.com/v7/site/ClientControl/en/x86/MuCatalogWebControl.cab?1301171279171 (MUCatalogWebControl Class)

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1301161140734 (MUWebControl Class)

O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} http://fichiers.touslesdrivers.com/maconfig/MaConfig_5_1_1_0.cab (Reg Error: Key error.)

O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} file:///C:/Program%20Files/Elf%20Bowling%207%2017%20-%20The%20Last%20Insult/Images/armhelper.ocx (ArmHelper Control)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1C8A5F89-4020-4D25-8874-62DDE846FA48}: DhcpNameServer = 192.168.2.1

O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - File not found

O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)

O24 - Desktop Components:0 (Ma page d'accueil) - About:Home

O24 - Desktop WallPaper: C:\Documents and Settings\claudine simard.CLOCLO-4D55E9C4\Local Settings\Application Data\Microsoft\Wallpaper1.bmp

O24 - Desktop BackupWallPaper: C:\Documents and Settings\claudine simard.CLOCLO-4D55E9C4\Local Settings\Application Data\Microsoft\Wallpaper1.bmp

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2011-03-22 23:19:40 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O34 - HKLM BootExecute: (autocheck autochk *)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = ComFile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011-12-05 15:47:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\claudine simard.CLOCLO-4D55E9C4\Bureau\RK_Quarantine

[2011-12-05 14:50:35 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp

[2011-12-05 14:09:17 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe

[2011-12-05 14:09:16 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe

[2011-12-05 14:09:16 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe

[2011-12-05 14:09:16 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe

[2011-12-05 14:08:25 | 000,000,000 | --SD | C] -- C:\ComboFix

[2011-12-05 00:09:18 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT

[2011-12-05 00:09:05 | 000,000,000 | ---D | C] -- C:\Qoobox

[2011-12-05 00:07:23 | 000,000,000 | ---D | C] -- C:\WinFileReplace

[2011-12-04 21:45:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\claudine simard.CLOCLO-4D55E9C4\Application Data\Avira

[2011-12-04 21:37:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Menu Démarrer\Programmes\Avira

[2011-12-04 21:37:24 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\ssmdrv.sys

[2011-12-04 21:37:21 | 000,138,192 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys

[2011-12-04 21:37:21 | 000,066,616 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys

[2011-12-04 21:37:21 | 000,045,416 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntdd.sys

[2011-12-04 21:37:21 | 000,022,360 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntmgr.sys

[2011-12-04 21:37:10 | 000,000,000 | ---D | C] -- C:\Program Files\Avira

[2011-12-04 21:37:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Avira

[2011-11-23 18:48:48 | 000,401,720 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\claudine simard.CLOCLO-4D55E9C4\Bureau\HiJackThis.exe

[2011-11-21 17:19:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\claudine simard.CLOCLO-4D55E9C4\Application Data\Playrix Entertainment

[2011-11-21 17:17:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Menu Démarrer\Programmes\GameTop.com

[2011-11-21 17:16:20 | 000,000,000 | ---D | C] -- C:\Program Files\GameTop.com

[2011-11-21 17:15:07 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\3024

[2011-11-21 16:36:27 | 088,496,128 | ---- | C] (Media Contact LLC ) -- C:\Documents and Settings\claudine simard.CLOCLO-4D55E9C4\Bureau\FishdomH2O.exe.vir

[2011-11-21 15:38:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\claudine simard.CLOCLO-4D55E9C4\Application Data\AdobeUM

[2011-11-17 13:19:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\claudine simard.CLOCLO-4D55E9C4\Application Data\.minecraft

[2011-11-13 09:10:06 | 000,604,160 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\All Users.WINDOWS\Documents\kbd32.dll

[2011-11-13 09:09:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\claudine simard.CLOCLO-4D55E9C4\Mes documents\My eBooks

[2011-11-13 09:09:52 | 000,000,000 | ---D | C] -- C:\Program Files\Fichiers communs\Adobe

[2011-11-11 17:24:47 | 000,000,000 | R--D | C] -- C:\Documents and Settings\claudine simard.CLOCLO-4D55E9C4\Bureau\Nouveau dossier (2)

[2010-03-25 03:28:46 | 401,790,922 | ---- | C] (Games ) -- C:\Documents and Settings\claudine simard.CLOCLO-4D55E9C4\Application Data\HauntedManorCE.exe

[6 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011-12-05 22:51:43 | 000,001,632 | ---- | M] () -- C:\WINDOWS\System32\d3d8caps.dat

[2011-12-05 22:40:47 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2011-12-05 22:40:42 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2011-12-05 15:59:33 | 000,111,872 | ---- | M] () -- C:\WINDOWS\System32\drivers\TrueSight.sys

[2011-12-05 15:50:18 | 000,000,021 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts

[2011-12-05 01:36:55 | 000,000,212 | -HS- | M] () -- C:\boot.ini

[2011-12-04 21:54:56 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat

[2011-12-04 21:54:07 | 000,001,072 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job

[2011-12-04 21:51:14 | 000,000,452 | ---- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{B7C888B0-7B27-492D-A0FD-345EDAF1ADB9}.job

[2011-12-04 21:37:41 | 000,001,707 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Bureau\Avira AntiVir Control Center.lnk

[2011-12-04 21:31:11 | 000,000,298 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1482476501-1409082233-1547161642-1003.job

[2011-12-04 21:31:09 | 000,001,068 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job

[2011-12-04 21:31:08 | 000,000,280 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-18.job

[2011-11-23 18:45:34 | 000,302,592 | ---- | M] () -- C:\Documents and Settings\claudine simard.CLOCLO-4D55E9C4\Bureau\zrbrbhlq.exe

[2011-11-23 18:37:00 | 000,401,720 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\claudine simard.CLOCLO-4D55E9C4\Bureau\HiJackThis.exe

[2011-11-23 11:42:02 | 000,000,306 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1482476501-1409082233-1547161642-1003.job

[2011-11-21 17:48:37 | 000,000,288 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-18.job

[2011-11-21 16:41:46 | 088,496,128 | ---- | M] (Media Contact LLC ) -- C:\Documents and Settings\claudine simard.CLOCLO-4D55E9C4\Bureau\FishdomH2O.exe.vir

[2011-11-19 17:57:04 | 016,636,444 | ---- | M] () -- C:\Documents and Settings\claudine simard.CLOCLO-4D55E9C4\Bureau\06 SEROPOSITIF BOOGIE.mp3

[2011-11-17 16:00:05 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\RegRevive.job

[2011-11-10 12:27:01 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK

[2011-11-08 14:58:33 | 000,502,986 | ---- | M] () -- C:\WINDOWS\System32\perfh00C.dat

[2011-11-08 14:58:33 | 000,434,324 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat

[2011-11-08 14:58:33 | 000,082,360 | ---- | M] () -- C:\WINDOWS\System32\perfc00C.dat

[2011-11-08 14:58:33 | 000,068,896 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat

[2011-11-06 04:25:52 | 000,001,097 | ---- | M] () -- C:\Documents and Settings\claudine simard.CLOCLO-4D55E9C4\Bureau\Raccourci vers The B52's - Love Shack.flv.lnk

[6 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011-12-05 15:47:16 | 000,111,872 | ---- | C] () -- C:\WINDOWS\System32\drivers\TrueSight.sys

[2011-12-05 14:09:17 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe

[2011-12-05 14:09:16 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe

[2011-12-05 14:09:16 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe

[2011-12-05 14:09:16 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe

[2011-12-05 14:09:16 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe

[2011-12-04 21:37:41 | 000,001,707 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Bureau\Avira AntiVir Control Center.lnk

[2011-11-23 18:49:51 | 000,302,592 | ---- | C] () -- C:\Documents and Settings\claudine simard.CLOCLO-4D55E9C4\Bureau\zrbrbhlq.exe

[2011-11-20 19:40:49 | 000,000,288 | ---- | C] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-18.job

[2011-11-20 19:40:49 | 000,000,280 | ---- | C] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-18.job

[2011-11-06 04:25:52 | 000,001,097 | ---- | C] () -- C:\Documents and Settings\claudine simard.CLOCLO-4D55E9C4\Bureau\Raccourci vers The B52's - Love Shack.flv.lnk

[2011-06-29 17:12:32 | 000,007,168 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys

[2011-05-16 05:11:34 | 000,004,096 | ---- | C] () -- C:\WINDOWS\d3dx.dat

[2011-05-06 01:14:23 | 000,000,029 | ---- | C] () -- C:\Documents and Settings\claudine simard.CLOCLO-4D55E9C4\Application Data\Options

[2011-04-14 18:57:32 | 000,000,000 | ---- | C] () -- C:\WINDOWS\iPlayer.INI

[2011-03-29 00:48:28 | 000,025,600 | ---- | C] () -- C:\Documents and Settings\claudine simard.CLOCLO-4D55E9C4\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2011-03-27 08:08:27 | 000,001,632 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat

[2011-03-26 20:52:53 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat

[2011-03-26 13:30:48 | 000,502,986 | ---- | C] () -- C:\WINDOWS\System32\perfh00C.dat

[2011-03-26 13:30:48 | 000,322,810 | ---- | C] () -- C:\WINDOWS\System32\perfi00C.dat

[2011-03-26 13:30:48 | 000,082,360 | ---- | C] () -- C:\WINDOWS\System32\perfc00C.dat

[2011-03-26 13:30:48 | 000,034,108 | ---- | C] () -- C:\WINDOWS\System32\perfd00C.dat

[2011-03-26 13:30:12 | 000,548,864 | ---- | C] () -- C:\WINDOWS\System32\winlogon.exe

[2011-03-26 13:29:43 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat

[2011-03-26 13:29:42 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\sdbinnst.exe

[2011-03-26 13:29:32 | 000,434,324 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat

[2011-03-26 13:29:32 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat

[2011-03-26 13:29:32 | 000,068,896 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat

[2011-03-26 13:29:32 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat

[2011-03-26 13:29:29 | 000,004,463 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat

[2011-03-26 13:29:25 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin

[2011-03-26 13:29:20 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat

[2011-03-26 13:29:02 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat

[2011-03-26 13:29:02 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin

[2011-03-26 13:28:57 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\lprheelp.dll

[2011-03-26 13:28:34 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat

[2011-03-26 13:28:13 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin

[2011-03-26 13:28:02 | 000,102,400 | ---- | C] () -- C:\WINDOWS\System32\assr_pfu.exe

[2011-03-26 10:30:02 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll

[2011-03-26 10:30:02 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\ChCfg.exe

[2011-03-26 09:51:04 | 000,004,205 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI

[2011-03-26 09:49:54 | 000,102,232 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT

[2011-03-26 09:42:57 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat

[2011-03-26 09:34:14 | 000,021,892 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat

[2010-01-13 21:41:00 | 000,309,248 | ---- | C] () -- C:\WINDOWS\System32\sqlite36_engine.dll

[2010-01-13 21:38:00 | 000,023,552 | ---- | C] () -- C:\WINDOWS\System32\DirectCOM.dll

[2001-07-12 16:14:12 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\shelexec.exe

[1998-10-10 23:07:38 | 000,088,576 | ---- | C] () -- C:\WINDOWS\System32\Iticheck.dll

========== LOP Check ==========

[2011-05-16 01:53:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Alwil Software

[2011-04-13 00:08:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Big Fish Games

[2011-04-06 02:54:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\BOONTY

[2011-06-29 17:12:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Canneverbe Limited

[2011-03-28 10:05:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Casual Arts

[2011-06-13 06:32:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\DragonsEye Studios

[2011-04-26 16:46:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Dying for Daylight

[2011-08-22 17:44:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Fenomen Games

[2011-05-17 20:42:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\GameHouse

[2011-05-28 11:03:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Gogii

[2011-04-06 02:54:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Intenium

[2011-04-10 10:37:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\JollyBear

[2011-03-27 19:55:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\LittleGamesCompany

[2011-03-28 13:31:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\ma-config.com

[2011-05-10 17:08:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Maximize Games

[2011-05-17 19:11:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Merscom

[2011-05-16 08:10:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\MumboJumbo

[2011-05-04 00:07:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Namco

[2011-05-05 20:35:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Particles

[2011-04-15 02:08:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\PlayFirst

[2011-05-16 07:51:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\PlayPond

[2011-04-08 04:08:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Registry Helper

[2011-03-28 05:17:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\RegRevive

[2011-05-10 22:56:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\SOS

[2011-04-11 18:06:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Top Evidence

[2011-04-03 11:33:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\WinZip

[2011-03-26 20:59:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Zylom

[2011-11-17 13:19:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\claudine simard.CLOCLO-4D55E9C4\Application Data\.minecraft

[2011-05-02 12:16:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\claudine simard.CLOCLO-4D55E9C4\Application Data\A Gypsy's Tale - The Tower of Secrets

[2011-04-10 04:38:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\claudine simard.CLOCLO-4D55E9C4\Application Data\Application Data

[2011-04-13 14:34:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\claudine simard.CLOCLO-4D55E9C4\Application Data\Artifex Mundi

[2011-05-11 06:57:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\claudine simard.CLOCLO-4D55E9C4\Application Data\Artogon

[2011-04-13 14:31:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\claudine simard.CLOCLO-4D55E9C4\Application Data\Awem

[2011-03-28 22:28:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\claudine simard.CLOCLO-4D55E9C4\Application Data\BabylonToolbar

[2011-04-03 05:08:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\claudine simard.CLOCLO-4D55E9C4\Application Data\Big Fish Games

[2011-08-23 06:44:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\claudine simard.CLOCLO-4D55E9C4\Application Data\Blue Tea Games

[2011-06-29 17:12:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\claudine simard.CLOCLO-4D55E9C4\Application Data\Canneverbe Limited

[2011-03-28 10:05:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\claudine simard.CLOCLO-4D55E9C4\Application Data\Casual Arts

[2011-03-28 06:44:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\claudine simard.CLOCLO-4D55E9C4\Application Data\Clickteam

[2011-04-03 07:58:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\claudine simard.CLOCLO-4D55E9C4\Application Data\CrazyLoader

[2011-06-13 06:32:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\claudine simard.CLOCLO-4D55E9C4\Application Data\DragonsEye Studios

[2011-04-26 16:49:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\claudine simard.CLOCLO-4D55E9C4\Application Data\Dying for Daylight

[2011-04-26 16:49:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\claudine simard.CLOCLO-4D55E9C4\Application Data\Dying for Daylight Shared

[2011-05-28 10:58:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\claudine simard.CLOCLO-4D55E9C4\Application Data\Enki Games

[2011-05-16 09:41:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\claudine simard.CLOCLO-4D55E9C4\Application Data\Enlightenus

[2011-06-01 19:19:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\claudine simard.CLOCLO-4D55E9C4\Application Data\ERS G-Studio

[2011-09-15 07:29:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\claudine simard.CLOCLO-4D55E9C4\Application Data\ERS Game Studios

[2011-06-17 00:08:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\claudine simard.CLOCLO-4D55E9C4\Application Data\Frogwares

[2011-04-09 05:10:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\claudine simard.CLOCLO-4D55E9C4\Application Data\FrostWire

[2011-05-16 07:56:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\claudine simard.CLOCLO-4D55E9C4\Application Data\Fugazo

[2011-04-10 21:16:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\claudine simard.CLOCLO-4D55E9C4\Application Data\GameHouse

[2011-04-10 04:10:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\claudine simard.CLOCLO-4D55E9C4\Application Data\GameHousev1002

[2011-05-16 05:17:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\claudine simard.CLOCLO-4D55E9C4\Application Data\GameMill Entertainment

[2011-05-16 05:11:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\claudine simard.CLOCLO-4D55E9C4\Application Data\Ghost Ship Studios

[2011-03-27 20:08:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\claudine simard.CLOCLO-4D55E9C4\Application Data\HdO Adventure

[2011-03-27 19:55:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\claudine simard.CLOCLO-4D55E9C4\Application Data\LittleGamesCompany

[2011-07-01 04:08:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\claudine simard.CLOCLO-4D55E9C4\Application Data\MA

[2011-08-17 05:20:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\claudine simard.CLOCLO-4D55E9C4\Application Data\MA2

[2011-04-26 15:08:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\claudine simard.CLOCLO-4D55E9C4\Application Data\margrave3_full

[2011-05-10 17:08:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\claudine simard.CLOCLO-4D55E9C4\Application Data\Maximize Games

[2011-03-27 08:08:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\claudine simard.CLOCLO-4D55E9C4\Application Data\Meridian93

[2011-05-17 19:11:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\claudine simard.CLOCLO-4D55E9C4\Application Data\Merscom

[2011-09-14 07:36:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\claudine simard.CLOCLO-4D55E9C4\Application Data\Monkey Barrel Games

[2011-04-09 00:56:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\claudine simard.CLOCLO-4D55E9C4\Application Data\MSNInstaller

[2011-03-28 05:15:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\claudine simard.CLOCLO-4D55E9C4\Application Data\OpenCandy

[2011-07-08 12:55:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\claudine simard.CLOCLO-4D55E9C4\Application Data\Orneon

[2011-07-07 23:47:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\claudine simard.CLOCLO-4D55E9C4\Application Data\Phantasmat_bf_ce1

[2011-04-15 02:08:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\claudine simard.CLOCLO-4D55E9C4\Application Data\PlayFirst

[2011-06-01 08:33:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\claudine simard.CLOCLO-4D55E9C4\Application Data\PlayPond

[2011-11-21 17:19:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\claudine simard.CLOCLO-4D55E9C4\Application Data\Playrix Entertainment

[2011-04-08 04:10:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\claudine simard.CLOCLO-4D55E9C4\Application Data\RegistryKeys

[2011-04-15 01:17:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\claudine simard.CLOCLO-4D55E9C4\Application Data\report

[2011-06-08 22:48:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\claudine simard.CLOCLO-4D55E9C4\Application Data\SerpentOfIsis

[2011-03-27 12:52:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\claudine simard.CLOCLO-4D55E9C4\Application Data\SpinTop

[2011-03-27 18:19:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\claudine simard.CLOCLO-4D55E9C4\Application Data\TikisLab

[2011-04-11 18:06:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\claudine simard.CLOCLO-4D55E9C4\Application Data\Top Evidence

[2011-06-02 22:50:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\claudine simard.CLOCLO-4D55E9C4\Application Data\Total Eclipse

[2011-04-04 01:50:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\claudine simard.CLOCLO-4D55E9C4\Application Data\UseNeXT

[2011-12-04 21:57:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\claudine simard.CLOCLO-4D55E9C4\Application Data\uTorrent

[2011-04-08 18:45:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\claudine simard.CLOCLO-4D55E9C4\Application Data\Vast Studios

[2011-05-06 01:15:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\claudine simard.CLOCLO-4D55E9C4\Application Data\Vogat Interactive

[2011-03-26 21:00:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\claudine simard.CLOCLO-4D55E9C4\Application Data\Zylom

[2011-11-17 16:00:05 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\RegRevive.job

[2011-12-04 21:51:14 | 000,000,452 | ---- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{B7C888B0-7B27-492D-A0FD-345EDAF1ADB9}.job

========== Purity Check ==========

< End of report >

Merci beaucoup de prendre le temps de lire mon message.

bernard53 · le 6 décembre 2011

Bonsoir

Je ne sais pas si la version de Combofix que tu as est récente ou pas donc si elle est récente ceci sinon nouveau téléchargement.

Télécharge ComboFix <ICI>>

Pour les Utilisateurs de VISTA et SEVEN: Clic-droit et choisis "Exécuter en tant qu'administrateur".

Pour VISTA et SEVEN: pas d'installation de la console de récupération.

>> Lors de son exécution, ComboFix va vérifier si la Console de récupération Microsoft Windows est installée.

Avec des infections comme celles d'aujourd'hui, il est fortement conseillé de l'avoir préinstallée sur votre PC avant toute suppression de nuisibles.

Elle permettra de démarrer dans un mode spécial, de récupération (réparation), qui nous permet de vous aider plus facilement si jamais votre ordinateur rencontre un problème après une tentative de nettoyage.

Suis les invites pour permettre à ComboFix de télécharger et installer la Console de récupération Microsoft Windows, et lorsque cela est demandé, accepte le Contrat de Licence Utilisateur Final pour l'installer.

>> Une fois sur ton bureau double clique dessus pour le lancer.

Note importante : Si la Console de récupération Microsoft Windows est déjà installée, ComboFix continuera ses procédures de suppression de nuisibles.

Lorsque le scan sera complet, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse.

NOTE : Le rapport se trouve également ici : C:\Combofix.txt

>>Ne pas cliquer dans la fenêtre de Combofix durant l’analyse, ceci provoquerait le gel du programme

arriabelle · le 7 décembre 2011

Alors voici le log combofix, je tiens à préciser que malgré le fait que le PC était connecté à un modem internet fonctionnel (je pouvais surfer sur le web à partir de ce réseau sur mon iPod touch tout en étant assise devant le pc), Combofix me disait toujours que l'ordinateur n'était pas connecté au net, j'ai quand même fait le scan:

ComboFix 11-12-06.01 - claudine simard 2011-12-06 22:35:13.2.1 - x86
Lancé depuis: F:\ComboFix.exe

.

AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!

.

.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\windows\system32\404Fix.exe

c:\windows\system32\Agent.OMZ.Fix.exe

c:\windows\system32\dumphive.exe

c:\windows\system32\IEDFix.C.exe

c:\windows\system32\IEDFix.exe

c:\windows\system32\o4Patch.exe

c:\windows\system32\Process.exe

c:\windows\system32\SrchSTS.exe

c:\windows\system32\tmp.reg

c:\windows\system32\VACFix.exe

c:\windows\system32\VCCLSID.exe

c:\windows\system32\WS2Fix.exe

.

---- Exécution préalable -------

.

c:\documents and settings\All Users.WINDOWS\Application Data\amqnaaa.tmp

c:\documents and settings\All Users.WINDOWS\Application Data\eavnaaa.tmp

c:\documents and settings\All Users.WINDOWS\Application Data\kzrnaaa.tmp

c:\documents and settings\All Users.WINDOWS\Application Data\onwnaaa.tmp

c:\documents and settings\All Users.WINDOWS\Application Data\qyonaaa.tmp

c:\documents and settings\All Users.WINDOWS\Application Data\TEMP

c:\documents and settings\All Users.WINDOWS\Application Data\umtnaaa.tmp

c:\documents and settings\All Users.WINDOWS\Application Data\yaynaaa.tmp

c:\documents and settings\claudine simard.CLOCLO-4D55E9C4\Application Data\PriceGong

c:\documents and settings\claudine simard.CLOCLO-4D55E9C4\Application Data\PriceGong\Data\1.xml

c:\documents and settings\claudine simard.CLOCLO-4D55E9C4\Application Data\PriceGong\Data\a.xml

c:\documents and settings\claudine simard.CLOCLO-4D55E9C4\Application Data\PriceGong\Data\b.xml

c:\documents and settings\claudine simard.CLOCLO-4D55E9C4\Application Data\PriceGong\Data\c.xml

c:\documents and settings\claudine simard.CLOCLO-4D55E9C4\Application Data\PriceGong\Data\d.xml

c:\documents and settings\claudine simard.CLOCLO-4D55E9C4\Application Data\PriceGong\Data\e.xml

c:\documents and settings\claudine simard.CLOCLO-4D55E9C4\Application Data\PriceGong\Data\f.xml

c:\documents and settings\claudine simard.CLOCLO-4D55E9C4\Application Data\PriceGong\Data\g.xml

c:\documents and settings\claudine simard.CLOCLO-4D55E9C4\Application Data\PriceGong\Data\h.xml

c:\documents and settings\claudine simard.CLOCLO-4D55E9C4\Application Data\PriceGong\Data\i.xml

c:\documents and settings\claudine simard.CLOCLO-4D55E9C4\Application Data\PriceGong\Data\J.xml

c:\documents and settings\claudine simard.CLOCLO-4D55E9C4\Application Data\PriceGong\Data\k.xml

c:\documents and settings\claudine simard.CLOCLO-4D55E9C4\Application Data\PriceGong\Data\l.xml

c:\documents and settings\claudine simard.CLOCLO-4D55E9C4\Application Data\PriceGong\Data\m.xml

c:\documents and settings\claudine simard.CLOCLO-4D55E9C4\Application Data\PriceGong\Data\mru.xml

c:\documents and settings\claudine simard.CLOCLO-4D55E9C4\Application Data\PriceGong\Data\n.xml

c:\documents and settings\claudine simard.CLOCLO-4D55E9C4\Application Data\PriceGong\Data\o.xml

c:\documents and settings\claudine simard.CLOCLO-4D55E9C4\Application Data\PriceGong\Data\p.xml

c:\documents and settings\claudine simard.CLOCLO-4D55E9C4\Application Data\PriceGong\Data\q.xml

c:\documents and settings\claudine simard.CLOCLO-4D55E9C4\Application Data\PriceGong\Data\r.xml

c:\documents and settings\claudine simard.CLOCLO-4D55E9C4\Application Data\PriceGong\Data\s.xml

c:\documents and settings\claudine simard.CLOCLO-4D55E9C4\Application Data\PriceGong\Data\t.xml

c:\documents and settings\claudine simard.CLOCLO-4D55E9C4\Application Data\PriceGong\Data\u.xml

c:\documents and settings\claudine simard.CLOCLO-4D55E9C4\Application Data\PriceGong\Data\v.xml

c:\documents and settings\claudine simard.CLOCLO-4D55E9C4\Application Data\PriceGong\Data\w.xml

c:\documents and settings\claudine simard.CLOCLO-4D55E9C4\Application Data\PriceGong\Data\x.xml

c:\documents and settings\claudine simard.CLOCLO-4D55E9C4\Application Data\PriceGong\Data\y.xml

c:\documents and settings\claudine simard.CLOCLO-4D55E9C4\Application Data\PriceGong\Data\z.xml

c:\documents and settings\claudine simard.CLOCLO-4D55E9C4\WINDOWS

c:\documents and settings\oliv gab\WINDOWS

c:\program files\ScanQuery

c:\windows\expl.dat

c:\windows\system32\Cache

c:\windows\system32\config\systemprofile\Application Data\PriceGong

c:\windows\system32\config\systemprofile\Application Data\PriceGong\Data\1.txt

c:\windows\system32\config\systemprofile\Application Data\PriceGong\Data\1391.txt

c:\windows\system32\config\systemprofile\Application Data\PriceGong\Data\2046.txt

c:\windows\system32\config\systemprofile\Application Data\PriceGong\Data\2229.txt

c:\windows\system32\config\systemprofile\Application Data\PriceGong\Data\2256.txt

c:\windows\system32\config\systemprofile\Application Data\PriceGong\Data\4256.txt

c:\windows\system32\config\systemprofile\Application Data\PriceGong\Data\4402.txt

c:\windows\system32\config\systemprofile\Application Data\PriceGong\Data\5597.txt

c:\windows\system32\config\systemprofile\Application Data\PriceGong\Data\6590.txt

c:\windows\system32\config\systemprofile\Application Data\PriceGong\Data\6783.txt

c:\windows\system32\config\systemprofile\Application Data\PriceGong\Data\6927.txt

c:\windows\system32\config\systemprofile\Application Data\PriceGong\Data\7030.txt

c:\windows\system32\config\systemprofile\Application Data\PriceGong\Data\9355.txt

c:\windows\system32\config\systemprofile\Application Data\PriceGong\Data\9387.txt

c:\windows\system32\config\systemprofile\Application Data\PriceGong\Data\9480.txt

c:\windows\system32\config\systemprofile\Application Data\PriceGong\Data\9837.txt

c:\windows\system32\config\systemprofile\Application Data\PriceGong\Data\a.txt

c:\windows\system32\config\systemprofile\Application Data\PriceGong\Data\b.txt

c:\windows\system32\config\systemprofile\Application Data\PriceGong\Data\c.txt

c:\windows\system32\config\systemprofile\Application Data\PriceGong\Data\d.txt

c:\windows\system32\config\systemprofile\Application Data\PriceGong\Data\e.txt

c:\windows\system32\config\systemprofile\Application Data\PriceGong\Data\f.txt

c:\windows\system32\config\systemprofile\Application Data\PriceGong\Data\g.txt

c:\windows\system32\config\systemprofile\Application Data\PriceGong\Data\h.txt

c:\windows\system32\config\systemprofile\Application Data\PriceGong\Data\i.txt

c:\windows\system32\config\systemprofile\Application Data\PriceGong\Data\j.txt

c:\windows\system32\config\systemprofile\Application Data\PriceGong\Data\k.txt

c:\windows\system32\config\systemprofile\Application Data\PriceGong\Data\l.txt

c:\windows\system32\config\systemprofile\Application Data\PriceGong\Data\m.txt

c:\windows\system32\config\systemprofile\Application Data\PriceGong\Data\mru.xml

c:\windows\system32\config\systemprofile\Application Data\PriceGong\Data\n.txt

c:\windows\system32\config\systemprofile\Application Data\PriceGong\Data\o.txt

c:\windows\system32\config\systemprofile\Application Data\PriceGong\Data\p.txt

c:\windows\system32\config\systemprofile\Application Data\PriceGong\Data\q.txt

c:\windows\system32\config\systemprofile\Application Data\PriceGong\Data\r.txt

c:\windows\system32\config\systemprofile\Application Data\PriceGong\Data\s.txt

c:\windows\system32\config\systemprofile\Application Data\PriceGong\Data\t.txt

c:\windows\system32\config\systemprofile\Application Data\PriceGong\Data\u.txt

c:\windows\system32\config\systemprofile\Application Data\PriceGong\Data\v.txt

c:\windows\system32\config\systemprofile\Application Data\PriceGong\Data\w.txt

c:\windows\system32\config\systemprofile\Application Data\PriceGong\Data\wlu.txt

c:\windows\system32\config\systemprofile\Application Data\PriceGong\Data\x.txt

c:\windows\system32\config\systemprofile\Application Data\PriceGong\Data\y.txt

c:\windows\system32\config\systemprofile\Application Data\PriceGong\Data\z.txt

c:\windows\system32\dllc.dat

c:\windows\system32\svch.dat

c:\windows\system32\winl.dat

.

.

((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

-------\Legacy_BOONTY_GAMES

-------\Service_Boonty Games

.

.

((((((((((((((((((((((((((((( Fichiers créés du 2011-11-07 au 2011-12-07 ))))))))))))))))))))))))))))))))))))

.

.

2011-12-06 21:31 . 2011-12-06 21:37 -------- d-----w- C:\ZHP

2011-12-06 21:25 . 2011-12-06 21:37 -------- d-----w- c:\program files\ZHPDiag

2011-12-05 20:47 . 2011-12-05 20:59 111872 ----a-w- c:\windows\system32\drivers\TrueSight.sys

2011-12-05 05:07 . 2011-12-06 22:56 -------- d-----w- C:\WinFileReplace

2011-12-05 02:45 . 2011-12-05 02:45 -------- d-----w- c:\documents and settings\claudine simard.CLOCLO-4D55E9C4\Application Data\Avira

2011-12-05 02:37 . 2011-07-21 17:22 138192 ----a-w- c:\windows\system32\drivers\avipbb.sys

2011-12-05 02:37 . 2011-07-21 17:22 66616 ----a-w- c:\windows\system32\drivers\avgntflt.sys

2011-12-05 02:37 . 2010-06-17 20:28 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys

2011-12-05 02:37 . 2010-06-17 20:28 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys

2011-12-05 02:37 . 2011-12-05 02:37 -------- d-----w- c:\program files\Avira

2011-11-13 14:09 . 2011-11-13 14:09 -------- d-----w- c:\program files\Fichiers communs\Adobe

.

.

.

(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-10-30 19:21 . 2011-10-30 19:21 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-10-10 14:23 . 2011-03-26 14:35 692736 ----a-w- c:\windows\system32\inetcomm.dll

2011-09-28 07:06 . 2011-03-26 18:28 606208 ----a-w- c:\windows\system32\crypt32.dll

2011-09-26 15:41 . 2011-03-26 18:29 22528 ----a-w- c:\windows\system32\oleaccrc.dll

2011-09-26 15:41 . 2008-07-29 18:59 614400 ----a-w- c:\windows\system32\uiautomationcore.dll

2011-09-26 15:41 . 2011-03-26 18:29 220160 ----a-w- c:\windows\system32\oleacc.dll

.

.

------- Sigcheck -------

Note: Unsigned files aren't necessarily malware.

.

[-] 2008-04-14 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . c:\windows\system32\drivers\atapi.sys

.

[-] 2008-04-14 . B153AFFAC761E7F5FCFA822B9C4E97BC . 14336 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\asyncmac.sys

[-] 2008-04-14 . B153AFFAC761E7F5FCFA822B9C4E97BC . 14336 . . [5.1.2600.5512] . . c:\windows\system32\drivers\asyncmac.sys

.

[-] 2008-04-14 . DA1F27D85E0D1525F6621372E7B685E9 . 4224 . . [5.1.2600.0] . . c:\windows\system32\dllcache\beep.sys

[-] 2008-04-14 . DA1F27D85E0D1525F6621372E7B685E9 . 4224 . . [5.1.2600.0] . . c:\windows\system32\drivers\beep.sys

.

[-] 2008-04-14 . 16813155807C6881F4BFBF6657424659 . 25216 . . [5.1.2600.5512] . . c:\windows\system32\drivers\kbdclass.sys

.

[-] 2008-04-14 . 1DF7F42665C94B825322FAE71721130D . 182656 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\ndis.sys

[-] 2008-04-14 . 1DF7F42665C94B825322FAE71721130D . 182656 . . [5.1.2600.5512] . . c:\windows\system32\drivers\ndis.sys

.

[-] 2008-04-14 . 78A08DD6A8D65E697C18E1DB01C5CDCA . 574976 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\ntfs.sys

[-] 2008-04-14 . 78A08DD6A8D65E697C18E1DB01C5CDCA . 574976 . . [5.1.2600.5512] . . c:\windows\system32\drivers\ntfs.sys

.

[-] 2008-04-14 . 73C1E1F395918BC2C6DD67AF7591A3AD . 2944 . . [5.1.2600.0] . . c:\windows\system32\dllcache\null.sys

[-] 2008-04-14 . 73C1E1F395918BC2C6DD67AF7591A3AD . 2944 . . [5.1.2600.0] . . c:\windows\system32\drivers\null.sys

.

[-] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB2509553\SP3QFE\tcpip.sys

[-] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys

[-] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\system32\dllcache\tcpip.sys

[-] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\system32\drivers\tcpip.sys

[-] 2008-04-14 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB951748$\tcpip.sys

.

[-] 2008-04-14 . 06B54A7B1EF7CB16BFD0E208D343FA71 . 77824 . . [5.1.2600.5512] . . c:\windows\system32\browser.dll

[-] 2008-04-14 . 06B54A7B1EF7CB16BFD0E208D343FA71 . 77824 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\browser.dll

.

[-] 2008-04-14 . 91E6024D6D4DCDECDB36C43ECF9BBECB . 13312 . . [5.1.2600.5512] . . c:\windows\system32\lsass.exe

[-] 2008-04-14 . 91E6024D6D4DCDECDB36C43ECF9BBECB . 13312 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\lsass.exe

.

[-] 2008-04-14 . BE0CB143FA427D93440DED18DB8C918B . 198144 . . [5.1.2600.5512] . . c:\windows\system32\netman.dll

[-] 2008-04-14 . BE0CB143FA427D93440DED18DB8C918B . 198144 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\netman.dll

.

[-] 2008-04-14 12:00 . F4B7146C7EED6C4E158DCD9B5266C25A . 851968 . . [2001.12.4414.700] . . c:\windows\system32\comres.dll

[-] 2008-04-14 12:00 . F4B7146C7EED6C4E158DCD9B5266C25A . 851968 . . [2001.12.4414.700] . . c:\windows\system32\dllcache\comres.dll

.

[-] 2008-04-14 . BAA0B6E647C1AD593E9BAE5CC31BCFFB . 409088 . . [6.7.2600.5512] . . c:\windows\system32\qmgr.dll

[-] 2008-04-14 . BAA0B6E647C1AD593E9BAE5CC31BCFFB . 409088 . . [6.7.2600.5512] . . c:\windows\system32\dllcache\qmgr.dll

.

[-] 2009-02-09 . F83B964469D230F445613C44DF9FE25D . 401408 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\rpcss.dll

[-] 2009-02-09 . 0203B1AAD358F206CB0A3C1F93CCE17A . 401408 . . [5.1.2600.5755] . . c:\windows\system32\rpcss.dll

[-] 2009-02-09 . 0203B1AAD358F206CB0A3C1F93CCE17A . 401408 . . [5.1.2600.5755] . . c:\windows\system32\dllcache\rpcss.dll

[-] 2008-04-14 . 3D65EB82E1FA6DB15A33E024C9E03CAB . 399360 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB956572$\rpcss.dll

.

[-] 2009-02-09 . C3FB1D70CB88722267949694BA51759E . 111104 . . [5.1.2600.5755] . . c:\windows\system32\services.exe

[-] 2009-02-09 . C3FB1D70CB88722267949694BA51759E . 111104 . . [5.1.2600.5755] . . c:\windows\system32\dllcache\services.exe

[-] 2009-02-09 . 62789101F9C2401ED598AA2CDE7450C0 . 111104 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\services.exe

[-] 2008-04-14 . 54CB50058851D95E56EC70D09F70857F . 109056 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB956572$\services.exe

.

[-] 2010-08-17 . 258DD5D4283FD9F9A7166BE9AE45CE73 . 58880 . . [5.1.2600.6024] . . c:\windows\$hf_mig$\KB2347290\SP3QFE\spoolsv.exe

[-] 2010-08-17 . 60784F891563FB1B767F70117FC2428F . 58880 . . [5.1.2600.6024] . . c:\windows\system32\spoolsv.exe

[-] 2010-08-17 . 60784F891563FB1B767F70117FC2428F . 58880 . . [5.1.2600.6024] . . c:\windows\system32\dllcache\spoolsv.exe

[-] 2008-04-14 . 460E4CE148BD07218DA0B6A3D31885A9 . 57856 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB2347290$\spoolsv.exe

.

[-] 2008-04-14 12:00 . !HASH: COULD NOT OPEN FILE !!!!! . 548864 . . [------] . . c:\windows\system32\winlogon.exe

[-] 2008-04-14 12:00 . !HASH: COULD NOT OPEN FILE !!!!! . 548864 . . [------] . . c:\windows\system32\dllcache\winlogon.exe

.

[-] 2010-08-23 . 4C96AB448A3014EBC11E1D3868071391 . 617472 . . [5.82] . . c:\windows\system32\comctl32.dll

[-] 2010-08-23 . 4C96AB448A3014EBC11E1D3868071391 . 617472 . . [5.82] . . c:\windows\system32\dllcache\comctl32.dll

[-] 2010-08-23 . AD6F8920E9BC4ADF4F2844E3ED0D47AF . 1054208 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll

[-] 2008-04-14 . B4AA331468315B6A174C3F0D5B3BC135 . 617472 . . [5.82] . . c:\windows\$NtUninstallKB2296011$\comctl32.dll

[-] 2008-04-14 . AEF3D788DBF40C7C4D204EA45EB0C505 . 921088 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.0.0_x-ww_1382d70a\comctl32.dll

[-] 2008-04-14 . F92E6BEA9349D49341383F8403B4DFE5 . 1054208 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll

.

[-] 2008-04-14 . 7A6D0B71035E123FDDA2156A25578AD3 . 62464 . . [5.1.2600.5512] . . c:\windows\system32\cryptsvc.dll

[-] 2008-04-14 . 7A6D0B71035E123FDDA2156A25578AD3 . 62464 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\cryptsvc.dll

.

[-] 2008-07-07 20:28 . EC16AE9B37EACF871629227A3F3913FD . 253952 . . [2001.12.4414.706] . . c:\windows\system32\es.dll

[-] 2008-07-07 20:28 . EC16AE9B37EACF871629227A3F3913FD . 253952 . . [2001.12.4414.706] . . c:\windows\system32\dllcache\es.dll

[-] 2008-07-07 20:24 . 157F9C595FD0D10502497DC4C1348D17 . 253952 . . [2001.12.4414.706] . . c:\windows\$hf_mig$\KB950974\SP3QFE\es.dll

[-] 2008-04-14 12:00 . 9FD4A0615BF3E9388A46EDF8774C7294 . 246272 . . [2001.12.4414.701] . . c:\windows\$NtUninstallKB950974$\es.dll

.

[-] 2008-04-14 . 0469B73DB32E5520F342C5E163AA3CCA . 110080 . . [5.1.2600.5512] . . c:\windows\system32\imm32.dll

[-] 2008-04-14 . 0469B73DB32E5520F342C5E163AA3CCA . 110080 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\imm32.dll

.

[-] 2009-03-21 . 98F08549604D090B6B2514AF845F329F . 1054720 . . [5.1.2600.5781] . . c:\windows\system32\kernel32.dll

[-] 2009-03-21 . 98F08549604D090B6B2514AF845F329F . 1054720 . . [5.1.2600.5781] . . c:\windows\system32\dllcache\kernel32.dll

[-] 2009-03-21 . C3AF0EEE26B59484E674673E3016AAB7 . 1056768 . . [5.1.2600.5781] . . c:\windows\$hf_mig$\KB959426\SP3QFE\kernel32.dll

[-] 2008-04-14 . 3AC8886DFA5AB641417DF4D3B7F5512E . 1054720 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB959426$\kernel32.dll

.

[-] 2008-04-14 . 5C64008E661307C4A3C3C25D9086CDE7 . 19968 . . [5.1.2600.5512] . . c:\windows\system32\linkinfo.dll

[-] 2008-04-14 . 5C64008E661307C4A3C3C25D9086CDE7 . 19968 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\linkinfo.dll

.

[-] 2008-04-14 . 982B2C204337C3B12211E1E1D9BA8C9C . 22016 . . [5.1.2600.5512] . . c:\windows\system32\lpk.dll

[-] 2008-04-14 . 982B2C204337C3B12211E1E1D9BA8C9C . 22016 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\lpk.dll

.

[-] 2011-10-03 . 74BED1542D59A83B1B13BCCF73A45D30 . 5971456 . . [8.00.6001.19154] . . c:\windows\system32\mshtml.dll

[-] 2011-10-03 . 74BED1542D59A83B1B13BCCF73A45D30 . 5971456 . . [8.00.6001.19154] . . c:\windows\system32\dllcache\mshtml.dll

[-] 2011-10-03 . 04B3377227CD337F740A1BE05A33E6D7 . 5972992 . . [8.00.6001.23250] . . c:\windows\$hf_mig$\KB2586448-IE8\SP3QFE\mshtml.dll

[-] 2011-02-22 . 87AD8BE7B6A2AA21BD05BAEEC42ADE1C . 5964800 . . [8.00.6001.23141] . . c:\windows\$hf_mig$\KB2497640-IE8\SP3QFE\mshtml.dll

[-] 2011-02-22 . 8B82D452F8BFCDC50D1C003957EB4C24 . 5962240 . . [8.00.6001.19046] . . c:\windows\ie8updates\KB2586448-IE8\mshtml.dll

[-] 2010-12-20 . 57840C53F8FA1928AD7A02A61C990401 . 5961216 . . [8.00.6001.19019] . . c:\windows\ie8updates\KB2497640-IE8\mshtml.dll

[-] 2010-12-20 . 57840C53F8FA1928AD7A02A61C990401 . 5961216 . . [8.00.6001.19019] . . c:\windows\SoftwareDistribution\Download\411e135e52ae7643606423f645b8463a\SP3GDR\mshtml.dll

[-] 2010-12-20 . 6CEA3DF10D6B27C2A98EBDD4DDBE7646 . 5962240 . . [8.00.6001.23111] . . c:\windows\$hf_mig$\KB2482017-IE8\SP3QFE\mshtml.dll

[-] 2010-12-20 . 6CEA3DF10D6B27C2A98EBDD4DDBE7646 . 5962240 . . [8.00.6001.23111] . . c:\windows\SoftwareDistribution\Download\411e135e52ae7643606423f645b8463a\SP3QFE\mshtml.dll

[-] 2010-12-20 . 2F7D3FEEB64619984478CBB095461AA3 . 3099136 . . [6.00.2900.6058] . . c:\windows\ie8\mshtml.dll

[-] 2010-12-20 . E8B6DCBC1A066368C307FC19790349F2 . 3099136 . . [6.00.2900.6058] . . c:\windows\$hf_mig$\KB2482017\SP3QFE\mshtml.dll

[-] 2010-05-06 . 58AF16DE738F10213E86FEF10836D0E5 . 5950976 . . [8.00.6001.18928] . . c:\windows\ie8updates\KB2482017-IE8\mshtml.dll

.

[-] 2008-04-14 . 3891413139EAABFEFE9B0CA49B5CD395 . 343040 . . [7.0.2600.5512] . . c:\windows\system32\msvcrt.dll

[-] 2008-04-14 . 3891413139EAABFEFE9B0CA49B5CD395 . 343040 . . [7.0.2600.5512] . . c:\windows\system32\dllcache\msvcrt.dll

[-] 2008-04-14 . 4200BE3808F6406DBE45A7B88DAE5035 . 322560 . . [7.0.2600.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.0.0_x-ww_2726e76a\msvcrt.dll

[-] 2008-04-14 . D33CD21D476C3A07DD88F83850A17432 . 343040 . . [7.0.2600.5512] . . c:\windows\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.2600.5512_x-ww_3fd60d63\msvcrt.dll

.

[-] 2008-06-20 . 58AF8498C62E1E1DAB5AE59C6E08C180 . 247808 . . [5.1.2600.5625] . . c:\windows\$NtUninstallKB2509553$\mswsock.dll

[-] 2008-06-20 . C759B3790D3BA760C52E218EF4886DAC . 247808 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB2509553\SP3QFE\mswsock.dll

[-] 2008-06-20 . C759B3790D3BA760C52E218EF4886DAC . 247808 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3QFE\mswsock.dll

[-] 2008-06-20 . 6F5F546A92C7B6AE45DB1D6910781EB0 . 247808 . . [5.1.2600.5625] . . c:\windows\system32\mswsock.dll

[-] 2008-06-20 . 6F5F546A92C7B6AE45DB1D6910781EB0 . 247808 . . [5.1.2600.5625] . . c:\windows\system32\dllcache\mswsock.dll

[-] 2008-04-14 . 196CCC3FDD21665DCAA9F83FFC03B41A . 247808 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB951748$\mswsock.dll

.

[-] 2008-04-14 . 04821179C3171554C1BD1F9888A113E2 . 407040 . . [5.1.2600.5512] . . c:\windows\system32\netlogon.dll

[-] 2008-04-14 . 04821179C3171554C1BD1F9888A113E2 . 407040 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\netlogon.dll

.

[-] 2008-04-14 . 9F2C862E39BF8E8FC51C3F6A6BCEB415 . 17408 . . [6.00.2900.5512] . . c:\windows\system32\powrprof.dll

[-] 2008-04-14 . 9F2C862E39BF8E8FC51C3F6A6BCEB415 . 17408 . . [6.00.2900.5512] . . c:\windows\system32\dllcache\powrprof.dll

.

[-] 2008-04-14 . 973B36634C544948C663E8269AA1B3A3 . 187392 . . [5.1.2600.5512] . . c:\windows\system32\scecli.dll

[-] 2008-04-14 . 973B36634C544948C663E8269AA1B3A3 . 187392 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\scecli.dll

.

[-] 2008-04-14 . 9A4E7ECBB5B7FB86F3B926AB039F4FEC . 5120 . . [5.1.2600.5512] . . c:\windows\system32\sfc.dll

[-] 2008-04-14 . 9A4E7ECBB5B7FB86F3B926AB039F4FEC . 5120 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\sfc.dll

.

[-] 2008-04-14 12:00 . !HASH: COULD NOT OPEN FILE !!!!! . 39424 . . [------] . . c:\windows\system32\dllcache\svchost.exe

.

[-] 2008-04-14 . 8E5231171AD6595FF002E848CC54FCD7 . 249856 . . [5.1.2600.5512] . . c:\windows\system32\tapisrv.dll

[-] 2008-04-14 . 8E5231171AD6595FF002E848CC54FCD7 . 249856 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\tapisrv.dll

.

[-] 2008-04-14 . E853F84D3CE2FAA2A802E33CF89AC023 . 579584 . . [5.1.2600.5512] . . c:\windows\system32\user32.dll

[-] 2008-04-14 . E853F84D3CE2FAA2A802E33CF89AC023 . 579584 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\user32.dll

.

[-] 2008-04-14 . E74DDB12188C2FF57A78624DBF7332FC . 26624 . . [5.1.2600.5512] . . c:\windows\system32\userinit.exe

[-] 2008-04-14 . E74DDB12188C2FF57A78624DBF7332FC . 26624 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\userinit.exe

.

[-] 2011-08-22 . 7DF35C3D173E799F97F208CC5F3B1C93 . 916480 . . [8.00.6001.19131] . . c:\windows\system32\wininet.dll

[-] 2011-08-22 . 7DF35C3D173E799F97F208CC5F3B1C93 . 916480 . . [8.00.6001.19131] . . c:\windows\system32\dllcache\wininet.dll

[-] 2011-08-22 . 96F7E8DFF026E48DD7655DBFC47E7944 . 919552 . . [8.00.6001.23227] . . c:\windows\$hf_mig$\KB2586448-IE8\SP3QFE\wininet.dll

[-] 2011-02-22 . 8B466303E57E69AC1F82849006BADAAD . 919552 . . [8.00.6001.23139] . . c:\windows\$hf_mig$\KB2497640-IE8\SP3QFE\wininet.dll

[-] 2011-02-22 . 77C66BD5CED4E555919A5FB713322CDD . 916480 . . [8.00.6001.19044] . . c:\windows\ie8updates\KB2586448-IE8\wininet.dll

[-] 2010-12-20 . AF4EAA3B35A2D206E1902D7CA61B958A . 916480 . . [8.00.6001.19019] . . c:\windows\ie8updates\KB2497640-IE8\wininet.dll

[-] 2010-12-20 . AF4EAA3B35A2D206E1902D7CA61B958A . 916480 . . [8.00.6001.19019] . . c:\windows\SoftwareDistribution\Download\411e135e52ae7643606423f645b8463a\SP3GDR\wininet.dll

[-] 2010-12-20 . 2F0037D24E82840EF1D47B635B37301A . 919552 . . [8.00.6001.23111] . . c:\windows\$hf_mig$\KB2482017-IE8\SP3QFE\wininet.dll

[-] 2010-12-20 . 2F0037D24E82840EF1D47B635B37301A . 919552 . . [8.00.6001.23111] . . c:\windows\SoftwareDistribution\Download\411e135e52ae7643606423f645b8463a\SP3QFE\wininet.dll

[-] 2010-12-20 . 7C135A11B4DA7C4F05EE8C75210B9A87 . 671232 . . [6.00.2900.6058] . . c:\windows\ie8\wininet.dll

[-] 2010-12-20 . 6D9C7A3F1C21F2B1F3332D151140C405 . 672768 . . [6.00.2900.6058] . . c:\windows\$hf_mig$\KB2482017\SP3QFE\wininet.dll

[-] 2010-05-06 . B98E84E2CD3EE25D6D41936352E93112 . 916480 . . [8.00.6001.18923] . . c:\windows\ie8updates\KB2482017-IE8\wininet.dll

[-] 2010-05-06 . B98E84E2CD3EE25D6D41936352E93112 . 916480 . . [8.00.6001.18923] . . c:\windows\SoftwareDistribution\Download\20e9dcb0bb08e135c6a58fb5643a8e2d\SP3GDR\wininet.dll

[-] 2010-05-06 . C906F4EA76E7BEC9255776E626086B95 . 919040 . . [8.00.6001.23014] . . c:\windows\$hf_mig$\KB982381-IE8\SP3QFE\wininet.dll

[-] 2010-05-06 . C906F4EA76E7BEC9255776E626086B95 . 919040 . . [8.00.6001.23014] . . c:\windows\SoftwareDistribution\Download\20e9dcb0bb08e135c6a58fb5643a8e2d\SP3QFE\wininet.dll

[-] 2009-03-08 . 6CE32F7778061CCC5814D5E0F282D369 . 914944 . . [8.00.6001.18702] . . c:\windows\ie8updates\KB982381-IE8\wininet.dll

[-] 2008-04-14 . 4A6E04EA20F48D750D9BFED8600D516B . 670208 . . [6.00.2900.5512] . . c:\windows\$NtUninstallKB2482017$\wininet.dll

.

[-] 2008-04-14 . FB836F9E62D82904C983AD21296A5D9C . 82432 . . [5.1.2600.5512] . . c:\windows\system32\ws2_32.dll

[-] 2008-04-14 . FB836F9E62D82904C983AD21296A5D9C . 82432 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\ws2_32.dll

.

[-] 2008-04-14 . 36A608BF354FCC64AD6C0F2B5E2B8806 . 19968 . . [5.1.2600.5512] . . c:\windows\system32\ws2help.dll

[-] 2008-04-14 . 36A608BF354FCC64AD6C0F2B5E2B8806 . 19968 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\ws2help.dll

.

[-] 2008-04-14 12:00 . !HASH: COULD NOT OPEN FILE !!!!! . 1062400 . . [------] . . c:\windows\system32\dllcache\explorer.exe

.

[-] 2008-04-14 . ADF88D0996A634B5B13EE8FB9595647D . 153088 . . [5.1.2600.5512] . . c:\windows\regedit.exe

[-] 2008-04-14 . ADF88D0996A634B5B13EE8FB9595647D . 153088 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\regedit.exe

.

[-] 2010-07-16 . A867E538CFD78CB10B3EEF2495C10F00 . 1287680 . . [5.1.2600.6010] . . c:\windows\system32\ole32.dll

[-] 2010-07-16 . A867E538CFD78CB10B3EEF2495C10F00 . 1287680 . . [5.1.2600.6010] . . c:\windows\system32\dllcache\ole32.dll

[-] 2010-07-16 . 210E7ADFEFA2879115612E5C02D410D6 . 1288704 . . [5.1.2600.6010] . . c:\windows\$hf_mig$\KB979687\SP3QFE\ole32.dll

[-] 2008-04-14 . 9245FAF86A8235D5290A23C010DABD43 . 1287168 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB979687$\ole32.dll

.

[-] 2010-04-16 . E441C6889101BEEB1237855D0683C763 . 406016 . . [1.0420.2600.5969] . . c:\windows\system32\usp10.dll

[-] 2010-04-16 . E441C6889101BEEB1237855D0683C763 . 406016 . . [1.0420.2600.5969] . . c:\windows\system32\dllcache\usp10.dll

[-] 2010-04-16 . A044F43EACDB453AE6DA308DE9BBD51E . 406016 . . [1.0420.2600.5969] . . c:\windows\$hf_mig$\KB981322\SP3QFE\usp10.dll

[-] 2008-04-14 . 8B9167A0A9E18E22F31FB4EE2563019A . 406016 . . [1.0420.2600.5512] . . c:\windows\$NtUninstallKB981322$\usp10.dll

.

[-] 2008-04-13 . C8B7941F9824E9F4D3D7B9B9BAE14FEE . 4096 . . [5.3.2600.5512] . . c:\windows\system32\ksuser.dll

.

[-] 2008-04-14 . 59DC5BB82E4C8E0B3EADCFDBC44BA6E4 . 15360 . . [5.1.2600.5512] . . c:\windows\system32\ctfmon.exe

[-] 2008-04-14 . 59DC5BB82E4C8E0B3EADCFDBC44BA6E4 . 15360 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\ctfmon.exe

.

[-] 2009-07-27 . 1B8542F338CDD86929A084A455837158 . 135680 . . [6.00.2900.5853] . . c:\windows\system32\shsvcs.dll

[-] 2009-07-27 . 1B8542F338CDD86929A084A455837158 . 135680 . . [6.00.2900.5853] . . c:\windows\system32\dllcache\shsvcs.dll

[-] 2009-07-27 . 988DD1BCDD050B56F28DFCD16BF26C1B . 135680 . . [6.00.2900.5853] . . c:\windows\$hf_mig$\KB971029\SP3QFE\shsvcs.dll

[-] 2008-04-14 . B9F20D71E5B6CE89A7A94B38351FDBDC . 135680 . . [6.00.2900.5512] . . c:\windows\$NtUninstallKB971029$\shsvcs.dll

.

[-] 2008-04-14 . 6ED29124A1C83BD0CF6B26BD01CA6F6F . 171520 . . [5.1.2600.5512] . . c:\windows\system32\srsvc.dll

[-] 2008-04-14 . 6ED29124A1C83BD0CF6B26BD01CA6F6F . 171520 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\srsvc.dll

.

[-] 2008-04-14 . 02DA31AB433A6C1110A736C85701DECA . 13824 . . [5.1.2600.5512] . . c:\windows\system32\wscntfy.exe

[-] 2008-04-14 . 02DA31AB433A6C1110A736C85701DECA . 13824 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\wscntfy.exe

.

[-] 2008-04-14 . F92A87FDDA0C11C8604FBC2B864FA726 . 129024 . . [5.1.2600.5512] . . c:\windows\system32\xmlprov.dll

[-] 2008-04-14 . F92A87FDDA0C11C8604FBC2B864FA726 . 129024 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\xmlprov.dll

.

[-] 2008-04-14 . 4EC800BDF80521B0207BD2301DFC7D14 . 56320 . . [5.1.2600.5512] . . c:\windows\system32\eventlog.dll

[-] 2008-04-14 . 4EC800BDF80521B0207BD2301DFC7D14 . 56320 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\eventlog.dll

.

[-] 2008-04-14 . E17C85D5B5CF477638433B851A98499E . 1571840 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll

[-] 2008-04-14 . E17C85D5B5CF477638433B851A98499E . 1571840 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\sfcfiles.dll

.

[-] 2008-04-14 . E598D81197E2E0EC42A0C55772BB00E8 . 59904 . . [5.1.2600.5512] . . c:\windows\system32\regsvc.dll

[-] 2008-04-14 . E598D81197E2E0EC42A0C55772BB00E8 . 59904 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\regsvc.dll

.

[-] 2008-04-14 . 55F5C5C1BE1A78E285033E432BA01597 . 194560 . . [5.1.2600.5512] . . c:\windows\system32\schedsvc.dll

[-] 2008-04-14 . 55F5C5C1BE1A78E285033E432BA01597 . 194560 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\schedsvc.dll

.

[-] 2008-04-14 . EA9E0DB8684CEF2FD3BADD671DF5A112 . 71680 . . [5.1.2600.5512] . . c:\windows\system32\ssdpsrv.dll

[-] 2008-04-14 . EA9E0DB8684CEF2FD3BADD671DF5A112 . 71680 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\ssdpsrv.dll

.

[-] 2008-04-14 . 710BC85A8C22626EE094439E3EA0D38C . 297984 . . [5.1.2600.5512] . . c:\windows\system32\termsrv.dll

[-] 2008-04-14 . 710BC85A8C22626EE094439E3EA0D38C . 297984 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\termsrv.dll

.

[-] 2008-04-14 . E62B0BE3FC855066C872F5B50A6BCD1B . 347136 . . [5.1.2600.5512] . . c:\windows\system32\hnetcfg.dll

[-] 2008-04-14 . E62B0BE3FC855066C872F5B50A6BCD1B . 347136 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\hnetcfg.dll

.

[-] 2008-04-14 . F36C9F78FC902C8DCE4D3B576BB0435A . 176640 . . [5.1.2600.5512] . . c:\windows\system32\appmgmts.dll

[-] 2008-04-14 . F36C9F78FC902C8DCE4D3B576BB0435A . 176640 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\appmgmts.dll

.

[-] 2008-04-14 . E4ABC1212B70BB03D35E60681C447210 . 12032 . . [5.1.2600.0] . . c:\windows\system32\drivers\acpiec.sys

.

[-] 2008-04-13 09:39 . 8BED39E3C35D6A489438B8141717A557 . 142592 . . [5.1.2601.3142] . . c:\windows\system32\drivers\aec.sys

.

[-] 2008-04-13 . 08FD04AA961BDC77FB983F328334E3D7 . 42368 . . [5.1.2600.5512] . . c:\windows\system32\ReinstallBackups\0001\DriverFiles\i386\AGP440.SYS

[-] 2008-04-13 . 08FD04AA961BDC77FB983F328334E3D7 . 42368 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\agp440.sys

[-] 2008-04-13 . 08FD04AA961BDC77FB983F328334E3D7 . 42368 . . [5.1.2600.5512] . . c:\windows\system32\drivers\AGP440.SYS

.

[-] 2008-04-14 . 3BB22519A194418D5FEC05D800A19AD0 . 36608 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\ip6fw.sys

[-] 2008-04-14 . 3BB22519A194418D5FEC05D800A19AD0 . 36608 . . [5.1.2600.5512] . . c:\windows\system32\drivers\ip6fw.sys

.

[-] 2010-09-18 07:18 . C27D0CD76C1982F36387F2E4F67E64A9 . 953856 . . [4.1.6151] . . c:\windows\$hf_mig$\KB2387149\SP3QFE\mfc40u.dll

[-] 2010-09-18 06:53 . 8699BC5CF7FDE1292E7F9B56DD043D82 . 953856 . . [4.1.6151] . . c:\windows\system32\mfc40u.dll

[-] 2010-09-18 06:53 . 8699BC5CF7FDE1292E7F9B56DD043D82 . 953856 . . [4.1.6151] . . c:\windows\system32\dllcache\mfc40u.dll

[-] 2008-04-14 12:00 . CE21FE79AD3B913A79E0C742BED6BF85 . 927504 . . [4.1.0.61] . . c:\windows\$NtUninstallKB2387149$\mfc40u.dll

.

[-] 2008-04-14 . E67A66A3781C1A483F0F8992664CBE0D . 33792 . . [5.1.2600.5512] . . c:\windows\system32\msgsvc.dll

[-] 2008-04-14 . E67A66A3781C1A483F0F8992664CBE0D . 33792 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\msgsvc.dll

.

[-] 2009-01-31 00:33 . 051B1BDECD6DEE18C771B5D5EC7F044D . 27136 . . [11.0.5721.5262] . . c:\windows\system32\mspmsnsv.dll

[-] 2009-01-31 00:33 . 051B1BDECD6DEE18C771B5D5EC7F044D . 27136 . . [11.0.5721.5262] . . c:\windows\system32\dllcache\mspmsnsv.dll

[-] 2008-04-14 12:00 . AA370F0D5B900E13D40E9CB834B5DA10 . 52736 . . [9.0.1.56] . . c:\windows\$NtUninstallWMFDist11$\mspmsnsv.dll

.

[-] 2010-12-09 . D27A5053A37FB85E8525F998CDC4DE19 . 2071424 . . [5.1.2600.6055] . . c:\windows\$hf_mig$\KB2393802\SP3QFE\ntkrnlpa.exe

[-] 2010-12-09 . F2B0235923A03E0FEB5E212B4E9475B6 . 2071424 . . [5.1.2600.6055] . . c:\windows\Driver Cache\i386\ntkrnlpa.exe

[-] 2010-12-09 . F2B0235923A03E0FEB5E212B4E9475B6 . 2071424 . . [5.1.2600.6055] . . c:\windows\system32\ntkrnlpa.exe

[-] 2010-12-09 . F2B0235923A03E0FEB5E212B4E9475B6 . 2071424 . . [5.1.2600.6055] . . c:\windows\system32\dllcache\ntkrnlpa.exe

[-] 2009-02-09 . ED5E20AE4AC5A63A4FF43FFE704A5153 . 2068224 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\ntkrnlpa.exe

[-] 2008-04-14 . B71A8F101CEFAF82FC5EC16130A54A3F . 2067968 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB2393802$\ntkrnlpa.exe

.

[-] 2008-04-14 12:00 . 037D92B3A7853A183FCAB77FB1D13D6C . 438272 . . [5.1.2400.5512] . . c:\windows\system32\ntmssvc.dll

[-] 2008-04-14 12:00 . 037D92B3A7853A183FCAB77FB1D13D6C . 438272 . . [5.1.2400.5512] . . c:\windows\system32\dllcache\ntmssvc.dll

.

[-] 2008-04-14 . BD8166A495B02308F364B36249475F22 . 186368 . . [5.1.2600.5512] . . c:\windows\system32\upnphost.dll

[-] 2008-04-14 . BD8166A495B02308F364B36249475F22 . 186368 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\upnphost.dll

.

[-] 2008-04-14 . 4BB396EA6CAA50F2208078602549F2F2 . 367616 . . [5.3.2600.5512] . . c:\windows\system32\dsound.dll

[-] 2008-04-14 . 4BB396EA6CAA50F2208078602549F2F2 . 367616 . . [5.3.2600.5512] . . c:\windows\system32\dllcache\dsound.dll

.

[-] 2008-04-14 . 7EAEC24B85DD04EDAA04A51CB07DF870 . 1689088 . . [5.03.2600.5512] . . c:\windows\system32\d3d9.dll

[-] 2008-04-14 . 7EAEC24B85DD04EDAA04A51CB07DF870 . 1689088 . . [5.03.2600.5512] . . c:\windows\system32\dllcache\d3d9.dll

.

[-] 2008-04-14 . 75BD925DAB6E5323EDB6D5CFCDEB16D1 . 279552 . . [5.03.2600.5512] . . c:\windows\system32\ddraw.dll

[-] 2008-04-14 . 75BD925DAB6E5323EDB6D5CFCDEB16D1 . 279552 . . [5.03.2600.5512] . . c:\windows\system32\dllcache\ddraw.dll

.

[-] 2008-04-14 12:00 . 3BA21BD333A1B8B222006E5464D44F49 . 84992 . . [5.1.2600.5512] . . c:\windows\system32\olepro32.dll

[-] 2008-04-14 12:00 . 3BA21BD333A1B8B222006E5464D44F49 . 84992 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\olepro32.dll

.

[-] 2008-04-14 . 08592889A219F7A60F9865B0EE7CAFF8 . 42496 . . [5.1.2600.5512] . . c:\windows\system32\perfctrs.dll

[-] 2008-04-14 . 08592889A219F7A60F9865B0EE7CAFF8 . 42496 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\perfctrs.dll

.

[-] 2008-04-14 . A71A42AD584FAD1A8D1EC5D807C6E528 . 18944 . . [5.1.2600.5512] . . c:\windows\system32\version.dll

[-] 2008-04-14 . A71A42AD584FAD1A8D1EC5D807C6E528 . 18944 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\version.dll

.

[-] 2010-12-09 . 360612511AA332B8D3AB295ACA0192CD . 2194816 . . [5.1.2600.6055] . . c:\windows\$hf_mig$\KB2393802\SP3QFE\ntoskrnl.exe

[-] 2010-12-09 . 33698C8FAD37228407E62624C334DFE9 . 2194816 . . [5.1.2600.6055] . . c:\windows\Driver Cache\i386\ntoskrnl.exe

[-] 2010-12-09 . 33698C8FAD37228407E62624C334DFE9 . 2194816 . . [5.1.2600.6055] . . c:\windows\system32\ntoskrnl.exe

[-] 2010-12-09 . 33698C8FAD37228407E62624C334DFE9 . 2194816 . . [5.1.2600.6055] . . c:\windows\system32\dllcache\ntoskrnl.exe

[-] 2009-02-10 . BEF458B8424553279E95E250D1E0CE7E . 2191232 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\ntoskrnl.exe

[-] 2008-04-14 . 099D639DA1EF6968D4E41795BB507E6B . 2191104 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB2393802$\ntoskrnl.exe

.

[-] 2008-04-14 . 6ED29124A1C83BD0CF6B26BD01CA6F6F . 171520 . . [5.1.2600.5512] . . c:\windows\system32\srsvc.dll

[-] 2008-04-14 . 6ED29124A1C83BD0CF6B26BD01CA6F6F . 171520 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\srsvc.dll

.

[-] 2008-04-14 . C1F726EE0B043B074A68992BC4AEF8FD . 178176 . . [5.1.2600.5512] . . c:\windows\system32\w32time.dll

[-] 2008-04-14 . C1F726EE0B043B074A68992BC4AEF8FD . 178176 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\w32time.dll

.

[-] 2008-04-14 . D76B0E8A4ECAD1ADCC75FD14A7ACC54C . 334336 . . [5.1.2600.5512] . . c:\windows\system32\wiaservc.dll

[-] 2008-04-14 . D76B0E8A4ECAD1ADCC75FD14A7ACC54C . 334336 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\wiaservc.dll

.

[-] 2008-04-14 . 5D469FE7D63CF5215AF80CFA37BE6897 . 18944 . . [5.1.2600.5512] . . c:\windows\system32\midimap.dll

[-] 2008-04-14 . 5D469FE7D63CF5215AF80CFA37BE6897 . 18944 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\midimap.dll

.

[-] 2008-04-14 . E17BBF14DBE41CAB571BBD244F97C25F . 7680 . . [5.1.2600.5512] . . c:\windows\system32\rasadhlp.dll

[-] 2008-04-14 . E17BBF14DBE41CAB571BBD244F97C25F . 7680 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\rasadhlp.dll

.

c:\windows\System32\svchost.exe ... manque !!

c:\windows\explorer.exe ... manque !!

.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

REGEDIT4

.

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]

"{05EEB91A-AEF7-4F8A-978F-FB83E7B03F8E}"= "c:\program files\uTorrentBar_FR\prxtbuTo2.dll" [2011-05-09 176936]

.

[HKEY_CLASSES_ROOT\clsid\{05eeb91a-aef7-4f8a-978f-fb83e7b03f8e}]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-08-31 449608]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"FlashPlayerUpdate"="c:\windows\system32\Macromed\Flash\FlashUtil11c_ActiveX.exe" [2011-10-30 247968]

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avgnt]

2011-04-21 12:55 281768 ----a-w- c:\program files\Avira\AntiVir Desktop\avgnt.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]

2008-04-14 12:00 15360 ----a-w- c:\windows\system32\ctfmon.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]

2010-04-16 21:12 3872080 -c--a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]

2011-03-28 08:48 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]

2011-04-13 05:27 273544 ----a-w- c:\program files\Real\RealPlayer\Update\realsched.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uTorrent]

2011-04-10 01:58 399736 ----a-w- c:\program files\uTorrent\uTorrent.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

"avast! Mail Scanner"=3 (0x3)

"avast! Antivirus"=2 (0x2)

"avast! Web Scanner"=3 (0x3)

"WmiApSrv"=3 (0x3)

"VSS"=3 (0x3)

"UPS"=3 (0x3)

"SysmonLog"=3 (0x3)

"SwPrv"=3 (0x3)

"Spooler"=2 (0x2)

"SeaPort"=2 (0x2)

"SCardSvr"=3 (0x3)

"SamSs"=2 (0x2)

"RSVP"=3 (0x3)

"RDSessMgr"=3 (0x3)

"ProtectedStorage"=2 (0x2)

"PolicyAgent"=2 (0x2)

"PlugPlay"=2 (0x2)

"NtLmSsp"=3 (0x3)

"NMSAccess"=2 (0x2)

"Netlogon"=3 (0x3)

"MSIServer"=3 (0x3)

"MSDTC"=3 (0x3)

"mnmsrvc"=3 (0x3)

"JavaQuickStarterService"=2 (0x2)

"ImapiService"=3 (0x3)

"idsvc"=3 (0x3)

"gusvc"=3 (0x3)

"gupdate"=2 (0x2)

"fsssvc"=3 (0x3)

"FontCache3.0.0.0"=3 (0x3)

"Eventlog"=2 (0x2)

"dmadmin"=3 (0x3)

"COMSysApp"=3 (0x3)

"clr_optimization_v2.0.50727_32"=3 (0x3)

"CiSvc"=3 (0x3)

"Boonty Games"=3 (0x3)

"aspnet_state"=3 (0x3)

"AntiVirService"=2 (0x2)

"AntiVirSchedulerService"=2 (0x2)

"ALG"=3 (0x3)

.

R2 AntiVirSchedulerService;Avira AntiVir Planificateur;c:\program files\Avira\AntiVir Desktop\sched.exe [2011-04-21 136360]

R4 gupdate;Service Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2011-03-28 135664]

.

.

--- Autres Services/Pilotes en mémoire ---

.

*NewlyCreated* - HELPSVC

*NewlyCreated* - WUAUSERV

.

Contenu du dossier 'Tâches planifiées'

.

2011-12-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2011-03-28 08:49]

.

2011-12-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2011-03-28 08:49]

.

2011-12-05 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-18.job

- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-03-29 14:47]

.

2011-12-05 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1482476501-1409082233-1547161642-1003.job

- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-03-29 14:47]

.

2011-11-21 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-18.job

- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-03-29 14:47]

.

2011-11-23 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1482476501-1409082233-1547161642-1003.job

- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-03-29 14:47]

.

2011-12-05 c:\windows\Tasks\User_Feed_Synchronization-{B7C888B0-7B27-492D-A0FD-345EDAF1ADB9}.job

- c:\windows\system32\msfeedssync.exe [2009-03-08 03:31]

.

.

------- Examen supplémentaire -------

.

IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html

TCP: DhcpNameServer = 192.168.2.1

.

- - - - ORPHELINS SUPPRIMES - - - -

.

WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover

Rootkit scan 2011-12-06 23:02

Windows 5.1.2600 Service Pack 3 NTFS

.

Recherche de processus cachés ...

.

Recherche d'éléments en démarrage automatique cachés ...

.

Recherche de fichiers cachés ...

.

Scan terminé avec succès

Fichiers cachés: 0

.

**************************************************************************

.

--------------------- CLES DE REGISTRE BLOQUEES ---------------------

.

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]

@Denied: (2) (LocalSystem)

"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,

d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,a0,e4,ee,57,70,f5,7f,49,88,30,8b,\

"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,

d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,a0,e4,ee,57,70,f5,7f,49,88,30,8b,\

.

Heure de fin: 2011-12-06 23:12:46

ComboFix-quarantined-files.txt 2011-12-07 04:12

.

Avant-CF: 21 825 302 528 octets libres

Après-CF: 21 809 262 592 octets libres

.

- - End Of File - - 3AD32AE230AF89D250C113AE77A0BD20

bernard53 · le 7 décembre 2011

ok ceci s.t.p

Ouvre le Menu Démarrer > Exécuter (Touche Windows+ R : en raccourci)

Dans la boîte de dialogue, copie/colle tout ce qui est en citation ci-dessous :

fsutil file createnew "%userprofile%\bureau\CFScript.txt" 0

Puis valide

2/ Ouvre CFScript.txt (sur ton Bureau) . > copie dedans cette nouvelle citation :

Registry::

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]

"{05EEB91A-AEF7-4F8A-978F-FB83E7B03F8E}"=-

[-HKEY_CLASSES_ROOT\clsid\{05eeb91a-aef7-4f8a-978f-fb83e7b03f8e}]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

"avast! Mail Scanner"=-

"avast! Antivirus"=-

"avast! Web Scanner"=-

Fait un glisser/déposer de ce fichier CFScript.txt sur le fichier ComboFix.exe comme sur la capture:

http://i75.servimg.com/u/f75/11/05/93/83/cf110.gif

Une fenêtre bleue va apparaître et ComboFix vas de nouveau faire une analyse.

Patiente le temps du scan. Le bureau va disparaître à plusieurs reprises: c'est normal!

Ne touche à rien tant que le scan n'est pas terminé.

Une fois le scan achevé, un rapport va s'afficher: poste son contenu, en précisant où en sont tes soucis.

Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt

Par contre lance bien ComboFix de C: et non de F:

ComboFix 11-12-06.01
Lancé depuis: F:\ComboFix.exe

Ensuite ceci:

* Télécharge >> OTL <<sur ton bureau.

* Fait un double-clic sur l'icône d'OTL pour le lancer

/!\ pour Vista/Seven fais un clic-droit sur l'icône d'OTL et choisis "Exécuter en tant qu'administrateur"

* Assure-toi d'avoir fermé toutes les applications en court de fonctionnement.

* Quand la fenêtre d'OTL apparaît, assure toi que dans la section "Rapport" (en haut à droite) la case "Rapport minimal " soit cochée.

* Copies et colles le contenue de cette citation dans la partie inférieure d'OTL " Personnalisation"

HKLM\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl|FEATURE_BROWSER_EMULATION /rs

HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main\FeatureControl|feature_enable_ie_compression /rs

HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main\FeatureControl|feature_enable_ie_compression /rs

hklm\software\clients\startmenuinternet|command /rs

hklm\software\clients\startmenuinternet|command /64 /rs

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers /s

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32 /s

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\drivers.desc /s

%temp%\smtmp\1\*.* /s

%temp%\smtmp\2\*.* /s

%temp%\smtmp\4\*.* /s

nslookup Google /c

SAVEMBR:0

NetSvcs

%systemroot%\system32\drivers\*.sys /lockedfiles

msconfig

safebootminimal

safebootnetwork

activex

drivers32

%APPDATA%\*.exe /s

%SYSTEMDRIVE%\*.exe

netsvcs

/md5start

dwm.exe

taskhost.exe

taskeng.exe

wscntfy.exe

ctfmon.exe

rdpclip.exe

volsnap.sys

sptd.sys

explorer.exe

userinit.exe

winlogon.exe

wininit.exe

tcpip.sys

Sfloppy.sys

Changer.sys

cdrom.sys

disk.sys

ndis.sys

usbscan.sys

usbprint.sys

tdtcp.sys

tdpipe.sys

swmidi.sys

splitter.sys

rdpwd.sys

eventlog.dll

scecli.dll

netlogon.dll

cngaudit.dll

sceclt.dll

ntelogon.dll

logevent.dll

RASACD.SYS

iaStor.sys

nvstor.sys

atapi.sys

IdeChnDr.sys

viasraid.sys

AGP440.sys

vaxscsi.sys

nvatabus.sys

viamraid.sys

nvata.sys

nvgts.sys

iastorv.sys

ViPrt.sys

eNetHook.dll

ahcix86.sys

KR10N.sys

nvstor32.sys

ahcix86s.sys

nvrd32.sys

/md5stop

%systemroot%\*. /mp /s

%systemroot%\system32\*.dll /lockedfiles

%systemroot%\Tasks\*.job /lockedfiles

* Cliques sur l'icône "Analyse" (en haut à gauche) .

* Laisse le scan aller à son terme sans te servir du PC

* A la fin du scan un ou deux rapports vont s'ouvrir "OTL.Txt" et ( ou ) "Extras.Txt"( dans certains cas).

* Copie et colle le ou les rapports dans ta réponse stp...

* Au cas où, tu peux les retrouver dans le dossier C:\OTL ou sur ton bureau en fonction des cas rencontrés

Mets le rapport ici car il prend bien de la place.

Cliquez ici.

ou la

Accueil de Cjoint.com

arriabelle · le 7 décembre 2011

Alors voici le rapport:

http://mydoc.tk/3/logOtl.txt

Comme il n'y a aucunes icones sur le bureau je dois passer par le gestionnaire de tâches pour ouvrir OTL qui se trouves sur une clef USB.

bernard53 · le 7 décembre 2011

Comme il n'y a aucunes icones sur le bureau je dois passer par le gestionnaire de tâches pour ouvrir OTL qui se trouves sur une clef USB.

* Télécharge sur le bureau RogueKiller (par tigzy)

* Lance le puis valide choix 2.

* Un rapport (RKreport.txt) a du se créer à côté de l'exécutable, colle son contenu dans la réponse

Ensuite relance le mais cette fois choisi l'option 6

Puis:

* Fait un double-clic sur l'icône d'OTL pour le lancer

/!\ pour Vista/Seven fais un clic-droit sur l'icône d'OTL et choisis "Exécuter en tant qu'administrateur"

* Assure-toi d'avoir fermé toutes les applications en court de fonctionnement.

* Quand la fenêtre d'OTL apparaît, assure toi que dans la section "Rapport" (en haut à droite) la case " Rapport minimal" soit cochée.

* Copies et colles le contenue de cette citation dans la partie inférieure d'OTL "Personnalisation"

:OTL

SRV - (helpsvc) -- File not found

FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll File not found

FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found

O3 - HKCU\..\Toolbar\WebBrowser: (uTorrentBar_FR Toolbar) - {05EEB91A-AEF7-4F8A-978F-FB83E7B03F8E} - C:\Program Files\uTorrentBar_FR\prxtbuTo2.dll (Conduit Ltd.)

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

[2011-03-28 05:15:56 | 000,416,160 | ---- | M] () -- C:\Documents and Settings\claudine simard.CLOCLO-4D55E9C4\Application Data\OpenCandy\OpenCandy_B01CFB8680DA415D9EC65ED9839C94C9\LatestDLMgr.exe

:Files

:Commands

[createrestorepoint]

[reboot]

* Cliques sur l'icône Correction (en haut à gauche) .

* Laisse le scan aller à son terme sans te servir du PC

* A la fin du scan un rapport s'ouvrir "OTL.log"

* Copie et colle le ou les rapports dans ta réponse stp...

* Au cas où, tu peux les retrouver dans le dossier C:\OTL ou sur ton bureau en fonction des cas rencontrés

Mets le rapport ici car il prend bien de la place.

Cliquez ici.

ou la

Accueil de Cjoint.com

Ensuite:

Installe Malewarebytes' Antimalware,

Malwarebytes : Malwarebytes Anti-Malware PRO removes malware including viruses, spyware, worms and trojans, plus it protects your computer

Prends bien la version FREE

*** Met-le à jour puis choisi, Exécuter un examen complet

*** Si une infection est trouvée, coche la case a coté et valides avec l’Onglet Supprimer la sélection

Poste le rapport final.

Connexion

Pas encore inscrit ?

Plus d'Explorer.exe

Messages recommandés

arriabelle

Lien vers le commentaire

Partager sur d’autres sites

bernard53

Lien vers le commentaire

Partager sur d’autres sites

arriabelle

Lien vers le commentaire

Partager sur d’autres sites

bernard53

Lien vers le commentaire

Partager sur d’autres sites

arriabelle

Lien vers le commentaire

Partager sur d’autres sites

bernard53

Lien vers le commentaire

Partager sur d’autres sites

Rejoindre la conversation

En ligne récemment 0 membre est en ligne

Zebulon

Outils en ligne

Naviguer