W32:rootkit-gen • page 2

jeanmimigab · le 06 Mar 2010 08:48

hello,

Super ca demarre

c'est un bon début, mais on vas quand même jeter un œil, ensuite on tentera quelque chose pour le pc qui ne démarrer plus. :wink:

>télécharges >> Malwarebytes <<
>Installes le et mets le à jours avant le scan
> choisis "exécuter un examen rapide" et à la fin du scan , coches tous les éléments trouvés,et cliques sur supprimer la sélection.
> et ensuite postes moi le rapport stp.

@++

laurentmouhot · le 06 Mar 2010 14:02

bonjour,

voici le log de antimalware tout semble OK non ?

Malwarebytes' Anti-Malware 1.44
Version de la base de données: 3828
Windows 5.1.2600 Service Pack 3
Internet Explorer 6.0.2900.5512

06/03/2010 13:54:42
mbam-log-2010-03-06 (13-54-42).txt

Type de recherche: Examen rapide
Eléments examinés: 111063
Temps écoulé: 5 minute(s), 30 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 0

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
(Aucun élément nuisible détecté)

. Pour mon autre PC , le systeme vient de redémarrarer avec un point de restauration. j'ai fait tourner AVAST qui a supprimer quelques fichiers mis en quarantaire, puis j'ai fais tourner OTL avec les memes parametres que tu as donné je vais poster les logs.

laurentmouhot · le 06 Mar 2010 14:03

OTL logfile created on: 05/03/2010 20:08:23 - Run 2
OTL by OldTimer - Version 3.1.33.0 Folder = C:\Users\laurent\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy

2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 51,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 74,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 116,44 Gb Total Space | 11,25 Gb Free Space | 9,66% Space Free | Partition Type: NTFS
Drive D: | 24,41 Gb Total Space | 14,38 Gb Free Space | 58,88% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
Drive F: | 690,99 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive G: | 51,91 Gb Total Space | 45,94 Gb Free Space | 88,51% Space Free | Partition Type: NTFS
H: Drive not present or media not loaded
Drive I: | 465,76 Gb Total Space | 282,51 Gb Free Space | 60,66% Space Free | Partition Type: NTFS
Drive J: | 3,73 Gb Total Space | 0,12 Gb Free Space | 3,25% Space Free | Partition Type: FAT32

Computer Name: PC-PORTABLE
Current User Name: laurent
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Users\laurent\Desktop\OTL2.exe (OldTimer Tools)
PRC - C:\Program Files\Alwil Software\Avast5\AvastUI.exe (ALWIL Software)
PRC - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (ALWIL Software)
PRC - C:\Program Files\Java\jre6\bin\jucheck.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe (Seagate Technology LLC)
PRC - C:\Program Files\Seagate\SeagateManager\FreeAgent Status\stxmenumgr.exe (Seagate LLC)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Synaptics\SynTP\SynToshiba.exe (Synaptics Incorporated)
PRC - C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
PRC - C:\Program Files\MagicDisc\MagicDisc.exe (MagicISO, Inc.)
PRC - C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe (Chicony)
PRC - C:\Program Files\Camera Assistant Software for Toshiba\CEC_MAIN.exe ()
PRC - C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe (TOSHIBA Corporation)
PRC - c:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\TosBtSrv.exe (TOSHIBA CORPORATION)
PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
PRC - C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
PRC - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe (TOSHIBA Corporation)
PRC - C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe (TOSHIBA CORPORATION)
PRC - C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe (TOSHIBA CORPORATION)
PRC - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION)
PRC - C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe (TOSHIBA)
PRC - C:\Program Files\TOSHIBA\Utilities\KeNotify.exe ()
PRC - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe (Ulead Systems, Inc.)
PRC - C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe (InterVideo Inc.)
PRC - C:\Windows\System32\TODDSrv.exe (TOSHIBA Corporation)
PRC - C:\Windows\System32\Crypserv.exe (Kenonic Controls Ltd.)

========== Modules (SafeList) ==========

MOD - C:\Users\laurent\Desktop\OTL2.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll (Microsoft Corporation)

========== Win32 Services (SafeList) ==========

SRV - (CLTNetCnService) -- File not found
SRV - (avast! Web Scanner) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (ALWIL Software)
SRV - (avast! Mail Scanner) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (ALWIL Software)
SRV - (avast! Antivirus) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (ALWIL Software)
SRV - (FreeAgentGoNext Service) -- C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe (Seagate Technology LLC)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (TOSHIBA Bluetooth Service) -- c:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\TosBtSrv.exe (TOSHIBA CORPORATION)
SRV - (TosCoSrv) -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe (TOSHIBA Corporation)
SRV - (CFSvcs) -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION)
SRV - (UleadBurningHelper) -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe (Ulead Systems, Inc.)
SRV - (Capture Device Service) -- C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe (InterVideo Inc.)
SRV - (TODDSrv) -- C:\Windows\System32\TODDSrv.exe (TOSHIBA Corporation)
SRV - (Crypkey License) -- C:\Windows\System32\Crypserv.exe (Kenonic Controls Ltd.)

========== Driver Services (SafeList) ==========

DRV - (aswTdi) -- C:\Windows\System32\drivers\aswTdi.sys (ALWIL Software)
DRV - (aswSP) -- C:\Windows\System32\drivers\aswSP.sys (ALWIL Software)
DRV - (aswRdr) -- C:\Windows\System32\drivers\aswRdr.sys (ALWIL Software)
DRV - (aswMonFlt) -- C:\Windows\System32\drivers\aswMonFlt.sys (ALWIL Software)
DRV - (aswFsBlk) -- C:\Windows\System32\drivers\aswFsBlk.sys (ALWIL Software)
DRV - (epmntdrv) -- C:\Windows\System32\epmntdrv.sys ()
DRV - (EuGdiDrv) -- C:\Windows\System32\EuGdiDrv.sys ()
DRV - (SynTP) -- C:\Windows\System32\drivers\SynTP.sys (Synaptics Incorporated)
DRV - (ElbyCDIO) -- C:\Windows\System32\drivers\ElbyCDIO.sys (Elaborate Bytes AG)
DRV - (igfx) -- C:\Windows\System32\drivers\igdkmd32.sys (Intel Corporation)
DRV - (ialm) -- C:\Windows\System32\drivers\igdkmd32.sys (Intel Corporation)
DRV - (mcdbus) -- C:\Windows\System32\drivers\mcdbus.sys (MagicISO, Inc.)
DRV - (ElbyCDFL) -- C:\Windows\System32\drivers\ElbyCDFL.sys (SlySoft, Inc.)
DRV - (UVCFTR) -- C:\Windows\System32\drivers\UVCFTR_S.SYS (Chicony Electronics Co., Ltd.)
DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\Windows\System32\drivers\RTKVHDA.sys (Realtek Semiconductor Corp.)
DRV - (KR10N) -- C:\Windows\system32\drivers\kr10n.sys (TOSHIBA CORPORATION)
DRV - (KR10I) -- C:\Windows\system32\drivers\kr10i.sys (TOSHIBA CORPORATION)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (AgereSoftModem) -- C:\Windows\System32\drivers\AGRSM.sys (Agere Systems)
DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek Corporation)
DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation)
DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.)
DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex)
DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.)
DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.)
DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation)
DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.)
DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.)
DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation)
DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.)
DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.)
DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation)
DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation)
DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems)
DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation)
DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.)
DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.)
DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic)
DRV - (SiSRaid2) -- C:\Windows\system32\drivers\sisraid2.sys (Silicon Integrated Systems Corp.)
DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company)
DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.)
DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.)
DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.)
DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic)
DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic)
DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic)
DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic)
DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation)
DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic)
DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Logic Corporation)
DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.)
DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.)
DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.)
DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.)
DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.)
DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.)
DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.)
DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.)
DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.)
DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies)
DRV - (NETw3v32) Pilote de carte Intel(R) -- C:\Windows\System32\drivers\NETw3v32.sys (Intel® Corporation)
DRV - (E1G60) Intel(R) -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation)
DRV - (tosrfec) -- C:\Windows\System32\drivers\tosrfec.sys (TOSHIBA Corporation)
DRV - (tdcmdpst) -- C:\Windows\System32\drivers\tdcmdpst.sys (TOSHIBA Corporation.)
DRV - (TVALZ) -- C:\Windows\system32\DRIVERS\TVALZ_O.SYS (TOSHIBA Corporation)
DRV - (LPCFilter) -- C:\Windows\system32\DRIVERS\LPCFilter.sys (COMPAL ELECTRONIC INC.)
DRV - (tifm21) -- C:\Windows\System32\drivers\tifm21.sys (Texas Instruments)
DRV - (sentemul) -- C:\Windows\System32\drivers\SentEmul.sys ()
DRV - (Sentinel) -- C:\Windows\System32\drivers\SENTINEL.SYS (Rainbow Technologies, Inc.)
DRV - (Sntnlusb) -- C:\Windows\System32\drivers\SNTNLUSB.SYS (Rainbow Technologies Inc.)
DRV - (NetworkX) -- C:\Windows\system32\ckldrv.sys ()

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\..\URLSearchHook: {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Program Files\DVDVideoSoft\tbDVDV.dll (Conduit Ltd.)

IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/av ... x_homepage

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/av ... x_homepage

IE - HKU\S-1-5-21-3363642553-2674491189-1508214333-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-3363642553-2674491189-1508214333-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource= ... =CT2269050
IE - HKU\S-1-5-21-3363642553-2674491189-1508214333-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-3363642553-2674491189-1508214333-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-3363642553-2674491189-1508214333-1000\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-3363642553-2674491189-1508214333-1000\..\URLSearchHook: {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Program Files\DVDVideoSoft\tbDVDV.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-3363642553-2674491189-1508214333-1000\S-1-5-21-3363642553-2674491189-1508214333-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultthis.engineName: "Search"
FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.selectedEngine: "Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://search.conduit.com/?ctid=CT2269050&SearchSource=13"
FF - prefs.js..extensions.enabledItems: fr@dictionaries.addons.mozilla.org:2.1
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.7
FF - prefs.js..extensions.enabledItems: {e9911ec6-1bcc-40b0-9993-e0eea7f6953f}:2.5.6.0
FF - prefs.js..extensions.enabledItems: {19503e42-ca3c-4c27-b1e2-9cdb2170ee34}:1.2.1.09
FF - prefs.js..extensions.enabledItems: {37E4D8EA-8BDA-4831-8EA1-89053939A250}:3.0.0.1
FF - prefs.js..extensions.enabledItems: {EF522540-89F5-46b9-B6FE-1829E2B572C6}:4.0
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:1.5.4.20081105

FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Program Files\Real\RealPlayer\browserrecord [2008/01/09 22:49:01 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/03/05 13:26:57 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/03/05 13:26:57 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.23\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2009/08/21 06:47:30 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.23\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2010/02/03 20:13:32 | 000,000,000 | ---D | M]

[2010/01/18 22:10:46 | 000,000,000 | ---D | M] -- C:\Users\laurent\AppData\Roaming\Mozilla\Extensions
[2010/03/04 22:05:17 | 000,000,000 | ---D | M] -- C:\Users\laurent\AppData\Roaming\Mozilla\Firefox\Profiles\l8w9n0e5.default\extensions
[2010/01/09 09:44:20 | 000,000,000 | ---D | M] (FlashGot) -- C:\Users\laurent\AppData\Roaming\Mozilla\Firefox\Profiles\l8w9n0e5.default\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}
[2009/09/02 13:21:01 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\laurent\AppData\Roaming\Mozilla\Firefox\Profiles\l8w9n0e5.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/01/09 09:44:21 | 000,000,000 | ---D | M] (PDF Download) -- C:\Users\laurent\AppData\Roaming\Mozilla\Firefox\Profiles\l8w9n0e5.default\extensions\{37E4D8EA-8BDA-4831-8EA1-89053939A250}
[2010/01/19 12:53:01 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\laurent\AppData\Roaming\Mozilla\Firefox\Profiles\l8w9n0e5.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2010/02/17 13:43:06 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\laurent\AppData\Roaming\Mozilla\Firefox\Profiles\l8w9n0e5.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2010/02/17 14:08:45 | 000,000,000 | ---D | M] (DVDVideoSoft Toolbar) -- C:\Users\laurent\AppData\Roaming\Mozilla\Firefox\Profiles\l8w9n0e5.default\extensions\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}
[2010/01/09 09:44:30 | 000,000,000 | ---D | M] (SearchPreview) -- C:\Users\laurent\AppData\Roaming\Mozilla\Firefox\Profiles\l8w9n0e5.default\extensions\{EF522540-89F5-46b9-B6FE-1829E2B572C6}
[2009/09/06 18:26:28 | 000,000,000 | ---D | M] -- C:\Users\laurent\AppData\Roaming\Mozilla\Firefox\Profiles\l8w9n0e5.default\extensions\crossftp@gmail.com
[2009/08/06 22:50:25 | 000,000,000 | ---D | M] -- C:\Users\laurent\AppData\Roaming\Mozilla\Firefox\Profiles\l8w9n0e5.default\extensions\fr@dictionaries.addons.mozilla.org
[2010/02/17 14:46:59 | 000,000,881 | ---- | M] () -- C:\Users\laurent\AppData\Roaming\Mozilla\Firefox\Profiles\l8w9n0e5.default\searchplugins\conduit.xml
[2010/03/04 22:05:21 | 000,002,136 | ---- | M] () -- C:\Users\laurent\AppData\Roaming\Mozilla\Firefox\Profiles\l8w9n0e5.default\searchplugins\flickr-tags.xml
[2008/06/14 14:35:25 | 000,001,961 | ---- | M] () -- C:\Users\laurent\AppData\Roaming\Mozilla\Firefox\Profiles\l8w9n0e5.default\searchplugins\technorati-new.xml
[2010/03/04 22:05:23 | 000,002,099 | ---- | M] () -- C:\Users\laurent\AppData\Roaming\Mozilla\Firefox\Profiles\l8w9n0e5.default\searchplugins\youtube.xml
[2010/03/04 22:05:17 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2008/01/12 18:35:12 | 000,024,576 | ---- | M] (RealNetworks) -- C:\Program Files\Mozilla Firefox\plugins\npgcplug.dll
[2005/04/27 21:10:49 | 000,102,400 | ---- | M] (RealNetworks) -- C:\Program Files\Mozilla Firefox\plugins\npracplug.dll
[2010/01/17 20:23:36 | 000,001,516 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-france.xml
[2010/01/17 20:23:36 | 000,001,822 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\cnrtl-tlfi-fr.xml
[2010/01/17 20:23:36 | 000,000,757 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-france.xml
[2008/11/15 00:49:02 | 000,000,748 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\MediaDICO-fr.xml
[2010/01/17 20:23:36 | 000,001,426 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-fr.xml
[2010/01/17 20:23:36 | 000,000,652 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-france.xml

O1 HOSTS File: ([2006/09/18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (DVDVideoSoft Toolbar) - {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Program Files\DVDVideoSoft\tbDVDV.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (DVDVideoSoft Toolbar) - {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Program Files\DVDVideoSoft\tbDVDV.dll (Conduit Ltd.)
O4 - HKLM..\Run: [00TCrdMain] C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\AvastUI.exe (ALWIL Software)
O4 - HKLM..\Run: [Camera Assistant Software] C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe (Chicony)
O4 - HKLM..\Run: [CloneCDTray] C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe (SlySoft, Inc.)
O4 - HKLM..\Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [HSON] C:\Program Files\TOSHIBA\TBS\HSON.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [HWSetup] C:\Program Files\TOSHIBA\Utilities\HWSetup.exe (TOSHIBA Electronics, Inc.)
O4 - HKLM..\Run: [IgfxTray] C:\Windows\System32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [KeNotify] C:\Program Files\TOSHIBA\Utilities\KeNotify.exe ()
O4 - HKLM..\Run: [MaxMenuMgr] C:\Program Files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe (Seagate LLC)
O4 - HKLM..\Run: [NDSTray.exe] File not found
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvSvc] C:\Windows\System32\nvsvc.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [Persistence] C:\Windows\System32\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SmoothView] C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [SVPWUTIL] C:\Program Files\TOSHIBA\Utilities\SVPWUTIL.exe (TOSHIBA)
O4 - HKLM..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics Incorporated)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [topi] C:\Program Files\TOSHIBA\Toshiba Online Product Information\topi.exe (TOSHIBA)
O4 - HKLM..\Run: [Toshiba Registration] C:\Program Files\TOSHIBA\Registration\ToshibaRegistration.exe (Toshiba)
O4 - HKLM..\Run: [TPwrMain] C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-3363642553-2674491189-1508214333-1000..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe File not found
O4 - HKU\S-1-5-21-3363642553-2674491189-1508214333-1000..\Run: [TOSCDSPD] File not found
O4 - Startup: C:\Users\laurent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe (MagicISO, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O9 - Extra Button: eBay - {C08CAF1D-C0A3-40D5-9970-06D067EAC017} - File not found
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} http://game08.zylom.com/activex/zylomgamesplayer.cab (Zylom Games Player)
O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_02)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/s ... wflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Users\laurent\AppData\Roaming\Microsoft\Windows Photo Gallery\Papier peint de la Galerie de photos Windows.jpg
O24 - Desktop BackupWallPaper: C:\Users\laurent\AppData\Roaming\Microsoft\Windows Photo Gallery\Papier peint de la Galerie de photos Windows.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2007/10/23 18:56:02 | 000,000,000 | ---- | M] () - D:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2001/06/17 09:50:18 | 000,000,054 | R--- | M] () - F:\autorun.bat -- [ CDFS ]
O32 - AutoRun File - [2003/02/23 04:23:19 | 000,000,045 | R--- | M] () - F:\autorun.inf -- [ CDFS ]
O32 - AutoRun File - [2004/05/01 21:35:55 | 000,000,967 | R--- | M] () - F:\autorun.pif -- [ CDFS ]
O32 - AutoRun File - [2010/01/25 20:09:23 | 000,000,062 | ---- | M] () - I:\Autorun.inf -- [ NTFS ]
O33 - MountPoints2\{1bfeffd4-241f-11de-b832-001b381c9a21}\Shell\1\Command - "" = H:\.\RECYCLER\RECYCLER\autorun.exe -- File not found
O33 - MountPoints2\{1bfeffd4-241f-11de-b832-001b381c9a21}\Shell\2\Command - "" = H:\.\RECYCLER\RECYCLER\autorun.exe -- File not found
O33 - MountPoints2\{1e3ef8da-b1c4-11dd-964b-001b381c9a21}\Shell\1\Command - "" = I:\.\RECYCLER\RECYCLER\autorun.exe -- File not found
O33 - MountPoints2\{1e3ef8da-b1c4-11dd-964b-001b381c9a21}\Shell\2\Command - "" = I:\.\RECYCLER\RECYCLER\autorun.exe -- File not found
O33 - MountPoints2\{2d262329-8bec-11dc-a98e-001b381c9a21}\Shell\Auto\command - "" = G:\AdobeR.exe -- File not found
O33 - MountPoints2\{2d262333-8bec-11dc-a98e-001b381c9a21}\Shell\Auto\command - "" = AdobeR.exe e
O33 - MountPoints2\{5295b87a-8651-11dc-b50f-001b381c9a21}\Shell\AutoRun\command - "" = C:\Windows\explorer.exe -- [2009/04/11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation)
O33 - MountPoints2\{6926249b-ccd2-11dd-8180-001b381c9a21}\Shell\1\Command - "" = H:\.\RECYCLER\RECYCLER\autorun.exe -- File not found
O33 - MountPoints2\{6926249b-ccd2-11dd-8180-001b381c9a21}\Shell\2\Command - "" = H:\.\RECYCLER\RECYCLER\autorun.exe -- File not found
O33 - MountPoints2\{e98f612c-295a-11de-a7e8-001b381c9a21}\Shell\1\Command - "" = H:\.\RECYCLER\RECYCLER\autorun.exe -- File not found
O33 - MountPoints2\{e98f612c-295a-11de-a7e8-001b381c9a21}\Shell\2\Command - "" = H:\.\RECYCLER\RECYCLER\autorun.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias [2009/02/03 03:17:57 | 000,000,000 | ---D | M]
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: Wmi - C:\Windows\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

========== Files/Folders - Created Within 30 Days ==========

[2010/03/04 22:33:25 | 000,401,720 | ---- | C] (Trend Micro Inc.) -- C:\Users\laurent\Desktop\Hiijackk.exe
[2010/03/04 22:31:42 | 000,444,416 | ---- | C] (OldTimer Tools) -- C:\Users\laurent\Desktop\TFC.exe
[2010/03/04 22:30:42 | 000,552,960 | ---- | C] (OldTimer Tools) -- C:\Users\laurent\Desktop\OTL2.exe
[2010/03/04 22:05:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Alwil Software
[2010/03/04 22:05:22 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2010/02/27 13:51:53 | 000,000,000 | ---D | C] -- C:\copy vista
[2010/02/21 16:55:14 | 000,000,000 | ---D | C] -- C:\ProgramData\hps
[2010/02/21 16:37:45 | 000,000,000 | ---D | C] -- C:\Program Files\A-FF Find and Mount
[2010/02/20 00:47:50 | 003,604,480 | ---- | C] (Google Inc.) -- C:\Windows\System32\GPhotos.scr
[2010/02/17 14:08:52 | 000,000,000 | ---D | C] -- C:\Program Files\Conduit
[2010/02/17 14:08:42 | 000,000,000 | ---D | C] -- C:\Users\laurent\Documents\DVDVideoSoft
[2010/02/17 14:08:29 | 000,000,000 | ---D | C] -- C:\Program Files\DVDVideoSoft
[2010/02/17 14:08:29 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DVDVideoSoft
[2010/02/17 13:44:18 | 000,000,000 | ---D | C] -- C:\Users\laurent\dwhelper
[2010/02/12 20:11:02 | 000,000,000 | ---D | C] -- C:\Program Files\BinaryBiz
[2010/02/12 20:03:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Babylon
[2010/02/12 20:03:55 | 000,000,000 | ---D | C] -- C:\Users\laurent\AppData\Roaming\Babylon
[2010/02/10 02:31:46 | 003,600,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2010/02/10 02:31:46 | 003,548,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2010/02/10 02:31:37 | 001,314,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\quartz.dll
[2010/02/10 02:31:35 | 000,082,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mciavi32.dll
[2010/02/10 02:31:34 | 000,123,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msvfw32.dll
[2010/02/10 02:31:34 | 000,091,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\avifil32.dll
[2010/02/08 10:24:01 | 000,000,000 | ---D | C] -- C:\Users\laurent\AppData\Roaming\InterVideo
[2009/01/03 11:50:18 | 000,774,144 | ---- | C] (RealNetworks, Inc.) -- C:\Program Files\RngInterstitial.dll

========== Files - Modified Within 30 Days ==========

[2010/03/05 20:10:15 | 000,000,422 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{43920EE7-2376-424B-97FC-5B169F6CBB6E}.job
[2010/03/05 20:00:31 | 003,145,728 | -HS- | M] () -- C:\Users\laurent\ntuser.dat
[2010/03/05 18:19:43 | 000,003,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/03/05 18:19:43 | 000,003,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/03/05 08:26:07 | 001,470,810 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010/03/05 08:26:07 | 000,669,566 | ---- | M] () -- C:\Windows\System32\perfh00C.dat
[2010/03/05 08:26:07 | 000,587,178 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/03/05 08:26:07 | 000,123,556 | ---- | M] () -- C:\Windows\System32\perfc00C.dat
[2010/03/05 08:26:07 | 000,101,250 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/03/05 08:19:29 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/03/05 08:19:14 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/03/05 08:19:00 | 2137,120,768 | -HS- | M] () -- C:\hiberfil.sys
[2010/03/05 08:14:47 | 000,524,288 | -HS- | M] () -- C:\Users\laurent\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms
[2010/03/05 08:14:47 | 000,065,536 | -HS- | M] () -- C:\Users\laurent\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf
[2010/03/05 08:14:44 | 002,386,716 | -H-- | M] () -- C:\Users\laurent\AppData\Local\IconCache.db
[2010/03/04 23:24:35 | 000,143,360 | ---- | M] () -- C:\Users\laurent\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/03/04 22:33:28 | 000,401,720 | ---- | M] (Trend Micro Inc.) -- C:\Users\laurent\Desktop\Hiijackk.exe
[2010/03/04 22:31:45 | 000,444,416 | ---- | M] (OldTimer Tools) -- C:\Users\laurent\Desktop\TFC.exe
[2010/03/04 22:31:23 | 000,552,960 | ---- | M] (OldTimer Tools) -- C:\Users\laurent\Desktop\OTL2.exe
[2010/03/04 22:08:08 | 000,001,805 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2010/03/04 22:07:53 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2010/03/04 21:50:13 | 000,292,648 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010/02/21 16:16:54 | 000,151,552 | ---- | M] () -- C:\Users\laurent\Documents\LogBook.mdb
[2010/02/21 16:16:49 | 000,000,512 | ---- | M] () -- C:\Windows\MaxSea¨_PosreportFile
[2010/02/20 00:47:50 | 003,604,480 | ---- | M] (Google Inc.) -- C:\Windows\System32\GPhotos.scr
[2010/02/18 22:20:25 | 000,002,701 | ---- | M] () -- C:\Windows\Maxsea.ini
[2010/02/18 22:20:25 | 000,000,266 | ---- | M] () -- C:\Windows\Predictor.ini
[2010/02/18 22:20:25 | 000,000,033 | ---- | M] () -- C:\Windows\SeaDriver.ini
[2010/02/18 22:20:24 | 000,001,612 | ---- | M] () -- C:\Windows\SeaPref
[2010/02/18 22:20:22 | 000,029,600 | ---- | M] () -- C:\Windows\SeaConfig
[2010/02/18 22:20:22 | 000,004,236 | ---- | M] () -- C:\Windows\SeaConfig.rsr
[2010/02/18 22:20:22 | 000,001,120 | ---- | M] () -- C:\Windows\SeaSimul
[2010/02/18 22:20:22 | 000,000,052 | ---- | M] () -- C:\Windows\MaxSea¨ Param
[2010/02/17 17:36:33 | 000,024,876 | ---- | M] () -- C:\Users\laurent\Desktop\didactique oral.odt
[2010/02/17 15:03:24 | 000,018,369 | ---- | M] () -- C:\Users\laurent\Desktop\verser lait.jpg
[2010/02/17 15:00:27 | 000,401,896 | ---- | M] () -- C:\Users\laurent\Desktop\bouteille-huile-droits-achetes.JPG
[2010/02/17 14:59:57 | 000,126,367 | ---- | M] () -- C:\Users\laurent\Desktop\Beurre.JPG
[2010/02/17 14:59:04 | 000,042,471 | ---- | M] () -- C:\Users\laurent\Desktop\sucre.jpg
[2010/02/17 14:56:05 | 000,049,942 | ---- | M] () -- C:\Users\laurent\Desktop\chocolat.jpg
[2010/02/17 14:55:20 | 000,020,262 | ---- | M] () -- C:\Users\laurent\Desktop\sel.jpg
[2010/02/17 14:54:49 | 000,061,566 | ---- | M] () -- C:\Users\laurent\Desktop\farine.jpg
[2010/02/17 14:54:13 | 000,042,418 | ---- | M] () -- C:\Users\laurent\Desktop\oeufs.jpg
[2010/02/17 14:53:45 | 000,056,861 | ---- | M] () -- C:\Users\laurent\Desktop\Verrelait.gif
[2010/02/17 14:48:08 | 003,632,503 | ---- | M] () -- C:\Users\laurent\Desktop\Pate_a_crepe.flv
[2010/02/17 14:08:42 | 000,000,997 | ---- | M] () -- C:\Users\laurent\Desktop\DVDVideoSoft Free Studio.lnk
[2010/02/17 13:50:29 | 000,162,439 | ---- | M] () -- C:\Users\laurent\Desktop\Free-YouTube-to-MP3-Converter-3.2.7.123.exe
[2010/02/17 12:14:14 | 002,125,633 | ---- | M] () -- C:\Users\laurent\Desktop\convention stage signée et lettre.pdf
[2010/02/17 09:49:19 | 000,054,156 | -H-- | M] () -- C:\Windows\QTFont.qfn
[2010/02/17 09:49:19 | 000,001,409 | ---- | M] () -- C:\Windows\QTFont.for
[2010/02/12 20:11:04 | 000,000,986 | ---- | M] () -- C:\Users\laurent\Desktop\Data Safety Deposit Box.lnk
[2010/02/12 20:11:04 | 000,000,973 | ---- | M] () -- C:\Users\laurent\Desktop\VirtualLab Client.lnk
[2010/02/11 19:53:57 | 000,038,848 | ---- | M] (ALWIL Software) -- C:\Windows\System32\avastSS.scr
[2010/02/11 19:53:36 | 000,153,184 | ---- | M] (ALWIL Software) -- C:\Windows\System32\aswBoot.exe
[2010/02/11 19:42:34 | 000,046,672 | ---- | M] (ALWIL Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2010/02/11 19:42:13 | 000,162,512 | ---- | M] (ALWIL Software) -- C:\Windows\System32\drivers\aswSP.sys
[2010/02/11 19:39:01 | 000,023,376 | ---- | M] (ALWIL Software) -- C:\Windows\System32\drivers\aswRdr.sys
[2010/02/11 19:38:45 | 000,051,792 | ---- | M] (ALWIL Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2010/02/11 19:38:23 | 000,019,024 | ---- | M] (ALWIL Software) -- C:\Windows\System32\drivers\aswFsBlk.sys

========== Files Created - No Company Name ==========

[2010/03/04 22:08:08 | 000,001,805 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2010/03/04 21:49:55 | 2137,120,768 | -HS- | C] () -- C:\hiberfil.sys
[2010/02/18 22:19:37 | 000,003,972 | ---- | C] () -- C:\Satel Cataratas del Iguazú 2554-III.map
[2010/02/17 15:03:24 | 000,018,369 | ---- | C] () -- C:\Users\laurent\Desktop\verser lait.jpg
[2010/02/17 15:00:26 | 000,401,896 | ---- | C] () -- C:\Users\laurent\Desktop\bouteille-huile-droits-achetes.JPG
[2010/02/17 14:59:56 | 000,126,367 | ---- | C] () -- C:\Users\laurent\Desktop\Beurre.JPG
[2010/02/17 14:59:04 | 000,042,471 | ---- | C] () -- C:\Users\laurent\Desktop\sucre.jpg
[2010/02/17 14:56:05 | 000,049,942 | ---- | C] () -- C:\Users\laurent\Desktop\chocolat.jpg
[2010/02/17 14:55:20 | 000,020,262 | ---- | C] () -- C:\Users\laurent\Desktop\sel.jpg
[2010/02/17 14:54:49 | 000,061,566 | ---- | C] () -- C:\Users\laurent\Desktop\farine.jpg
[2010/02/17 14:54:13 | 000,042,418 | ---- | C] () -- C:\Users\laurent\Desktop\oeufs.jpg
[2010/02/17 14:53:45 | 000,056,861 | ---- | C] () -- C:\Users\laurent\Desktop\Verrelait.gif
[2010/02/17 14:47:59 | 003,632,503 | ---- | C] () -- C:\Users\laurent\Desktop\Pate_a_crepe.flv
[2010/02/17 14:46:00 | 000,024,876 | ---- | C] () -- C:\Users\laurent\Desktop\didactique oral.odt
[2010/02/17 14:08:42 | 000,000,997 | ---- | C] () -- C:\Users\laurent\Desktop\DVDVideoSoft Free Studio.lnk
[2010/02/17 13:50:29 | 000,162,439 | ---- | C] () -- C:\Users\laurent\Desktop\Free-YouTube-to-MP3-Converter-3.2.7.123.exe
[2010/02/17 12:14:14 | 002,125,633 | ---- | C] () -- C:\Users\laurent\Desktop\convention stage signée et lettre.pdf
[2010/02/17 09:49:19 | 000,054,156 | -H-- | C] () -- C:\Windows\QTFont.qfn
[2010/02/17 09:49:19 | 000,001,409 | ---- | C] () -- C:\Windows\QTFont.for
[2010/02/12 20:11:04 | 000,000,986 | ---- | C] () -- C:\Users\laurent\Desktop\Data Safety Deposit Box.lnk
[2010/02/12 20:11:04 | 000,000,973 | ---- | C] () -- C:\Users\laurent\Desktop\VirtualLab Client.lnk
[2010/02/02 22:09:32 | 000,014,848 | ---- | C] () -- C:\Windows\System32\EuEpmGdi.dll
[2010/02/02 22:09:32 | 000,014,216 | ---- | C] () -- C:\Windows\System32\epmntdrv.sys
[2010/02/02 22:09:32 | 000,008,456 | ---- | C] () -- C:\Windows\System32\EuGdiDrv.sys
[2010/01/18 21:49:49 | 000,000,000 | ---- | C] () -- C:\ProgramData\TEMP
[2009/12/28 23:04:23 | 000,000,041 | -HS- | C] () -- C:\ProgramData\.zreglib
[2009/09/17 07:13:53 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/08/23 12:14:13 | 000,000,009 | -H-- | C] () -- C:\Windows\System32\wxmmin.dll
[2009/07/14 19:05:33 | 000,000,017 | ---- | C] () -- C:\Windows\Missing.ini
[2009/07/14 19:05:27 | 000,000,032 | ---- | C] () -- C:\Windows\CD-Start.INI
[2008/10/20 20:52:46 | 000,000,000 | ---- | C] () -- C:\Windows\MapmediaConfig.INI
[2008/09/17 22:27:42 | 000,000,033 | ---- | C] () -- C:\Windows\SeaDriver.ini
[2008/09/16 22:43:50 | 000,000,266 | ---- | C] () -- C:\Windows\Predictor.ini
[2008/09/16 22:43:48 | 000,000,040 | ---- | C] () -- C:\Windows\CMapConfig.ini
[2008/09/16 22:33:54 | 000,002,487 | ---- | C] () -- C:\Windows\SeaDriver2000.ini
[2008/09/15 21:36:37 | 000,011,812 | ---- | C] () -- C:\Windows\System32\drivers\SentEmul.sys
[2008/09/15 21:30:54 | 000,002,701 | ---- | C] () -- C:\Windows\Maxsea.ini
[2008/09/15 21:30:11 | 000,000,044 | ---- | C] () -- C:\Windows\Crypkey.ini
[2008/09/15 21:30:03 | 000,024,608 | ---- | C] () -- C:\Windows\System32\Ckldrv.sys
[2008/09/15 21:30:03 | 000,018,432 | ---- | C] () -- C:\Windows\Setup_ck.dll
[2008/09/07 20:43:09 | 000,000,000 | ---- | C] () -- C:\Windows\ToDisc.INI
[2008/08/27 20:37:29 | 000,016,896 | ---- | C] () -- C:\Windows\System32\SFW2KMON.DLL
[2008/08/27 20:37:29 | 000,010,752 | ---- | C] () -- C:\Windows\System32\SFW2KUI.DLL
[2008/05/02 08:45:26 | 000,000,680 | ---- | C] () -- C:\Users\laurent\AppData\Local\d3d9caps.dat
[2008/03/26 21:50:55 | 000,000,097 | ---- | C] () -- C:\Windows\System32\PICSDK.ini
[2008/02/11 18:55:18 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1437.dll
[2008/01/20 13:07:26 | 000,000,099 | ---- | C] () -- C:\Users\laurent\AppData\Local\DownloadLog.txt
[2007/11/25 19:19:57 | 000,001,473 | ---- | C] () -- C:\Windows\tefview.ini
[2007/10/28 15:42:37 | 000,024,206 | ---- | C] () -- C:\Users\laurent\AppData\Roaming\UserTile.png
[2007/10/10 07:38:37 | 000,143,360 | ---- | C] () -- C:\Users\laurent\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/10/07 18:32:50 | 000,000,025 | ---- | C] () -- C:\Windows\CDER200Euro.ini
[2007/03/08 11:33:03 | 000,204,800 | ---- | C] () -- C:\Windows\System32\IVIresizeW7.dll
[2007/03/08 11:33:03 | 000,200,704 | ---- | C] () -- C:\Windows\System32\IVIresizeA6.dll
[2007/03/08 11:33:03 | 000,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeP6.dll
[2007/03/08 11:33:03 | 000,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeM6.dll
[2007/03/08 11:33:03 | 000,188,416 | ---- | C] () -- C:\Windows\System32\IVIresizePX.dll
[2007/03/08 11:33:03 | 000,020,480 | ---- | C] () -- C:\Windows\System32\IVIresize.dll
[2007/03/08 11:21:31 | 000,000,000 | ---- | C] () -- C:\Windows\NDSTray.INI
[2007/03/08 11:00:56 | 000,128,113 | ---- | C] () -- C:\Windows\System32\csellang.ini
[2007/03/08 11:00:56 | 000,045,056 | ---- | C] () -- C:\Windows\System32\csellang.dll
[2007/03/08 11:00:56 | 000,010,162 | ---- | C] () -- C:\Windows\System32\tosmreg.ini
[2007/03/08 11:00:56 | 000,007,671 | ---- | C] () -- C:\Windows\System32\cseltbl.ini
[2007/03/08 10:58:43 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2007/03/08 10:46:32 | 000,204,800 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1132.dll
[2006/12/05 13:05:06 | 000,114,688 | ---- | C] () -- C:\Windows\System32\TosBtAcc.dll
[2006/11/24 07:48:44 | 000,036,864 | ---- | C] () -- C:\Windows\System32\HWS_Ctrl.dll
[2006/11/02 13:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2005/11/23 14:55:42 | 000,024,576 | ---- | C] () -- C:\Windows\System32\SPCtl.dll
[2005/07/22 21:30:20 | 000,065,536 | ---- | C] () -- C:\Windows\System32\TosCommAPI.dll
[2003/01/07 18:34:36 | 000,142,336 | ---- | C] () -- C:\Windows\System32\ctdll32.dll
[2002/11/06 17:42:06 | 000,090,112 | ---- | C] () -- C:\Windows\System32\SDL_gfx.dll
[2002/10/13 12:25:14 | 000,167,936 | ---- | C] () -- C:\Windows\System32\MesaGlut.dll
[2002/10/13 12:23:36 | 000,363,008 | ---- | C] () -- C:\Windows\System32\MesaGLU.dll
[2002/10/13 12:21:50 | 000,040,960 | ---- | C] () -- C:\Windows\System32\osmesa.dll
[2002/10/13 12:21:44 | 001,417,216 | ---- | C] () -- C:\Windows\System32\MesaGL.dll
[2002/10/07 04:49:26 | 000,225,280 | ---- | C] () -- C:\Windows\System32\SDL.dll
[2002/05/20 07:12:50 | 000,258,048 | ---- | C] () -- C:\Windows\System32\SDL_mixer.dll
[2002/04/13 12:01:10 | 000,180,224 | ---- | C] () -- C:\Windows\System32\SDL_ttf.dll
[2002/04/13 12:01:02 | 000,024,576 | ---- | C] () -- C:\Windows\System32\SDL_net.dll
[2002/04/13 12:00:48 | 000,036,864 | ---- | C] () -- C:\Windows\System32\SDL_image.dll
[2002/03/17 01:00:00 | 000,007,420 | ---- | C] () -- C:\Windows\UA000071.DLL
[2002/02/07 12:43:38 | 000,319,488 | ---- | C] () -- C:\Windows\System32\sdl_sound.dll
[2001/12/03 20:59:00 | 000,045,056 | ---- | C] () -- C:\Windows\System32\in_flac.dll
[2001/08/13 01:00:54 | 000,028,672 | ---- | C] () -- C:\Windows\System32\vorbisfile.dll
[2001/08/13 01:00:36 | 000,094,208 | ---- | C] () -- C:\Windows\System32\vorbis.dll
[2001/08/13 00:59:58 | 000,024,576 | ---- | C] () -- C:\Windows\System32\ogg.dll
[2001/04/05 14:24:14 | 000,169,443 | ---- | C] () -- C:\Windows\System32\jpeg.dll
[2001/04/05 14:24:14 | 000,094,720 | ---- | C] () -- C:\Windows\System32\libpng1.dll
[2001/04/05 14:24:14 | 000,053,760 | ---- | C] () -- C:\Windows\System32\zlib.dll
[2001/04/04 20:33:50 | 000,209,920 | ---- | C] () -- C:\Windows\System32\smpeg.dll

========== LOP Check ==========

[2007/11/05 11:50:49 | 000,000,000 | ---D | M] -- C:\Users\laurent\AppData\Roaming\ACD Systems
[2010/02/12 20:03:55 | 000,000,000 | ---D | M] -- C:\Users\laurent\AppData\Roaming\Babylon
[2009/04/07 20:34:06 | 000,000,000 | ---D | M] -- C:\Users\laurent\AppData\Roaming\DesktopSMS
[2008/04/04 19:58:43 | 000,000,000 | ---D | M] -- C:\Users\laurent\AppData\Roaming\eMule
[2007/10/21 20:49:24 | 000,000,000 | ---D | M] -- C:\Users\laurent\AppData\Roaming\FreeCommander
[2010/02/08 10:24:01 | 000,000,000 | ---D | M] -- C:\Users\laurent\AppData\Roaming\InterVideo
[2010/01/25 19:56:39 | 000,000,000 | ---D | M] -- C:\Users\laurent\AppData\Roaming\Leadertech
[2008/05/14 22:09:59 | 000,000,000 | ---D | M] -- C:\Users\laurent\AppData\Roaming\myphotobook
[2009/05/25 09:20:31 | 000,000,000 | ---D | M] -- C:\Users\laurent\AppData\Roaming\OpenOffice.org
[2007/10/23 21:35:46 | 000,000,000 | ---D | M] -- C:\Users\laurent\AppData\Roaming\The Dialog Corporation
[2007/10/07 13:43:16 | 000,000,000 | ---D | M] -- C:\Users\laurent\AppData\Roaming\Thunderbird
[2009/06/29 21:27:24 | 000,000,000 | ---D | M] -- C:\Users\laurent\AppData\Roaming\Toshiba
[2009/08/26 21:11:27 | 000,000,000 | ---D | M] -- C:\Users\laurent\AppData\Roaming\Ulead Systems
[2010/01/18 21:44:50 | 000,000,000 | ---D | M] -- C:\Users\laurent\AppData\Roaming\Zylom
[2010/03/05 08:14:49 | 000,032,556 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2010/03/05 20:10:15 | 000,000,422 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{43920EE7-2376-424B-97FC-5B169F6CBB6E}.job

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\WINDOWS\Prefetch\*.exe >

< %SYSTEMDRIVE%\*.exe >

< MD5 for: AGP440.SYS >
[2008/01/19 08:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys
[2008/01/19 08:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys
[2008/01/19 08:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys
[2008/01/19 08:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys
[2006/11/02 10:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\drivers\AGP440.sys
[2006/11/02 10:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys

< MD5 for: ATAPI.SYS >
[2009/04/11 07:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\drivers\atapi.sys
[2009/04/11 07:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys
[2009/04/11 07:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys
[2008/01/19 08:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[2008/01/19 08:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2006/11/02 10:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys

< MD5 for: CNGAUDIT.DLL >
[2006/11/02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll
[2006/11/02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll

< MD5 for: IASTORV.SYS >
[2008/01/19 08:42:51 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys
[2008/01/19 08:42:51 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys
[2006/11/02 10:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\drivers\iaStorV.sys
[2006/11/02 10:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys

< MD5 for: KR10N.SYS >
[2007/01/18 15:47:18 | 000,211,072 | ---- | M] (TOSHIBA CORPORATION) MD5=6E9922332386C2A49936B30B2B6FD298 -- C:\Toshiba\Drivers\Raid\Kr10i\KR10N.sys
[2007/01/18 15:47:18 | 000,211,072 | ---- | M] (TOSHIBA CORPORATION) MD5=6E9922332386C2A49936B30B2B6FD298 -- C:\Toshiba\Drivers\Raid\Kr10n\KR10N.sys
[2007/01/18 15:47:18 | 000,211,072 | ---- | M] (TOSHIBA CORPORATION) MD5=6E9922332386C2A49936B30B2B6FD298 -- C:\Windows\System32\drivers\KR10N.sys
[2007/01/18 15:47:18 | 000,211,072 | ---- | M] (TOSHIBA CORPORATION) MD5=6E9922332386C2A49936B30B2B6FD298 -- C:\Windows\System32\DriverStore\FileRepository\kr10.inf_95888b8d\KR10N.sys

< MD5 for: NETLOGON.DLL >
[2006/11/02 10:46:11 | 000,559,616 | ---- | M] (Microsoft Corporation) MD5=889A2C9F2AACCD8F64EF50AC0B3D553B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6000.16386_none_fb80f5473b0ed783\netlogon.dll
[2009/04/11 07:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\System32\netlogon.dll
[2009/04/11 07:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll
[2008/01/19 08:35:36 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll

< MD5 for: NVSTOR.SYS >
[2006/11/02 10:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\drivers\nvstor.sys
[2006/11/02 10:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys
[2008/01/19 08:42:09 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys
[2008/01/19 08:42:09 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys

< MD5 for: SCECLI.DLL >
[2008/01/19 08:36:19 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll
[2006/11/02 10:46:12 | 000,176,640 | ---- | M] (Microsoft Corporation) MD5=80E2839D05CA5970A86D7BE2A08BFF61 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6000.16386_none_35d7205fdc305e3e\scecli.dll
[2009/04/11 07:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\System32\scecli.dll
[2009/04/11 07:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2009/04/11 07:27:47 | 000,241,128 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\rsaenh.dll
[2009/04/11 07:28:23 | 000,228,352 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\SLC.dll

< %systemroot%\Tasks\*.job /lockedfiles >

========== Alternate Data Streams ==========

@Alternate Data Stream - 24 bytes -> C:\Windows:29C604BAF24F09B1
@Alternate Data Stream - 163 bytes -> C:\ProgramData\TEMP:556BBACC
@Alternate Data Stream - 105 bytes -> C:\ProgramData\TEMP:DFC5A2B2
< End of report >

et le log de extra

OTL Extras logfile created on: 04/03/2010 23:49:26 - Run 1
OTL by OldTimer - Version 3.1.33.0 Folder = C:\Users\laurent\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy

2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 53,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 75,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 116,44 Gb Total Space | 12,70 Gb Free Space | 10,91% Space Free | Partition Type: NTFS
Drive D: | 24,41 Gb Total Space | 13,81 Gb Free Space | 56,58% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
Drive F: | 690,99 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive G: | 51,91 Gb Total Space | 45,94 Gb Free Space | 88,51% Space Free | Partition Type: NTFS
H: Drive not present or media not loaded
Drive I: | 465,76 Gb Total Space | 282,04 Gb Free Space | 60,56% Space Free | Partition Type: NTFS
Drive J: | 3,73 Gb Total Space | 0,12 Gb Free Space | 3,25% Space Free | Partition Type: FAT32

Computer Name: PC-PORTABLE
Current User Name: laurent
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-3363642553-2674491189-1508214333-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Pixum EasyBook] -- "C:\Program Files\Pixum\Pixum EasyBook\Pixum EasyBook.exe" "%1" ()
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UacDisableNotify" = 1
"InternetSettingsDisableNotify" = 1
"AutoUpdateDisableNotify" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-3363642553-2674491189-1508214333-1000]
"EnableNotifications" = 0
"EnableNotificationsRef" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{03D2C8E9-0F4C-479F-B384-13BB5294547B}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{03F07578-675A-4879-9334-5B588B0AAAD1}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{1588D9E3-9881-4EFA-9E27-6D9BFFF4229D}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{2284C208-32B4-4718-8E4C-2DFABCDD9BA2}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{3ACD3101-3BF5-41FA-A179-5D515C723767}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{41CFACCC-6BBF-4559-8FE7-93180963BCE1}" = lport=2869 | protocol=6 | dir=in | app=system |
"{75E7086E-BF32-4D0B-8D85-C2B7C1E352D0}" = rport=10243 | protocol=6 | dir=out | app=system |
"{E9D2F5FC-46B3-49FD-A355-C1459A6D340A}" = lport=10243 | protocol=6 | dir=in | app=system |
"{F541C6A8-7FCB-4727-8169-D303EA7ECF5A}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{138B96CD-5F8D-4E4C-A4F1-261EE2676FF2}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{1C4313FB-1F78-4470-8325-9360486DBD14}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{39E933B7-13B5-4F50-9BA5-9E3F93F81750}" = protocol=17 | dir=in | app=c:\users\laurent\appdata\local\google\google talk plugin\googletalkplugin.dll |
"{4C70C96C-C8CD-4891-A14B-8C84FE349777}" = protocol=6 | dir=in | app=c:\users\laurent\appdata\local\google\google talk plugin\googletalkplugin.exe |
"{4F3FA3C8-47E0-474B-B27E-1FEB874150BE}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{575FEB18-12FF-4369-940A-58674E73D93B}" = protocol=6 | dir=in | app=c:\users\laurent\appdata\local\google\google talk plugin\googletalkplugin.dll |
"{58E91FC2-54B1-4990-A7CF-996A622D21B1}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{5D268F96-F942-431A-B37B-BAF5C3267F10}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{73B48EA5-56ED-4BE2-A1AD-982753AD01D0}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{B6B8F8A7-8E59-4475-98B1-D11E6028E567}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{D0F9819F-24C5-4465-B33F-9F2B4BAF4111}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{D4D4C8ED-945F-44B6-98DE-CF14037FDF83}" = protocol=17 | dir=in | app=c:\users\laurent\appdata\local\google\google talk plugin\googletalkplugin.exe |
"{DBCD87F8-C0FE-4191-97FB-DDE9D94C2D02}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{E6FF608A-B7C4-4DBC-BE84-A80B57897698}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{F237375D-503C-4367-9E93-8BB06F6E6B2F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{FF547977-EB0C-41F6-8DD9-91C3F025627E}" = protocol=6 | dir=out | app=system |
"TCP Query User{4647F65F-2462-4FE9-AB6E-55A674E01202}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"TCP Query User{59589EDF-FD66-40BB-B179-83E123C10534}C:\program files\emule\emule.exe" = protocol=6 | dir=in | app=c:\program files\emule\emule.exe |
"TCP Query User{6F1C0400-179A-430B-872B-13C6E7A6A9A4}C:\program files\i&m\maxsea\maxsea.exe" = protocol=6 | dir=in | app=c:\program files\i&m\maxsea\maxsea.exe |
"TCP Query User{752E8EF3-043C-4E26-A169-CB8FB836B183}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"TCP Query User{788E1301-937C-41D8-961F-AF56654B1DD3}C:\program files\emule\emule.exe" = protocol=6 | dir=in | app=c:\program files\emule\emule.exe |
"UDP Query User{1820D8BE-E98D-4315-83C3-7F9ACAC07F88}C:\program files\emule\emule.exe" = protocol=17 | dir=in | app=c:\program files\emule\emule.exe |
"UDP Query User{3110CE38-E2C8-44F7-9998-B12295E9A12F}C:\program files\emule\emule.exe" = protocol=17 | dir=in | app=c:\program files\emule\emule.exe |
"UDP Query User{85F123EE-71A5-475C-9046-6FD2F3ECD20D}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"UDP Query User{E3E6EE22-0821-4486-9782-287E8424F456}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"UDP Query User{F7B33AEE-9518-4D1B-BA7A-473F8B00BAEC}C:\program files\i&m\maxsea\maxsea.exe" = protocol=17 | dir=in | app=c:\program files\i&m\maxsea\maxsea.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0020FEE2-7CDB-4250-B04B-81D68D3CA18B}" =
"{0409969E-BEFB-44D3-90B9-63BE50FBAE5E}" = TIPCI
"{0FA44E79-CD7D-4E8D-A2EE-26FE05F509B6}" = OpenOffice.org 3.1
"{12688FD7-CB92-4A5B-BEE4-5C8E0574434F}" = Utility Common Driver
"{12B3A009-A080-4619-9A2A-C6DB151D8D67}" = TOSHIBA Assist
"{20471B27-D702-4FE8-8DEC-0702CC8C0A85}" = WinDVD for TOSHIBA
"{2290A680-4083-410A-ADCC-7092C67FC052}" = Toshiba Online Product Information
"{231A1A09-FDF2-45F2-B3D1-964CECE372BC}" = Seagate Manager Installer
"{23B59B9F-C360-11D7-875B-0090CC005647}" = PIF DESIGNER2.1
"{23B59ED4-C360-11D7-875B-0090CC005647}" = EPSON PRINT Image Framer Tool2.1
"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java(TM) 6 Update 13
"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Atheros Driver Installation Program
"{3248F0A8-6813-11D6-A77B-00B0D0160000}" = Java(TM) SE Runtime Environment 6
"{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java(TM) 6 Update 2
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java(TM) 6 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{37C866E4-AA67-4725-9E95-A39968DD7960}" = Camera Assistant Software for Toshiba
"{4C91729F-1C79-43CD-8614-170E1ECBA5A5}" = MaxSea v10.1.3.2
"{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}" = TOSHIBA Supervisor Password
"{521AAD14-5030-44BB-8B0E-5CE65FCE57E0}" = InterVideo DeviceService
"{5279374D-87FE-4879-9385-F17278EBB9D3}" = TOSHIBA Hardware Setup
"{5980B928-1C95-4B3E-957B-B02D8147FF9E}" = Desktop SMS
"{5B09BD67-4C99-46A1-8161-B7208CE18121}" = QuickTime
"{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator
"{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"{620BBA5E-F848-4D56-8BDA-584E44584C5E}" = TOSHIBA Flash Cards Support Utility
"{65F5B7AF-3363-11D7-BB6B-00018021113F}" = EPSON PhotoQuicker3.5
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 PCI, 8168 and 8101E PCIe Ethernet Network Card Driver for Windows Vista
"{98C61F22-8B4F-416E-A4BF-54FCC10509E0}" = C-Map PCMCIA and USB drivers
"{9FE35071-CAB2-4E79-93E7-BFC6A2DC5C5D}" = Réducteur de bruit lect. CD/DVD
"{A8BB9906-E618-406A-B161-7383AFF46C39}" = EasyRecovery Professional
"{AC76BA86-7AD7-1036-7B44-A70900000002}" = Adobe Reader 7.0.9 - Français
"{B5FDA445-CAC4-4BA6-A8FB-A7212BD439DE}" = Microsoft XML Parser
"{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}" = Apple Software Update
"{BDD83DC9-BEE9-4654-A5DA-CC46C250088D}" = TOSHIBA ConfigFree
"{CCC4E428-411E-4605-B515-317D50ABD477}" = Ulead DVD MovieFactory 6
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}" = Bluetooth Stack for Windows by Toshiba
"{D5068583-D569-468B-9755-5FBF5848F46F}" = Sony Picture Utility
"{E02D468B-0E88-40B7-AB21-5FBE1CD345FF}" = HAZOPtimizer 5.0
"{E1180142-3B31-4DCC-9D27-7AC2D37662BF}" = LightScribe 1.4.124.1
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Codeur Windows Media Série 9
"{EBAE381B-60A6-4863-AA9F-FCAB755BC9E5}" = ScanToWeb
"{EBFF48F5-3CFA-436F-8FD5-94FB01D3A0A7}" = TOSHIBA SD Memory Utilities
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F214EAA4-A069-4BAF-9DA4-4DB8BEEDE485}" = DVD MovieFactory for TOSHIBA
"{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package
"{FF477885-5EA8-40D0-ADF3-D4C1B86FAEA4}" = EPSON Print CD
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"7-Zip" = 7-Zip 4.57
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"ATI Driver Files-w82560fr" = Remove ATI Driver Files-w82560fr
"Audacity_is1" = Audacity 1.2.6
"avast5" = avast! Free Antivirus
"AVS Update Manager_is1" = AVS Update Manager 1.0
"CloneCD" = CloneCD
"DIALOG OnDisc Books" = DIALOG OnDisc Books
"DVDVideoSoft Toolbar" = DVDVideoSoft Toolbar
"EASEUS Partition Master Home Edition_is1" = EASEUS Partition Master 5.0.1 Home Edition
"eMule" = eMule
"EPSON Printer and Utilities" = EPSON Logiciel imprimante
"ESPR200 Guide de référence" = ESPR200 Guide de référence
"ESPR200 Guide des logiciels" = ESPR200 Guide des logiciels
"File Scavenger 2.1v" = File Scavenger 2.1v
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.2
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.2
"FreeCommander_is1" = FreeCommander 2007.05a
"Frozen-Bubble_is1" = Frozen-Bubble 1.0
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HijackThis" = HijackThis 2.0.2
"InstallShield_{0409969E-BEFB-44D3-90B9-63BE50FBAE5E}" = Texas Instruments PCIxx21/x515/xx12 drivers.
"InstallShield_{20471B27-D702-4FE8-8DEC-0702CC8C0A85}" = WinDVD for TOSHIBA
"InstallShield_{231A1A09-FDF2-45F2-B3D1-964CECE372BC}" = Seagate Manager Installer
"InstallShield_{4C91729F-1C79-43CD-8614-170E1ECBA5A5}" = MaxSea v10.1.3.2
"InstallShield_{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}" = TOSHIBA Mot de passe responsable
"InstallShield_{5279374D-87FE-4879-9385-F17278EBB9D3}" = TOSHIBA Hardware Setup
"InstallShield_{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"InstallShield_{620BBA5E-F848-4D56-8BDA-584E44584C5E}" = TOSHIBA Flash Cards Support Utility
"InstallShield_{98C61F22-8B4F-416E-A4BF-54FCC10509E0}" = C-Map PCMCIA and USB drivers
"InstallShield_{A8BB9906-E618-406A-B161-7383AFF46C39}" = EasyRecovery Professional
"InstallShield_{CCC4E428-411E-4605-B515-317D50ABD477}" = Ulead DVD MovieFactory 6 TBYB
"InstallShield_{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package
"IrfanView" = IrfanView (remove only)
"MagicDisc 2.5.79" = MagicDisc 2.5.79
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.5.7)" = Mozilla Firefox (3.5.7)
"Mozilla Thunderbird (2.0.0.23)" = Mozilla Thunderbird (2.0.0.23)
"myphotobook" = myphotobook 3.2
"NVIDIA Drivers" = NVIDIA Drivers
"Picasa 3" = Picasa 3
"Pixum EasyBook" = Pixum EasyBook
"Power Data Recovery_is1" = Power Data Recovery 4.6.5
"Rainbow Sentinel Driver" = Sentinel System Driver
"RealArcade 1.2" = RealArcade
"RealPlayer 6.0" = RealPlayer
"ShockwaveFlash" = Adobe Flash Player 9 ActiveX
"SKYFILE" = SkyFile Mail
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TEFView_is1" = TEFView 2.65
"TerraExplorer" = TerraExplorer
"TOSHIBA Software Modem" = TOSHIBA Software Modem
"Ugrib_is1" = Ugrib RC1
"Uninstall_is1" = Uninstall 1.0.0.1
"VirtualLab 5 Client_is1" = VirtualLab Client 5.5.17
"VLC media player" = VLC media player 1.0.3
"Winamp" = Winamp
"Windows Media Encoder 9" = Codeur Windows Media Série 9
"WinRAR archiver" = Compresor WinRAR
"WinUndelete" = WinUndelete

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-3363642553-2674491189-1508214333-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"CrossFTP" = CrossFTP
"Mysteries of Horus Deluxe" = Mysteries of Horus Deluxe
"Zylom Games Player Plugin" = Zylom Games Player Plugin

========== Last 10 Event Log Errors ==========

Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

< End of report >

jeanmimigab · le 06 Mar 2010 17:08

hello,

il y a des traces d'infections par support amovibles, fais cela stp...

* Fait un double-clic sur l'icône d'OTL pour le lancer
/!\ pour Vista/Seven fais un clic-droit sur l'icône d'OTL et choisis "Exécuter en tant qu'administrateur"

* Assure toi d'avoir fermé toutes les applications en court de fonctionnement.

* Quand la fenêtre d'OTL apparaît, assure toi que dans la section "Output" (en haut à droite) la case "minimal Output" soit cochée.

* Copies et colles le contenue de cette citation dans la partie inférieure d'OTL "Custom scan/fixes"

:OTL
@Alternate Data Stream - 24 bytes -> C:\Windows:29C604BAF24F09B1
@Alternate Data Stream - 163 bytes -> C:\ProgramData\TEMP:556BBACC
@Alternate Data Stream - 105 bytes -> C:\ProgramData\TEMP:DFC5A2B2

* Cliques sur l'icône "Run Fix" (en haut à gauche) .
* Laisse le scan aller à son terme sans te servir du PC
* A la fin du scan un ou deux rapports vont s'ouvrir "OTL.Txt" et ( ou ) "Extras.Txt"( dans certains cas).
* Copie et colle le ou les rapports dans ta réponse stp...
* Au cas où, tu peux les retrouver dans le dossier C:\OTL ou sur ton bureau en fonction des cas rencontrés

ensuite...

Tu as une infection qui se propage par support amovible ( disque dure externe, clef USB, carte photo, lecteur MP3 bref tous ce qui se branche à ton pc et qui peut stoker des fichiers).Si on désinfecte ton PC sans désinfecter ces périphériques, à la prochaine utilisation, ton pc sera réinfecté :oops:

Donc, branche tous les périphériques de ce genre que tu possède ( en les allumant si nécessaire ).

ensuite...

>> Télécharge USBFix sur ton bureau,et installe le en faisant un double-clic dessus...cela créera un raccourcie de lancement du tool.

>> Redémarre en mode sans échec...

>> Une fois en mode sans échec,fait un clic-droit et "exécuter en tant qu'administrateur" sur le raccourci créer par USBFix durant l'installation afin de le lancer et choisie "f" pour la langue.

>> Fait le choix N°2 (suppression),cela entrainera un redémarrage de ton PC,laisse travailler USBFix et poste le rapport qui sera générer en fin de scan.

@++

laurentmouhot · le 06 Mar 2010 19:17

Bonsoir,
merci encore pour ton aide ...

OTL a tourné voici le log :

========== OTL ==========
ADS C:\Windows:29C604BAF24F09B1 deleted successfully.
ADS C:\ProgramData\TEMP:556BBACC deleted successfully.
ADS C:\ProgramData\TEMP:DFC5A2B2 deleted successfully.

OTL by OldTimer - Version 3.1.33.0 log created on 03062010_172518

Puis j'ai fais tourner USB FIX comme demandé, avec le jeux complet de cle USB / disques externes

Voici le log

############################## | UsbFix V6.098 |

User : laurent (Administrateurs) # PC-PORTABLE
Update on 03/03/2010 by El Desaparecido , C_XX & Chimay8
Start at: 17:42:45 | 06/03/2010
Website : http://pagesperso-orange.fr/NosTools/index.html
Contact : FindyKill.Contact@gmail.com

Genuine Intel(R) CPU T2080 @ 1.73GHz
Microsoft® Windows Vista™ Édition Familiale Premium (6.0.6002 32-bit) # Service Pack 2
Internet Explorer 7.0.6002.18005
Windows Firewall Status : Enabled
AV : avast! antivirus 4.8.1296 [VPS 090202-0] 4.8.1296 [ Enabled | Updated ]

C:\ -> Disque fixe local # 116,44 Go (10,64 Go free) [Vista] # NTFS
D:\ -> Disque fixe local # 24,41 Go (14,38 Go free) # NTFS
F:\ -> Disque CD-ROM
G:\ -> Disque fixe local # 51,91 Go (45,33 Go free) # NTFS
H:\ -> Disque amovible # 7,46 Go (4,12 Go free) [KINGSTON] # FAT32
I:\ -> Disque fixe local # 465,76 Go (278,78 Go free) [FreeAgent Drive] # NTFS
J:\ -> Disque amovible # 3,73 Go (124,03 Mo free) [UDISK] # FAT32

################## | Elements infectieux |

Supprimé ! C:\$Recycle.Bin\S-1-5-18
Supprimé ! C:\$Recycle.Bin\S-1-5-20
Supprimé ! C:\$Recycle.Bin\S-1-5-21-2152478756-3922319563-605102323-500
Supprimé ! C:\$Recycle.Bin\S-1-5-21-2695987108-4230741789-2032654938-500
Supprimé ! C:\$Recycle.Bin\S-1-5-21-3363642553-2674491189-1508214333-1000
Supprimé ! C:\$Recycle.Bin\S-1-5-21-935334336-1314022380-1131289247-500
Supprimé ! D:\$Recycle.Bin\S-1-5-21-3363642553-2674491189-1508214333-1000
Supprimé ! D:\Recycler\S-1-5-21-73586283-1708537768-1813003251-1003
Supprimé ! G:\$Recycle.Bin\S-1-5-21-3363642553-2674491189-1508214333-1000
Supprimé ! H:\.\RECYCLER\RECYCLER\autorun.exe
Supprimé ! H:\.\RECYCLER\RECYCLER
Supprimé ! I:\autorun.inf
Supprimé ! I:\$Recycle.Bin\S-1-5-21-3363642553-2674491189-1508214333-1000

################## | Registre |

################## | Mountpoints2 |

Supprimé ! HKCU\...\Explorer\MountPoints2\{1bfeffd4-241f-11de-b832-001b381c9a21}\Shell\1\Command
Supprimé ! HKCU\...\Explorer\MountPoints2\{1e3ef8da-b1c4-11dd-964b-001b381c9a21}\Shell\1\Command
Supprimé ! HKCU\...\Explorer\MountPoints2\{2d262329-8bec-11dc-a98e-001b381c9a21}\Shell\Auto\Command
Supprimé ! HKCU\...\Explorer\MountPoints2\{2d262333-8bec-11dc-a98e-001b381c9a21}\Shell\Auto\Command
Supprimé ! HKCU\...\Explorer\MountPoints2\{5295b87a-8651-11dc-b50f-001b381c9a21}\Shell\AutoRun\Command
Supprimé ! HKCU\...\Explorer\MountPoints2\{6926249b-ccd2-11dd-8180-001b381c9a21}\Shell\1\Command
Supprimé ! HKCU\...\Explorer\MountPoints2\{e98f612c-295a-11de-a7e8-001b381c9a21}\Shell\1\Command

################## | Listing des fichiers présent |

[06/03/2010 17:26|--a------|530] C:\03062010_172518.log
[18/09/2006 22:43|--a------|24] C:\autoexec.bat
[11/04/2009 07:36|-rahs----|333257] C:\bootmgr
[08/03/2007 10:13|-ra-s----|8192] C:\BOOTSECT.BAK
[18/09/2006 22:43|--a------|10] C:\config.sys
[?|?|?] C:\hiberfil.sys
[23/10/2007 21:35|-rahs----|0] C:\IO.SYS
[23/10/2007 21:35|-rahs----|0] C:\MSDOS.SYS
[?|?|?] C:\pagefile.sys
[28/03/2001 14:51|--a------|3972] C:\Satel Cataratas del Iguaz£ 2554-III.map
[16/03/2007 12:18|--ah-----|282] C:\SWSTAMP.TXT
[06/03/2010 17:50|--a------|3207] C:\UsbFix.txt
[14/03/2007 15:45|--a----t-|23872] C:\_wdsuef.dmp
[23/10/2007 18:56|--a------|0] D:\AUTOEXEC.BAT
[15/01/2010 20:39|--a------|275] D:\bm_rescue.exe
[28/10/2007 11:34|-rahs----|212] D:\boot.ini
[28/08/2001 13:00|-rahs----|4952] D:\Bootfont.bin
[23/10/2007 18:56|--a------|0] D:\CONFIG.SYS
[14/06/2004 15:30|--a------|5] D:\DISK1.ID
[25/01/2010 22:02|--a------|726420] D:\frozen-bubble_frozen_bubble_v0.94_240x320_anglais_247618.sisx
[25/01/2010 22:03|--a------|10338008] D:\frozen_bubble_frozen_bubble_1.0.0_windows_francais_12257.exe
[24/01/2010 17:29|--a------|1029782] D:\grescue_0.1.2~welemski1_i386.deb
[05/05/2008 23:19|--ahs----|402116608] D:\hiberfil.sys
[23/10/2007 18:56|-rahs----|0] D:\IO.SYS
[24/01/2010 13:31|--a------|89965] D:\magicrescue-1.1.4.tar.gz
[23/10/2007 18:56|-rahs----|0] D:\MSDOS.SYS
[28/10/2007 11:28|-rahs----|47564] D:\NTDETECT.COM
[24/01/2010 23:11|--a------|830398] D:\ntdriverecovery.exe
[19/01/2010 13:09|--a------|1569051] D:\ntfs-data-recovery-demo.exe
[28/10/2007 11:28|-rahs----|251712] D:\ntldr
[24/01/2010 23:10|--a------|1608716] D:\NT_Drive_Recovery_v2.x_by_LTTeam.zip
[15/01/2010 21:07|--a------|4523320] D:\psbp2_3.exe
[18/01/2010 22:45|--a------|3762464] D:\rcsetup134.exe
[23/03/1999 10:12|--a------|45312] D:\SETUP.EXE
[14/06/2004 15:30|--a------|41] D:\SETUP.INI
[08/04/1999 12:26|--a------|81342] D:\SETUP.INS
[14/06/2004 15:30|--a------|182] D:\SETUP.PKG
[25/01/2010 21:54|--a------|385459736] D:\SPU_Installer0907b.exe
[24/01/2010 22:42|--a------|15531601] D:\untitled.st4
[26/01/2010 21:27|--a------|303417568] D:\video_easy_289mb_us_uk.exe
[09/10/2008 15:41|--a------|834560] D:\WB075b5.exe
[18/01/2010 23:02|--a------|477] D:\WB075b5.ini
[23/03/1999 10:12|--a------|294079] D:\_INST32I.EX_
[23/03/1999 10:12|--a------|8192] D:\_ISDEL.EXE
[14/06/2004 15:30|--a------|1581497] D:\_SETUP.1
[23/03/1999 10:12|--a------|6128] D:\_SETUP.DLL
[14/06/2004 15:30|--a------|206880] D:\_SETUP.LIB
[06/03/2010 16:28|---------|115683328] G:\ttl-431.sfs
[06/03/2010 16:27|---------|536870912] G:\ttlsave-laurent.2fs
[23/12/2009 17:46|--a------|3964928] H:\DSC00255.JPG
[23/12/2009 17:47|--a------|3211264] H:\DSC00256.JPG
[23/12/2009 17:47|--a------|5505024] H:\DSC00257.JPG
[21/02/2010 11:17|--a------|30208] H:\comparaison entre declic et belleville 2.doc
[12/02/2010 08:36|--a------|12288] H:\structure manuel Belleville.doc
[23/12/2009 17:45|--a------|4161536] H:\DSC00254.JPG
[04/02/2010 21:49|--a------|1566] I:\cfspart.impots.gouv.fr.crt
[16/04/2009 17:13|--a------|38622] I:\FreeAgentGoNext.ico
[16/01/2009 09:14|--a------|156312] I:\Setup.exe
[11/08/2009 14:49|--a------|8872754] J:\1B30_02.pdf
[29/12/2009 16:03|--a------|379] J:\CopyIniFiles.bat
[10/08/2009 14:30|--a------|123910470] J:\mariage Patricia et Laurent_0001.wmv
[16/01/2010 18:07|--a------|75798489] J:\pmagic-usb-4.8.zip

################## | Vaccination |

# C:\autorun.inf -> Dossier créé par UsbFix (El Desaparecido).
# D:\autorun.inf -> Dossier créé par UsbFix (El Desaparecido).
# G:\autorun.inf -> Dossier créé par UsbFix (El Desaparecido).
# H:\autorun.inf -> Dossier créé par UsbFix (El Desaparecido).
# I:\autorun.inf -> Dossier créé par UsbFix (El Desaparecido).
# J:\autorun.inf -> Dossier créé par UsbFix (El Desaparecido).

################## | Upload |

Veuillez envoyer le fichier : C:\UsbFix_Upload_Me_PC-PORTABLE.zip : http://chiquitine.changelog.fr/Sample/Upload.php
Merci pour votre contribution .

################## | ! Fin du rapport # UsbFix V6.098 ! |

jeanmimigab · le 06 Mar 2010 19:39

bien, c'est OK :wink:

Il nous reste a désinstaller de manière automatique tous les outils utilisés pour la désinfection...

pour cela...

télécharge >>> ToolsCleaner <<< (de A.Rothstein & dj QUIOU)

fait un double-clique dessus pour lancer le programme

Clique sur Recherche et laisse le scan se terminer (il peut durer une dizaine de minutes au maximum).

une fois la recherche lancée, ne clique pas dans la fenêtre, cela provoquerait un léger bug du programme.

Si toutes fois la mention (ne réponds pas) apparaissait dans le titre de la fenêtre ToolsCleaner, ne t'en occupes pas et laisse quand même le programme terminer son travail

Poste moi le rapport qui apparait

Attends mon feu vert pour cliquer sur Suppression

@++

laurentmouhot · le 06 Mar 2010 21:15

Bonsoir,

J'ai fais la manip sur les deux PC :

Sur le premier le programme à trouvé

Mais n'a pas trouvé OTL / TFC voir le log ci dessous

[ Rapport ToolsCleaner version 2.3.11 (par A.Rothstein & dj QUIOU) ]

--> Recherche:

C:\Program Files\Trend Micro\HijackThis: trouvé !
C:\Program Files\Trend Micro\HijackThis\hijackthis.log: trouvé !

Sur le deuxieme PC voici le log
[ Rapport ToolsCleaner version 2.3.11 (par A.Rothstein & dj QUIOU) ]

--> Recherche:

C:\UsbFix.txt: trouvé !
C:\UsbFix: trouvé !
C:\Users\laurent\AppData\Roaming\Microsoft\Windows\Recent\UsbFix.lnk: trouvé !
C:\Users\laurent\Desktop\hijackthis.log: trouvé !
C:\Users\laurent\Desktop\UsbFix.exe: trouvé !

jeanmimigab · le 07 Mar 2010 03:42

hello,

c'est bon, tu peux cliquer sur suppression :wink:

passont au deuxième pc maintenant, dit moi qu'est ce qui bloque exactement

laurentmouhot · le 07 Mar 2010 10:33

Bonjour,

Merci de m'avoir aidé à supprimer ces f*** virus,
EN fai je pense que je les ais choppés en essayant de déplanter monPortable.

J'ai un DD de 250 MGo qui est coupé en 2 partitions NTFS. J'ai "perdu" d'un seul coup la deuxième partition qui contient mes fichiers perso, le systeme ( VISTA) est sur la partition 1.
Après des recherches sur le net j'ai trouvé des logiciels de réparation de partition. Mais je n'ai pas reussi à récuperer la structure des dossiers / fichiers.
J'ai essayé plein de trucs mais sans succès.

jeanmimigab · le 07 Mar 2010 18:48

hello,

au mieux tu pourras récupérer des fichiers en indiquant les extensions recherchées, mais les dossier ou l'arborescence, cela m'étonnerai :-?

laurentmouhot · le 07 Mar 2010 21:18

Bonsoir,

Encore merci pour ton aide

W32:rootkit-gen • page 2

Re: W32:rootkit-gen

Re: W32:rootkit-gen

Re: W32:rootkit-gen

Re: W32:rootkit-gen

Re: W32:rootkit-gen

Re: W32:rootkit-gen

Re: W32:rootkit-gen

Re: W32:rootkit-gen

Re: W32:rootkit-gen

Re: W32:rootkit-gen

Re: W32:rootkit-gen

Sujets similaires

Qui est en ligne