Problème virus

Damss51 -  
Lyonnais92 Messages postés 25708 Statut Contributeur sécurité -
Bonjour,

Voila le rapport hijackthis, j'ai réussi a faire un scan avec malwarebytes anti-malware et il me trouve a chaque fois des infections notamment dans des fichiers HKEY... Merci de me dire le chemin à suivre pour désinfecter au mieux mon pc.
Damien

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:25:06, on 29/05/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\mdm.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\TEMP\gcnh.exe
C:\WINDOWS\TEMP\bqgymq.exe
C:\Documents and Settings\Damien\Bureau\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Créer un Favori de l'appareil mobile - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra 'Tools' menuitem: Créer un Favori de l'appareil mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://www.secuser.com
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {88764F69-3831-4EC1-B40B-FF21D8381345} (AdVerifierADPCtrl Class) - https://static.impots.gouv.fr/tdir/static/adpform/AdSignerADP-1.1.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{A76C2CF6-CD68-41EB-9F27-15ADCA42FE99}: NameServer = 212.27.40.240,212.27.40.241
O17 - HKLM\System\CCS\Services\Tcpip\..\{EE4C5035-14F7-4955-8052-0783BCEDDB6E}: NameServer = 192.168.1.1
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe

End of file - 7998 bytes
A voir également:

30 réponses

  • 1
  • 2
Réponse 1 / 30
Lyonnais92 Messages postés 25708 Statut Contributeur sécurité 1 537
 
Re,

l'essentiel me parait fait : les 2 processus ne sont pas revenus.

======================

nettoyage général :

Lis bien et exécute cette manip dans l’ordre.

#Télécharge et installe ces logiciels (si tu ne les as pas) pour les 3 premiers
mets les à jour, comme indiqué dans les démos ou tutos.

Ne les utilise pas tout de suite.


Antispywares et autres :

Télécharge Malwarebytes' Anti-Malware (MBAM) et enregistre le sur ton bureau à partir de ce lien :

https://www.malwarebytes.com/

A la fin du téléchargement, ferme toutes les fenêtres et programmes, y compris celui-ci.

Double-clique sur l'icône Download_mbam-setup.exe sur ton bureau pour démarrer le programme d'installation.

Pendant l'installation, suis les indications (en particulier le choix de la langue et l'autorisation d'accession à Internet). N'apporte aucune modification aux réglages par défaut et, en fin d'installation, vérifie que les options Update Malwarebytes' Anti-Malware et Launch Malwarebytes' Anti-Malware sont cochées.

MBAM démarrera automatiquement et enverra un message demandant à mettre à jour le programme avant de lancer une analyse. Comme MBAM se met automatiquement à jour en fin d'installation, clique sur OK pour fermer la boîte de dialogue.


Nettoyeurs (de fichiers inutiles) et autres :

*Ccleaner (gratuit)
Téléchargement :
https://www.01net.com/telecharger/windows/Utilitaire/nettoyeurs_et_installeurs/fiches/32599.html
Tuto :
https://www.vulgarisation-informatique.com/nettoyer-windows-ccleaner.php

Lors de l’installation, [décoche] l’option qui t’installerait la barre Yahoo !

========================================
->Affiche tous les fichiers et dossiers :
clique sur démarrer/panneau de configuration (en affichage classique)/option des dossiers/affichage

[Coche] « afficher les dossiers et fichiers cachés »

[Décoche] la case « Masquer les fichiers protégés du système d'exploitation (recommandé) »

[Décoche] « masquer les extensions dont le type est connu »

Puis fais [appliquer] pour valider les changements.

Et [Ok]
.

========================================
->Lance CCleaner.

Suppression des fichiers temporaires

Va dans la section "Options" situé dans la marge gauche.
Décoche "Avancé"
Retourne ensuite dans la section "Nettoyeur"
Fais bien attention de cocher toutes ces cases dans la marge gauche (Internet Explorer/Windows Explorer/Système)
• Clique sur [Analyse]
• Patiente le temps du scan, qui peut prendre un peu de temps si c'est la première fois.
• Une fois le scan terminé, clique sur [Lancer le Nettoyage]



========================================
Lance Malwarebytes AntiMalware

Dans l'onglet analyse, vérifie que "Exécuter un scan rapide" est coché et clique sur le bouton Rechercher pour démarrer l'analyse.

MBAM analyse ton ordinateur. L'analyse peut prendre un certain temps. Il suffit de vérifier de temps en temps son avancement.

A la fin de l'analyse, un message s'affiche indiquant la fin de l'analyse. Clique sur OK pour poursuivre.

Si des malwares ont été détectés, leur liste s'affiche.
En cliquant sur Suppression (?) , MBAM va détruire les fichiers et clés de registre et en mettre une copie dans la quarantaine.

MBAM va ouvrir le bloc-notes et y copier le rapport d'analyse. Ferme le bloc-note. (Le rapport peut être retrouvé sous l'onglet Rapports/logs)

Ferme MBAM en cliquant sur Quitter.

Poste le rapport dans ta réponse.
========================================

->Relance CCleaner.
Suppression des incohérences du registre

• Clique sur l'icône [Registre] situés dans la marge à gauche
• Puis clique sur [Analyser les erreurs]
• Patiente pendant que CCleaner scan ton registre.
• Une fois le scan terminé, coche toutes les entrèes qu'il t'aura trouvée.
• Tu peux cliquer ensuite sur [Corriger les erreurs].

Quand l'outil te le demandera, choisis de sauvegarder les entrées cochées pour les restaurer ultérieurement.
========================================
->Vide ta Corbeille.
========================================



- > Ouvre ce lien pour scanner ton PC avec un BitDefender en ligne (uniquement sous Internet Explorer) :

http://www.bitdefender.fr/scan_fr/scan8/ie.html

Utilisation :
Cliquer sur "J'accepte" puis accepter également l'ActiveX bloqué par la barre anti-popup du SP2 qui clignotera en haut et l'installer.

A l'ouverture de la page "Scanner Options", cliquer sur [click here] de "To change this and other settings, click here" puis cliquer sur le + devant "Second option" et cocher "Report only" puis cliquer sur [OK].


Ensuite, cliquer sur "Cliquez ici pour scanner".
Patienter jusqu'à la fin du scan qui peut durer assez longtemps...

Copier/coller le rapport entier sur le forum.

Tutoriel en images ici : http://pageperso.aol.fr/rginformatique/mapage/defender.htm (merci à Balltrap34 pour cette réalisation)
[Recoche] la case « Masquer les fichiers protégés du système d'exploitation (recommandé) »
1
Damss51
 
Re,

Voila les différents rapports :

Bitdefender : http://www.cijoint.fr/cjlink.php?file=cj200906/cijydDzGz5.txt

MBAB : http://www.cijoint.fr/cjlink.php?file=cj200906/cijytzQE3S.txt

OTL : http://www.cijoint.fr/cjlink.php?file=cj200906/cijO1QVpiR.txt

Bonne soirée
0
Damss51
 
Bonsoir,

voici les rapports:

- bitdefender : http://www.cijoint.fr/cjlink.php?file=cj200906/cijgVLqfko.txt

- otl : http://www.cijoint.fr/cjlink.php?file=cj200906/cij91CO1E8.txt

- mbam : http://www.cijoint.fr/cjlink.php?file=cj200906/cijQNlPXPh.txt

a+
0
Réponse 2 / 30
Lyonnais92 Messages postés 25708 Statut Contributeur sécurité 1 537
 
Bonjour,

ne fais pas ça.

Ta garantie est de te faire aider en public.

Je te dis quoi faire le temps d'analyser.
0
Réponse 3 / 30
Lyonnais92 Messages postés 25708 Statut Contributeur sécurité 1 537
 
Re,

Relance Hijackthis.

Choisis Open the misc tools section.

Choisis Open Process manager.

Clique sur C:\WINDOWS\TEMP\gcnh.exe
pour le mettre en surbrillance.

Clique sur Kill process.

Recommence avec : C:\WINDOWS\TEMP\bqgymq.exe

Ferme Hijackthis.

==========

Fais redémarrer l'ordi.

============

Télécharge OTL de OLDTimer ici :

http://www.geekstogo.com/forum/files/file/398-otl-oldtimers-list-it/

et enregistre le sur ton Bureau.

Double clic sur OTL.exe pour le lancer.

Coche les 2 cases Lop et Purity

Coche la case devant "scan all users"

Clic sur Run Scan.

A la fin du scan, le Bloc-Notes va s'ouvrir avec le rapport (OTL.txt).

Ce fichier est sur ton Bureau (en général C:\Documents and settings\le_nom_de_ta_session\OTL.txt)


Pour me le transmettre clique sur ce lien :

http://www.cijoint.fr/

Clique sur Parcourir et cherche le fichier ci-dessus.

Clique sur Ouvrir.

Clique sur "Cliquez ici pour déposer le fichier".

Un lien de cette forme :

http://www.cijoint.fr/cjlink.php?file=cj200905/cijSKAP5fU.txt

est ajouté dans la page.

Copie ce lien dans ta réponse.
0
Damss51
 
Re,

Voila le lien : http://www.cijoint.fr/cjlink.php?file=cj200905/cijdgkIqcs.txt

Par contre par rapport à la 1ere manip' ds Hijackthis j'ai pas pu faire kill process il refusait alors j'ai mis terminer le processus avec le gestionnaire des taches pr les deux fichiers que tu m'avais signalé.

Merci de me dire la suite des événements!

Damien
0
Réponse 4 / 30
Lyonnais92 Messages postés 25708 Statut Contributeur sécurité 1 537
 
Re,

assez infecté.

Branche le support amovible qui va dans F:\ sans l'ouvrir.

Double clic sur OTL.exe pour le lancer.


Copie la liste qui se trouve en gras ci-dessous,

et colle-la dans la zone sous Customs Scans/Fixes


:OTL
PRC - [2009/05/29 23:22:11 | 00,011,264 | ---- | M] () -- C:\WINDOWS\TEMP\wincflbf.exe
PRC - [2009/05/29 23:22:14 | 00,019,968 | ---- | M] () -- C:\WINDOWS\TEMP\winwptycr.exe

DRV - File not found -- -- (abp470n5 [On_Demand | Running])

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 1
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1

O33 - MountPoints2\{3148f314-414e-11de-80fe-000fb09bc945}\Shell\AUtoplaY\command - "" = F:\adkt.pif -- File not found
O33 - MountPoints2\{3148f314-414e-11de-80fe-000fb09bc945}\Shell\AutoRun\command - "" = F:\adkt.pif -- File not found
O33 - MountPoints2\{3148f314-414e-11de-80fe-000fb09bc945}\Shell\explore\coMmaND - "" = F:\adkt.pif -- File not found
O33 - MountPoints2\{3148f314-414e-11de-80fe-000fb09bc945}\Shell\open\comMAnd - "" = F:\adkt.pif -- File not found
O33 - MountPoints2\{e0556272-7c91-11da-9c26-0090d026ce3b}\Shell\AUTOPlay\CoMMAnd - "" = F:\ynuvc.cmd -- File not found
O33 - MountPoints2\{e0556272-7c91-11da-9c26-0090d026ce3b}\Shell\AutoRun\command - "" = F:\ynuvc.cmd -- File not found
O33 - MountPoints2\{e0556272-7c91-11da-9c26-0090d026ce3b}\Shell\EXplore\commaNd - "" = F:\ynuvc.cmd -- File not found
O33 - MountPoints2\{e0556272-7c91-11da-9c26-0090d026ce3b}\Shell\opEn\COMmaND - "" = F:\ynuvc.cmd -- File not found
O33 - MountPoints2\{f0949434-9fb0-11dd-8026-000fb09bc945}\Shell\AUTOPlAy\coMmand - "" = F:\oeosg.pif -- File not found
O33 - MountPoints2\{f0949434-9fb0-11dd-8026-000fb09bc945}\Shell\AutoRun\command - "" = F:\oeosg.pif -- File not found
O33 - MountPoints2\{f0949434-9fb0-11dd-8026-000fb09bc945}\Shell\expLore\CoMMaNd - "" = F:\oeosg.pif -- File not found
O33 - MountPoints2\{f0949434-9fb0-11dd-8026-000fb09bc945}\Shell\OpEn\commAnd - "" = F:\oeosg.pif -- File not found

[2009/05/26 19:17:56 | 00,217,088 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\Damien\Bureau\task.exe.exe

[2009/05/22 11:36:40 | 00,307,200 | ---- | C] (Suzanna) -- C:\WINDOWS\System32\gekkqui.exe
[2009/05/22 11:36:40 | 00,002,950 | ---- | C] () -- C:\WINDOWS\System32\gekkqui.dat

[2009/05/26 19:23:02 | 00,217,088 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\Damien\Bureau\task.exe.exe

@Alternate Data Stream - 88 bytes -> C:\Documents and Settings\Damien\Bureau\task.exe.exe:SummaryInformation
@Alternate Data Stream - 155 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2

:files
F:\adkt.pif
F:\ynuvc.cmd
F:\oeosg.pif

:commands
[emptytemp]


Clique sur RunFix pour lancer la suppression.


Poste le rapport.

0
Damss51
 
Bonjour,

Voila le rapport après la manip

========== OTL ==========
No active process named wincflbf.exe was found!
No active process named winwptycr.exe was found!

Service\Driver abp470n5 deleted successfully.
Registry key HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\polic­ies\System not found.
Registry key HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\polic­ies\System not found.
Registry key HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\polic­ies\System not found.
Registry key HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\polic­ies\System not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3148f314-414e-11de-80fe-000fb09bc945}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3148f314-414e-11de-80fe-000fb09bc945}\ not found.
File F:\adkt.pif not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3148f314-414e-11de-80fe-000fb09bc945}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3148f314-414e-11de-80fe-000fb09bc945}\ not found.
File F:\adkt.pif not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3148f314-414e-11de-80fe-000fb09bc945}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3148f314-414e-11de-80fe-000fb09bc945}\ not found.
File F:\adkt.pif not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3148f314-414e-11de-80fe-000fb09bc945}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3148f314-414e-11de-80fe-000fb09bc945}\ not found.
File F:\adkt.pif not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e0556272-7c91-11da-9c26-0090d026ce3b}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e0556272-7c91-11da-9c26-0090d026ce3b}\ not found.
File F:\ynuvc.cmd not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e0556272-7c91-11da-9c26-0090d026ce3b}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e0556272-7c91-11da-9c26-0090d026ce3b}\ not found.
File F:\ynuvc.cmd not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e0556272-7c91-11da-9c26-0090d026ce3b}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e0556272-7c91-11da-9c26-0090d026ce3b}\ not found.
File F:\ynuvc.cmd not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e0556272-7c91-11da-9c26-0090d026ce3b}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e0556272-7c91-11da-9c26-0090d026ce3b}\ not found.
File F:\ynuvc.cmd not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f0949434-9fb0-11dd-8026-000fb09bc945}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f0949434-9fb0-11dd-8026-000fb09bc945}\ not found.
File F:\oeosg.pif not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f0949434-9fb0-11dd-8026-000fb09bc945}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f0949434-9fb0-11dd-8026-000fb09bc945}\ not found.
File F:\oeosg.pif not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f0949434-9fb0-11dd-8026-000fb09bc945}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f0949434-9fb0-11dd-8026-000fb09bc945}\ not found.
File F:\oeosg.pif not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f0949434-9fb0-11dd-8026-000fb09bc945}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f0949434-9fb0-11dd-8026-000fb09bc945}\ not found.
File F:\oeosg.pif not found.
C:\Documents and Settings\Damien\Bureau\task.exe.exe moved successfully.
C:\WINDOWS\System32\gekkqui.exe moved successfully.
C:\WINDOWS\System32\gekkqui.dat moved successfully.
File C:\Documents and Settings\Damien\Bureau\task.exe.exe not found.
Unable to delete ADS C:\Documents and Settings\Damien\Bureau\task.exe.exe:SummaryInformation .
ADS C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2 deleted successfully.
========== FILES ==========
File\Folder F:\adkt.pif not found.
File\Folder F:\ynuvc.cmd not found.
File\Folder F:\oeosg.pif not found.
========== COMMANDS ==========
User's Temp folder emptied.
User's Internet Explorer cache folder emptied.
Local Service Temp folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
Local Service Temporary Internet Files folder emptied.
Network Service Temp folder emptied.
Network Service Temporary Internet Files folder emptied.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_7b4.dat scheduled to be deleted on reboot.
Windows Temp folder emptied.
Java cache emptied.
Temp folders emptied.

OTL by OldTimer - Version 2.1.1.0 log created on 05302009_105519

Files moved on Reboot...
File C:\WINDOWS\temp\Perflib_Perfdata_7b4.dat not found!

Registry entries deleted on Reboot...
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 30
Lyonnais92 Messages postés 25708 Statut Contributeur sécurité 1 537
 
Bonjour,

je n'aime pas ce rapport.

Refais tourner OTL et poste le nouveau rapport (par la procédure que je t'ai donné).

Ne fais pas redémarrer l'ordi (donc ne l'éteins pas) tant que tu n'as pas éxecuté mes prochaines instructions (dans la soirée)
0
Damss51
 
Voila le lien pour le nouveau rapport, je ne coupe pas mon pc en attendant ton prochain post, a tt'

http://www.cijoint.fr/cjlink.php?file=cj200905/cijj2dwcuW.txt
0
Réponse 6 / 30
Lyonnais92 Messages postés 25708 Statut Contributeur sécurité 1 537
 
Re,

l'infection est très instable (en particulier pour les 2 processus qui sont dans le répertoire temporaire).

Rends toi sur ce site :

https://www.virustotal.com/gui/

Clique sur parcourir et cherche ce fichier : C:\WINDOWS\TEMP\winnmkct.exe

Clique sur Send File.

Un rapport va s'élaborer ligne à ligne.

Attends la fin. Il doit comprendre la taille du fichier envoyé.

Sauvegarde le rapport avec le bloc-note.

Copie le dans ta réponse.

Si VirusTotal indique que le fichier a déjà été analysé, cliquer sur le bouton Reanalyse le fichier maintenant

====
Fais de même avec :

C:\WINDOWS\TEMP\winsglfvq.exe

Ne redémarre toujours pas.
0
Damss51
 
re,

j'arrive pas a me connecter sur le site virustotal .... Y a t il un plan B ??

A+
0
Réponse 7 / 30
Lyonnais92 Messages postés 25708 Statut Contributeur sécurité 1 537
 
Re,

plan B :

Vas sur le site https://virusscan.jotti.org/

[*]Clique en haut à droite sur "Parcourir", navigue dans les dossiers et sélectionne ce fichier : C:\WINDOWS\TEMP\winnmkct.exe

[*]Clique sur submit toujours en haut à droite
[*]Le scan va se lancer, ça va prendre un petit instant
[*]A la fin du scan, un rapport va apparaître : Copie/Colle le résultat complet du scan dans un fichier texte
[*]Poste ce fichier dans ta prochaine réponse


[b]ATTENTION[/b] de bien prendre le résultat du scan de ton fichier (le nom du fichier apparaît en haut) et non le scan fait avant le tiens!
[b]Aide :[/b] https://www.malekal.com/scan-antivirus-ligne-nod32/#mozTocId662799

Idem avec l'autre fichier.
0
Réponse 8 / 30
Damss51
 
Re,

Je suis deg', c'est pareil que pour le premier site, ça ne veut pas se charger... As-tu d'autres soluces ??

A+
0
Réponse 9 / 30
Lyonnais92 Messages postés 25708 Statut Contributeur sécurité 1 537
 
Re,

probablement l'infection qui bloque.

Essaye ici (ce n'est pas le même genre mais ça donne les infos que je cherche) :

https://www.broadcom.com/

Si ça continue à bloquer, on y ira en aveugle.
0
Damss51
 
re,

Ton dernier lien fonctionne, j'ai lancer le scan et je devrais recevoir l'analyse des scans par mail (sa fait 5-10 minutes et je ne l'ai tjs pas) je vais tous aller me coucher et demain matin je te post ça... (et je n'étein pas mon pc cette nuit, desfois que ça ns chamboule tt!)

Encore merci et a demain
0
Damss51
 
Hello,

Voila les liens des deux rapports :

https://www.symantec.com?md5=c24411d4e373e19404eb3154f3233ad0

https://www.symantec.com?md5=9717362718984a7e162f138ca5d1bb6f

A+
0
Réponse 10 / 30
Lyonnais92 Messages postés 25708 Statut Contributeur sécurité 1 537
 
Bonjour,

pourquoi tu n'a pas d'antivirus ?

ni de parefeu ?

Si tu as lu les rappoerts de ThreatExpert, tu as lu que ton malware dérobe les informations privées.

Attention si tu as des informations bancaires.

De toute manière, il faudra que tu changes tous tes mots de passe et questions secrètes à la fin de la désinfection.

Il faut aussi que toutes les manips de désInfection soient faites avec une déconnexion physique d'Internet.

===========================

On va utiliser ComboFix.exe. Rends toi sur cette page web pour obtenir les liens de téléchargement, ainsi que des instructions pour exécuter l'outil:

https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix


* Vérifie que tu as fermé/désactivé tous les programmes anti-virus, anti-malware ou anti-spyware afin qu'ils n'interfèrent pas avec le travail de ComboFix.

Envoie le contenu de C:\ComboFix.txt dans ta prochaine réponse afin que je l'examine.
0
Damss51
 
re, voila le rapport combofix, par contre j'ai du redémarrer mon pc après car mon bureau avait disparu... :

ComboFix 09-05-30.03 - Damien 31/05/2009 11:47.1 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.3.1252.33.1036.18.502.221 [GMT 2:00]
Lancé depuis: c:\documents and settings\Damien\Bureau\ComboFix.exe
AV: Spyware Doctor with AntiVirus *On-access scanning disabled* (Updated) {D3C23B96-C9DC-477F-8EF1-69AF17A6EFF6}
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\pack.epk

.
((((((((((((((((((((((((((((( Fichiers créés du 2009-04-28 au 2009-05-31 ))))))))))))))))))))))))))))))))))))
.

2009-05-30 08:55 . 2009-05-30 08:55 -------- d-----w C:\_OTL
2009-05-27 14:59 . 2009-05-27 14:59 -------- d-----w c:\documents and settings\Damien\Application Data\Malwarebytes
2009-05-27 14:59 . 2009-05-26 11:20 40160 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-05-27 14:59 . 2009-05-27 14:59 -------- d-----w c:\documents and settings\All Users\Application Data\Malwarebytes
2009-05-27 14:59 . 2009-05-26 11:19 19096 ----a-w c:\windows\system32\drivers\mbam.sys
2009-05-27 14:59 . 2009-05-27 14:59 -------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-05-27 02:37 . 2005-09-23 05:29 626688 ----a-w c:\windows\system32\msvcr80.dll
2009-05-26 18:51 . 2008-12-11 06:38 159600 ----a-w c:\windows\system32\drivers\pctgntdi.sys
2009-05-26 18:51 . 2009-04-03 09:18 130936 ----a-w c:\windows\system32\drivers\PCTCore.sys
2009-05-26 18:51 . 2008-12-18 10:16 73840 ----a-w c:\windows\system32\drivers\PCTAppEvent.sys
2009-05-26 18:51 . 2009-05-27 15:00 -------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2009-05-26 18:50 . 2009-05-26 18:55 -------- d-----w c:\program files\Fichiers communs\PC Tools
2009-05-26 18:50 . 2008-12-10 09:36 64392 ----a-w c:\windows\system32\drivers\pctplsg.sys
2009-05-26 18:50 . 2009-05-27 13:46 -------- d-----w c:\program files\Spyware Doctor
2009-05-26 18:50 . 2009-05-26 18:50 -------- d-----w c:\documents and settings\Damien\Application Data\PC Tools
2009-05-26 18:50 . 2009-05-26 18:50 -------- d-----w c:\documents and settings\All Users\Application Data\PC Tools
2009-05-26 16:54 . 2009-05-26 16:54 -------- d-----w c:\program files\CCleaner
2009-05-21 06:29 . 2009-05-27 14:54 -------- d-----w c:\program files\Navilog1
2009-05-20 10:44 . 2009-05-26 16:57 -------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-05-20 10:44 . 2009-05-20 10:45 -------- d-----w c:\program files\Spybot - Search & Destroy

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-27 14:03 . 2005-10-22 20:33 -------- d-----w c:\program files\InterActual
2009-05-27 13:48 . 2005-10-09 19:03 -------- d-----w c:\documents and settings\Damien\Application Data\Lavasoft
2009-05-13 22:55 . 2008-12-10 19:43 -------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
2009-05-13 22:51 . 2005-12-12 10:31 -------- d-----w c:\program files\Google
2009-04-17 11:35 . 2005-03-17 07:07 64930 ----a-w c:\windows\system32\perfc00C.dat
2009-04-17 11:35 . 2005-03-17 07:07 448428 ----a-w c:\windows\system32\perfh00C.dat
2009-03-06 14:20 . 2005-03-17 07:07 286720 ----a-w c:\windows\system32\pdh.dll
2009-03-04 15:57 . 2005-10-24 07:05 3012 ----a-w c:\documents and settings\Damien\Application Data\wklnhst.dat
2009-03-03 00:13 . 2005-03-17 07:07 826368 ----a-w c:\windows\system32\wininet.dll
2006-01-06 18:34 . 2006-01-06 18:27 360448 ----a-w c:\program files\Fichiers communs\FDEUnInstaller.exe
.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"DWQueuedReporting"="c:\progra~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe" [2007-08-24 514984]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"= 1 (0x1)
"DisableRegistryTools"= 1 (0x1)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
"UacDisableNotify"=dword:00000001
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001
"AntiVirusDisableNotify"=dword:00000001
"FirewallDisableNotify"=dword:00000001
"FirewallOverride"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"UacDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Sports Interactive\\Football Manager 2008\\fm.exe"=
"c:\\WINDOWS\\PCHealth\\HelpCtr\\Binaries\\MSConfig.exe"=
"c:\\Program Files\\TOSHIBA\\TouchPad\\TPTray.exe"=
"c:\\Program Files\\TOSHIBA\\Touch and Launch\\PadExe.exe"=
"c:\\Program Files\\TOSHIBA\\E-KEY\\CeEKey.exe"=
"c:\\Program Files\\TOSHIBA\\Commandes TOSHIBA\\TFncKy.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\msohtmed.exe"=
"c:\\Program Files\\Microsoft ActiveSync\\WCESCOMM.EXE"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\Google\\GoogleToolbarNotifier\\GoogleToolbarNotifier.exe"=
"c:\\Program Files\\Fichiers communs\\Microsoft Shared\\VS7DEBUG\\mdm.exe"=
"c:\\Program Files\\Fichiers communs\\Adobe\\Calibration\\Adobe Gamma Loader.exe"=
"c:\\Program Files\\Adobe\\Acrobat 7.0\\Reader\\AcroRd32.exe"=

R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [26/05/2009 20:51 130936]
R0 sfsync03;StarForce Protection Synchronization Driver (version 3.x);c:\windows\system32\drivers\sfsync03.sys [06/12/2005 17:11 35328]
R3 abp470n5;abp470n5;\??\c:\windows\system32\drivers\iirpol.sys --> c:\windows\system32\drivers\iirpol.sys [?]
S3 k600bus;Sony Ericsson 600i driver (WDM);c:\windows\system32\drivers\k600bus.sys [11/05/2005 14:12 52384]
S3 k600mdfl;Sony Ericsson 600i USB WMC Modem Filter;c:\windows\system32\drivers\k600mdfl.sys [11/05/2005 14:12 6096]
S3 k600mdm;Sony Ericsson 600i USB WMC Modem Drivers;c:\windows\system32\drivers\k600mdm.sys [11/05/2005 14:12 87456]
S3 k600mgmt;Sony Ericsson 600i USB WMC Device Management Drivers;c:\windows\system32\drivers\k600mgmt.sys [11/05/2005 14:12 79248]
S3 k600obex;Sony Ericsson 600i USB WMC OBEX Interface Drivers;c:\windows\system32\drivers\k600obex.sys [11/05/2005 14:12 77072]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [26/05/2009 20:50 426576]
S3 SIS163u;SiS163 usb Wireless LAN Adapter Driver;c:\windows\system32\drivers\sis163u.sys [20/06/2005 11:12 215040]
.
- - - - ORPHELINS SUPPRIMES - - - -

SafeBoot-procexp90.Sys


.
------- Examen supplémentaire -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uStart Page = hxxp://www.google.fr/
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
Trusted Zone: secuser.com\www
Trusted Zone: virustotal.com\www
TCP: {A76C2CF6-CD68-41EB-9F27-15ADCA42FE99} = 212.27.40.240,212.27.40.241
TCP: {EE4C5035-14F7-4955-8052-0783BCEDDB6E} = 192.168.1.1
Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - c:\program files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
DPF: {88764F69-3831-4EC1-B40B-FF21D8381345} - hxxps://static.impots.gouv.fr/tdir/static/adpform/AdSignerADP-1.1.cab
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-31 11:50
Windows 5.1.2600 Service Pack 3 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"cd042efbbd7f7af1647644e76e06692b"=hex:e2,63,26,f1,3f,c8,ff,68,6e,6e,1a,07,21,
7f,50,c4,c8,28,51,af,b0,29,a3,98,e4,82,71,e5,80,85,74,50,e2,63,26,f1,3f,c8,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"bca643cdc5c2726b20d2ecedcc62c59b"=hex:6a,9c,d6,61,af,45,84,18,69,d3,09,a7,fb,
cb,76,fa,71,3b,04,66,8b,46,0d,96,7f,d5,41,f8,8b,d6,e9,cd,6a,9c,d6,61,af,45,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"2c81e34222e8052573023a60d06dd016"=hex:ff,7c,85,e0,43,d4,0e,fe,4a,ee,e1,4e,86,
c7,c8,45,25,da,ec,7e,55,20,c9,26,c0,0d,f1,ef,20,6b,b7,c4,ff,7c,85,e0,43,d4,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"2582ae41fb52324423be06337561aa48"=hex:86,8c,21,01,be,91,eb,e7,3a,a2,30,8e,cf,
54,be,21,3e,1e,9e,e0,57,5a,93,61,8a,18,15,99,6f,23,ee,11,86,8c,21,01,be,91,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"caaeda5fd7a9ed7697d9686d4b818472"=hex:cd,44,cd,b9,a6,33,6c,cd,93,0b,aa,69,19,
c7,64,7f,cd,44,cd,b9,a6,33,6c,cd,26,64,22,8e,b1,91,04,f2,f5,1d,4d,73,a8,13,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"a4a1bcf2cc2b8bc3716b74b2b4522f5d"=hex:df,20,58,62,78,6b,cf,c8,c8,fa,d2,fd,35,
ba,ba,b6,b0,18,ed,a7,3f,8d,37,a4,80,07,e9,42,c4,2d,1c,46,df,20,58,62,78,6b,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"4d370831d2c43cd13623e232fed27b7b"=hex:fb,a7,78,e6,12,2f,9a,ea,3d,70,40,5a,0a,
5c,18,2f,31,77,e1,ba,b1,f8,68,02,0c,a9,b2,94,5a,0a,1e,ce,fb,a7,78,e6,12,2f,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"1d68fe701cdea33e477eb204b76f993d"=hex:01,3a,48,fc,e8,04,4a,f1,18,4c,2b,dd,ff,
37,db,40,83,6c,56,8b,a0,85,96,ab,54,68,0e,67,6c,b1,2a,24,01,3a,48,fc,e8,04,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"1fac81b91d8e3c5aa4b0a51804d844a3"=hex:51,fa,6e,91,28,9e,14,cc,9a,0e,14,8c,a3,
05,ff,58,51,fa,6e,91,28,9e,14,cc,ec,26,c9,ef,f5,21,43,3c,f6,0f,4e,58,98,5b,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"f5f62a6129303efb32fbe080bb27835b"=hex:3d,ce,ea,26,2d,45,aa,78,6b,7b,14,b6,2f,
2f,fa,11,b1,cd,45,5a,a8,c4,f8,b9,d9,1f,80,70,4b,71,87,44,3d,ce,ea,26,2d,45,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"fd4e2e1a3940b94dceb5a6a021f2e3c6"=hex:e3,0e,66,d5,eb,bc,2f,6b,54,04,76,e5,e4,
cf,04,ac,e3,0e,66,d5,eb,bc,2f,6b,cf,4f,47,94,d5,82,e5,2c,2a,b7,cc,b5,b9,7f,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"8a8aec57dd6508a385616fbc86791ec2"=hex:fa,ea,66,7f,d4,3b,6b,70,3d,8a,19,29,9a,
e3,dd,45,fa,ea,66,7f,d4,3b,6b,70,ab,34,d3,08,5e,e9,04,5e,6c,43,2d,1e,aa,22,\
.
Heure de fin: 2009-05-31 11:53
ComboFix-quarantined-files.txt 2009-05-31 09:53

Avant-CF: 27 209 285 632 octets libres
Après-CF: 27 383 148 544 octets libres

WindowsXP-KB310994-SP2-Home-BootDisk-FRA.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP dition familiale" /noexecute=optin /fastdetect

Current=4 Default=4 Failed=1 LastKnownGood=5 Sets=1,2,3,4,5
224 --- E O F --- 2009-05-13 22:56
0
Réponse 11 / 30
Lyonnais92 Messages postés 25708 Statut Contributeur sécurité 1 537
 
Bonjour,

refais tourner OTL et poste le rapport.
0
Damss51
 
je n'arrive pas a te poster le rapport sa beug a chaque fois
0
Damss51
 
je vais te l'envoyé en plusieurs morceaux :

OTL logfile created on: 31/05/2009 12:53:12 - Run 3
OTL by OldTimer - Version 2.1.1.0 Folder = C:\Documents and Settings\Damien\Bureau
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy

502,42 Mb Total Physical Memory | 167,16 Mb Available Physical Memory | 33,27% Memory free
1,20 Gb Paging File | 0,90 Gb Available in Paging File | 74,74% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74,53 Gb Total Space | 25,47 Gb Free Space | 34,17% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: YOUR-0E28D1F289
Current User Name: Damien
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Output = Standard
File Age = 30 Days
Company Name Whitelist: On

[color=orange]========== Processes (SafeList) ==========[/color]

PRC - [2008/04/14 04:34:03 | 01,037,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Explorer.EXE
PRC - [2004/11/10 12:14:08 | 00,036,864 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
PRC - [2008/12/27 14:32:58 | 00,226,712 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2006/10/26 14:40:34 | 00,409,600 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\mdm.exe
PRC - [2006/03/03 22:03:10 | 00,069,632 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe
PRC - [2004/08/10 23:05:14 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wdfmgr.exe
PRC - [2009/02/28 06:54:41 | 00,713,896 | ---- | M] (Microsoft Corporation) -- C:\Program Files\internet explorer\iexplore.exe
PRC - [2009/05/31 12:18:28 | 00,011,264 | ---- | M] () -- C:\WINDOWS\TEMP\winycah.exe
PRC - [2009/05/31 12:18:30 | 00,019,968 | ---- | M] () -- C:\WINDOWS\TEMP\posok.exe
PRC - [2009/05/29 23:22:52 | 00,501,760 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Damien\Bureau\OTL.exe

[color=orange]========== Win32 Services (SafeList) ==========[/color]

SRV - [2009/01/07 19:32:38 | 00,146,432 | ---- | M] (Adobe Systems) -- C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe -- (Adobe LM Service [On_Demand | Stopped])
SRV - [2004/07/15 01:49:26 | 00,032,768 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
SRV - [2004/11/10 12:14:08 | 00,036,864 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe -- (CFSvcs [Auto | Running])
SRV - File not found -- -- (gusvc [On_Demand | Stopped])
SRV - [2008/04/14 04:33:38 | 00,038,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto | Running])
SRV - [2008/04/14 04:33:27 | 00,029,184 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\irmon.dll -- (Irmon [Auto | Running])
SRV - [2008/12/27 14:32:58 | 00,226,712 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService [Auto | Running])
SRV - [2006/10/26 14:40:34 | 00,409,600 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\mdm.exe -- (MDM [Auto | Running])
SRV - [2007/08/24 07:59:20 | 00,150,384 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe -- (Microsoft Office Groove Audit Service [On_Demand | Stopped])
SRV - [2007/08/24 04:19:12 | 00,521,600 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv [On_Demand | Stopped])
SRV - [2006/10/26 15:03:08 | 00,223,008 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
SRV - [2006/03/03 22:03:10 | 00,069,632 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12 [Unknown | Running])
SRV - [2004/08/10 23:05:14 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wdfmgr.exe -- (UMWdf [Auto | Running])
SRV - [2007/01/19 12:54:14 | 00,170,864 | ---- | M] (Microsoft Corporation) -- C:\Program Files\MSN Messenger\usnsvc.exe -- (usnjsvc [On_Demand | Stopped])

[color=orange]========== Driver Services (SafeList) ==========[/color]

DRV - File not found -- -- (abp470n5 [On_Demand | Running])
DRV - [2004/10/28 15:37:50 | 01,270,572 | ---- | M] (Agere Systems) -- C:\WINDOWS\system32\DRIVERS\AGRSM.sys -- (AgereSoftModem [On_Demand | Running])
DRV - [2003/12/08 11:53:48 | 00,053,600 | ---- | M] (THOMSON) -- C:\WINDOWS\system32\DRIVERS\alcan5wn.sys -- (alcan5wn [On_Demand | Stopped])
DRV - [2003/12/08 11:53:46 | 00,070,688 | ---- | M] (THOMSON) -- C:\WINDOWS\system32\DRIVERS\alcaudsl.sys -- (alcaudsl [On_Demand | Stopped])
DRV - [2006/11/06 17:01:50 | 04,024,832 | R--- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM [On_Demand | Running])
DRV - [2004/12/22 17:45:36 | 00,393,600 | ---- | M] (Atheros Communications, Inc.) -- C:\WINDOWS\system32\DRIVERS\ar5211.sys -- (AR5211 [On_Demand | Stopped])
DRV - [2004/08/17 04:21:00 | 00,087,168 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\drvmcdb.sys -- (drvmcdb [Boot | Running])
DRV - [2004/12/23 03:56:00 | 00,040,544 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\drvnddm.sys -- (drvnddm [Auto | Running])
DRV - [2006/04/13 03:04:39 | 00,049,664 | R--- | M] (HP) -- C:\WINDOWS\system32\DRIVERS\HPZid412.sys -- (HPZid412 [On_Demand | Stopped])
DRV - [2006/04/13 03:04:39 | 00,016,496 | R--- | M] (HP) -- C:\WINDOWS\system32\DRIVERS\HPZipr12.sys -- (HPZipr12 [On_Demand | Stopped])
DRV - [2006/04/13 03:04:39 | 00,021,568 | ---- | M] (HP) -- C:\WINDOWS\system32\DRIVERS\HPZius12.sys -- (HPZius12 [On_Demand | Stopped])
DRV - [2006/03/23 12:47:06 | 01,166,972 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\DRIVERS\ialmnt5.sys -- (ialm [On_Demand | Running])
DRV - [2005/03/04 19:08:50 | 00,052,384 | R--- | M] (MCCI) -- C:\WINDOWS\system32\DRIVERS\k600bus.sys -- (k600bus [On_Demand | Stopped])
DRV - [2005/03/04 19:11:20 | 00,006,096 | R--- | M] (MCCI) -- C:\WINDOWS\system32\DRIVERS\k600mdfl.sys -- (k600mdfl [On_Demand | Stopped])
DRV - [2005/03/04 19:11:26 | 00,087,456 | R--- | M] (MCCI) -- C:\WINDOWS\system32\DRIVERS\k600mdm.sys -- (k600mdm [On_Demand | Stopped])
DRV - [2005/03/04 19:13:46 | 00,079,248 | R--- | M] (MCCI) -- C:\WINDOWS\system32\DRIVERS\k600mgmt.sys -- (k600mgmt [On_Demand | Stopped])
DRV - [2005/03/04 19:15:54 | 00,077,072 | R--- | M] (MCCI) -- C:\WINDOWS\system32\DRIVERS\k600obex.sys -- (k600obex [On_Demand | Stopped])
DRV - [2008/04/13 20:46:22 | 00,015,232 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\DRIVERS\MPE.sys -- (MPE [On_Demand | Stopped])
DRV - [2003/01/29 15:35:00 | 00,012,032 | ---- | M] (TOSHIBA Corporation.) -- C:\WINDOWS\system32\DRIVERS\netdevio.sys -- (Netdevio [Auto | Running])
DRV - [2006/01/06 20:33:30 | 00,017,134 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) -- C:\WINDOWS\system32\PCANDIS5.SYS -- (PCANDIS5 [On_Demand | Stopped])
DRV - [2004/08/05 13:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\system32\DRIVERS\ptilink.sys -- (Ptilink [On_Demand | Running])
DRV - [2006/04/19 00:34:55 | 00,020,640 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20 [Boot | Running])
DRV - [2004/06/28 11:35:24 | 00,069,760 | ---- | M] (Realtek Semiconductor Corporation ) -- C:\WINDOWS\system32\DRIVERS\Rtlnicxp.sys -- (RTL8023xp [On_Demand | Running])
DRV - [2004/08/04 00:31:34 | 00,020,992 | ---- | M] (Realtek Semiconductor Corporation) -- C:\WINDOWS\system32\DRIVERS\RTL8139.SYS -- (rtl8139 [On_Demand | Stopped])
DRV - [2007/11/13 12:25:54 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\system32\DRIVERS\secdrv.sys -- (Secdrv [On_Demand | Stopped])
DRV - [2004/07/30 16:05:04 | 00,006,400 | ---- | M] (COMPAL ELECTRONIC INC.) -- C:\WINDOWS\system32\drivers\EPIOMngr.sys -- (SerTVOutCtlr [System | Running])
DRV - [2005/08/10 14:44:04 | 00,050,688 | ---- | M] (Protection Technology) -- C:\WINDOWS\System32\drivers\sfdrv01.sys -- (sfdrv01 [Boot | Running])
DRV - [2005/05/16 15:20:39 | 00,006,656 | ---- | M] (Protection Technology) -- C:\WINDOWS\System32\drivers\sfhlp02.sys -- (sfhlp02 [Boot | Running])
DRV - [2005/12/06 17:11:18 | 00,035,328 | ---- | M] (Protection Technology) -- C:\WINDOWS\System32\drivers\sfsync03.sys -- (sfsync03 [Boot | Running])
DRV - [2005/06/20 11:12:00 | 00,215,040 | ---- | M] (SiS Corporation) -- C:\WINDOWS\system32\DRIVERS\sis163u.sys -- (SIS163u [On_Demand | Stopped])
DRV - [2004/06/16 12:19:58 | 00,046,080 | ---- | M] (SMSC) -- C:\WINDOWS\system32\DRIVERS\smcirda.sys -- (SMCIRDA [On_Demand | Stopped])
DRV - [2007/11/04 23:47:15 | 00,685,816 | ---- | M] () -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd [Boot | Running])
DRV - [2004/07/30 00:05:04 | 00,006,400 | ---- | M] (COMPAL ELECTRONIC INC.) -- C:\WINDOWS\System32\Drivers\EKIoMngr.sys -- (SrvcEKIOMngr [System | Running])
DRV - [2004/07/30 00:05:08 | 00,006,400 | ---- | M] (COMPAL ELECTRONIC INC.) -- C:\WINDOWS\System32\Drivers\SSIoMngr.sys -- (SrvcSSIOMngr [System | Running])
DRV - [2004/12/02 12:04:20 | 00,005,627 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\sscdbhk5.sys -- (sscdbhk5 [System | Running])
DRV - [2004/12/02 12:04:10 | 00,023,545 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\ssrtln.sys -- (ssrtln [System | Running])
DRV - [2005/01/14 02:05:00 | 00,025,883 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\dla\tfsnboio.sys -- (tfsnboio [Auto | Running])
DRV - [2005/01/14 02:05:00 | 00,034,843 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\dla\tfsncofs.sys -- (tfsncofs [Auto | Running])
DRV - [2005/01/14 02:05:00 | 00,004,123 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\dla\tfsndrct.sys -- (tfsndrct [Auto | Running])
DRV - [2005/01/14 02:05:00 | 00,002,271 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\dla\tfsndres.sys -- (tfsndres [Auto | Running])
DRV - [2005/01/14 02:05:00 | 00,087,706 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\dla\tfsnifs.sys -- (tfsnifs [Auto | Running])
DRV - [2005/01/14 02:05:00 | 00,015,227 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\dla\tfsnopio.sys -- (tfsnopio [Auto | Running])
DRV - [2005/01/14 02:05:00 | 00,006,363 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\dla\tfsnpool.sys -- (tfsnpool [Auto | Running])
DRV - [2005/01/14 02:05:00 | 00,099,098 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\dla\tfsnudf.sys -- (tfsnudf [Auto | Running])
DRV - [2005/01/14 02:05:00 | 00,100,603 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\dla\tfsnudfa.sys -- (tfsnudfa [Auto | Running])
DRV - [2005/11/30 10:12:36 | 00,162,560 | ---- | M] (Texas Instruments) -- C:\WINDOWS\system32\drivers\tifm21.sys -- (tifm21 [On_Demand | Running])
DRV - [2005/02/25 20:08:26 | 00,008,704 | ---- | M] (TOSHIBA ) -- C:\WINDOWS\System32\Drivers\TPwSav.sys -- (TPwSav [System | Running])
DRV - [2006/11/22 00:18:40 | 00,023,600 | ---- | M] (EnTech Taiwan) -- C:\WINDOWS\system32\DRIVERS\TVICHW32.SYS -- (TVICHW32 [On_Demand | Stopped])
DRV - [2005/01/08 01:11:42 | 00,029,184 | ---- | M] (TOSHIBA Corporation) -- C:\WINDOWS\system32\DRIVERS\Tvs.sys -- (Tvs [On_Demand | Running])
DRV - [2005/11/22 19:04:46 | 00,209,408 | R--- | M] (eMPIA Technology, Inc.) -- C:\WINDOWS\system32\DRIVERS\emBDA.sys -- (USB28xxBGA [On_Demand | Stopped])
DRV - [2005/11/22 19:04:34 | 00,017,792 | R--- | M] (eMPIA Technology, Inc.) -- C:\WINDOWS\system32\DRIVERS\emOEM.sys -- (USB28xxOEM [On_Demand | Stopped])
DRV - [2008/04/13 20:45:12 | 00,060,032 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\usbaudio.sys -- (usbaudio [On_Demand | Stopped])
DRV - [2004/10/29 19:48:10 | 03,222,784 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\system32\DRIVERS\w29n51.sys -- (w29n51 [On_Demand | Running])
DRV - [2003/12/22 09:28:20 | 00,104,064 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\DRIVERS\wceusbsh.sys -- (wceusbsh [On_Demand | Stopped])

[color=orange]========== Standard Registry (SafeList) ==========[/color]


[color=orange]========== Internet Explorer ==========[/color]

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = https://www.bing.com/?toHttps=1&redig=8F3F334EA60E4B1CB4D040DCFE393A89{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/toolbar/ie8/sidebar.html
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = https://www.bing.com/?toHttps=1&redig=8F3F334EA60E4B1CB4D040DCFE393A89{SUB_RFC1766}/srchasst/srchasst.htm


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1461681625-618259322-1037030086-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKU\S-1-5-21-1461681625-618259322-1037030086-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKU\S-1-5-21-1461681625-618259322-1037030086-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
IE - HKU\S-1-5-21-1461681625-618259322-1037030086-1006\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKU\S-1-5-21-1461681625-618259322-1037030086-1006\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = https://www.google.com/webhp?gws_rd=ssl{searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE - HKU\S-1-5-21-1461681625-618259322-1037030086-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
IE - HKU\S-1-5-21-1461681625-618259322-1037030086-1006\S-1-5-21-1461681625-618259322-1037030086-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
0
Damss51
 
j'ai tout enregistrer ss word et voila le lien :

http://www.cijoint.fr/cjlink.php?file=cj200905/cijHs5uUc2.docx
0
Réponse 12 / 30
Damss51
 
OTL logfile created on: 31/05/2009 12:53:12 - Run 3
OTL by OldTimer - Version 2.1.1.0 Folder = C:\Documents and Settings\Damien\Bureau
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy

502,42 Mb Total Physical Memory | 167,16 Mb Available Physical Memory | 33,27% Memory free
1,20 Gb Paging File | 0,90 Gb Available in Paging File | 74,74% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74,53 Gb Total Space | 25,47 Gb Free Space | 34,17% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: YOUR-0E28D1F289
Current User Name: Damien
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Output = Standard
File Age = 30 Days
Company Name Whitelist: On

[color=orange]========== Processes (SafeList) ==========/color

PRC - [2008/04/14 04:34:03 | 01,037,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Explorer.EXE
PRC - [2004/11/10 12:14:08 | 00,036,864 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
PRC - [2008/12/27 14:32:58 | 00,226,712 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2006/10/26 14:40:34 | 00,409,600 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\mdm.exe
PRC - [2006/03/03 22:03:10 | 00,069,632 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe
PRC - [2004/08/10 23:05:14 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wdfmgr.exe
PRC - [2009/02/28 06:54:41 | 00,713,896 | ---- | M] (Microsoft Corporation) -- C:\Program Files\internet explorer\iexplore.exe
PRC - [2009/05/31 12:18:28 | 00,011,264 | ---- | M] () -- C:\WINDOWS\TEMP\winycah.exe
PRC - [2009/05/31 12:18:30 | 00,019,968 | ---- | M] () -- C:\WINDOWS\TEMP\posok.exe
PRC - [2009/05/29 23:22:52 | 00,501,760 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Damien\Bureau\OTL.exe

[color=orange]========== Win32 Services (SafeList) ==========/color

SRV - [2009/01/07 19:32:38 | 00,146,432 | ---- | M] (Adobe Systems) -- C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe -- (Adobe LM Service [On_Demand | Stopped])
SRV - [2004/07/15 01:49:26 | 00,032,768 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
SRV - [2004/11/10 12:14:08 | 00,036,864 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe -- (CFSvcs [Auto | Running])
SRV - File not found -- -- (gusvc [On_Demand | Stopped])
SRV - [2008/04/14 04:33:38 | 00,038,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto | Running])
SRV - [2008/04/14 04:33:27 | 00,029,184 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\irmon.dll -- (Irmon [Auto | Running])
SRV - [2008/12/27 14:32:58 | 00,226,712 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService [Auto | Running])
SRV - [2006/10/26 14:40:34 | 00,409,600 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\mdm.exe -- (MDM [Auto | Running])
SRV - [2007/08/24 07:59:20 | 00,150,384 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe -- (Microsoft Office Groove Audit Service [On_Demand | Stopped])
SRV - [2007/08/24 04:19:12 | 00,521,600 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv [On_Demand | Stopped])
SRV - [2006/10/26 15:03:08 | 00,223,008 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
SRV - [2006/03/03 22:03:10 | 00,069,632 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12 [Unknown | Running])
SRV - [2004/08/10 23:05:14 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wdfmgr.exe -- (UMWdf [Auto | Running])
SRV - [2007/01/19 12:54:14 | 00,170,864 | ---- | M] (Microsoft Corporation) -- C:\Program Files\MSN Messenger\usnsvc.exe -- (usnjsvc [On_Demand | Stopped])

[color=orange]========== Driver Services (SafeList) ==========/color

DRV - File not found -- -- (abp470n5 [On_Demand | Running])
DRV - [2004/10/28 15:37:50 | 01,270,572 | ---- | M] (Agere Systems) -- C:\WINDOWS\system32\DRIVERS\AGRSM.sys -- (AgereSoftModem [On_Demand | Running])
DRV - [2003/12/08 11:53:48 | 00,053,600 | ---- | M] (THOMSON) -- C:\WINDOWS\system32\DRIVERS\alcan5wn.sys -- (alcan5wn [On_Demand | Stopped])
DRV - [2003/12/08 11:53:46 | 00,070,688 | ---- | M] (THOMSON) -- C:\WINDOWS\system32\DRIVERS\alcaudsl.sys -- (alcaudsl [On_Demand | Stopped])
DRV - [2006/11/06 17:01:50 | 04,024,832 | R--- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM [On_Demand | Running])
DRV - [2004/12/22 17:45:36 | 00,393,600 | ---- | M] (Atheros Communications, Inc.) -- C:\WINDOWS\system32\DRIVERS\ar5211.sys -- (AR5211 [On_Demand | Stopped])
DRV - [2004/08/17 04:21:00 | 00,087,168 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\drvmcdb.sys -- (drvmcdb [Boot | Running])
DRV - [2004/12/23 03:56:00 | 00,040,544 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\drvnddm.sys -- (drvnddm [Auto | Running])
DRV - [2006/04/13 03:04:39 | 00,049,664 | R--- | M] (HP) -- C:\WINDOWS\system32\DRIVERS\HPZid412.sys -- (HPZid412 [On_Demand | Stopped])
DRV - [2006/04/13 03:04:39 | 00,016,496 | R--- | M] (HP) -- C:\WINDOWS\system32\DRIVERS\HPZipr12.sys -- (HPZipr12 [On_Demand | Stopped])
DRV - [2006/04/13 03:04:39 | 00,021,568 | ---- | M] (HP) -- C:\WINDOWS\system32\DRIVERS\HPZius12.sys -- (HPZius12 [On_Demand | Stopped])
DRV - [2006/03/23 12:47:06 | 01,166,972 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\DRIVERS\ialmnt5.sys -- (ialm [On_Demand | Running])
DRV - [2005/03/04 19:08:50 | 00,052,384 | R--- | M] (MCCI) -- C:\WINDOWS\system32\DRIVERS\k600bus.sys -- (k600bus [On_Demand | Stopped])
DRV - [2005/03/04 19:11:20 | 00,006,096 | R--- | M] (MCCI) -- C:\WINDOWS\system32\DRIVERS\k600mdfl.sys -- (k600mdfl [On_Demand | Stopped])
DRV - [2005/03/04 19:11:26 | 00,087,456 | R--- | M] (MCCI) -- C:\WINDOWS\system32\DRIVERS\k600mdm.sys -- (k600mdm [On_Demand | Stopped])
DRV - [2005/03/04 19:13:46 | 00,079,248 | R--- | M] (MCCI) -- C:\WINDOWS\system32\DRIVERS\k600mgmt.sys -- (k600mgmt [On_Demand | Stopped])
DRV - [2005/03/04 19:15:54 | 00,077,072 | R--- | M] (MCCI) -- C:\WINDOWS\system32\DRIVERS\k600obex.sys -- (k600obex [On_Demand | Stopped])
DRV - [2008/04/13 20:46:22 | 00,015,232 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\DRIVERS\MPE.sys -- (MPE [On_Demand | Stopped])
DRV - [2003/01/29 15:35:00 | 00,012,032 | ---- | M] (TOSHIBA Corporation.) -- C:\WINDOWS\system32\DRIVERS\netdevio.sys -- (Netdevio [Auto | Running])
DRV - [2006/01/06 20:33:30 | 00,017,134 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) -- C:\WINDOWS\system32\PCANDIS5.SYS -- (PCANDIS5 [On_Demand | Stopped])
DRV - [2004/08/05 13:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\system32\DRIVERS\ptilink.sys -- (Ptilink [On_Demand | Running])
DRV - [2006/04/19 00:34:55 | 00,020,640 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20 [Boot | Running])
DRV - [2004/06/28 11:35:24 | 00,069,760 | ---- | M] (Realtek Semiconductor Corporation ) -- C:\WINDOWS\system32\DRIVERS\Rtlnicxp.sys -- (RTL8023xp [On_Demand | Running])
DRV - [2004/08/04 00:31:34 | 00,020,992 | ---- | M] (Realtek Semiconductor Corporation) -- C:\WINDOWS\system32\DRIVERS\RTL8139.SYS -- (rtl8139 [On_Demand | Stopped])
DRV - [2007/11/13 12:25:54 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\system32\DRIVERS\secdrv.sys -- (Secdrv [On_Demand | Stopped])
DRV - [2004/07/30 16:05:04 | 00,006,400 | ---- | M] (COMPAL ELECTRONIC INC.) -- C:\WINDOWS\system32\drivers\EPIOMngr.sys -- (SerTVOutCtlr [System | Running])
DRV - [2005/08/10 14:44:04 | 00,050,688 | ---- | M] (Protection Technology) -- C:\WINDOWS\System32\drivers\sfdrv01.sys -- (sfdrv01 [Boot | Running])
DRV - [2005/05/16 15:20:39 | 00,006,656 | ---- | M] (Protection Technology) -- C:\WINDOWS\System32\drivers\sfhlp02.sys -- (sfhlp02 [Boot | Running])
DRV - [2005/12/06 17:11:18 | 00,035,328 | ---- | M] (Protection Technology) -- C:\WINDOWS\System32\drivers\sfsync03.sys -- (sfsync03 [Boot | Running])
DRV - [2005/06/20 11:12:00 | 00,215,040 | ---- | M] (SiS Corporation) -- C:\WINDOWS\system32\DRIVERS\sis163u.sys -- (SIS163u [On_Demand | Stopped])
DRV - [2004/06/16 12:19:58 | 00,046,080 | ---- | M] (SMSC) -- C:\WINDOWS\system32\DRIVERS\smcirda.sys -- (SMCIRDA [On_Demand | Stopped])
DRV - [2007/11/04 23:47:15 | 00,685,816 | ---- | M] () -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd [Boot | Running])
DRV - [2004/07/30 00:05:04 | 00,006,400 | ---- | M] (COMPAL ELECTRONIC INC.) -- C:\WINDOWS\System32\Drivers\EKIoMngr.sys -- (SrvcEKIOMngr [System | Running])
DRV - [2004/07/30 00:05:08 | 00,006,400 | ---- | M] (COMPAL ELECTRONIC INC.) -- C:\WINDOWS\System32\Drivers\SSIoMngr.sys -- (SrvcSSIOMngr [System | Running])
DRV - [2004/12/02 12:04:20 | 00,005,627 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\sscdbhk5.sys -- (sscdbhk5 [System | Running])
DRV - [2004/12/02 12:04:10 | 00,023,545 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\ssrtln.sys -- (ssrtln [System | Running])
DRV - [2005/01/14 02:05:00 | 00,025,883 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\dla\tfsnboio.sys -- (tfsnboio [Auto | Running])
DRV - [2005/01/14 02:05:00 | 00,034,843 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\dla\tfsncofs.sys -- (tfsncofs [Auto | Running])
DRV - [2005/01/14 02:05:00 | 00,004,123 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\dla\tfsndrct.sys -- (tfsndrct [Auto | Running])
DRV - [2005/01/14 02:05:00 | 00,002,271 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\dla\tfsndres.sys -- (tfsndres [Auto | Running])
DRV - [2005/01/14 02:05:00 | 00,087,706 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\dla\tfsnifs.sys -- (tfsnifs [Auto | Running])
DRV - [2005/01/14 02:05:00 | 00,015,227 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\dla\tfsnopio.sys -- (tfsnopio [Auto | Running])
DRV - [2005/01/14 02:05:00 | 00,006,363 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\dla\tfsnpool.sys -- (tfsnpool [Auto | Running])
DRV - [2005/01/14 02:05:00 | 00,099,098 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\dla\tfsnudf.sys -- (tfsnudf [Auto | Running])
DRV - [2005/01/14 02:05:00 | 00,100,603 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\dla\tfsnudfa.sys -- (tfsnudfa [Auto | Running])
DRV - [2005/11/30 10:12:36 | 00,162,560 | ---- | M] (Texas Instruments) -- C:\WINDOWS\system32\drivers\tifm21.sys -- (tifm21 [On_Demand | Running])
DRV - [2005/02/25 20:08:26 | 00,008,704 | ---- | M] (TOSHIBA ) -- C:\WINDOWS\System32\Drivers\TPwSav.sys -- (TPwSav [System | Running])
DRV - [2006/11/22 00:18:40 | 00,023,600 | ---- | M] (EnTech Taiwan) -- C:\WINDOWS\system32\DRIVERS\TVICHW32.SYS -- (TVICHW32 [On_Demand | Stopped])
DRV - [2005/01/08 01:11:42 | 00,029,184 | ---- | M] (TOSHIBA Corporation) -- C:\WINDOWS\system32\DRIVERS\Tvs.sys -- (Tvs [On_Demand | Running])
DRV - [2005/11/22 19:04:46 | 00,209,408 | R--- | M] (eMPIA Technology, Inc.) -- C:\WINDOWS\system32\DRIVERS\emBDA.sys -- (USB28xxBGA [On_Demand | Stopped])
DRV - [2005/11/22 19:04:34 | 00,017,792 | R--- | M] (eMPIA Technology, Inc.) -- C:\WINDOWS\system32\DRIVERS\emOEM.sys -- (USB28xxOEM [On_Demand | Stopped])
DRV - [2008/04/13 20:45:12 | 00,060,032 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\usbaudio.sys -- (usbaudio [On_Demand | Stopped])
DRV - [2004/10/29 19:48:10 | 03,222,784 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\system32\DRIVERS\w29n51.sys -- (w29n51 [On_Demand | Running])
DRV - [2003/12/22 09:28:20 | 00,104,064 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\DRIVERS\wceusbsh.sys -- (wceusbsh [On_Demand | Stopped])

[color=orange]========== Standard Registry (SafeList) ==========/color


[color=orange]========== Internet Explorer ==========/color

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = https://www.bing.com/?toHttps=1&redig=8F3F334EA60E4B1CB4D040DCFE393A89{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/toolbar/ie8/sidebar.html
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = https://www.bing.com/?toHttps=1&redig=8F3F334EA60E4B1CB4D040DCFE393A89{SUB_RFC1766}/srchasst/srchasst.htm


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1461681625-618259322-1037030086-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKU\S-1-5-21-1461681625-618259322-1037030086-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKU\S-1-5-21-1461681625-618259322-1037030086-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
IE - HKU\S-1-5-21-1461681625-618259322-1037030086-1006\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKU\S-1-5-21-1461681625-618259322-1037030086-1006\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = https://www.google.com/webhp?gws_rd=ssl{searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE - HKU\S-1-5-21-1461681625-618259322-1037030086-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
IE - HKU\S-1-5-21-1461681625-618259322-1037030086-1006\S-1-5-21-1461681625-618259322-1037030086-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\software\mozilla\Firefox\extensions\\jqs@sun.com: C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF [2008/12/27 14:33:04 | 00,000,000 | ---D | M]


O1 HOSTS File: (790 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - Reg Error: Key error. File not found
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll (Sonic Solutions)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - Reg Error: Key error. File not found
O2 - BHO: (no name) - {8D4D2F69-DF30-4471-988C-CC58545E86C8} - Reg Error: Key error. File not found
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll (Google Inc.)
O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll (Google Inc.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O2 - BHO: (EpsonToolBandKicker Class) - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O3 - HKU\S-1-5-21-1461681625-618259322-1037030086-1006\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - Reg Error: Key error. File not found
O3 - HKU\S-1-5-21-1461681625-618259322-1037030086-1006\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O3 - HKU\S-1-5-21-1461681625-618259322-1037030086-1006\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - Reg Error: Key error. File not found
O3 - HKU\S-1-5-21-1461681625-618259322-1037030086-1006\..\Toolbar\WebBrowser: (no name) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O4 - HKU\.DEFAULT..\Run: [DWQueuedReporting] "C:\PROGRA~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe" -t (Microsoft Corporation)
O4 - HKU\S-1-5-18..\Run: [DWQueuedReporting] "C:\PROGRA~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe" -t (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\Damien\Menu Démarrer\Programmes\Démarrage\Démarrage d'Office.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE ()
O4 - Startup: C:\Documents and Settings\Damien\Menu Démarrer\Programmes\Démarrage\Microsoft Recherche accélérée.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\Damien\Menu Démarrer\Programmes\Démarrage\MSCREATE.DIR ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoClose = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 1
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoClose = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 1
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1461681625-618259322-1037030086-1006\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1461681625-618259322-1037030086-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-1461681625-618259322-1037030086-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-1461681625-618259322-1037030086-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-1461681625-618259322-1037030086-1006_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites File not found
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 (Microsoft Corporation)
O9 - Extra Button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Créer un Favori de l'appareil mobile - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Créer un Favori de l'appareil mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-21-1461681625-618259322-1037030086-1006\..Trusted Domains: secuser.com ([www] http in Sites de confiance)
O15 - HKU\S-1-5-21-1461681625-618259322-1037030086-1006\..Trusted Domains: virustotal.com ([www] http in Sites de confiance)
O15 - HKU\S-1-5-21-1461681625-618259322-1037030086-1006\..Trusted Domains: 2 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/9/b/d/9bdc68ef-6a9f-4505-8fb8-d0d2d160e512/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab (UnoCtrl Class)
O16 - DPF: {88764F69-3831-4EC1-B40B-FF21D8381345} https://static.impots.gouv.fr/tdir/static/adpform/AdSignerADP-1.1.cab (AdVerifierADPCtrl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab (MSN Games - Installer)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab (Java Plug-in 1.5.0_10)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} https://driveragent.com/files/driveragent.cab (Driver Agent ActiveX Control)
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab (Minesweeper Flags Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Interfaces\{A76C2CF6-CD68-41EB-9F27-15ADCA42FE99}\\NameServer = 212.27.40.240,212.27.40.241
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Interfaces\{EE4C5035-14F7-4955-8052-0783BCEDDB6E}\\NameServer = 192.168.1.1
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll (Microsoft Corporation)
O18 - Protocol\Handler\mctp {d7b95390-b1c5-11d0-b111-0080c712fe82} - C:\Program Files\Microsoft ActiveSync\aatp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Fichiers communs\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Fichiers communs\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll (Microsoft Corporation)
O18 - Protocol\Filter: - text/xml - C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter: - x-sdch - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll (Google Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
O24 - Desktop Components:0 (Ma page d'accueil) - About:Home
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/03/17 09:21:20 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - * [2009/05/31 12:13:59 | 00,000,000 | ---D | M]

[color=orange]========== Files/Folders - Created Within 30 Days ==========/color

[2 C:\WINDOWS\*.tmp files]
[2009/05/31 12:09:49 | 00,000,000 | -HSD | C] -- C:\RECYCLER
[2009/05/31 11:53:39 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Damien\Local Settings\temp
[2009/05/31 11:43:29 | 00,000,216 | ---- | C] () -- C:\Boot.bak
[2009/05/31 11:43:21 | 00,263,488 | ---- | C] () -- C:\cmldr
[2009/05/31 11:43:14 | 00,000,000 | RHSD | C] -- C:\cmdcons
[2009/05/31 11:41:40 | 00,000,000 | --SD | C] -- C:\ComboFix
[2009/05/31 11:36:43 | 00,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2009/05/31 11:36:43 | 00,154,624 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2009/05/31 11:36:43 | 00,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2009/05/31 11:36:42 | 00,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2009/05/31 11:36:42 | 00,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2009/05/31 11:36:42 | 00,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2009/05/31 11:36:42 | 00,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2009/05/31 11:36:42 | 00,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2009/05/31 11:36:34 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2009/05/31 11:36:26 | 00,000,000 | ---D | C] -- C:\Qoobox
[2009/05/31 11:34:19 | 03,192,050 | R--- | C] () -- C:\Documents and Settings\Damien\Bureau\ComboFix.exe
[2009/05/31 09:26:38 | 00,015,929 | ---- | C] () -- C:\Documents and Settings\Damien\Bureau\report2.zip
[2009/05/31 09:26:25 | 00,019,139 | ---- | C] () -- C:\Documents and Settings\Damien\Bureau\report1.zip
[2009/05/30 10:55:19 | 00,000,000 | ---D | C] -- C:\_OTL
[2009/05/29 23:22:45 | 00,501,760 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Damien\Bureau\OTL.exe
[2009/05/27 20:47:18 | 02,897,800 | ---- | C] () -- C:\Documents and Settings\Damien\Bureau\Dossier.docx
[2009/05/27 16:59:29 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Damien\Application Data\Malwarebytes
[2009/05/27 16:59:20 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009/05/27 16:58:54 | 03,445,112 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Damien\Bureau\mbam-setup.exe
[2009/05/27 04:37:23 | 00,626,688 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msvcr80.dll
[2009/05/27 04:35:37 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Damien\Bureau\Spyware.Doctor.KeyGen
[2009/05/26 21:14:52 | 14,946,680 | ---- | C] () -- C:\Documents and Settings\Damien\Bureau\Spyware.Doctor.KeyGen.rar
[2009/05/26 20:51:00 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/05/26 19:58:12 | 00,617,432 | ---- | C] () -- C:\Documents and Settings\Damien\Bureau\pllangs.exe
[2009/05/26 19:57:42 | 23,976,504 | ---- | C] (PC Tools ) -- C:\Documents and Settings\Damien\Bureau\sdasetup.exe
[2009/05/26 19:46:49 | 00,000,748 | ---- | C] () -- C:\Documents and Settings\Damien\Mes documents\cc_20090526_194646.reg
[2009/05/26 19:35:23 | 00,004,097 | ---- | C] () -- C:\Documents and Settings\Damien\Bureau\VirusBdRRepair.vbs
[2009/05/26 19:04:28 | 57,695,967 | ---- | C] () -- C:\Documents and Settings\Damien\Bureau\avg_avwt_stf_g7_85_276a1438.exe
[2009/05/26 18:59:23 | 00,002,820 | ---- | C] () -- C:\Documents and Settings\Damien\Mes documents\cc_20090526_185922.reg
[2009/05/26 18:59:07 | 00,046,048 | ---- | C] () -- C:\Documents and Settings\Damien\Mes documents\cc_20090526_185906.reg
[2009/05/26 18:58:20 | 01,123,402 | ---- | C] () -- C:\Documents and Settings\Damien\Mes documents\cc_20090526_185815.reg
[2009/05/26 18:53:49 | 01,059,624 | ---- | C] (Piriform Ltd) -- C:\Documents and Settings\Damien\Bureau\ccsetup219_slim.exe
[2009/05/21 08:29:49 | 00,000,630 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\Navilog1.lnk
[2009/05/21 08:29:49 | 00,000,000 | ---D | C] -- C:\Program Files\Navilog1
[2009/05/21 08:23:31 | 00,471,352 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\Damien\Bureau\HiJackThis.exe
[2009/05/20 12:44:55 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2009/05/07 01:05:05 | 00,117,440 | ---- | C] () -- C:\Documents and Settings\Damien\Mes documents\wc.docx
[2009/05/02 13:11:02 | 00,010,617 | ---- | C] () -- C:\Documents and Settings\Damien\Bureau\programme semaine.docx
[2009/04/19 19:34:24 | 00,000,209 | ---- | C] () -- C:\WINDOWS\Pochcd.INI
[2009/01/14 19:00:29 | 00,446,464 | ---- | C] () -- C:\WINDOWS\System32\Tx32.dll
[2009/01/14 19:00:29 | 00,000,151 | ---- | C] () -- C:\WINDOWS\System32\ic32.ini
[2009/01/08 21:14:54 | 00,000,050 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2008/11/07 10:24:25 | 00,043,520 | ---- | C] () -- C:\WINDOWS\System32\CmdLineExt03.dll
[2007/11/18 13:22:41 | 00,010,240 | ---- | C] () -- C:\WINDOWS\System32\vidx16.dll
[2007/11/18 13:17:39 | 00,156,160 | ---- | C] () -- C:\WINDOWS\System32\unrar3.dll
[2007/11/18 13:17:39 | 00,075,264 | ---- | C] () -- C:\WINDOWS\System32\unacev2.dll
[2006/12/10 13:56:55 | 00,147,456 | ---- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
[2006/11/13 20:41:56 | 00,077,824 | R--- | C] () -- C:\WINDOWS\System32\HPZIDS01.dll
[2006/10/16 20:33:35 | 00,114,688 | ---- | C] () -- C:\WINDOWS\System32\WLANUTL.dll
[2006/06/15 09:16:48 | 00,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2006/05/03 20:10:35 | 00,685,816 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2006/03/22 02:38:42 | 00,012,288 | ---- | C] () -- C:\WINDOWS\System32\DivXWMPExtType.dll
[2006/03/13 12:19:21 | 00,000,099 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2006/03/13 12:16:34 | 00,000,025 | ---- | C] () -- C:\WINDOWS\CDE DX4800EFGIPSD.ini
[2005/11/24 14:29:33 | 00,005,632 | ---- | C] () -- C:\WINDOWS\System32\CNMVS3q.DLL
[2005/11/14 18:50:26 | 00,000,000 | ---- | C] () -- C:\WINDOWS\MSDraw.ini
[2005/10/22 23:11:54 | 00,000,000 | ---- | C] () -- C:\WINDOWS\iPlayer.INI
[2005/10/09 19:42:55 | 00,005,606 | ---- | C] () -- C:\WINDOWS\System32\stci.dll
[2005/08/10 00:13:31 | 00,831,488 | ---- | C] () -- C:\WINDOWS\System32\libeay32.dll
[2005/08/10 00:13:31 | 00,159,744 | ---- | C] () -- C:\WINDOWS\System32\ssleay32.dll
[2005/08/10 00:12:28 | 03,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2005/03/22 16:14:43 | 00,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2005/03/22 16:14:43 | 00,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2005/03/22 16:14:43 | 00,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2005/03/22 16:14:43 | 00,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2005/03/22 16:14:43 | 00,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2005/03/22 16:14:42 | 00,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2005/03/18 11:36:02 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2005/03/18 11:01:47 | 00,006,757 | ---- | C] () -- C:\WINDOWS\TcdsASC2.ini
[2005/03/18 10:59:23 | 00,000,861 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005/03/17 13:52:03 | 00,000,138 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2005/03/17 13:22:08 | 00,000,000 | ---- | C] () -- C:\WINDOWS\NDSTray.INI
[2005/03/17 13:09:48 | 00,029,184 | ---- | C] () -- C:\WINDOWS\System32\drivers\TSXT_kern_i386.sys
[2005/03/17 13:09:48 | 00,028,032 | ---- | C] () -- C:\WINDOWS\System32\drivers\WOWXT_kern_i386.sys
[2005/03/17 12:19:23 | 00,028,672 | ---- | C] () -- C:\WINDOWS\System32\EBLib.dll
[2005/03/17 11:56:44 | 00,128,113 | ---- | C] () -- C:\WINDOWS\System32\csellang.ini
[2005/03/17 11:56:44 | 00,045,056 | ---- | C] () -- C:\WINDOWS\System32\csellang.dll
[2005/03/17 11:56:44 | 00,010,179 | ---- | C] () -- C:\WINDOWS\System32\tosmreg.ini
[2005/03/17 11:56:44 | 00,007,671 | ---- | C] () -- C:\WINDOWS\System32\cseltbl.ini
[2005/03/17 09:25:07 | 00,000,829 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2005/03/17 09:07:33 | 00,028,672 | ---- | C] () -- C:\WINDOWS\System32\ToshBIOS.dll
[2005/03/17 09:07:33 | 00,000,083 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2005/03/17 09:07:13 | 00,000,672 | ---- | C] () -- C:\WINDOWS\win.ini
[2005/03/17 09:07:07 | 00,000,316 | ---- | C] () -- C:\WINDOWS\system.ini
[2005/03/02 22:02:32 | 00,028,672 | ---- | C] () -- C:\WINDOWS\System32\TPeculiarity.dll
[2005/03/01 16:36:58 | 00,040,960 | ---- | C] () -- C:\WINDOWS\System32\HWS_Ctrl.dll
[2005/02/17 16:51:56 | 00,032,768 | ---- | C] () -- C:\WINDOWS\System32\TCtrlIO.dll
[2005/02/16 15:37:56 | 00,028,672 | ---- | C] () -- C:\WINDOWS\System32\SPCtl.dll
[2005/02/16 15:36:30 | 00,024,576 | ---- | C] () -- C:\WINDOWS\System32\EKECioCtl.dll
[2004/12/07 18:40:54 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2001/07/07 04:00:00 | 00,003,279 | ---- | C] () -- C:\WINDOWS\System32\HPTCPMON.INI
[1998/09/14 21:43:16 | 00,065,536 | ---- | C] () -- C:\WINDOWS\System32\TWAIN32d.dll
[1996/12/17 01:00:00 | 00,022,016 | ---- | C] () -- C:\WINDOWS\System32\ODBCSTF.DLL
[1996/12/17 01:00:00 | 00,022,016 | ---- | C] () -- C:\WINDOWS\System32\DOCOBJ.DLL
[1996/12/17 01:00:00 | 00,012,288 | ---- | C] () -- C:\WINDOWS\System32\HLINKPRX.DLL

[color=orange]========== Files - Modified Within 30 Days ==========/color

[2 C:\WINDOWS\System32\*.tmp files]
[2 C:\WINDOWS\*.tmp files]
[2009/05/31 12:15:18 | 00,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/05/31 12:15:13 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/05/31 12:15:12 | 00,000,062 | -HS- | M] () -- C:\Documents and Settings\Damien\Local Settings\desktop.ini
[2009/05/31 12:15:10 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/05/31 12:15:07 | 52,689,7152 | -HS- | M] () -- C:\hiberfil.sys
[2009/05/31 11:50:38 | 00,000,316 | ---- | M] () -- C:\WINDOWS\system.ini
[2009/05/31 11:43:30 | 00,000,286 | RHS- | M] () -- C:\boot.ini
[2009/05/31 11:36:06 | 03,192,050 | R--- | M] () -- C:\Documents and Settings\Damien\Bureau\ComboFix.exe
[2009/05/31 09:26:39 | 00,015,929 | ---- | M] () -- C:\Documents and Settings\Damien\Bureau\report2.zip
[2009/05/31 09:26:25 | 00,019,139 | ---- | M] () -- C:\Documents and Settings\Damien\Bureau\report1.zip
[2009/05/29 23:22:52 | 00,501,760 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Damien\Bureau\OTL.exe
[2009/05/29 20:02:23 | 00,000,590 | ---- | M] () -- C:\Documents and Settings\Damien\Mes documents\Mes dossiers de partage.lnk
[2009/05/27 20:46:02 | 02,897,800 | ---- | M] () -- C:\Documents and Settings\Damien\Bureau\Dossier.docx
[2009/05/27 16:59:07 | 03,445,112 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Damien\Bureau\mbam-setup.exe
[2009/05/27 16:08:55 | 00,000,672 | ---- | M] () -- C:\WINDOWS\win.ini
[2009/05/27 04:36:12 | 00,003,563 | ---- | M] () -- C:\Documents and Settings\Damien\Application Data\QuickZip45.ini
[2009/05/26 21:14:53 | 14,946,680 | ---- | M] () -- C:\Documents and Settings\Damien\Bureau\Spyware.Doctor.KeyGen.rar
[2009/05/26 19:58:17 | 00,617,432 | ---- | M] () -- C:\Documents and Settings\Damien\Bureau\pllangs.exe
[2009/05/26 19:57:45 | 23,976,504 | ---- | M] (PC Tools ) -- C:\Documents and Settings\Damien\Bureau\sdasetup.exe
[2009/05/26 19:46:51 | 00,000,748 | ---- | M] () -- C:\Documents and Settings\Damien\Mes documents\cc_20090526_194646.reg
[2009/05/26 19:35:27 | 00,004,097 | ---- | M] () -- C:\Documents and Settings\Damien\Bureau\VirusBdRRepair.vbs
[2009/05/26 19:05:07 | 57,695,967 | ---- | M] () -- C:\Documents and Settings\Damien\Bureau\avg_avwt_stf_g7_85_276a1438.exe
[2009/05/26 18:59:27 | 00,002,820 | ---- | M] () -- C:\Documents and Settings\Damien\Mes documents\cc_20090526_185922.reg
[2009/05/26 18:59:11 | 00,046,048 | ---- | M] () -- C:\Documents and Settings\Damien\Mes documents\cc_20090526_185906.reg
[2009/05/26 18:58:36 | 01,123,402 | ---- | M] () -- C:\Documents and Settings\Damien\Mes documents\cc_20090526_185815.reg
[2009/05/26 18:54:44 | 01,059,624 | ---- | M] (Piriform Ltd) -- C:\Documents and Settings\Damien\Bureau\ccsetup219_slim.exe
[2009/05/24 16:01:49 | 00,154,624 | ---- | M] () -- C:\WINDOWS\PEV.exe
[2009/05/22 11:46:53 | 00,000,216 | ---- | M] () -- C:\Boot.bak
[2009/05/21 08:29:49 | 00,000,630 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\Navilog1.lnk
[2009/05/21 08:23:34 | 00,471,352 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\Damien\Bureau\HiJackThis.exe
[2009/05/07 09:16:29 | 24,699,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe
[2009/05/07 01:05:06 | 00,117,440 | ---- | M] () -- C:\Documents and Settings\Damien\Mes documents\wc.docx
[2009/05/04 23:35:44 | 00,010,617 | ---- | M] () -- C:\Documents and Settings\Damien\Bureau\programme semaine.docx

[color=orange]========== LOP Check ==========/color

[2009/05/31 12:09:05 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\All Users\Application Data
[2009/01/07 19:30:39 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Adobe
[2009/01/07 19:32:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Adobe Systems
[2008/12/27 14:36:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg8
[2008/12/21 19:36:11 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Google
[2006/11/13 20:48:12 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HP
[2009/05/27 16:59:20 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009/05/27 15:48:56 | 00,000,000 | --SD | M] -- C:\Documents and Settings\All Users\Application Data\Microsoft
[2009/05/14 00:55:53 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Microsoft Help
[2006/06/15 09:19:35 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Pinnacle
[2005/03/17 09:26:48 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SBSI
[2009/05/31 12:08:47 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2006/03/05 22:14:29 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Symantec
[2009/05/31 12:09:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2006/03/13 12:23:49 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\UDL
[2006/07/27 09:13:20 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
[2006/11/22 09:42:14 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Windows Live Toolbar
[2009/01/25 15:56:40 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\wmp
[2009/05/31 12:09:06 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\Damien\Application Data
[2009/02/17 14:51:54 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Damien\Application Data\Adobe
[2008/05/16 09:46:09 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Damien\Application Data\AdobeUM
[2007/05/18 09:47:56 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Damien\Application Data\Azureus
[2006/09/25 15:17:38 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Damien\Application Data\BitTorrent
[2006/05/28 00:06:04 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Damien\Application Data\EPSON
[2006/07/29 14:50:41 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Damien\Application Data\Google
[2005/10/09 19:48:58 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Damien\Application Data\Help
[2007/09/24 10:29:53 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Damien\Application Data\HP
[2005/03/17 10:03:31 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Damien\Application Data\Identities
[2009/03/05 15:41:09 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Damien\Application Data\Image Zone Express
[2007/11/05 00:43:26 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Damien\Application Data\ImgBurn
[2005/10/07 19:18:02 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Damien\Application Data\InterVideo
[2009/05/27 15:48:56 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Damien\Application Data\Lavasoft
[2008/11/07 10:19:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Damien\Application Data\Leadertech
[2007/12/18 00:12:57 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Damien\Application Data\Macromedia
[2009/05/27 16:59:29 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Damien\Application Data\Malwarebytes
[2009/02/18 12:32:07 | 00,000,000 | --SD | M] -- C:\Documents and Settings\Damien\Application Data\Microsoft
[2009/01/07 19:42:26 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Damien\Application Data\Opera
[2008/01/15 23:39:50 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Damien\Application Data\Real
[2007/11/04 21:59:29 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\Damien\Application Data\SecuROM
[2005/03/18 09:52:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Damien\Application Data\Sonic
[2007/11/04 21:23:12 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Damien\Application Data\Sports Interactive
[2006/11/30 21:39:14 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Damien\Application Data\Sun
[2006/03/05 22:04:54 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Damien\Application Data\Symantec
[2005/10/24 09:06:02 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Damien\Application Data\Template
[2005/03/17 13:54:51 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Damien\Application Data\toshiba
[2005/03/30 10:03:33 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\Default User\Application Data
[2005/03/18 09:11:44 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Application Data\Adobe
[2005/03/18 09:11:53 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Application Data\AdobeUM
[2005/03/17 10:03:31 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Application Data\Identities
[2005/03/22 16:19:04 | 00,000,000 | --SD | M] -- C:\Documents and Settings\Default User\Application Data\Microsoft
[2005/03/18 09:52:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Application Data\Sonic
[2005/03/18 10:50:37 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Application Data\Symantec
[2005/03/17 13:54:51 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Application Data\toshiba
[2006/03/05 23:49:35 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\Invité\Application Data
[2005/03/18 09:11:44 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Invité\Application Data\Adobe
[2005/03/18 09:11:53 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Invité\Application Data\AdobeUM
[2005/03/17 10:03:31 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Invité\Application Data\Identities
[2008/12/27 14:31:27 | 00,000,000 | --SD | M] -- C:\Documents and Settings\Invité\Application Data\Microsoft
[2005/03/18 09:52:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Invité\Application Data\Sonic
[2005/03/18 10:50:37 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Invité\Application Data\Symantec
[2005/03/17 13:54:51 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Invité\Application Data\toshiba
[2008/11/28 15:10:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data
[2008/12/27 14:31:26 | 00,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2005/03/17 09:24:46 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data
[2008/12/27 14:31:26 | 00,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2004/08/05 13:00:00 | 00,000,065 | RH-- | M] () -- C:\WINDOWS\Tasks\desktop.ini
[2009/05/31 12:15:13 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\Tasks\SA.DAT

[color=orange]========== Purity Check ==========/color


[color=orange]========== Alternate Data Streams ==========/color

@Alternate Data Stream - 153 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
< End of report >
0
Réponse 13 / 30
Lyonnais92 Messages postés 25708 Statut Contributeur sécurité 1 537
 
Re,

je t'ai posé une question sur ton antivirus et ton parefeu et je n'ai pas eu de réponse.
0
Damss51
 
Re, je n'ai pas d'anti-virus car j'avais AVG et depuis un moment il ne se mettais plus a jour et je n'ai pas été réactif pour en réinstaller un. J'avais également un anti-spyware et pareil la mise a jour ne fonctionnait plus ...
Tu penses qu'il va falloir que je formate mon pc ou ya moyen que tu me sortes de ce pétrin sans le formater ?
0
Réponse 14 / 30
Lyonnais92 Messages postés 25708 Statut Contributeur sécurité 1 537
 
Re,

essaye d'installer Antivir :

https://www.malekal.com/avira-free-security-antivirus-gratuit/

Ensuite tu scannes ton ordi.

Tu choisis Interactif comme première action, Ignorer comme deuxième.

Tu mets les fichiers en quarantaine.

Tu postes le rapport.

Tu ne redémarres pas. Je ne sais pas si des fichiers système vitaux ne sont pas infectés, auquel cas l'ordi risque de ne pas redémarrer.

=========

J'essaye d'éviter le formatage.
0
Réponse 15 / 30
Lyonnais92 Messages postés 25708 Statut Contributeur sécurité 1 537
 
Re,

on va essayer de fermer la communication avec les serveurs malwares.

Tu vas systématiquement utiliser le clavier virtuel de Windows :

démarrer, exécuter et tu tapes OSK et OK.

ouvre le Bloc-Notes (Démarrer, Tous les programmes, Accessoires)

Fichier, Ouvrir.

Cherche C:\Windows/System32\drivers\etc\Hosts

Ajoute à la fin du fichier ces lignes


127.0.0.1 mailin-03.mx.aol.com
127.0.0.1 imx1.rambler.ru
127.0.0.1 d.mx.mail.yahoo.com
127.0.0.1 mailin-01.mx.aol.com
127.0.0.1 mxs.mail.ru
127.0.0.1 mx1.yandex.ru
127.0.0.1 mx2.yandex.ru
127.0.0.1 mailin-02.mx.aol.com
127.0.0.1 mailin-04.mx.aol.com
127.0.0.1 c.mx.mail.yahoo.com


Fichier, Enregistrer.

Ferme le Bloc-Notes

Pour faire Ctrl et C, tu fais Ctrl sur ton clavier et C sur le virtuel (idem pour Ctrl V).
0
Réponse 16 / 30
Lyonnais92 Messages postés 25708 Statut Contributeur sécurité 1 537
 
Re,

tu peux dater précisément le début de tes ennuis ?
0
Damss51
 
re,

comme sa met du tps a afficher mon rapport le voila en lien :

http://www.cijoint.fr/cjlink.php?file=cj200905/cijhKmskNJ.docx
0
Réponse 17 / 30
Lyonnais92 Messages postés 25708 Statut Contributeur sécurité 1 537
 
Re,

désolé, je ne peux pas lire le .docx

Sauvegarde le en .txt. Merci.
0
Damss51
 
Bonjour,

Voila l'enregistrement du rapport en .txt

http://www.cijoint.fr/cjlink.php?file=cj200906/cijhHnp9yG.txt

J'ai commencé à avoir des problèmes il y a 1 mois environs avec des messages d'erreurs qd je démarrai et j'éteignais windows et depuis deux semaines c'était de pire en pire ma connexion internet ramai de plus en plus.
Mtnt j'ai l'impression que c'est déja mieux et j'arrive a aller sur les liens que tu m'avais posté et qui étaient inaccessibles avt!
Tiens moi au courant de la procédure à suivre, bonne journée. A plus
0
Réponse 18 / 30
Lyonnais92 Messages postés 25708 Statut Contributeur sécurité 1 537
 
Bonjour,

vide la quarantaine d'Antivir.

On va purger la restauration Système :

Ouvre ce lien :

http://service1.symantec.com/SUPPORT/INTER/tsgeninfointl.nsf/fr_docid/20020830101856924

dans un premier temps tu le suis pour désactiver la restauration système.

Tu fermes la fenêtre.

Dans un deuxième temps, tu le suis pour réactiver la restauration.

Ceci recréé automatiquement un point de restauration daté de l"heure de la réactivation.

Vide la Corbeille.

Tu as modifié le fichier Hosts comme demandé ?

Refais un scan avec Antivir (mets à jour la base virale) et poste le rapport;

Refais un scan avec OTL et donne le rapport (si possible en lien cijoint).
0
Damss51
 
oui j'ai fais ce que tu m'avais demandé pour le fichier host

voila le rapport OTL : http://www.cijoint.fr/cjlink.php?file=cj200906/cij5D6CQsd.txt

et le rapport avira : http://www.cijoint.fr/cjlink.php?file=cj200906/cij5issmqq.txt

a+
0
Réponse 19 / 30
Lyonnais92 Messages postés 25708 Statut Contributeur sécurité 1 537
 
Re,

une vérif :

Rends toi sur ce site :

https://www.virustotal.com/gui/

Clique sur parcourir et cherche ce fichier : C:\WINDOWS\System32\dllcache\msinfo32.exe

Clique sur Send File.

Un rapport va s'élaborer ligne à ligne.

Attends la fin. Il doit comprendre la taille du fichier envoyé.

Sauvegarde le rapport avec le bloc-note.

Copie le dans ta réponse.

Si VirusTotal indique que le fichier a déjà été analysé, cliquer sur le bouton Reanalyse le fichier maintenant
0
Damss51
 
Voila le rapport virustotal :

http://www.cijoint.fr/cjlink.php?file=cj200906/cijAeuReWt.txt
0
Réponse 20 / 30
Lyonnais92 Messages postés 25708 Statut Contributeur sécurité 1 537
 
Re,

Double clic sur OTL.exe pour le lancer.


Copie la liste qui se trouve en gras ci-dessous,

et colle-la dans la zone sous Customs Scans/Fixes



:OTL
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - Reg Error: Key error. File not found
O2 - BHO: (no name) - {8D4D2F69-DF30-4471-988C-CC58545E86C8} - Reg Error: Key error. File not found
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1461681625-618259322-1037030086-1006\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1461681625-618259322-1037030086-1006_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present


:reg
[-HKEY_CLASSES_ROOT\clsid\{8d4d2f69-df30-4471-988c-cc58545e86c8}]
[-HKEY_CLASSES_ROOT\interface\{47addc5f-ea71-4766-9994-155ce2095a2e}]
[-HKEY_CLASSES_ROOT\mshelp.msuser]
[-HKEY_CLASSES_ROOT\typelib\{c33a35f6-cbb2-4ff5-b029-27e495c5516a}]


:commands
[emptytemp]


Clique sur RunFix pour lancer la suppression.


Poste le rapport.

==========
Refais tourner OTL et poste un nouveau rapport.
0
Damss51
 
J'ai essayé de coller ce que tu m'as noté ds OTL, mais visiblement ca le fait planter sur la ligne :
[-HKEY_ROOT\typelib\{c33a35f6-cbb2-4ff5-b029-27e495c-5516a}]

Après il n'y a plus de réponse... J'ai essayé plusieurs fois et c'est pareil a chaque fois.
0

Discussions similaires

Softonic,est-ce un virus ?
techmel1 -
techmel1 -

6 réponses
Désinstaller Softonic
Diguimette -
lilidurhone -

5 réponses
Message Apple virus !!
Souclik67 -
MPMP10 -

3 réponses
virus Artemis!
mabiche37 -
Malekal_morte- -

14 réponses