Bonjour, depuis hier je suis infecte par ce rootkit. Mon antivirus est comme desinstalle... A la place, un logiciel malware s installe.. un ecran bleu s a ffiche de tps en tps.. Pouvez vous m aider svp?

&#9654 Relance List&Kill'em(soit en clic droit pour vista),avec le raccourci sur ton bureau. mais cette fois-ci : &#9654 choisis l'option 2 = Mode Suppression laisse travailler l'outil. en fin de scan un rapport s'ouvre &#9654 colle le contenu dans ta reponse

ok je voudrais examiner ce fichier de plus près : C:\WINDOWS\System32\drivers\sptd3405.sys clic droit dessus / enviyer vers / dossiers compressés , puis Pour me transmettre l'archive , clique sur ce lien : http://www.cijoint.fr/ &#9654 Clique sur Parcourir et cherche le fichier ci-dessus. &#9654 Clique sur Ouvrir. &#9654 Clique sur "Cliquez ici pour déposer le fichier". Un lien de cette forme : http://www.cijoint.fr/cjlink.php?file=cjge368/cijSKAP5fU.txt est ajouté dans la page. &#9654 Copie ce lien dans ta réponse.

Probleme avec rootkit wiin32 agent pp

Réponse 1 / 23

Utilisateur anonyme

salut ton windows n'est pas a jour :

Télécharge OTL de OLDTimer

▶ enregistre le sur ton Bureau.

▶ Double clic ( pour vista => clic droit "executer en tant qu'administrateur") sur OTL.exe pour le lancer.

▶ Coche les 2 cases Lop et Purity

▶ Coche la case devant scan all users

▶ règle-le sur "60 Days"

▶ dans la colonne de gauche , mets tout sur all

ne modifie pas ceci :

"files created whithin" et "files modified whithin"

▶Clic sur Run Scan.

A la fin du scan, le Bloc-Notes va s'ouvrir avec le rapport (OTL.txt).

Ce fichier est sur ton Bureau (en général C:\Documents and settings\le_nom_de_ta_session\OTL.txt)

▶▶▶ NE LE POSTE PAS SUR LE FORUM

Pour me le transmettre clique sur ce lien : http://www.cijoint.fr/

▶ Clique sur Parcourir et cherche le fichier ci-dessus.

▶ Clique sur Ouvrir.

▶ Clique sur "Cliquez ici pour déposer le fichier".

Un lien de cette forme :

http://www.cijoint.fr/cjlink.php?file=cjge368/cijSKAP5fU.txt

est ajouté dans la page.

▶ Copie ce lien dans ta réponse.

▶▶ Tu feras la meme chose avec le "Extra.txt".

Mat1981

voila le lien du fichier otl http://www.cijoint.fr/cjlink.php?file=cj200912/cijYyJ6GVI.txt
voivi le lien du fichier extra http://www.cijoint.fr/cjlink.php?file=cj200912/cijAWlWPQL.txt
Ke dois je faire ensuite?

Réponse 2 / 23

Utilisateur anonyme

Desactive ton antivirus le temps de la manip ainsi que ton parefeu si présent(car il est detecté a tort comme infection)

▶ Télécharge et installe List&Kill'em et enregistre le sur ton bureau

double clique ( clic droit "executer en tant qu'administrateur" pour Vista/7 ) sur le raccourci sur ton bureau pour lancer l'installation

coche la case "creer une icone sur le bureau"

une fois terminée , clic sur "terminer" et le programme se lancera seul

choisis la langue puis choisis l'option 1 = Mode Recherche

▶ laisse travailler l'outil

à l'apparition de la fenetre blanche , c'est un peu long , c'est normal , le programme n'est pas bloqué.

un rapport du nom de catchme apparait sur ton bureau , ignore-le,ne le poste pas , mais ne le supprime pas pour l instant, le scan n'est pas fini.

▶ Poste le contenu du rapport qui s'ouvre aux 100 % du scan à l'ecran "COMPLETED"

tu peux supprimer le rapport catchme.log de ton bureau maintenant.

Mat1981

voici dc le rapprt
List'em by g3n-h@ckm@n 1.1.6.1

Thx to Chiquitine29.....& CCM team

User : emma & mat (Administrateurs) # MITCH
Update on 24/12/2009 by g3n-h@ckm@n ::::: 20:30
Start at: 12:01:17 | 27/12/2009
Contact : g3n-h@ckm@n sur CCM

Mobile AMD Sempron(tm) Processor 3000+
Microsoft Windows XP Édition familiale (5.1.2600 32-bit) # Service Pack 2
Internet Explorer 6.0.2900.2180
Windows Firewall Status : Disabled
AV : Malware Defense 1.0 [ Enabled | (!) Outdated ]
AV : AntiVir Desktop 9.0.1.26 [ (!) Disabled | (!) Outdated ]

C:\ -> Disque fixe local | 9,77 Go (510,79 Mo free) | NTFS
D:\ -> Disque fixe local | 46,12 Go (4,2 Go free) | NTFS
E:\ -> Disque CD-ROM
F:\ -> Disque CD-ROM

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Processes running

C:\WINDOWS\System32\smss.exe 648
C:\WINDOWS\system32\csrss.exe 712
C:\WINDOWS\system32\winlogon.exe 740
C:\WINDOWS\system32\services.exe 788
C:\WINDOWS\system32\lsass.exe 800
C:\WINDOWS\system32\Ati2evxx.exe 944
C:\WINDOWS\system32\svchost.exe 956
C:\WINDOWS\system32\svchost.exe 1088
C:\WINDOWS\System32\svchost.exe 1128
C:\WINDOWS\system32\svchost.exe 1168
C:\WINDOWS\system32\svchost.exe 1224
C:\WINDOWS\system32\Ati2evxx.exe 1428
C:\WINDOWS\Explorer.EXE 1516
C:\WINDOWS\system32\spoolsv.exe 1816
C:\WINDOWS\system32\svchost.exe 1912
C:\Program Files\Java\jre6\bin\jqs.exe 1972
C:\WINDOWS\system32\svchost.exe 168
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe 1408
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe 1476
C:\Program Files\Java\jre6\bin\jusched.exe 1508
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe 1536
C:\Program Files\DAEMON Tools\daemon.exe 1544
C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe 1568
C:\WINDOWS\system32\ctfmon.exe 1576
C:\Program Files\SuperCopier2\SuperCopier2.exe 1584
D:\Logiciels\internet\utorrent.exe 1708
C:\DOCUME~1\EMMA&M~1\LOCALS~1\Temp\richtx64.exe 2008
C:\Program Files\Malware Defense\mdefense.exe 2052
C:\WINDOWS\System32\svchost.exe 2092
C:\Program Files\Fichiers communs\Nikon\Monitor\NkMonitor.exe 2128
C:\Program Files\HPQ\shared\hpqwmi.exe 4048
C:\DOCUME~1\EMMA&M~1\LOCALS~1\Temp\wscsvc32.exe 3668
C:\Documents and Settings\emma & mat\Bureau\IEXPLORE.EXE 2080
C:\Documents and Settings\emma & mat\Bureau\IEXPLORE.EXE 1532
C:\Documents and Settings\emma & mat\Bureau\IEXPLORE.EXE 1268
C:\WINDOWS\System32\alg.exe 1832
C:\Program Files\Internet Explorer\Iexplore.exe 2852
C:\WINDOWS\system32\wbem\wmiprvse.exe 372
C:\Program Files\List_Kill'em\List_Kill'em.exe 1200
C:\WINDOWS\system32\cmd.exe 2704
C:\WINDOWS\system32\wbem\wmiprvse.exe 2860
C:\Documents and Settings\emma & mat\Local Settings\Temp\1E.tmp\pv.exe 3192

======================
Keys "Run"
======================
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
CTFMON.EXE REG_SZ C:\WINDOWS\system32\ctfmon.exe
SuperCopier2.exe REG_SZ C:\Program Files\SuperCopier2\SuperCopier2.exe
uTorrent REG_SZ "D:\Logiciels\internet\utorrent.exe"
swg REG_SZ C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
msnmsgr REG_SZ "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
richtx64.exe REG_SZ C:\DOCUME~1\EMMA&M~1\LOCALS~1\Temp\richtx64.exe
Malware Defense REG_SZ "C:\Program Files\Malware Defense\mdefense.exe" -noscan

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
ATIPTA REG_SZ "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
Cpqset REG_SZ C:\Program Files\HPQ\Default Settings\cpqset.exe
eabconfg.cpl REG_SZ C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
SunJavaUpdateSched REG_SZ "C:\Program Files\Java\jre6\bin\jusched.exe"
hpWirelessAssistant REG_SZ C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
DAEMON Tools REG_SZ "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
VVSN REG_SZ C:\Program Files\VVSN\VVSN.exe
QuickTime Task REG_SZ "C:\Program Files\QuickTime\qttask.exe" -atboottime
OpwareSE2 REG_SZ "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]

=====================
Other Keys
=====================
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
dontdisplaylastusername REG_DWORD 0 (0x0)
legalnoticecaption REG_SZ
legalnoticetext REG_SZ
shutdownwithoutlogon REG_DWORD 1 (0x1)
undockwithoutlogon REG_DWORD 1 (0x1)

===============
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
NoDriveTypeAutoRun REG_DWORD 145 (0x91)

===============
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
HonorAutoRunSetting REG_DWORD 1 (0x1)

===============
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
AppInit_DLLS REG_SZ

===============
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\AtiExtEvent]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\crypt32chain]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cryptnet]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cscdll]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ScCertProp]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\Schedule]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\sclgntfy]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\SensLogn]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\termsrv]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\wlballoon]

===============
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
{AEB6717E-7E19-11d0-97EE-00C04FD91972} REG_SZ

===============
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
C:\WINDOWS\system32\sessmgr.exe REG_SZ C:\WINDOWS\system32\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019
D:\Jeux\Civilization4.exe REG_SZ D:\Jeux\Civilization4.exe:*:Enabled:Sid Meier's Civilization 4
C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE REG_SZ C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook
G:\eSKernel.exe REG_SZ G:\eSKernel.exe:*:Enabled:Bbox assistant d'installation
C:\Program Files\uTorrent\uTorrent.exe REG_SZ C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent
C:\Documents and Settings\emma & mat\Bureau\IEXPLORE.EXE REG_SZ C:\Documents and Settings\emma & mat\Bureau\IEXPLORE.EXE:*:Disabled:Internet Explorer
D:\Logiciels\internet\utorrent.exe REG_SZ D:\Logiciels\internet\utorrent.exe:*:Enabled:µTorrent
C:\Program Files\Messenger\msmsgs.exe REG_SZ C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger
C:\Documents and Settings\emma & mat\Local Settings\Temporary Internet Files\Content.IE5\NPZN2GD4\viviplay[1].exe REG_SZ C:\Documents and Settings\emma & mat\Local Settings\Temporary Internet Files\Content.IE5\NPZN2GD4\viviplay[1].exe:*:Enabled:ViViMediaPlay
D:\Logiciels\internet\u96.exe REG_SZ D:\Logiciels\internet\u96.exe:*:Enabled:u96
C:\Program Files\Windows Live\Messenger\wlcsdk.exe REG_SZ C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
%windir%\system32\sessmgr.exe REG_SZ %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
C:\Program Files\Windows Live\Messenger\wlcsdk.exe REG_SZ C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call

===============
BHO :
======
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{5c255c8a-e604-49b4-9d64-90988571cecb}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{af69de43-7d58-4638-b6fa-ce66b5ad205d}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{dbc80044-a445-435b-bc74-9c25c1c588a9}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{e7e6f031-17ce-4c07-bc86-eabfe594f69c}]

================
Internet Explorer :
================
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
Start Page REG_SZ http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
Start Page REG_SZ http://www.espaceclient.bbox.bouyguestelecom.fr/compte/index.phtml

========
Services
========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services]

Ndisuio : 0x3
SharedAccess : 0x2
wuauserv : 0x2

=========

=======
Drive :
=======

D‚fragmenteur de disque Windows
Copyright (c) 2001 Microsoft Corp. et Executive Software International Inc.

¤¤¤¤¤¤¤¤¤¤ Files/folders :

C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
C:\Documents and Settings\All Users\Application Data\sysReserve.ini
C:\Program Files\Malware Defense
C:\WINDOWS\System32\t.txt
C:\WINDOWS\System32\drivers\etc\hosts.msn
C:\WINDOWS\system32\krl32mainweq.dll
C:\WINDOWS\System32\MSINET.oca
C:\Documents and Settings\emma & mat\Application Data\wklnhst.dat
C:\Documents and Settings\emma & mat\Application Data\wiaserva.log
C:\Documents and Settings\emma & mat\LOCAL Settings\Temp\Installer.exe
C:\Documents and Settings\emma & mat\LOCAL Settings\Temp\richtx64.exe
C:\Documents and Settings\emma & mat\LOCAL Settings\Temp\wscsvc32.exe

¤¤¤¤¤¤¤¤¤¤ Keys :

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "Malware Defense"
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "richtx64.exe"
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Install.exe"
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Setup.exe"
HKCR\CLSID\{9afb8248-617f-460d-9366-d71cdeda3179}
HKLM\Software\Classes\CLSID\{9AFB8248-617F-460D-9366-D71CDEDA3179}
HKLM\SYSTEM\CurrentControlSet\Services\mchInjDrv

================
Other infections
================

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: error reading MBR
kernel: MBR read successfully

==========
Programs
==========

7-Zip
Adobe
AMD
ArcSoft
ATI Technologies
Avira
AVS4YOU
Canon
CDBurnerXP Pro 3
CDex_150
Combined Community Codec Pack
ComPlus Applications
CONEXANT
DAEMON Tools
directx
DVD Shrink
Fichiers communs
GameSpy Arcade
Google
HPQ
InstallShield Installation Information
Internet Explorer
Java
Lavasoft
List_Kill'em
Malware Defense
Malwarebytes' Anti-Malware
Microsoft
microsoft frontpage
Microsoft Office
Microsoft Office Outlook Connector
Microsoft Visual Studio
Microsoft.NET
MIKSOFT
Movie Maker
MSBuild
MSECACHE
MSN Gaming Zone
MSXML 4.0
Navilog1
NetMeeting
Nikon
OpenOffice.org 2.0
Outlook Express
QuickTime
ScanSoft
Services en ligne
SuperCopier2
UBISOFT
Uninstall Information
uTorrent
VideoLAN
Winamp
Windows Installer Clean Up
Windows Live
Windows Live SkyDrive
Windows Media Player
Windows NT
WindowsUpdate
xerox
Xvid
ZHPDiag

============
Lecteur C:
============

AILog.txt
AUTOEXEC.BAT
boot.ini
Bootfont.bin
CanonMP
CONFIG.SYS
debugInstaller.txt
defult.log
DNSP1.LOG
Documents and Settings
esuxp.log
hiberfil.sys
IO.SYS
Kill'em
List'em.txt
mscuxp.log
MSDOS.SYS
MSOCache
Network.log
NTDETECT.COM
ntldr
pagefile.sys
Program Files
qlb.log
RECYCLER
sedinst2.log
setup.log
sunjava.log
SWSetup
syntp.log
System Volume Information
SYSTEM.SAV
ticrdbus.log
WINDOWS
wireless.log

¤¤¤¤¤¤¤¤¤¤ Cracks | Keygens | Serials

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤( EOF )¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
ensuite que dois je faire?

Réponse 3 / 23

Utilisateur anonyme

▶ Relance List&Kill'em(soit en clic droit pour vista),avec le raccourci sur ton bureau.
mais cette fois-ci :

▶ choisis l'option 2 = Mode Suppression

laisse travailler l'outil.

en fin de scan un rapport s'ouvre

▶ colle le contenu dans ta reponse

Mat1981

Kill'em by g3n-h@ckm@n 1.1.6.1

User : emma & mat (Administrateurs) # MITCH
Update on 24/12/2009 by g3n-h@ckm@n ::::: 20:30
Start at: 12:10:25 | 27/12/2009
Contact : g3n-h@ckm@n sur CCM

Mobile AMD Sempron(tm) Processor 3000+
Microsoft Windows XP Édition familiale (5.1.2600 32-bit) # Service Pack 2
Internet Explorer 6.0.2900.2180
Windows Firewall Status : Enabled
AV : Malware Defense 1.0 [ Enabled | (!) Outdated ]
AV : AntiVir Desktop 9.0.1.26 [ (!) Disabled | (!) Outdated ]

C:\ -> Disque fixe local | 9,77 Go (509,64 Mo free) | NTFS
D:\ -> Disque fixe local | 46,12 Go (4,2 Go free) | NTFS
E:\ -> Disque CD-ROM
F:\ -> Disque CD-ROM

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Processes running

C:\WINDOWS\System32\smss.exe 648
C:\WINDOWS\system32\csrss.exe 712
C:\WINDOWS\system32\winlogon.exe 740
C:\WINDOWS\system32\services.exe 788
C:\WINDOWS\system32\lsass.exe 800
C:\WINDOWS\system32\Ati2evxx.exe 944
C:\WINDOWS\system32\svchost.exe 956
C:\WINDOWS\system32\svchost.exe 1088
C:\WINDOWS\System32\svchost.exe 1128
C:\WINDOWS\system32\svchost.exe 1168
C:\WINDOWS\system32\svchost.exe 1224
C:\WINDOWS\system32\Ati2evxx.exe 1428
C:\WINDOWS\Explorer.EXE 1516
C:\WINDOWS\system32\spoolsv.exe 1816
C:\WINDOWS\system32\svchost.exe 1912
C:\Program Files\Java\jre6\bin\jqs.exe 1972
C:\WINDOWS\system32\svchost.exe 168
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe 1408
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe 1476
C:\Program Files\Java\jre6\bin\jusched.exe 1508
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe 1536
C:\Program Files\DAEMON Tools\daemon.exe 1544
C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe 1568
C:\WINDOWS\system32\ctfmon.exe 1576
C:\Program Files\SuperCopier2\SuperCopier2.exe 1584
D:\Logiciels\internet\utorrent.exe 1708
C:\DOCUME~1\EMMA&M~1\LOCALS~1\Temp\richtx64.exe 2008
C:\Program Files\Malware Defense\mdefense.exe 2052
C:\WINDOWS\System32\svchost.exe 2092
C:\Program Files\Fichiers communs\Nikon\Monitor\NkMonitor.exe 2128
C:\Program Files\HPQ\shared\hpqwmi.exe 4048
C:\DOCUME~1\EMMA&M~1\LOCALS~1\Temp\wscsvc32.exe 3668
C:\Documents and Settings\emma & mat\Bureau\IEXPLORE.EXE 2080
C:\Documents and Settings\emma & mat\Bureau\IEXPLORE.EXE 1532
C:\Documents and Settings\emma & mat\Bureau\IEXPLORE.EXE 1268
C:\WINDOWS\System32\alg.exe 1832
C:\Program Files\Internet Explorer\Iexplore.exe 1344
C:\Program Files\List_Kill'em\List_Kill'em.exe 3024
C:\WINDOWS\system32\cmd.exe 1296
C:\WINDOWS\system32\wbem\wmiprvse.exe 1860
C:\Documents and Settings\emma & mat\Local Settings\Temp\20.tmp\pv.exe 2768

Detections :
==========

¤¤¤¤¤¤¤¤¤¤ Files/folders :

C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
"C:\Documents and Settings\All Users\Application Data\sysReserve.ini"
"C:\Program Files\Malware Defense"
C:\WINDOWS\System32\t.txt
"C:\WINDOWS\System32\drivers\etc\hosts.msn"
"C:\WINDOWS\system32\krl32mainweq.dll"
"C:\WINDOWS\system32\MSINET.oca"
"C:\Documents and Settings\emma & mat\Application Data\wiaserva.log"
C:\Documents and Settings\emma & mat\LOCAL Settings\Temp\Installer.exe
C:\Documents and Settings\emma & mat\LOCAL Settings\Temp\richtx64.exe
C:\Documents and Settings\emma & mat\LOCAL Settings\Temp\wscsvc32.exe

¤¤¤¤¤¤¤¤¤¤ Files/folders deleted :

Quarantine :

hosts.msn.Kill'em
Installer.exe.Kill'em
krl32mainweq.dll.Kill'em
Malware Defense.Kill'em
MSINET.oca.Kill'em
QTSBandwidthCache.Kill'em
richtx64.exe.Kill'em
sysReserve.ini.Kill'em
t.txt.Kill'em
wiaserva.log.Kill'em
wscsvc32.exe.Kill'em

==============
host file OK !
==============

========
Registry
========
Deleted : HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\richtx64.exe
Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Install.exe
Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Setup.exe
Deleted : HKCR\CLSID\{9afb8248-617f-460d-9366-d71cdeda3179}
Deleted : HKLM\SYSTEM\CurrentControlSet\Services\mchInjDrv

============
Disk Cleaned
============

================
Prefetch cleaned
================

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤( EOF )¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

ensuite que dois je faire?

Réponse 4 / 23

Utilisateur anonyme

Télécharge mbr.exe de Gmer ici :
http://www2.gmer.net/mbr/mbr.exe
et enregistre le fichier sur le Bureau.

Désactive tes protections et coupe la connexion. (Antivirus et antispywares, HIPS et autre résident)
Double clique sur mbr.exe
Un rapport sera généré : mbr.log
En cas d'infection, ce message "MBR rootkit code detected" va apparaitre.

Si c'est le cas, continue comme ça :

Dans le menu Démarrer- Exécuter tape : "%userprofile%\Bureau\mbr" -f
Dans le mbr.log cette ligne apparaitra "original MBR restored successfully !"

Réactive tes protections
Poste ce rapport et supprimes-le ensuite.

Pour vérifier

Désactive tes protections et coupe la connexion. (Antivirus et antispywares, HIPS et autre résident)
Relance mbr.exe

Réactive tes protections.

Le nouveau mbr.log devrait être celui-ci :

Stealth MBR rootkit detector 0.2.4 by Gmer, http://www.gmer.net

device: opened successfully

user: MBR read successfully

kernel: MBR read successfully

user & kernel MBR OK

Sous Vista, ne pas oublier de lancer mbr.exe par clic droit et Exécuter en tant qu'administrateur.
Note : Si le fichier mbr.exe se trouve dans Téléchargement, cela fonctionne aussi et mbr.log s'y inscrira.

ensuite :

refais un scan OTL comme precedemment demandé

Mat1981

lorsque je lance mbr, le bloc notes me met ce message
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: error reading MBR
kernel: MBR read successfully

Réponse 5 / 23

Utilisateur anonyme

ok passe a OTL

Mat1981

voici le rapport
OTL logfile created on: 27/12/2009 12:27:26 - Run 2
OTL by OldTimer - Version 3.1.20.1 Folder = C:\Documents and Settings\emma & mat\Bureau
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy

894,00 Mb Total Physical Memory | 402,00 Mb Available Physical Memory | 45,00% Memory free
2,00 Gb Paging File | 2,00 Gb Available in Paging File | 77,00% Paging File free
Paging file location(s): C:\pagefile.sys 1344 2688 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 9,77 Gb Total Space | 0,70 Gb Free Space | 7,16% Space Free | Partition Type: NTFS
Drive D: | 46,12 Gb Total Space | 4,20 Gb Free Space | 9,12% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: MITCH
Current User Name: emma & mat
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

[color=#E56717]========== Processes (SafeList) ==========/color

PRC - File not found -- C:\DOCUME~1\EMMA&M~1\LOCALS~1\Temp\wscsvc32.exe
PRC - File not found -- C:\DOCUME~1\EMMA&M~1\LOCALS~1\Temp\richtx64.exe
PRC - File not found -- C:\Program Files\Malware Defense\mdefense.exe
PRC - [2009/12/27 11:43:04 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\emma & mat\Bureau\OTL.exe
PRC - [2009/11/02 14:03:42 | 00,289,072 | ---- | M] (BitTorrent, Inc.) -- D:\Logiciels\internet\utorrent.exe
PRC - [2009/08/29 14:15:27 | 00,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
PRC - [2009/08/29 14:15:26 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2007/10/18 20:10:42 | 00,479,232 | ---- | M] (Nikon Corporation) -- C:\Program Files\Fichiers communs\Nikon\Monitor\NkMonitor.exe
PRC - [2006/07/07 17:45:00 | 01,052,672 | ---- | M] (SFX TEAM) -- C:\Program Files\SuperCopier2\SuperCopier2.exe
PRC - [2005/11/08 23:00:38 | 00,128,920 | ---- | M] (DT Soft Ltd.) -- C:\Program Files\DAEMON Tools\daemon.exe
PRC - [2005/10/11 15:17:10 | 00,409,600 | ---- | M] (Hewlett-Packard ) -- C:\Program Files\HPQ\Quick Launch Buttons\eabservr.exe
PRC - [2005/10/11 07:46:38 | 00,102,400 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\HPQ\shared\hpqwmi.exe
PRC - [2005/09/27 23:40:00 | 00,376,832 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\ati2evxx.exe
PRC - [2005/09/27 20:05:00 | 00,344,064 | ---- | M] (ATI Technologies, Inc.) -- C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
PRC - [2005/05/04 09:59:40 | 00,794,624 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\HPQ\HP Wireless Assistant\HP Wireless Assistant.exe
PRC - [2004/08/05 14:00:00 | 01,036,288 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2004/08/05 14:00:00 | 00,093,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\IEXPLORE.EXE
PRC - [2004/08/05 14:00:00 | 00,093,184 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\emma & mat\Bureau\IEXPLORE.EXE
PRC - [2003/05/08 10:00:58 | 00,049,152 | ---- | M] (ScanSoft, Inc.) -- C:\Program Files\ScanSoft\OmniPageSE2.0\opwareSE2.exe

[color=#E56717]========== Modules (SafeList) ==========/color

MOD - [2009/12/27 11:43:04 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\emma & mat\Bureau\OTL.exe
MOD - [2006/07/07 17:12:46 | 00,086,528 | ---- | M] (SFX TEAM) -- C:\Program Files\SuperCopier2\SC2Hook.dll
MOD - [2004/08/05 14:00:00 | 01,050,624 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll
MOD - [2003/05/08 10:00:46 | 00,159,744 | ---- | M] (ScanSoft, Inc.) -- C:\Program Files\ScanSoft\OmniPageSE2.0\OpHookSE2.dll

[color=#E56717]========== Win32 Services (SafeList) ==========/color

SRV - [2009/08/29 14:15:26 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) [Auto | Running] -- C:\Program Files\Java\jre6\bin\jqs.exe -- (javaquickstarterservice)
SRV - [2009/07/20 17:17:36 | 00,190,448 | ---- | M] (Google) [Auto | Stopped] -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc)
SRV - [2009/04/01 15:46:04 | 00,108,289 | ---- | M] (Avira GmbH) [Auto | Stopped] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2006/10/26 19:49:34 | 00,441,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2006/10/26 14:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2005/10/11 07:46:38 | 00,102,400 | ---- | M] (Hewlett-Packard Development Company, L.P.) [On_Demand | Running] -- C:\Program Files\HPQ\shared\hpqwmi.exe -- (hpqwmi)
SRV - [2005/09/27 23:40:00 | 00,376,832 | ---- | M] (ATI Technologies Inc.) [Auto | Running] -- C:\WINDOWS\system32\ati2evxx.exe -- (Ati HotKey Poller)
SRV - [2005/04/04 00:41:10 | 00,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT)

[color=#E56717]========== Driver Services (SafeList) ==========/color

DRV - File not found [Kernel | On_Demand | Running] -- -- (MEMSWEEP2)
DRV - [2009/11/01 18:30:10 | 00,000,000 | ---- | M] () [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\fa6d8b4.sys -- (fa6d8b4)
DRV - [2009/03/30 10:32:47 | 00,096,104 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2009/02/13 12:49:30 | 00,028,376 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2006/12/25 19:51:31 | 00,163,644 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv)
DRV - [2006/04/08 16:47:14 | 00,223,128 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\dtscsi.sys -- (dtscsi)
DRV - [2006/04/08 16:45:49 | 00,664,064 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2005/12/05 06:12:26 | 00,020,640 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20)
DRV - [2005/09/27 23:46:00 | 01,345,536 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2005/08/22 10:06:00 | 01,035,008 | R--- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP)
DRV - [2005/08/22 10:06:00 | 00,718,464 | R--- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2005/08/22 10:06:00 | 00,231,424 | R--- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWATI.sys -- (HSFHWATI)
DRV - [2005/08/12 07:47:34 | 00,376,320 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2005/08/02 11:00:00 | 00,349,312 | R--- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\camc6hal.sys -- (CAMCHALA)
DRV - [2005/08/02 10:58:00 | 00,038,016 | R--- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\camc6aud.sys -- (CAMCAUD)
DRV - [2005/06/21 17:18:00 | 00,074,496 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtlnicxp.sys -- (RTL8023xp)
DRV - [2005/05/05 09:04:08 | 00,007,936 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\eabfiltr.sys -- (eabfiltr)
DRV - [2005/05/05 09:04:04 | 00,005,760 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\EabUsb.sys -- (eabusb)
DRV - [2005/03/09 14:53:00 | 00,043,008 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)
DRV - [2004/08/09 12:33:26 | 00,114,016 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\prohlp02.sys -- (prohlp02)
DRV - [2004/08/09 12:29:28 | 00,053,920 | ---- | M] (Protection Technology) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\prodrv06.sys -- (prodrv06)
DRV - [2004/08/05 14:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink)
DRV - [2004/08/03 23:31:34 | 00,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Pilote NT de carte Realtek PCI Fast Ethernet à base RTL8139(A/B/C)
DRV - [2004/07/19 15:49:54 | 00,007,040 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\prosync1.sys -- (prosync1)
DRV - [2004/03/17 05:04:00 | 00,013,059 | R--- | M] (Conexant) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\mdmxsdk.sys -- (mdmxsdk)
DRV - [2003/12/01 16:20:52 | 00,004,832 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\sfhlp01.sys -- (sfhlp01)
DRV - [2003/04/19 00:32:04 | 00,004,736 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\tandpl.sys -- (tandpl)
DRV - [2003/03/02 17:44:26 | 00,007,552 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\enodpl.sys -- (enodpl)

[color=#E56717]========== Standard Registry (SafeList) ==========/color

[color=#E56717]========== Internet Explorer ==========/color

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.espaceclient.bbox.bouyguestelecom.fr/compte/index.phtml
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = local

[color=#E56717]========== FireFox ==========/color

FF - prefs.js..browser.startup.homepage: "https://start.mozilla.org/en-us/"

[2009/07/05 11:11:04 | 00,000,000 | ---D | M] -- C:\Documents and Settings\emma & mat\Application Data\Mozilla\Firefox\Profiles\mer6q5bq.default\extensions

O1 HOSTS File: (794 bytes) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {5c255c8a-e604-49b4-9d64-90988571cecb} - No CLSID value found.
O2 - BHO: (Google Toolbar Notifier BHO) - {af69de43-7d58-4638-b6fa-ce66b5ad205d} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll (Google Inc.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (Easy-WebPrint) - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll ()
O4 - HKLM..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe (ATI Technologies, Inc.)
O4 - HKLM..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\Cpqset.exe ()
O4 - HKLM..\Run: [DAEMON Tools] C:\Program Files\DAEMON Tools\daemon.exe (DT Soft Ltd.)
O4 - HKLM..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe (Hewlett-Packard )
O4 - HKLM..\Run: [hpWirelessAssistant] C:\Program Files\HPQ\HP Wireless Assistant\HP Wireless Assistant.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [OpwareSE2] C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe (ScanSoft, Inc.)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [VVSN] C:\Program Files\VVSN\VVSN.exe File not found
O4 - HKCU..\Run: [Malware Defense] C:\Program Files\Malware Defense\mdefense.exe File not found
O4 - HKCU..\Run: [msnmsgr] C:\Program Files\Windows Live\Messenger\msnmsgr.exe File not found
O4 - HKCU..\Run: [SuperCopier2.exe] C:\Program Files\SuperCopier2\SuperCopier2.exe (SFX TEAM)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKCU..\Run: [uTorrent] D:\Logiciels\internet\utorrent.exe (BitTorrent, Inc.)
O4 - HKCU..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil10b.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Nikon Monitor.lnk = C:\Program Files\Fichiers communs\Nikon\Monitor\NkMonitor.exe (Nikon Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: E&xporter vers Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Easy-WebPrint Ajouter à la liste d'impressions - C:\Program Files\Canon\Easy-WebPrint\Resource.dll ()
O8 - Extra context menu item: Easy-WebPrint Impression rapide - C:\Program Files\Canon\Easy-WebPrint\Resource.dll ()
O8 - Extra context menu item: Easy-WebPrint Imprimer - C:\Program Files\Canon\Easy-WebPrint\Resource.dll ()
O8 - Extra context menu item: Easy-WebPrint Prévisualiser - C:\Program Files\Canon\Easy-WebPrint\Resource.dll ()
O9 - Extra 'Tools' menuitem : Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe ()
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe File not found
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe File not found
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {2357b3cf-7f8d-4451-8d81-fd6097610aee} http://activex.camfrogweb.com/advanced/2.0.2.3/cfweb_activex.camfrogweb.com-advanced-2.0.2.3_instmodule.exe (Reg Error: Key error.)
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab (BDSCANONLINE Control)
O16 - DPF: {8100d56a-5661-482c-bee8-afece305d968} http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8ad9c840-044e-11d1-b3e9-00805f499d93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_05-windows-i586.cab (Java Plug-in 1.5.0_05)
O16 - DPF: {cafeefac-0016-0000-0015-abcdeffedcba} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {cafeefac-ffff-ffff-ffff-abcdeffedcba} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Fichiers communs\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll File not found
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop Components:0 (Ma page d'accueil) - About:Home
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/12/27 12:13:40 | 00,000,004 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{e22905a4-4ff9-11dc-ba14-0014a565ac02}\Shell\play\Command - "" = C:\Program Files\Windows Media Player\wmplayer.exe -- [2004/08/11 19:49:10 | 00,073,728 | ---- | M] (Microsoft Corporation)
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

[color=#E56717]========== Files/Folders - Created Within 30 Days ==========/color

[2009/12/27 12:10:18 | 00,000,000 | ---D | C] -- C:\Kill'em
[2009/12/27 12:00:52 | 00,000,000 | ---D | C] -- C:\Program Files\List_Kill'em
[2009/12/27 12:00:24 | 01,010,802 | ---- | C] (g3n-h@ckm@n ) -- C:\Documents and Settings\emma & mat\Bureau\List_Killem_Install.exe
[2009/12/27 11:42:58 | 00,513,536 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\emma & mat\Bureau\OTL.exe
[2009/12/27 11:08:50 | 00,000,000 | ---D | C] -- C:\WINDOWS\BDOSCAN8
[2009/12/27 11:08:42 | 00,000,000 | ---D | C] -- C:\WINDOWS\LastGood
[2009/12/27 10:54:16 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/12/27 10:48:43 | 00,000,000 | ---D | C] -- C:\Program Files\Navilog1
[2009/12/27 10:40:19 | 00,000,000 | ---D | C] -- C:\Program Files\ZHPDiag
[2009/12/27 03:45:37 | 00,096,104 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys
[2009/12/27 03:45:37 | 00,028,376 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\ssmdrv.sys
[2009/12/27 03:45:36 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Avira
[2009/12/22 11:37:54 | 00,000,000 | ---D | C] -- C:\Program Files\Windows Live SkyDrive
[2009/12/21 00:30:49 | 00,000,000 | ---D | C] -- C:\Program Files\Windows Installer Clean Up
[2009/12/21 00:30:37 | 00,000,000 | ---D | C] -- C:\Program Files\MSECACHE
[2009/12/21 00:12:04 | 00,000,000 | ---D | C] -- C:\Program Files\Windows Live
[2009/12/20 23:52:23 | 00,000,000 | ---D | C] -- C:\Program Files\Fichiers communs\Windows Live
[2009/07/20 17:36:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Google
[2009/07/20 17:22:22 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Google
[2009/07/02 20:44:31 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2009/07/02 20:44:31 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2006/04/08 15:53:01 | 00,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2006/04/08 15:52:47 | 00,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2006/04/08 15:52:46 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\Documents and Settings\emma & mat\*.tmp files -> C:\Documents and Settings\emma & mat\*.tmp -> ]

[color=#E56717]========== Files - Modified Within 30 Days ==========/color

[2009/12/27 12:21:23 | 00,077,312 | ---- | M] () -- C:\Documents and Settings\emma & mat\Bureau\mbr.exe
[2009/12/27 12:13:40 | 00,000,004 | ---- | M] () -- C:\AUTOEXEC.BAT
[2009/12/27 12:10:52 | 00,000,794 | RHS- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2009/12/27 12:00:52 | 00,000,670 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\List_Kill'em.lnk
[2009/12/27 12:00:38 | 01,026,778 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/12/27 12:00:38 | 00,471,484 | ---- | M] () -- C:\WINDOWS\System32\perfh00C.dat
[2009/12/27 12:00:38 | 00,404,302 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/12/27 12:00:38 | 00,076,582 | ---- | M] () -- C:\WINDOWS\System32\perfc00C.dat
[2009/12/27 12:00:38 | 00,063,522 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/12/27 12:00:24 | 01,010,802 | ---- | M] (g3n-h@ckm@n ) -- C:\Documents and Settings\emma & mat\Bureau\List_Killem_Install.exe
[2009/12/27 11:59:30 | 00,000,431 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.ics
[2009/12/27 11:43:04 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\emma & mat\Bureau\OTL.exe
[2009/12/27 11:39:21 | 00,001,000 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2009/12/27 10:58:03 | 00,000,200 | ---- | M] () -- C:\WINDOWS\System32\srcr.dat
[2009/12/27 10:57:03 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/12/27 10:57:01 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/12/27 10:56:58 | 93,767,6800 | -HS- | M] () -- C:\hiberfil.sys
[2009/12/27 10:56:15 | 06,291,456 | -H-- | M] () -- C:\Documents and Settings\emma & mat\NTUSER.DAT
[2009/12/27 10:56:15 | 00,000,184 | -HS- | M] () -- C:\Documents and Settings\emma & mat\ntuser.ini
[2009/12/27 10:34:15 | 03,867,085 | ---- | M] () -- C:\Documents and Settings\emma & mat\Bureau\ComboFix.exe
[2009/12/27 10:25:17 | 00,001,603 | ---- | M] () -- C:\Documents and Settings\emma & mat\Bureau\Malware Defense Support.lnk
[2009/12/27 10:25:17 | 00,000,697 | ---- | M] () -- C:\Documents and Settings\emma & mat\Bureau\Malware Defense.lnk
[2009/12/27 03:45:56 | 00,001,707 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\Avira AntiVir Control Center.lnk
[2009/12/26 14:27:19 | 00,134,144 | ---- | M] () -- C:\Documents and Settings\emma & mat\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/12/22 18:43:50 | 00,000,020 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLdu.DAT
[2009/12/21 11:56:44 | 00,011,776 | ---- | M] () -- C:\Documents and Settings\emma & mat\Bureau\proposition de menu 2.wps
[2009/12/20 20:01:50 | 00,048,369 | ---- | M] () -- C:\Documents and Settings\emma & mat\temps11.vbs
[2009/12/20 20:01:50 | 00,000,000 | ---- | M] () -- C:\Documents and Settings\emma & mat\temp1.6
[2009/12/20 15:22:01 | 00,099,328 | ---- | M] () -- C:\Documents and Settings\emma & mat\winternet.exe
[2009/12/20 15:22:00 | 00,000,015 | ---- | M] () -- C:\WINDOWS\System32\prncnfgd
[2009/12/17 10:46:07 | 00,008,704 | ---- | M] () -- C:\Documents and Settings\emma & mat\Bureau\proposition de menu.wps
[2009/12/14 00:03:50 | 00,000,600 | ---- | M] () -- C:\Documents and Settings\emma & mat\PUTTY.RND
[2009/12/02 20:43:12 | 02,095,959 | ---- | M] () -- C:\Documents and Settings\emma & mat\Bureau\postevoiture.jpg
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\Documents and Settings\emma & mat\*.tmp files -> C:\Documents and Settings\emma & mat\*.tmp -> ]

[color=#E56717]========== Files Created - No Company Name ==========/color

[2009/12/27 12:21:22 | 00,077,312 | ---- | C] () -- C:\Documents and Settings\emma & mat\Bureau\mbr.exe
[2009/12/27 12:00:52 | 00,000,670 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\List_Kill'em.lnk
[2009/12/27 10:34:15 | 03,867,085 | ---- | C] () -- C:\Documents and Settings\emma & mat\Bureau\ComboFix.exe
[2009/12/27 10:25:17 | 00,001,603 | ---- | C] () -- C:\Documents and Settings\emma & mat\Bureau\Malware Defense Support.lnk
[2009/12/27 10:25:17 | 00,000,697 | ---- | C] () -- C:\Documents and Settings\emma & mat\Bureau\Malware Defense.lnk
[2009/12/27 03:45:56 | 00,001,707 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\Avira AntiVir Control Center.lnk
[2009/12/27 03:03:45 | 00,000,200 | ---- | C] () -- C:\WINDOWS\System32\srcr.dat
[2009/12/21 11:56:44 | 00,011,776 | ---- | C] () -- C:\Documents and Settings\emma & mat\Bureau\proposition de menu 2.wps
[2009/12/20 20:01:50 | 00,000,000 | ---- | C] () -- C:\Documents and Settings\emma & mat\temp1.6
[2009/12/20 15:22:01 | 00,099,328 | ---- | C] () -- C:\Documents and Settings\emma & mat\winternet.exe
[2009/12/20 15:22:00 | 00,000,015 | ---- | C] () -- C:\WINDOWS\System32\prncnfgd
[2009/12/17 10:46:07 | 00,008,704 | ---- | C] () -- C:\Documents and Settings\emma & mat\Bureau\proposition de menu.wps
[2009/12/02 20:43:09 | 02,095,959 | ---- | C] () -- C:\Documents and Settings\emma & mat\Bureau\postevoiture.jpg
[2009/07/06 14:26:04 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\drivers\fa6d8b4.sys
[2009/01/21 23:32:46 | 00,765,952 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2009/01/21 23:32:46 | 00,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2008/12/07 17:28:35 | 00,000,268 | RH-- | C] () -- C:\Documents and Settings\All Users\Application Data\Spacious
[2008/12/07 17:28:35 | 00,000,268 | RH-- | C] () -- C:\Documents and Settings\emma & mat\Application Data\Sound Effects
[2008/12/07 17:28:35 | 00,000,020 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLdu.DAT
[2008/12/07 17:28:35 | 00,000,012 | RH-- | C] () -- C:\Documents and Settings\All Users\Application Data\StartupItems
[2007/05/30 17:18:02 | 00,000,000 | ---- | C] () -- C:\WINDOWS\MSDraw.ini
[2007/04/03 13:00:38 | 00,069,632 | ---- | C] () -- C:\WINDOWS\System32\xmltok.dll
[2007/04/03 13:00:38 | 00,036,864 | ---- | C] () -- C:\WINDOWS\System32\xmlparse.dll
[2006/11/28 22:44:34 | 00,021,036 | ---- | C] () -- C:\WINDOWS\System32\SIntfNT.dll
[2006/11/28 22:44:34 | 00,015,132 | ---- | C] () -- C:\WINDOWS\System32\SIntf32.dll
[2006/11/28 22:44:34 | 00,012,067 | ---- | C] () -- C:\WINDOWS\System32\SIntf16.dll
[2006/11/28 16:21:43 | 00,007,552 | ---- | C] () -- C:\WINDOWS\System32\drivers\enodpl.sys
[2006/11/28 16:21:43 | 00,004,736 | ---- | C] () -- C:\WINDOWS\System32\drivers\tandpl.sys
[2006/11/26 14:53:25 | 00,047,104 | ---- | C] () -- C:\WINDOWS\System32\KMVIDC32.DLL
[2006/11/26 14:43:10 | 00,010,240 | ---- | C] () -- C:\WINDOWS\System32\vidx16.dll
[2006/07/20 17:02:07 | 00,069,632 | ---- | C] () -- C:\WINDOWS\DSKSCR.DLL
[2006/04/08 18:25:08 | 00,003,844 | ---- | C] () -- C:\Documents and Settings\emma & mat\Application Data\wklnhst.dat
[2006/04/08 17:47:59 | 00,008,704 | ---- | C] () -- C:\WINDOWS\System32\CNMVS7K.DLL
[2006/04/08 17:46:40 | 00,000,532 | ---- | C] () -- C:\WINDOWS\MAXLINK.INI
[2006/04/08 16:50:34 | 00,000,026 | ---- | C] () -- C:\WINDOWS\System32\satsukidecodersettings.ini
[2006/04/08 16:47:13 | 00,223,128 | ---- | C] () -- C:\WINDOWS\System32\drivers\dtscsi.sys
[2006/04/08 16:45:49 | 00,664,064 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2006/04/08 16:45:49 | 00,096,256 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd3405.sys
[2006/04/08 16:26:05 | 00,134,144 | ---- | C] () -- C:\Documents and Settings\emma & mat\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/04/08 16:16:45 | 00,000,133 | ---- | C] () -- C:\Documents and Settings\emma & mat\Local Settings\Application Data\fusioncache.dat
[2005/03/14 14:38:28 | 00,000,469 | ---- | C] () -- C:\WINDOWS\bdoscandellang.ini
[2000/01/27 23:00:00 | 00,012,288 | ---- | C] () -- C:\WINDOWS\System32\HLINKPRX.DLL
[1997/06/14 11:56:08 | 00,056,832 | ---- | C] () -- C:\WINDOWS\System32\iyvu9_32.dll
< End of report >

Mat1981 > Mat1981

g l impression ke cela ne s arrange pas... je recois des messages d infection de virus par le logiciel malware qui s est installe... comment faire

Réponse 6 / 23

Utilisateur anonyme

le rapport n est pas complet fais le passer via cijoint.fr

Mat1981

voici le lien
http://www.cijoint.fr/cjlink.php?file=cj200912/cijiCwrPhW.txt

Mat1981 > Mat1981

le pc a ete redemarre. Je n ai plus de message ms l antivirus ne veut toujours pas se lancer. Comment faire?

Réponse 7 / 23

Utilisateur anonyme

▶ Clique sur le menu Demarrer /Panneau de configuration/Options des dossiers/ puis dans l'onglet Affichage
* - Coche Afficher les fichiers et dossiers cachés
* - Décoche Masquer les extensions des fichiers dont le type est connu
* - Décoche Masquer les fichiers protégés du système d'exploitation (recommandé)

▶ clique sur Appliquer, puis OK.

N'oublie pas de recacher à nouveau les fichiers cachés et protégés du système d'exploitation en fin de désinfection, c'est important

Fais analyser le(s) fichier(s) suivants sur Virustotal :

Virus Total

* Clique sur Parcourir en haut, choisis Poste de travail et cherche ces fichiers :

C:\WINDOWS\System32\drivers\sptd3405.sys

* Clique maintenant sur Envoyer le fichier. et laisse travailler tant que "Situation actuelle : en cours d'analyse" est affiché.
* Il est possible que le fichier soit mis en file d'attente en raison d'un grand nombre de demandes d'analyses. En ce cas, il te faudra patienter sans actualiser la page.
* Lorsque l'analyse est terminée ("Situation actuelle: terminé"), clique sur Formaté
* Une nouvelle fenêtre de ton navigateur va apparaître
* Clique alors sur les deux fleches
* Fais un clic droit sur la page, et choisis Sélectionner tout, puis copier
* Enfin colle le résultat dans ta prochaine réponse.

Note : Pour analyser un autre fichier, clique en bas sur Autre fichier.

ensuite :

▶ Double clic sur OTL.exe pour le lancer.

▶Copie la liste qui se trouve en gras ci-dessous,

▶ colle-la dans la zone sous Customs Scans/Fixes :

:processes
explorer.exe
iexplore.exe
firefox.exe
msnmsgr.exe
Teatimer.exe
wscsvc32.exe
richtx64.exe
mdefense.exe

:OTL
PRC - File not found -- C:\DOCUME~1\EMMA&M~1\LOCALS~1\Temp\wscsvc32.exe
PRC - File not found -- C:\DOCUME~1\EMMA&M~1\LOCALS~1\Temp\richtx64.exe
PRC - File not found -- C:\Program Files\Malware Defense\mdefense.exe
O2 - BHO: (no name) - {5c255c8a-e604-49b4-9d64-90988571cecb} - No CLSID value found.
O4 - HKLM..\Run: [VVSN] C:\Program Files\VVSN\VVSN.exe File not found
O4 - HKU\S-1-5-21-436374069-813497703-839522115-1004..\Run: [Malware Defense] C:\Program Files\Malware Defense\mdefense.exe File not found
O4 - HKU\S-1-5-21-436374069-813497703-839522115-1004..\Run: [msnmsgr] C:\Program Files\Windows Live\Messenger\msnmsgr.exe File not found
O16 - DPF: {2357b3cf-7f8d-4451-8d81-fd6097610aee} http://activex.camfrogweb.com/advanced/2.0.2.3/cfweb_activex.camfrogweb.com-advanced-2.0.2.3_instmodule.exe (Reg Error: Key error.)
O16 - DPF: {8ad9c840-044e-11d1-b3e9-00805f499d93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_05-windows-i586.cab (Java Plug-in 1.5.0_05)
O16 - DPF: {cafeefac-0016-0000-0015-abcdeffedcba} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {cafeefac-ffff-ffff-ffff-abcdeffedcba} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)

:files
C:\Documents and Settings\emma & mat\Bureau\IEXPLORE.EXE
C:\Documents and Settings\emma & mat\Bureau\List_Killem_Install.exe
C:\WINDOWS\System32\srcr.dat
C:\Documents and Settings\emma & mat\Bureau\ComboFix.exe
C:\Documents and Settings\emma & mat\Bureau\Malware Defense Support.lnk
C:\Documents and Settings\emma & mat\Bureau\Malware Defense.lnk
C:\Documents and Settings\All Users\Application Data\EnterNHelp
C:\Documents and Settings\All Users\Application Data\SSScanAppDataDir
C:\Documents and Settings\All Users\Application Data\SSScanWizard

:commands
[emptytemp]
[start explorer]
[reboot]

▶ Clique sur RunFix pour lancer la suppression.

▶ Poste le rapport.

Mat1981

lorsqu je ve faire l analyse avec virus total , je selectionne le fichier que tu m a dit mais il me met un message
0 bytes size received / Se ha recibido un archivo vacio

Réponse 8 / 23

Utilisateur anonyme

ok passe à OTL

Mat1981

excuse moi mais je copie la liste en gras, je la copie dans la zone puis je lance runfix mais des que je lance, le programme se met en Pas de reponse, mes icones sur mon bureau disparaisse ainsi que ma barre des taches... Que dois je faire?

Réponse 9 / 23

Utilisateur anonyme

laisse tourner , il travaille

Mat1981

vu que c est un peu long, je vais pas avoir le temps la. je vais le lancer cette nuit. Je t envoi le rapport demain. Merci encore

Réponse 10 / 23

Utilisateur anonyme

ok je voudrais examiner ce fichier de plus près :

C:\WINDOWS\System32\drivers\sptd3405.sys

clic droit dessus / enviyer vers / dossiers compressés , puis

Pour me transmettre l'archive , clique sur ce lien : http://www.cijoint.fr/

▶ Clique sur Parcourir et cherche le fichier ci-dessus.

▶ Clique sur Ouvrir.

▶ Clique sur "Cliquez ici pour déposer le fichier".

Un lien de cette forme :

http://www.cijoint.fr/cjlink.php?file=cjge368/cijSKAP5fU.txt

est ajouté dans la page.

▶ Copie ce lien dans ta réponse.

Mat1981

lorsque le met dossier compresse, il me met fichier introuvable oulecture non autorise

Réponse 11 / 23

Utilisateur anonyme

peux-tu m'en donner les propriétés (clic droit) ?

Mat1981

voivi les proprietes du fichier
type de fichier: fichier systeme
s ouvre avec application inconnue
que veux tu savoir d autre?

sinon voici le rapport d otl
========== PROCESSES ==========
Process explorer.exe killed successfully!
Process iexplore.exe killed successfully!
No active process named firefox.exe was found!
No active process named msnmsgr.exe was found!
No active process named Teatimer.exe was found!
No active process named wscsvc32.exe was found!
No active process named richtx64.exe was found!
No active process named mdefense.exe was found!

OTL by OldTimer - Version 3.1.20.1 log created on 12272009_204539

Réponse 12 / 23

Utilisateur anonyme

▶ Télécharge : Gmer (by Przemyslaw Gmerek)

▶ Dezippe gmer ,cliques sur l'onglet rootkit,lances le scan,des lignes rouges vont apparaitre.

▶ Les lignes rouges indiquent la presence d'un rootkit.Postes moi le rapport gmer (cliques sur copy,puis vas dans demarrer ,puis ouvres le bloc note,vas dans edition et cliques sur coller,le rapport gmer va apparaitre,postes moi le)

Ensuite

▶ sur les lignes rouge:

▶ Services:cliques droit delete service
▶ Process:cliques droit kill process
▶ Adl ,file:cliques droit delete files

Mat1981

ok ms apres avoir telecharge gmer et dezippe, je double click ms rien ne se lance

Réponse 13 / 23

Utilisateur anonyme

/!\ ATTENTION SUIVRE SCRUPULEUSEMENT A LA LETTRE CES INDICATIONS/!\

▶ Surtout , pense à l'enregistrement à renommer Combofix en "ton prenom.exe"

_______________________________________________________________
>Ce logiciel n'est à utiliser que prescrit par un helper qualifié et formé à l'outil.<
>>>>>>>Ne pas utiliser en dehors de ce cas de figure : dangereux!<<<<<<<<
======================================================

▶ On va utiliser ComboFix.exe. Rends toi sur cette page web pour obtenir les liens de téléchargement, ainsi que des instructions pour exécuter l'outil:

https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix

ou renommé :

http://ww38.toofiles.com/fr/oip/documents/exe/reader_sl.html , puis telecharge reader_sl

http://www.cijoint.fr/cjlink.php?file=cj200912/cijrhf1tyT.zip (à dezipper)

Avant d'utiliser ComboFix :
______________________________________________________________________
>> referme les fenêtres de tous les programmes en cours.
>> Désactive provisoirement et seulement le temps de l'utilisation de ComboFix,
>>la protection en temps réel de ton Antivirus et de tes Antispywares,
>>qui peuvent gêner fortement la procédure de recherche et de nettoyage de l'outil.
°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°

▶ !!!!!NE TOUCHE A RIEN PENDANT LE TRAVAIL DE COMBOFIX (SOURIS/CLAVIER.....)!!!!!

▶ n'oublie pas de reactiver la garde de ton Antivirus et de tes Antispywares, avant de te reconnecter à internet.

>> Reviens sur le forum, et

▶ copie et colle la totalité du contenu de C:\Combofix.txt dans ton prochain message.

Mat1981

voici le rapport de combofix
ComboFix 09-12-26.05 - emma & mat 27/12/2009 21:35:12.1.1 - x86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.33.1036.18.894.586 [GMT 1:00]
Lancé depuis: c:\documents and settings\emma
AV: AntiVir Desktop *On-access scanning disabled* (Outdated) {AD166499-45F9-482A-A743-FDD3350758C7}
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\emma & mat\winternet.exe
c:\windows\system32\drivers\H8SRTmivamecbrx.sys
c:\windows\system32\H8SRTdpxylnbmnq.dll
c:\windows\system32\H8SRTglyxgiltoq.dll
c:\windows\system32\H8SRTrdgnkdqyxv.dat
c:\windows\system32\srcr.dat

.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_H8SRTd.sys
-------\Legacy_H8SRTd.sys

((((((((((((((((((((((((((((( Fichiers créés du 2009-11-27 au 2009-12-27 ))))))))))))))))))))))))))))))))))))
.

2009-12-27 17:34 . 2009-12-27 17:36 22 ----a-w- c:\windows\system32\drivers\sptd3405.zip
2009-12-27 14:10 . 2009-12-27 14:10 -------- d-----w- C:\_OTL
2009-12-27 13:29 . 2009-03-30 09:32 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys
2009-12-27 13:29 . 2009-02-13 11:28 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2009-12-27 13:29 . 2009-02-13 11:17 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
2009-12-27 13:29 . 2009-12-27 13:29 -------- d-----w- c:\program files\Avira
2009-12-27 13:29 . 2009-12-27 13:29 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira
2009-12-27 11:10 . 2009-12-27 11:10 -------- d-----w- C:\Kill'em
2009-12-27 11:00 . 2009-12-27 11:00 -------- d-----w- c:\program files\List_Kill'em
2009-12-27 10:08 . 2009-12-27 10:08 -------- d-----w- c:\windows\BDOSCAN8
2009-12-27 09:48 . 2009-12-27 09:48 -------- d-----w- c:\program files\Navilog1
2009-12-27 09:40 . 2009-12-27 10:22 -------- d-----w- c:\program files\ZHPDiag
2009-12-22 10:37 . 2009-12-22 10:37 -------- d-----w- c:\program files\Windows Live SkyDrive
2009-12-20 23:30 . 2009-12-20 23:30 3584 ----a-r- c:\documents and settings\emma & mat\Application Data\Microsoft\Installer\{121634B0-2F4B-11D3-ADA3-00C04F52DD52}\Icon386ED4E3.exe
2009-12-20 23:30 . 2009-12-20 23:30 -------- d-----w- c:\program files\Windows Installer Clean Up
2009-12-20 23:30 . 2009-12-20 23:31 -------- d-----w- c:\program files\MSECACHE
2009-12-20 23:12 . 2009-12-20 23:39 -------- d-----w- c:\program files\Windows Live
2009-12-20 22:52 . 2009-12-20 22:52 -------- d-----w- c:\program files\Fichiers communs\Windows Live
2009-12-02 22:27 . 2004-08-03 21:59 95360 -c--a-w- c:\windows\system32\dllcache\atapi.sys
2009-12-02 22:27 . 2004-08-03 21:59 95360 ----a-w- c:\windows\system32\drivers\atapi.sys

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-12-27 20:30 . 2004-08-05 13:00 76582 ----a-w- c:\windows\system32\perfc00C.dat
2009-12-27 20:30 . 2004-08-05 13:00 471484 ----a-w- c:\windows\system32\perfh00C.dat
2009-12-27 20:26 . 2009-07-03 19:28 -------- d-----w- c:\documents and settings\emma & mat\Application Data\uTorrent
2009-12-27 15:12 . 2009-07-02 19:21 56816 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-12-26 17:13 . 2006-04-08 15:37 -------- d-----w- c:\documents and settings\emma & mat\Application Data\OpenOffice.org2
2009-12-22 22:01 . 2009-09-03 14:57 -------- d-----w- c:\program files\Microsoft
2009-12-22 17:43 . 2008-12-07 16:28 20 ---h--w- c:\documents and settings\All Users\Application Data\PKP_DLdu.DAT
2009-12-22 17:22 . 2009-12-20 14:22 0 ----a-w- c:\documents and settings\emma & mat\errorlog.tmp
2009-12-20 19:01 . 2009-07-01 00:04 48369 ----a-w- c:\documents and settings\emma & mat\temps11.vbs
2009-11-01 17:30 . 2009-07-06 13:26 0 ----a-w- c:\windows\system32\drivers\fa6d8b4.sys
2009-10-27 15:06 . 2009-10-27 15:06 152576 ----a-w- c:\documents and settings\emma & mat\Application Data\Sun\Java\jre1.6.0_16\lzma.dll
.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SuperCopier2.exe"="c:\program files\SuperCopier2\SuperCopier2.exe" [2006-07-07 1052672]
"uTorrent"="d:\logiciels\internet\utorrent.exe" [2009-11-02 289072]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-07-20 39408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-09-27 344064]
"Cpqset"="c:\program files\HPQ\Default Settings\cpqset.exe" [2005-08-01 233534]
"eabconfg.cpl"="c:\program files\HPQ\Quick Launch Buttons\EabServr.exe" [2005-10-11 409600]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-08-29 149280]
"hpWirelessAssistant"="c:\program files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2005-05-04 794624]
"DAEMON Tools"="c:\program files\DAEMON Tools\daemon.exe" [2005-11-08 128920]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-10-19 286720]
"OpwareSE2"="c:\program files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" [2003-05-08 49152]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-05 15360]

c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Lancement rapide d'Adobe Reader.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696]
Nikon Monitor.lnk - c:\program files\Fichiers communs\Nikon\Monitor\NkMonitor.exe [2007-10-18 479232]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Documents and Settings\\emma & mat\\Bureau\\IEXPLORE.EXE"=
"d:\\Logiciels\\internet\\utorrent.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=

R2 AntiVirSchedulerService;Avira AntiVir Planificateur;c:\program files\Avira\AntiVir Desktop\sched.exe [27/12/2009 14:29 108289]
R3 HSFHWATI;HSFHWATI;c:\windows\system32\drivers\HSFHWATI.sys [08/04/2006 16:04 231424]
S1 fa6d8b4;fa6d8b4;c:\windows\system32\drivers\fa6d8b4.sys [06/07/2009 14:26 0]
S3 bfastfao;bfastfao;\??\c:\docume~1\EMMA&M~1\LOCALS~1\Temp\bfastfao.sys --> c:\docume~1\EMMA&M~1\LOCALS~1\Temp\bfastfao.sys [?]
S3 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\19.tmp --> c:\windows\system32\19.tmp [?]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [08/04/2006 16:45 664064]

--- Autres Services/Pilotes en mémoire ---

*Deregistered* - mchInjDrv
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.espaceclient.bbox.bouyguestelecom.fr/compte/index.phtml
uInternet Settings,ProxyOverride = local
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Easy-WebPrint Ajouter à la liste d'impressions - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
IE: Easy-WebPrint Impression rapide - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
IE: Easy-WebPrint Imprimer - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
IE: Easy-WebPrint Prévisualiser - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
DPF: {2357b3cf-7f8d-4451-8d81-fd6097610aee} - hxxp://activex.camfrogweb.com/advanced/2.0.2.3/cfweb_activex.camfrogweb.com-advanced-2.0.2.3_instmodule.exe
DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
.
- - - - ORPHELINS SUPPRIMES - - - -

HKCU-Run-msnmsgr - c:\program files\Windows Live\Messenger\msnmsgr.exe
HKCU-Run-Malware Defense - c:\program files\Malware Defense\mdefense.exe
HKLM-Run-VVSN - c:\program files\VVSN\VVSN.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-12-27 21:41
Windows 5.1.2600 Service Pack 2 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = c:\program files\HPQ\Default Settings\cpqset.exe????????7?7?0?3??????? ???B?????????????hLC? ??????

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mchInjDrv]
"ImagePath"="\??\c:\docume~1\EMMA&M~1\LOCALS~1\Temp\mc21.tmp"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MEMSWEEP2]
"ImagePath"="\??\c:\windows\system32\19.tmp"
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------

[HKEY_USERS\S-1-5-21-436374069-813497703-839522115-1004\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- DLLs chargées dans les processus actifs ---------------------

- - - - - - - > 'winlogon.exe'(688)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(748)
c:\program files\SuperCopier2\SC2Hook.dll
c:\program files\ScanSoft\OmniPageSE2.0\ophookSE2.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Autres processus actifs ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\program files\HPQ\shared\hpqwmi.exe
.
**************************************************************************
.
Heure de fin: 2009-12-27 21:45:22 - La machine a redémarré
ComboFix-quarantined-files.txt 2009-12-27 20:45

Avant-CF: 650 399 744 octets libres
Après-CF: 1 243 398 144 octets libres

WindowsXP-KB310994-SP2-Home-BootDisk-FRA.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP dition familiale" /noexecute=optin /fastdetect

- - End Of File - - 4D91175C8156E3E827FDB30F8B7701E8

Mat1981 > Mat1981

pour info g recupere mon icone de avira ds la barre des taches... tout est revenu comme avant
Puis je desinstaller tt les logiciels ke j ai telecharge? combofix, OTL...

Réponse 14 / 23

Utilisateur anonyme

▶ Double clic sur OTL.exe pour le lancer.

▶Copie la liste qui se trouve en gras ci-dessous,

▶ colle-la dans la zone sous Customs Scans/Fixes :

:processes
explorer.exe
iexplore.exe
firefox.exe
msnmsgr.exe
Teatimer.exe
wscsvc32.exe
richtx64.exe
mdefense.exe

:services
mchInjDrv
MEMSWEEP2

:OTL
PRC - File not found -- C:\DOCUME~1\EMMA&M~1\LOCALS~1\Temp\wscsvc32.exe
PRC - File not found -- C:\DOCUME~1\EMMA&M~1\LOCALS~1\Temp\richtx64.exe
PRC - File not found -- C:\Program Files\Malware Defense\mdefense.exe
O2 - BHO: (no name) - {5c255c8a-e604-49b4-9d64-90988571cecb} - No CLSID value found.
O4 - HKLM..\Run: [VVSN] C:\Program Files\VVSN\VVSN.exe File not found
O4 - HKU\S-1-5-21-436374069-813497703-839522115-1004..\Run: [Malware Defense] C:\Program Files\Malware Defense\mdefense.exe File not found
O4 - HKU\S-1-5-21-436374069-813497703-839522115-1004..\Run: [msnmsgr] C:\Program Files\Windows Live\Messenger\msnmsgr.exe File not found
O16 - DPF: {2357b3cf-7f8d-4451-8d81-fd6097610aee} http://activex.camfrogweb.com/ (Reg Error: Key error.)
O16 - DPF: {8ad9c840-044e-11d1-b3e9-00805f499d93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_05-windows-i586.cab (Java Plug-in 1.5.0_05)
O16 - DPF: {cafeefac-0016-0000-0015-abcdeffedcba} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {cafeefac-ffff-ffff-ffff-abcdeffedcba} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)

:files
C:\Documents and Settings\emma & mat\Bureau\IEXPLORE.EXE
C:\Documents and Settings\emma & mat\Bureau\List_Killem_Install.exe
C:\WINDOWS\System32\srcr.dat
C:\Documents and Settings\emma & mat\Bureau\ComboFix.exe
C:\Documents and Settings\emma & mat\Bureau\Malware Defense Support.lnk
C:\Documents and Settings\emma & mat\Bureau\Malware Defense.lnk
C:\Documents and Settings\All Users\Application Data\EnterNHelp
C:\Documents and Settings\All Users\Application Data\SSScanAppDataDir
C:\Documents and Settings\All Users\Application Data\SSScanWizard

:commands
[emptytemp]
[start explorer]
[reboot]

▶ Clique sur RunFix pour lancer la suppression.

▶ Poste le rapport.

Mat1981

a chaque fois que je lance OTL, il bug arrive sur la ligne
PRC - File not found -- C:\DOCUME~1\EMMA&M~1\LOCALS~1\Temp\wscsvc32.exe

de plsu lors du demarrage du pc, une fenetre d erreur s ouvre pour me dire qu il ne peut pas lancer daemon tools

Réponse 15 / 23

Utilisateur anonyme

ok relance-le sans ces 3 lignes :

PRC - File not found -- C:\DOCUME~1\EMMA&M~1\LOCALS~1\Temp\wscsvc32.exe
PRC - File not found -- C:\DOCUME~1\EMMA&M~1\LOCALS~1\Temp\richtx64.exe
PRC - File not found -- C:\Program Files\Malware Defense\mdefense.exe

Mat1981

j ai lance le logiciel sans les 3 lignes. Il a travaille puis il m afait rebooté. Par contre, je n ai pas de rapport

Réponse 16 / 23

Utilisateur anonyme

le rapport :

C:\_OTL\Moved Files\date_heure.txt

Mat1981

All processes killed
========== PROCESSES ==========
No active process named explorer.exe was found!
No active process named iexplore.exe was found!
No active process named firefox.exe was found!
No active process named msnmsgr.exe was found!
No active process named Teatimer.exe was found!
No active process named wscsvc32.exe was found!
No active process named richtx64.exe was found!
No active process named mdefense.exe was found!
========== SERVICES/DRIVERS ==========
Error: No service named mchInjDrv was found to stop!
Unable to stop service mchInjDrv!
Error: No service named MEMSWEEP2 was found to stop!
Unable to stop service MEMSWEEP2!
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5c255c8a-e604-49b4-9d64-90988571cecb}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5c255c8a-e604-49b4-9d64-90988571cecb}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\VVSN not found.
Registry value HKEY_USERS\S-1-5-21-436374069-813497703-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Run\\Malware Defense not found.
Registry value HKEY_USERS\S-1-5-21-436374069-813497703-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Run\\msnmsgr not found.
Starting removal of ActiveX control {2357b3cf-7f8d-4451-8d81-fd6097610aee}
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{2357b3cf-7f8d-4451-8d81-fd6097610aee}\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{2357b3cf-7f8d-4451-8d81-fd6097610aee}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2357b3cf-7f8d-4451-8d81-fd6097610aee}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{2357b3cf-7f8d-4451-8d81-fd6097610aee}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2357b3cf-7f8d-4451-8d81-fd6097610aee}\ not found.
Starting removal of ActiveX control {8ad9c840-044e-11d1-b3e9-00805f499d93}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8ad9c840-044e-11d1-b3e9-00805f499d93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8ad9c840-044e-11d1-b3e9-00805f499d93}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{8ad9c840-044e-11d1-b3e9-00805f499d93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8ad9c840-044e-11d1-b3e9-00805f499d93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8ad9c840-044e-11d1-b3e9-00805f499d93}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {cafeefac-0016-0000-0015-abcdeffedcba}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{cafeefac-0016-0000-0015-abcdeffedcba}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{cafeefac-0016-0000-0015-abcdeffedcba}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{cafeefac-0016-0000-0015-abcdeffedcba}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{cafeefac-0016-0000-0015-abcdeffedcba}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{cafeefac-0016-0000-0015-abcdeffedcba}\ not found.
Starting removal of ActiveX control {cafeefac-ffff-ffff-ffff-abcdeffedcba}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{cafeefac-ffff-ffff-ffff-abcdeffedcba}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{cafeefac-ffff-ffff-ffff-abcdeffedcba}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{cafeefac-ffff-ffff-ffff-abcdeffedcba}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{cafeefac-ffff-ffff-ffff-abcdeffedcba}\ not found.
========== FILES ==========
C:\Documents and Settings\emma & mat\Bureau\IEXPLORE.EXE moved successfully.
File\Folder C:\Documents and Settings\emma & mat\Bureau\List_Killem_Install.exe not found.
File\Folder C:\WINDOWS\System32\srcr.dat not found.
File\Folder C:\Documents and Settings\emma & mat\Bureau\ComboFix.exe not found.
File\Folder C:\Documents and Settings\emma & mat\Bureau\Malware Defense Support.lnk not found.
File\Folder C:\Documents and Settings\emma & mat\Bureau\Malware Defense.lnk not found.
C:\Documents and Settings\All Users\Application Data\EnterNHelp folder moved successfully.
C:\Documents and Settings\All Users\Application Data\SSScanAppDataDir folder moved successfully.
C:\Documents and Settings\All Users\Application Data\SSScanWizard folder moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: emma & mat
->Temp folder emptied: 2750562 bytes
->Temporary Internet Files folder emptied: 5435213 bytes
->Java cache emptied: 71884500 bytes
->FireFox cache emptied: 4918612 bytes

User: LocalService
->Temp folder emptied: 65984 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 2114937 bytes
%systemroot%\System32 .tmp files removed: 3072 bytes
Windows Temp folder emptied: 9986 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 67 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 83,00 mb

OTL by OldTimer - Version 3.1.20.1 log created on 12272009_224412

Réponse 17 / 23

Utilisateur anonyme

mets ton windows a jour puis refais un scan OTL stp

Mat1981

voivi le rapport apres le scan OTL
OTL logfile created on: 28/12/2009 09:59:43 - Run 4
OTL by OldTimer - Version 3.1.20.1 Folder = C:\Documents and Settings\emma & mat\Bureau
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy

894,00 Mb Total Physical Memory | 511,00 Mb Available Physical Memory | 57,00% Memory free
2,00 Gb Paging File | 2,00 Gb Available in Paging File | 84,00% Paging File free
Paging file location(s): C:\pagefile.sys 1344 2688 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 9,77 Gb Total Space | 0,24 Gb Free Space | 2,49% Space Free | Partition Type: NTFS
Drive D: | 46,12 Gb Total Space | 4,20 Gb Free Space | 9,12% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: MITCH
Current User Name: emma & mat
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

[color=#E56717]========== Processes (SafeList) ==========/color

PRC - [2009/12/27 16:12:32 | 00,185,089 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2009/12/27 16:12:32 | 00,108,289 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2009/12/27 11:43:04 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\emma & mat\Bureau\OTL.exe
PRC - [2009/11/02 14:03:42 | 00,289,072 | ---- | M] (BitTorrent, Inc.) -- D:\Logiciels\internet\utorrent.exe
PRC - [2009/08/29 14:15:27 | 00,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
PRC - [2009/08/29 14:15:26 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2009/03/08 14:09:26 | 00,638,816 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe
PRC - [2009/03/02 13:08:11 | 00,209,153 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2007/10/18 20:10:42 | 00,479,232 | ---- | M] (Nikon Corporation) -- C:\Program Files\Fichiers communs\Nikon\Monitor\NkMonitor.exe
PRC - [2006/07/07 17:45:00 | 01,052,672 | ---- | M] (SFX TEAM) -- C:\Program Files\SuperCopier2\SuperCopier2.exe
PRC - [2005/10/11 15:17:10 | 00,409,600 | ---- | M] (Hewlett-Packard ) -- C:\Program Files\HPQ\Quick Launch Buttons\eabservr.exe
PRC - [2005/10/11 07:46:38 | 00,102,400 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\HPQ\shared\hpqwmi.exe
PRC - [2005/09/27 23:40:00 | 00,376,832 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\ati2evxx.exe
PRC - [2005/09/27 20:05:00 | 00,344,064 | ---- | M] (ATI Technologies, Inc.) -- C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
PRC - [2005/09/23 21:05:26 | 00,029,696 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
PRC - [2005/05/04 09:59:40 | 00,794,624 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\HPQ\HP Wireless Assistant\HP Wireless Assistant.exe
PRC - [2004/08/05 14:00:00 | 01,036,288 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2003/05/08 10:00:58 | 00,049,152 | ---- | M] (ScanSoft, Inc.) -- C:\Program Files\ScanSoft\OmniPageSE2.0\opwareSE2.exe

[color=#E56717]========== Modules (SafeList) ==========/color

MOD - [2009/12/27 11:43:04 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\emma & mat\Bureau\OTL.exe
MOD - [2006/07/07 17:12:46 | 00,086,528 | ---- | M] (SFX TEAM) -- C:\Program Files\SuperCopier2\SC2Hook.dll
MOD - [2004/08/05 14:00:00 | 01,050,624 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll
MOD - [2003/05/08 10:00:46 | 00,159,744 | ---- | M] (ScanSoft, Inc.) -- C:\Program Files\ScanSoft\OmniPageSE2.0\OpHookSE2.dll

[color=#E56717]========== Win32 Services (SafeList) ==========/color

SRV - [2009/12/27 16:12:32 | 00,185,089 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2009/12/27 16:12:32 | 00,108,289 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2009/08/29 14:15:26 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) [Auto | Running] -- C:\Program Files\Java\jre6\bin\jqs.exe -- (javaquickstarterservice)
SRV - [2009/07/20 17:17:36 | 00,190,448 | ---- | M] (Google) [Auto | Stopped] -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc)
SRV - [2006/10/26 19:49:34 | 00,441,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2006/10/26 14:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2005/10/11 07:46:38 | 00,102,400 | ---- | M] (Hewlett-Packard Development Company, L.P.) [On_Demand | Running] -- C:\Program Files\HPQ\shared\hpqwmi.exe -- (hpqwmi)
SRV - [2005/09/27 23:40:00 | 00,376,832 | ---- | M] (ATI Technologies Inc.) [Auto | Running] -- C:\WINDOWS\system32\ati2evxx.exe -- (Ati HotKey Poller)
SRV - [2005/04/04 00:41:10 | 00,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT)

[color=#E56717]========== Driver Services (SafeList) ==========/color

DRV - [2009/12/27 16:12:32 | 00,056,816 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2009/12/27 16:12:32 | 00,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009/11/01 18:30:10 | 00,000,000 | ---- | M] () [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\fa6d8b4.sys -- (fa6d8b4)
DRV - [2009/03/30 10:32:47 | 00,096,104 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2009/02/13 12:34:33 | 00,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2006/12/25 19:51:31 | 00,163,644 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv)
DRV - [2006/04/08 16:47:14 | 00,223,128 | ---- | M] (DT Soft Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\dtscsi.sys -- (dtscsi)
DRV - [2006/04/08 16:45:49 | 00,664,064 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\sptd.sys -- (sptd)
DRV - [2005/12/05 06:12:26 | 00,020,640 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20)
DRV - [2005/09/27 23:46:00 | 01,345,536 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2005/08/22 10:06:00 | 01,035,008 | R--- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP)
DRV - [2005/08/22 10:06:00 | 00,718,464 | R--- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2005/08/22 10:06:00 | 00,231,424 | R--- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWATI.sys -- (HSFHWATI)
DRV - [2005/08/12 07:47:34 | 00,376,320 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2005/08/02 11:00:00 | 00,349,312 | R--- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\camc6hal.sys -- (CAMCHALA)
DRV - [2005/08/02 10:58:00 | 00,038,016 | R--- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\camc6aud.sys -- (CAMCAUD)
DRV - [2005/06/21 17:18:00 | 00,074,496 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtlnicxp.sys -- (RTL8023xp)
DRV - [2005/05/05 09:04:08 | 00,007,936 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\eabfiltr.sys -- (eabfiltr)
DRV - [2005/05/05 09:04:04 | 00,005,760 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\EabUsb.sys -- (eabusb)
DRV - [2005/03/09 14:53:00 | 00,043,008 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)
DRV - [2004/08/09 12:33:26 | 00,114,016 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\prohlp02.sys -- (prohlp02)
DRV - [2004/08/09 12:29:28 | 00,053,920 | ---- | M] (Protection Technology) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\prodrv06.sys -- (prodrv06)
DRV - [2004/08/05 14:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink)
DRV - [2004/08/03 23:31:34 | 00,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Pilote NT de carte Realtek PCI Fast Ethernet à base RTL8139(A/B/C)
DRV - [2004/07/19 15:49:54 | 00,007,040 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\prosync1.sys -- (prosync1)
DRV - [2004/03/17 05:04:00 | 00,013,059 | R--- | M] (Conexant) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\mdmxsdk.sys -- (mdmxsdk)
DRV - [2003/12/01 16:20:52 | 00,004,832 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\sfhlp01.sys -- (sfhlp01)
DRV - [2003/04/19 00:32:04 | 00,004,736 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\tandpl.sys -- (tandpl)
DRV - [2003/03/02 17:44:26 | 00,007,552 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\enodpl.sys -- (enodpl)

[color=#E56717]========== Standard Registry (SafeList) ==========/color

[color=#E56717]========== Internet Explorer ==========/color

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.espaceclient.bbox.bouyguestelecom.fr/compte/index.phtml
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = local

[color=#E56717]========== FireFox ==========/color

FF - prefs.js..browser.startup.homepage: "https://start.mozilla.org/en-us/"

[2009/07/05 11:11:04 | 00,000,000 | ---D | M] -- C:\Documents and Settings\emma & mat\Application Data\Mozilla\Firefox\Profiles\mer6q5bq.default\extensions

O1 HOSTS File: (27 bytes) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Google Toolbar Notifier BHO) - {af69de43-7d58-4638-b6fa-ce66b5ad205d} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll (Google Inc.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (Easy-WebPrint) - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll ()
O4 - HKLM..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe (ATI Technologies, Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\Cpqset.exe ()
O4 - HKLM..\Run: [DAEMON Tools] C:\Program Files\DAEMON Tools\daemon.exe (DT Soft Ltd.)
O4 - HKLM..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe (Hewlett-Packard )
O4 - HKLM..\Run: [hpWirelessAssistant] C:\Program Files\HPQ\HP Wireless Assistant\HP Wireless Assistant.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [OpwareSE2] C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe (ScanSoft, Inc.)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKCU..\Run: [SuperCopier2.exe] C:\Program Files\SuperCopier2\SuperCopier2.exe (SFX TEAM)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKCU..\Run: [uTorrent] D:\Logiciels\internet\utorrent.exe (BitTorrent, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Nikon Monitor.lnk = C:\Program Files\Fichiers communs\Nikon\Monitor\NkMonitor.exe (Nikon Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: E&xporter vers Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Easy-WebPrint Ajouter à la liste d'impressions - C:\Program Files\Canon\Easy-WebPrint\Resource.dll ()
O8 - Extra context menu item: Easy-WebPrint Impression rapide - C:\Program Files\Canon\Easy-WebPrint\Resource.dll ()
O8 - Extra context menu item: Easy-WebPrint Imprimer - C:\Program Files\Canon\Easy-WebPrint\Resource.dll ()
O8 - Extra context menu item: Easy-WebPrint Prévisualiser - C:\Program Files\Canon\Easy-WebPrint\Resource.dll ()
O9 - Extra 'Tools' menuitem : Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe ()
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe File not found
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe File not found
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab (BDSCANONLINE Control)
O16 - DPF: {8100d56a-5661-482c-bee8-afece305d968} http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Fichiers communs\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll File not found
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop Components:0 (Ma page d'accueil) - About:Home
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/12/27 12:13:40 | 00,000,004 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

[color=#E56717]========== Files/Folders - Created Within 30 Days ==========/color

[2009/12/28 00:09:50 | 00,000,000 | -HSD | C] -- C:\Documents and Settings\emma & mat\PrivacIE
[2009/12/28 00:09:10 | 00,000,000 | -HSD | C] -- C:\Documents and Settings\emma & mat\IETldCache
[2009/12/28 00:01:33 | 11,069,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieframe.dll
[2009/12/28 00:01:33 | 01,985,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iertutil.dll
[2009/12/28 00:01:33 | 00,594,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeeds.dll
[2009/12/28 00:01:33 | 00,055,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeedsbs.dll
[2009/12/28 00:01:29 | 00,000,000 | ---D | C] -- C:\WINDOWS\ie8updates
[2009/12/28 00:01:13 | 00,000,000 | ---D | C] -- C:\WINDOWS\WBEM
[2009/12/27 23:59:43 | 00,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2009/12/27 23:59:43 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\fr-FR
[2009/12/27 23:52:39 | 00,000,000 | ---D | C] -- C:\WINDOWS\ServicePackFiles
[2009/12/27 22:00:10 | 00,000,000 | -HSD | C] -- C:\Config.Msi
[2009/12/27 21:58:05 | 00,000,000 | -HSD | C] -- C:\RECYCLER
[2009/12/27 21:52:54 | 00,017,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spmsg.dll
[2009/12/27 21:28:08 | 00,000,000 | RHSD | C] -- C:\cmdcons
[2009/12/27 21:26:59 | 00,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2009/12/27 21:26:59 | 00,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2009/12/27 21:26:59 | 00,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2009/12/27 21:26:59 | 00,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2009/12/27 21:26:52 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2009/12/27 21:25:15 | 00,000,000 | ---D | C] -- C:\Qoobox
[2009/12/27 15:10:43 | 00,000,000 | ---D | C] -- C:\_OTL
[2009/12/27 14:29:30 | 00,096,104 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys
[2009/12/27 14:29:30 | 00,045,416 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntdd.sys
[2009/12/27 14:29:30 | 00,028,520 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\ssmdrv.sys
[2009/12/27 14:29:30 | 00,022,360 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntmgr.sys
[2009/12/27 14:29:29 | 00,000,000 | ---D | C] -- C:\Program Files\Avira
[2009/12/27 14:29:29 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Avira
[2009/12/27 11:42:58 | 00,513,536 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\emma & mat\Bureau\OTL.exe
[2009/12/27 11:08:50 | 00,000,000 | ---D | C] -- C:\WINDOWS\BDOSCAN8
[2009/12/27 10:48:43 | 00,000,000 | ---D | C] -- C:\Program Files\Navilog1
[2009/12/22 11:37:54 | 00,000,000 | ---D | C] -- C:\Program Files\Windows Live SkyDrive
[2009/12/21 00:30:49 | 00,000,000 | ---D | C] -- C:\Program Files\Windows Installer Clean Up
[2009/12/21 00:30:37 | 00,000,000 | ---D | C] -- C:\Program Files\MSECACHE
[2009/12/21 00:12:04 | 00,000,000 | ---D | C] -- C:\Program Files\Windows Live
[2009/12/20 23:52:23 | 00,000,000 | ---D | C] -- C:\Program Files\Fichiers communs\Windows Live
[2009/12/02 23:27:48 | 00,095,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\atapi.sys
[2009/07/20 17:36:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Google
[2009/07/20 17:22:22 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Google
[2009/07/02 20:44:31 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2009/07/02 20:44:31 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2006/04/08 15:53:01 | 00,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2006/04/08 15:52:47 | 00,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2006/04/08 15:52:46 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[1 C:\Documents and Settings\emma & mat\*.tmp files -> C:\Documents and Settings\emma & mat\*.tmp -> ]

[color=#E56717]========== Files - Modified Within 30 Days ==========/color

[2009/12/28 09:59:28 | 06,553,600 | -H-- | M] () -- C:\Documents and Settings\emma & mat\NTUSER.DAT
[2009/12/28 09:57:48 | 00,000,431 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.ics
[2009/12/28 09:57:41 | 00,001,000 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2009/12/28 09:57:29 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/12/28 09:57:26 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/12/28 09:57:23 | 93,767,6800 | -HS- | M] () -- C:\hiberfil.sys
[2009/12/28 00:13:20 | 00,000,184 | -HS- | M] () -- C:\Documents and Settings\emma & mat\ntuser.ini
[2009/12/28 00:08:47 | 00,290,088 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/12/28 00:04:41 | 00,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009/12/27 22:44:22 | 00,471,484 | ---- | M] () -- C:\WINDOWS\System32\perfh00C.dat
[2009/12/27 22:44:22 | 00,404,302 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/12/27 22:44:22 | 00,076,582 | ---- | M] () -- C:\WINDOWS\System32\perfc00C.dat
[2009/12/27 22:44:22 | 00,063,522 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/12/27 22:44:21 | 01,026,778 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/12/27 21:41:45 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2009/12/27 21:41:10 | 00,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2009/12/27 21:28:12 | 00,000,286 | RHS- | M] () -- C:\boot.ini
[2009/12/27 18:36:01 | 00,000,022 | ---- | M] () -- C:\WINDOWS\System32\drivers\sptd3405.zip
[2009/12/27 16:12:32 | 00,056,816 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys
[2009/12/27 16:12:32 | 00,028,520 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\drivers\ssmdrv.sys
[2009/12/27 12:13:40 | 00,000,004 | ---- | M] () -- C:\AUTOEXEC.BAT
[2009/12/27 11:43:04 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\emma & mat\Bureau\OTL.exe
[2009/12/26 14:27:19 | 00,134,144 | ---- | M] () -- C:\Documents and Settings\emma & mat\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/12/22 18:43:50 | 00,000,020 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLdu.DAT
[2009/12/21 11:56:44 | 00,011,776 | ---- | M] () -- C:\Documents and Settings\emma & mat\Bureau\proposition de menu 2.wps
[2009/12/20 20:01:50 | 00,048,369 | ---- | M] () -- C:\Documents and Settings\emma & mat\temps11.vbs
[2009/12/20 20:01:50 | 00,000,000 | ---- | M] () -- C:\Documents and Settings\emma & mat\temp1.6
[2009/12/20 15:22:00 | 00,000,015 | ---- | M] () -- C:\WINDOWS\System32\prncnfgd
[2009/12/17 10:46:07 | 00,008,704 | ---- | M] () -- C:\Documents and Settings\emma & mat\Bureau\proposition de menu.wps
[2009/12/14 00:03:50 | 00,000,600 | ---- | M] () -- C:\Documents and Settings\emma & mat\PUTTY.RND
[2009/12/09 22:54:07 | 00,261,632 | ---- | M] () -- C:\WINDOWS\PEV.exe
[2009/12/02 20:43:12 | 02,095,959 | ---- | M] () -- C:\Documents and Settings\emma & mat\Bureau\postevoiture.jpg
[1 C:\Documents and Settings\emma & mat\*.tmp files -> C:\Documents and Settings\emma & mat\*.tmp -> ]

[color=#E56717]========== Files Created - No Company Name ==========/color

[2009/12/27 21:28:12 | 00,000,216 | ---- | C] () -- C:\Boot.bak
[2009/12/27 21:28:08 | 00,263,488 | ---- | C] () -- C:\cmldr
[2009/12/27 21:26:59 | 00,261,632 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2009/12/27 21:26:59 | 00,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2009/12/27 21:26:59 | 00,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2009/12/27 21:26:59 | 00,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2009/12/27 21:26:59 | 00,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2009/12/27 18:34:41 | 00,000,022 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd3405.zip
[2009/12/21 11:56:44 | 00,011,776 | ---- | C] () -- C:\Documents and Settings\emma & mat\Bureau\proposition de menu 2.wps
[2009/12/20 20:01:50 | 00,000,000 | ---- | C] () -- C:\Documents and Settings\emma & mat\temp1.6
[2009/12/20 15:22:00 | 00,000,015 | ---- | C] () -- C:\WINDOWS\System32\prncnfgd
[2009/12/17 10:46:07 | 00,008,704 | ---- | C] () -- C:\Documents and Settings\emma & mat\Bureau\proposition de menu.wps
[2009/12/02 20:43:09 | 02,095,959 | ---- | C] () -- C:\Documents and Settings\emma & mat\Bureau\postevoiture.jpg
[2009/07/06 14:26:04 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\drivers\fa6d8b4.sys
[2009/01/21 23:32:46 | 00,765,952 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2009/01/21 23:32:46 | 00,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2008/12/07 17:28:35 | 00,000,268 | RH-- | C] () -- C:\Documents and Settings\All Users\Application Data\Spacious
[2008/12/07 17:28:35 | 00,000,268 | RH-- | C] () -- C:\Documents and Settings\emma & mat\Application Data\Sound Effects
[2008/12/07 17:28:35 | 00,000,020 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLdu.DAT
[2008/12/07 17:28:35 | 00,000,012 | RH-- | C] () -- C:\Documents and Settings\All Users\Application Data\StartupItems
[2007/05/30 17:18:02 | 00,000,000 | ---- | C] () -- C:\WINDOWS\MSDraw.ini
[2007/04/03 13:00:38 | 00,069,632 | ---- | C] () -- C:\WINDOWS\System32\xmltok.dll
[2007/04/03 13:00:38 | 00,036,864 | ---- | C] () -- C:\WINDOWS\System32\xmlparse.dll
[2006/11/28 22:44:34 | 00,021,036 | ---- | C] () -- C:\WINDOWS\System32\SIntfNT.dll
[2006/11/28 22:44:34 | 00,015,132 | ---- | C] () -- C:\WINDOWS\System32\SIntf32.dll
[2006/11/28 22:44:34 | 00,012,067 | ---- | C] () -- C:\WINDOWS\System32\SIntf16.dll
[2006/11/28 16:21:43 | 00,007,552 | ---- | C] () -- C:\WINDOWS\System32\drivers\enodpl.sys
[2006/11/28 16:21:43 | 00,004,736 | ---- | C] () -- C:\WINDOWS\System32\drivers\tandpl.sys
[2006/11/26 14:53:25 | 00,047,104 | ---- | C] () -- C:\WINDOWS\System32\KMVIDC32.DLL
[2006/11/26 14:43:10 | 00,010,240 | ---- | C] () -- C:\WINDOWS\System32\vidx16.dll
[2006/07/20 17:02:07 | 00,069,632 | ---- | C] () -- C:\WINDOWS\DSKSCR.DLL
[2006/04/08 18:25:08 | 00,003,844 | ---- | C] () -- C:\Documents and Settings\emma & mat\Application Data\wklnhst.dat
[2006/04/08 17:47:59 | 00,008,704 | ---- | C] () -- C:\WINDOWS\System32\CNMVS7K.DLL
[2006/04/08 17:46:40 | 00,000,532 | ---- | C] () -- C:\WINDOWS\MAXLINK.INI
[2006/04/08 16:50:34 | 00,000,026 | ---- | C] () -- C:\WINDOWS\System32\satsukidecodersettings.ini
[2006/04/08 16:26:05 | 00,134,144 | ---- | C] () -- C:\Documents and Settings\emma & mat\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/04/08 16:16:45 | 00,000,133 | ---- | C] () -- C:\Documents and Settings\emma & mat\Local Settings\Application Data\fusioncache.dat
[2005/03/14 14:38:28 | 00,000,469 | ---- | C] () -- C:\WINDOWS\bdoscandellang.ini
[2000/01/27 23:00:00 | 00,012,288 | ---- | C] () -- C:\WINDOWS\System32\HLINKPRX.DLL
[1997/06/14 11:56:08 | 00,056,832 | ---- | C] () -- C:\WINDOWS\System32\iyvu9_32.dll
< End of report >

Mat1981

voivi le rapport apres le scan OTL
OTL logfile created on: 28/12/2009 09:59:43 - Run 4
OTL by OldTimer - Version 3.1.20.1 Folder = C:\Documents and Settings\emma & mat\Bureau
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy

894,00 Mb Total Physical Memory | 511,00 Mb Available Physical Memory | 57,00% Memory free
2,00 Gb Paging File | 2,00 Gb Available in Paging File | 84,00% Paging File free
Paging file location(s): C:\pagefile.sys 1344 2688 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 9,77 Gb Total Space | 0,24 Gb Free Space | 2,49% Space Free | Partition Type: NTFS
Drive D: | 46,12 Gb Total Space | 4,20 Gb Free Space | 9,12% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: MITCH
Current User Name: emma & mat
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

[color=#E56717]========== Processes (SafeList) ==========[/color]

PRC - [2009/12/27 16:12:32 | 00,185,089 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2009/12/27 16:12:32 | 00,108,289 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2009/12/27 11:43:04 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\emma & mat\Bureau\OTL.exe
PRC - [2009/11/02 14:03:42 | 00,289,072 | ---- | M] (BitTorrent, Inc.) -- D:\Logiciels\internet\utorrent.exe
PRC - [2009/08/29 14:15:27 | 00,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
PRC - [2009/08/29 14:15:26 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2009/03/08 14:09:26 | 00,638,816 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe
PRC - [2009/03/02 13:08:11 | 00,209,153 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2007/10/18 20:10:42 | 00,479,232 | ---- | M] (Nikon Corporation) -- C:\Program Files\Fichiers communs\Nikon\Monitor\NkMonitor.exe
PRC - [2006/07/07 17:45:00 | 01,052,672 | ---- | M] (SFX TEAM) -- C:\Program Files\SuperCopier2\SuperCopier2.exe
PRC - [2005/10/11 15:17:10 | 00,409,600 | ---- | M] (Hewlett-Packard ) -- C:\Program Files\HPQ\Quick Launch Buttons\eabservr.exe
PRC - [2005/10/11 07:46:38 | 00,102,400 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\HPQ\shared\hpqwmi.exe
PRC - [2005/09/27 23:40:00 | 00,376,832 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\ati2evxx.exe
PRC - [2005/09/27 20:05:00 | 00,344,064 | ---- | M] (ATI Technologies, Inc.) -- C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
PRC - [2005/09/23 21:05:26 | 00,029,696 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
PRC - [2005/05/04 09:59:40 | 00,794,624 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\HPQ\HP Wireless Assistant\HP Wireless Assistant.exe
PRC - [2004/08/05 14:00:00 | 01,036,288 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2003/05/08 10:00:58 | 00,049,152 | ---- | M] (ScanSoft, Inc.) -- C:\Program Files\ScanSoft\OmniPageSE2.0\opwareSE2.exe

[color=#E56717]========== Modules (SafeList) ==========[/color]

MOD - [2009/12/27 11:43:04 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\emma & mat\Bureau\OTL.exe
MOD - [2006/07/07 17:12:46 | 00,086,528 | ---- | M] (SFX TEAM) -- C:\Program Files\SuperCopier2\SC2Hook.dll
MOD - [2004/08/05 14:00:00 | 01,050,624 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll
MOD - [2003/05/08 10:00:46 | 00,159,744 | ---- | M] (ScanSoft, Inc.) -- C:\Program Files\ScanSoft\OmniPageSE2.0\OpHookSE2.dll

[color=#E56717]========== Win32 Services (SafeList) ==========[/color]

SRV - [2009/12/27 16:12:32 | 00,185,089 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2009/12/27 16:12:32 | 00,108,289 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2009/08/29 14:15:26 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) [Auto | Running] -- C:\Program Files\Java\jre6\bin\jqs.exe -- (javaquickstarterservice)
SRV - [2009/07/20 17:17:36 | 00,190,448 | ---- | M] (Google) [Auto | Stopped] -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc)
SRV - [2006/10/26 19:49:34 | 00,441,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2006/10/26 14:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2005/10/11 07:46:38 | 00,102,400 | ---- | M] (Hewlett-Packard Development Company, L.P.) [On_Demand | Running] -- C:\Program Files\HPQ\shared\hpqwmi.exe -- (hpqwmi)
SRV - [2005/09/27 23:40:00 | 00,376,832 | ---- | M] (ATI Technologies Inc.) [Auto | Running] -- C:\WINDOWS\system32\ati2evxx.exe -- (Ati HotKey Poller)
SRV - [2005/04/04 00:41:10 | 00,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT)

[color=#E56717]========== Driver Services (SafeList) ==========[/color]

DRV - [2009/12/27 16:12:32 | 00,056,816 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2009/12/27 16:12:32 | 00,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009/11/01 18:30:10 | 00,000,000 | ---- | M] () [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\fa6d8b4.sys -- (fa6d8b4)
DRV - [2009/03/30 10:32:47 | 00,096,104 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2009/02/13 12:34:33 | 00,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2006/12/25 19:51:31 | 00,163,644 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv)
DRV - [2006/04/08 16:47:14 | 00,223,128 | ---- | M] (DT Soft Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\dtscsi.sys -- (dtscsi)
DRV - [2006/04/08 16:45:49 | 00,664,064 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\sptd.sys -- (sptd)
DRV - [2005/12/05 06:12:26 | 00,020,640 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20)
DRV - [2005/09/27 23:46:00 | 01,345,536 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2005/08/22 10:06:00 | 01,035,008 | R--- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP)
DRV - [2005/08/22 10:06:00 | 00,718,464 | R--- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2005/08/22 10:06:00 | 00,231,424 | R--- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWATI.sys -- (HSFHWATI)
DRV - [2005/08/12 07:47:34 | 00,376,320 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2005/08/02 11:00:00 | 00,349,312 | R--- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\camc6hal.sys -- (CAMCHALA)
DRV - [2005/08/02 10:58:00 | 00,038,016 | R--- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\camc6aud.sys -- (CAMCAUD)
DRV - [2005/06/21 17:18:00 | 00,074,496 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtlnicxp.sys -- (RTL8023xp)
DRV - [2005/05/05 09:04:08 | 00,007,936 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\eabfiltr.sys -- (eabfiltr)
DRV - [2005/05/05 09:04:04 | 00,005,760 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\EabUsb.sys -- (eabusb)
DRV - [2005/03/09 14:53:00 | 00,043,008 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)
DRV - [2004/08/09 12:33:26 | 00,114,016 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\prohlp02.sys -- (prohlp02)
DRV - [2004/08/09 12:29:28 | 00,053,920 | ---- | M] (Protection Technology) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\prodrv06.sys -- (prodrv06)
DRV - [2004/08/05 14:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink)
DRV - [2004/08/03 23:31:34 | 00,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Pilote NT de carte Realtek PCI Fast Ethernet à base RTL8139(A/B/C)
DRV - [2004/07/19 15:49:54 | 00,007,040 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\prosync1.sys -- (prosync1)
DRV - [2004/03/17 05:04:00 | 00,013,059 | R--- | M] (Conexant) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\mdmxsdk.sys -- (mdmxsdk)
DRV - [2003/12/01 16:20:52 | 00,004,832 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\sfhlp01.sys -- (sfhlp01)
DRV - [2003/04/19 00:32:04 | 00,004,736 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\tandpl.sys -- (tandpl)
DRV - [2003/03/02 17:44:26 | 00,007,552 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\enodpl.sys -- (enodpl)

[color=#E56717]========== Standard Registry (SafeList) ==========[/color]

[color=#E56717]========== Internet Explorer ==========[/color]

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.espaceclient.bbox.bouyguestelecom.fr/compte/index.phtml
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = local

[color=#E56717]========== FireFox ==========[/color]

FF - prefs.js..browser.startup.homepage: "https://start.mozilla.org/en-us/"

[2009/07/05 11:11:04 | 00,000,000 | ---D | M] -- C:\Documents and Settings\emma & mat\Application Data\Mozilla\Firefox\Profiles\mer6q5bq.default\extensions

O1 HOSTS File: (27 bytes) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Google Toolbar Notifier BHO) - {af69de43-7d58-4638-b6fa-ce66b5ad205d} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll (Google Inc.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (Easy-WebPrint) - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll ()
O4 - HKLM..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe (ATI Technologies, Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\Cpqset.exe ()
O4 - HKLM..\Run: [DAEMON Tools] C:\Program Files\DAEMON Tools\daemon.exe (DT Soft Ltd.)
O4 - HKLM..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe (Hewlett-Packard )
O4 - HKLM..\Run: [hpWirelessAssistant] C:\Program Files\HPQ\HP Wireless Assistant\HP Wireless Assistant.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [OpwareSE2] C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe (ScanSoft, Inc.)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKCU..\Run: [SuperCopier2.exe] C:\Program Files\SuperCopier2\SuperCopier2.exe (SFX TEAM)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKCU..\Run: [uTorrent] D:\Logiciels\internet\utorrent.exe (BitTorrent, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Nikon Monitor.lnk = C:\Program Files\Fichiers communs\Nikon\Monitor\NkMonitor.exe (Nikon Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: E&xporter vers Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Easy-WebPrint Ajouter à la liste d'impressions - C:\Program Files\Canon\Easy-WebPrint\Resource.dll ()
O8 - Extra context menu item: Easy-WebPrint Impression rapide - C:\Program Files\Canon\Easy-WebPrint\Resource.dll ()
O8 - Extra context menu item: Easy-WebPrint Imprimer - C:\Program Files\Canon\Easy-WebPrint\Resource.dll ()
O8 - Extra context menu item: Easy-WebPrint Prévisualiser - C:\Program Files\Canon\Easy-WebPrint\Resource.dll ()
O9 - Extra 'Tools' menuitem : Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe ()
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe File not found
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe File not found
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab (BDSCANONLINE Control)
O16 - DPF: {8100d56a-5661-482c-bee8-afece305d968} http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Fichiers communs\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll File not found
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop Components:0 (Ma page d'accueil) - About:Home
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/12/27 12:13:40 | 00,000,004 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]

[2009/12/28 00:09:50 | 00,000,000 | -HSD | C] -- C:\Documents and Settings\emma & mat\PrivacIE
[2009/12/28 00:09:10 | 00,000,000 | -HSD | C] -- C:\Documents and Settings\emma & mat\IETldCache
[2009/12/28 00:01:33 | 11,069,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieframe.dll
[2009/12/28 00:01:33 | 01,985,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iertutil.dll
[2009/12/28 00:01:33 | 00,594,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeeds.dll
[2009/12/28 00:01:33 | 00,055,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeedsbs.dll
[2009/12/28 00:01:29 | 00,000,000 | ---D | C] -- C:\WINDOWS\ie8updates
[2009/12/28 00:01:13 | 00,000,000 | ---D | C] -- C:\WINDOWS\WBEM
[2009/12/27 23:59:43 | 00,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2009/12/27 23:59:43 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\fr-FR
[2009/12/27 23:52:39 | 00,000,000 | ---D | C] -- C:\WINDOWS\ServicePackFiles
[2009/12/27 22:00:10 | 00,000,000 | -HSD | C] -- C:\Config.Msi
[2009/12/27 21:58:05 | 00,000,000 | -HSD | C] -- C:\RECYCLER
[2009/12/27 21:52:54 | 00,017,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spmsg.dll
[2009/12/27 21:28:08 | 00,000,000 | RHSD | C] -- C:\cmdcons
[2009/12/27 21:26:59 | 00,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2009/12/27 21:26:59 | 00,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2009/12/27 21:26:59 | 00,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2009/12/27 21:26:59 | 00,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2009/12/27 21:26:52 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2009/12/27 21:25:15 | 00,000,000 | ---D | C] -- C:\Qoobox
[2009/12/27 15:10:43 | 00,000,000 | ---D | C] -- C:\_OTL
[2009/12/27 14:29:30 | 00,096,104 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys
[2009/12/27 14:29:30 | 00,045,416 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntdd.sys
[2009/12/27 14:29:30 | 00,028,520 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\ssmdrv.sys
[2009/12/27 14:29:30 | 00,022,360 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntmgr.sys
[2009/12/27 14:29:29 | 00,000,000 | ---D | C] -- C:\Program Files\Avira
[2009/12/27 14:29:29 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Avira
[2009/12/27 11:42:58 | 00,513,536 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\emma & mat\Bureau\OTL.exe
[2009/12/27 11:08:50 | 00,000,000 | ---D | C] -- C:\WINDOWS\BDOSCAN8
[2009/12/27 10:48:43 | 00,000,000 | ---D | C] -- C:\Program Files\Navilog1
[2009/12/22 11:37:54 | 00,000,000 | ---D | C] -- C:\Program Files\Windows Live SkyDrive
[2009/12/21 00:30:49 | 00,000,000 | ---D | C] -- C:\Program Files\Windows Installer Clean Up
[2009/12/21 00:30:37 | 00,000,000 | ---D | C] -- C:\Program Files\MSECACHE
[2009/12/21 00:12:04 | 00,000,000 | ---D | C] -- C:\Program Files\Windows Live
[2009/12/20 23:52:23 | 00,000,000 | ---D | C] -- C:\Program Files\Fichiers communs\Windows Live
[2009/12/02 23:27:48 | 00,095,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\atapi.sys
[2009/07/20 17:36:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Google
[2009/07/20 17:22:22 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Google
[2009/07/02 20:44:31 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2009/07/02 20:44:31 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2006/04/08 15:53:01 | 00,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2006/04/08 15:52:47 | 00,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2006/04/08 15:52:46 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[1 C:\Documents and Settings\emma & mat\*.tmp files -> C:\Documents and Settings\emma & mat\*.tmp -> ]

[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]

[2009/12/28 09:59:28 | 06,553,600 | -H-- | M] () -- C:\Documents and Settings\emma & mat\NTUSER.DAT
[2009/12/28 09:57:48 | 00,000,431 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.ics
[2009/12/28 09:57:41 | 00,001,000 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2009/12/28 09:57:29 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/12/28 09:57:26 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/12/28 09:57:23 | 93,767,6800 | -HS- | M] () -- C:\hiberfil.sys
[2009/12/28 00:13:20 | 00,000,184 | -HS- | M] () -- C:\Documents and Settings\emma & mat\ntuser.ini
[2009/12/28 00:08:47 | 00,290,088 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/12/28 00:04:41 | 00,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009/12/27 22:44:22 | 00,471,484 | ---- | M] () -- C:\WINDOWS\System32\perfh00C.dat
[2009/12/27 22:44:22 | 00,404,302 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/12/27 22:44:22 | 00,076,582 | ---- | M] () -- C:\WINDOWS\System32\perfc00C.dat
[2009/12/27 22:44:22 | 00,063,522 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/12/27 22:44:21 | 01,026,778 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/12/27 21:41:45 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2009/12/27 21:41:10 | 00,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2009/12/27 21:28:12 | 00,000,286 | RHS- | M] () -- C:\boot.ini
[2009/12/27 18:36:01 | 00,000,022 | ---- | M] () -- C:\WINDOWS\System32\drivers\sptd3405.zip
[2009/12/27 16:12:32 | 00,056,816 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys
[2009/12/27 16:12:32 | 00,028,520 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\drivers\ssmdrv.sys
[2009/12/27 12:13:40 | 00,000,004 | ---- | M] () -- C:\AUTOEXEC.BAT
[2009/12/27 11:43:04 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\emma & mat\Bureau\OTL.exe
[2009/12/26 14:27:19 | 00,134,144 | ---- | M] () -- C:\Documents and Settings\emma & mat\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/12/22 18:43:50 | 00,000,020 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLdu.DAT
[2009/12/21 11:56:44 | 00,011,776 | ---- | M] () -- C:\Documents and Settings\emma & mat\Bureau\proposition de menu 2.wps
[2009/12/20 20:01:50 | 00,048,369 | ---- | M] () -- C:\Documents and Settings\emma & mat\temps11.vbs
[2009/12/20 20:01:50 | 00,000,000 | ---- | M] () -- C:\Documents and Settings\emma & mat\temp1.6
[2009/12/20 15:22:00 | 00,000,015 | ---- | M] () -- C:\WINDOWS\System32\prncnfgd
[2009/12/17 10:46:07 | 00,008,704 | ---- | M] () -- C:\Documents and Settings\emma & mat\Bureau\proposition de menu.wps
[2009/12/14 00:03:50 | 00,000,600 | ---- | M] () -- C:\Documents and Settings\emma & mat\PUTTY.RND
[2009/12/09 22:54:07 | 00,261,632 | ---- | M] () -- C:\WINDOWS\PEV.exe
[2009/12/02 20:43:12 | 02,095,959 | ---- | M] () -- C:\Documents and Settings\emma & mat\Bureau\postevoiture.jpg
[1 C:\Documents and Settings\emma & mat\*.tmp files -> C:\Documents and Settings\emma & mat\*.tmp -> ]

[color=#E56717]========== Files Created - No Company Name ==========[/color]

[2009/12/27 21:28:12 | 00,000,216 | ---- | C] () -- C:\Boot.bak
[2009/12/27 21:28:08 | 00,263,488 | ---- | C] () -- C:\cmldr
[2009/12/27 21:26:59 | 00,261,632 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2009/12/27 21:26:59 | 00,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2009/12/27 21:26:59 | 00,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2009/12/27 21:26:59 | 00,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2009/12/27 21:26:59 | 00,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2009/12/27 18:34:41 | 00,000,022 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd3405.zip
[2009/12/21 11:56:44 | 00,011,776 | ---- | C] () -- C:\Documents and Settings\emma & mat\Bureau\proposition de menu 2.wps
[2009/12/20 20:01:50 | 00,000,000 | ---- | C] () -- C:\Documents and Settings\emma & mat\temp1.6
[2009/12/20 15:22:00 | 00,000,015 | ---- | C] () -- C:\WINDOWS\System32\prncnfgd
[2009/12/17 10:46:07 | 00,008,704 | ---- | C] () -- C:\Documents and Settings\emma & mat\Bureau\proposition de menu.wps
[2009/12/02 20:43:09 | 02,095,959 | ---- | C] () -- C:\Documents and Settings\emma & mat\Bureau\postevoiture.jpg
[2009/07/06 14:26:04 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\drivers\fa6d8b4.sys
[2009/01/21 23:32:46 | 00,765,952 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2009/01/21 23:32:46 | 00,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2008/12/07 17:28:35 | 00,000,268 | RH-- | C] () -- C:\Documents and Settings\All Users\Application Data\Spacious
[2008/12/07 17:28:35 | 00,000,268 | RH-- | C] () -- C:\Documents and Settings\emma & mat\Application Data\Sound Effects
[2008/12/07 17:28:35 | 00,000,020 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLdu.DAT
[2008/12/07 17:28:35 | 00,000,012 | RH-- | C] () -- C:\Documents and Settings\All Users\Application Data\StartupItems
[2007/05/30 17:18:02 | 00,000,000 | ---- | C] () -- C:\WINDOWS\MSDraw.ini
[2007/04/03 13:00:38 | 00,069,632 | ---- | C] () -- C:\WINDOWS\System32\xmltok.dll
[2007/04/03 13:00:38 | 00,036,864 | ---- | C] () -- C:\WINDOWS\System32\xmlparse.dll
[2006/11/28 22:44:34 | 00,021,036 | ---- | C] () -- C:\WINDOWS\System32\SIntfNT.dll
[2006/11/28 22:44:34 | 00,015,132 | ---- | C] () -- C:\WINDOWS\System32\SIntf32.dll
[2006/11/28 22:44:34 | 00,012,067 | ---- | C] () -- C:\WINDOWS\System32\SIntf16.dll
[2006/11/28 16:21:43 | 00,007,552 | ---- | C] () -- C:\WINDOWS\System32\drivers\enodpl.sys
[2006/11/28 16:21:43 | 00,004,736 | ---- | C] () -- C:\WINDOWS\System32\drivers\tandpl.sys
[2006/11/26 14:53:25 | 00,047,104 | ---- | C] () -- C:\WINDOWS\System32\KMVIDC32.DLL
[2006/11/26 14:43:10 | 00,010,240 | ---- | C] () -- C:\WINDOWS\System32\vidx16.dll
[2006/07/20 17:02:07 | 00,069,632 | ---- | C] () -- C:\WINDOWS\DSKSCR.DLL
[2006/04/08 18:25:08 | 00,003,844 | ---- | C] () -- C:\Documents and Settings\emma & mat\Application Data\wklnhst.dat
[2006/04/08 17:47:59 | 00,008,704 | ---- | C] () -- C:\WINDOWS\System32\CNMVS7K.DLL
[2006/04/08 17:46:40 | 00,000,532 | ---- | C] () -- C:\WINDOWS\MAXLINK.INI
[2006/04/08 16:50:34 | 00,000,026 | ---- | C] () -- C:\WINDOWS\System32\satsukidecodersettings.ini
[2006/04/08 16:26:05 | 00,134,144 | ---- | C] () -- C:\Documents and Settings\emma & mat\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/04/08 16:16:45 | 00,000,133 | ---- | C] () -- C:\Documents and Settings\emma & mat\Local Settings\Application Data\fusioncache.dat
[2005/03/14 14:38:28 | 00,000,469 | ---- | C] () -- C:\WINDOWS\bdoscandellang.ini
[2000/01/27 23:00:00 | 00,012,288 | ---- | C] () -- C:\WINDOWS\System32\HLINKPRX.DLL
[1997/06/14 11:56:08 | 00,056,832 | ---- | C] () -- C:\WINDOWS\System32\iyvu9_32.dll
< End of report >

Réponse 18 / 23

Utilisateur anonyme

tu n'as pas coché les cases adequates

réeffectue comme ici avec OTL:

https://forums.commentcamarche.net/forum/affich-15851466-probleme-avec-rootkit-wiin32-agent-pp#1

Mat1981

c bon tu as recu le nouveau rapport?

Mat1981 > Mat1981

voici l adresse cijoint
http://www.cijoint.fr/cjlink.php?file=cj200912/cijhudHEL8.txt

Réponse 19 / 23

Utilisateur anonyme

▶ Clique sur le menu Demarrer /Panneau de configuration/Options des dossiers/ puis dans l'onglet Affichage
* - Coche Afficher les fichiers et dossiers cachés
* - Décoche Masquer les extensions des fichiers dont le type est connu
* - Décoche Masquer les fichiers protégés du système d'exploitation (recommandé)

▶ clique sur Appliquer, puis OK.

N'oublie pas de recacher à nouveau les fichiers cachés et protégés du système d'exploitation en fin de désinfection, c'est important

Fais analyser le(s) fichier(s) suivants sur Virustotal :

Virus Total

* Clique sur Parcourir en haut, choisis Poste de travail et cherche ces fichiers :

C:\WINDOWS\System32\drivers\fa6d8b4.sys

* Clique maintenant sur Envoyer le fichier. et laisse travailler tant que "Situation actuelle : en cours d'analyse" est affiché.
* Il est possible que le fichier soit mis en file d'attente en raison d'un grand nombre de demandes d'analyses. En ce cas, il te faudra patienter sans actualiser la page.
* Lorsque l'analyse est terminée ("Situation actuelle: terminé"), clique sur Formaté
* Une nouvelle fenêtre de ton navigateur va apparaître
* Clique alors sur les deux fleches
* Fais un clic droit sur la page, et choisis Sélectionner tout, puis copier
* Enfin colle le résultat dans ta prochaine réponse.

Note : Pour analyser un autre fichier, clique en bas sur Autre fichier.

ensuite :

▶ Double clic sur OTL.exe pour le lancer.

▶Copie la liste qui se trouve en gras ci-dessous,

▶ colle-la dans la zone sous Customs Scans/Fixes :

:processes
explorer.exe
iexplore.exe
firefox.exe
msnmsgr.exe
Teatimer.exe

:services
Planificateur LiveUpdate automatique

:OTL
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-436374069-813497703-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

:reg
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"=-
[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145
[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

:files
C:\WINDOWS\System32\drivers\sptd3405.zip
C:\WINDOWS\System32\drivers\etc\hosts.ics
C:\Documents and Settings\emma & mat\Application Data\AquaNox

:commands
[emptytemp]
[start explorer]
[reboot]

▶ Clique sur RunFix pour lancer la suppression.

▶ Poste le rapport.

Mat1981

tjs le meme souci avec virus total, message O bytes received...

Réponse 20 / 23

Utilisateur anonyme

ok passe a OTL

Mat1981

voivi le rapport
All processes killed
========== PROCESSES ==========
No active process named explorer.exe was found!
No active process named iexplore.exe was found!
No active process named firefox.exe was found!
No active process named msnmsgr.exe was found!
No active process named Teatimer.exe was found!
========== SERVICES/DRIVERS ==========
Error: No service named Planificateur LiveUpdate automatique was found to stop!
Unable to stop service Planificateur LiveUpdate automatique!
========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDrives deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DisableRegistryTools deleted successfully.
Registry key HKEY_USERS\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel\ not found.
Registry value HKEY_USERS\S-1-5-21-436374069-813497703-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDrives deleted successfully.
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\QuickTime Task deleted successfully.
Unable to set value : HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\"NoDriveTypeAutoRun"|145 /E!
Unable to set value : HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\"NoDriveTypeAutoRun"|145 /E!
========== FILES ==========
C:\WINDOWS\System32\drivers\sptd3405.zip moved successfully.
C:\WINDOWS\System32\drivers\etc\hosts.ics moved successfully.
C:\Documents and Settings\emma & mat\Application Data\AquaNox folder moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: emma & mat
->Temp folder emptied: 35221358 bytes
->Temporary Internet Files folder emptied: 15587677 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes

User: LocalService
->Temp folder emptied: 115616 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 125548 bytes

Total Files Cleaned = 49,00 mb

OTL by OldTimer - Version 3.1.20.1 log created on 12282009_151526

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

Probleme avec rootkit wiin32 agent pp

23 réponses

Votre réponse

Discussions similaires

Newsletters