Infection security tool

olive84 -  
jlpjlp Messages postés 52399 Statut Contributeur sécurité -
Bonjour,
je viens d'etre infecter par le virus security tools mais etant assez novice en informatique je ne sais pas comment faire est ce que qqn pourrais me venir en aide.
Pitié c'est vraiment urgent je ne sais aucunement comment m'y prendre merci a vous .
A voir également:

37 réponses

Précédent
  • 1
  • 2
Réponse 21 / 37
olive84
 
Voila le lien
http://www.cijoint.fr/cjlink.php?file=cj201002/cijaMre5RE.txt

Merci de m'aider
0
Réponse 22 / 37
jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 040
 
* Fait un double-clic sur l'icône d'OTL pour le lancer
/!\ pour Vista/Seven fais un clic-droit sur l'icône d'OTL et choisis "Exécuter en tant qu'administrateur"

* Assure toi d'avoir fermé toutes les applications en court de fonctionnement.

* Quand la fenêtre d'OTL apparaît, assure toi que dans la section "Output" (en haut à droite) la case "minimal Output" soit cochée.

* Copies et colles le contenue de cette citation dans la partie inférieure d'OTL "Custom scan/fixes"



:files
C:\Documents and Settings\All Users\Application Data\53089429\53089429.exe
C:\Documents and Settings\Chantal\Menu Démarrer\Programmes\Démarrage\winesm32.exe
C:\Documents and Settings\Chantal\Bureau\Security Tool.lnk
C:\Documents and Settings\All Users\Application Data\53089429
:reg
MountPoints2\{b01ba108-4231-11de-9773-003005d8231f}\Shell\open\Command - "" = h3.bat
MountPoints2\{b01ba108-4231-11de-9773-003005d8231f}\Shell\explore\Command - "" = h3.bat



* Cliques sur l'icône "Run Fix" (en haut à gauche) .
* Laisse le scan aller à son terme sans te servir du PC
* A la fin du scan un ou deux rapports vont s'ouvrir "OTL.Txt" et ( ou ) "Extras.Txt"( dans certains cas).
* Copie et colle le ou les rapports dans ta réponse stp...
* Au cas où, tu peux les retrouver dans le dossier C:\OTL ou sur ton bureau en fonction des cas rencontrés
0
Réponse 23 / 37
olive84
 
Alors deja merci grace a toi j'ai reussis a endiguer un peu le virus j'ai repris le controle ne pouvant plus accéder a unternet il y a eu un bug internet bref j'ai lancer malwarbytes qui a fait un rapport et j'ai suivis les etapes etc maintenant je te passes les rapports OTL.Txt et ensite extras.TXT


OTL logfile created on: 26/02/2010 21:54:52 - Run 1
OTL by OldTimer - Version 3.1.30.3 Folder = C:\Documents and Settings\Chantal\Bureau
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy

2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 71,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 87,00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 111,79 Gb Total Space | 29,48 Gb Free Space | 26,37% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: NOM-A3B76CFC09D
Current User Name: Chantal
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

[color=#E56717]========== Processes (SafeList) ==========[/color]

PRC - [2010/02/26 21:49:12 | 000,549,888 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Chantal\Bureau\OTL.exe
PRC - [2010/02/26 14:27:00 | 001,040,384 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\53089429\53089429.exe
PRC - [2010/02/19 08:29:30 | 000,908,248 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2009/11/12 16:33:10 | 000,141,600 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunesHelper.exe
PRC - [2009/11/12 16:33:00 | 000,545,568 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe
PRC - [2009/08/28 19:42:54 | 000,144,672 | ---- | M] (Apple Inc.) -- C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2009/06/27 18:00:04 | 000,066,864 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
PRC - [2009/05/19 10:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
PRC - [2008/12/29 11:40:30 | 000,687,560 | ---- | M] (DT Soft Ltd) -- C:\Program Files\DAEMON Tools Lite\daemon.exe
PRC - [2008/12/12 11:17:38 | 000,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
PRC - [2008/11/26 18:18:51 | 000,081,000 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashDisp.exe
PRC - [2008/11/26 18:18:46 | 000,155,160 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe
PRC - [2008/11/26 18:18:32 | 000,254,040 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
PRC - [2008/11/26 18:16:23 | 000,352,920 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
PRC - [2008/11/26 18:12:08 | 000,018,752 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
PRC - [2008/08/14 16:15:46 | 002,407,184 | ---- | M] () -- C:\Program Files\Logitech\QuickCam\Quickcam.exe
PRC - [2008/08/14 16:11:48 | 000,565,008 | ---- | M] () -- C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe
PRC - [2008/08/14 16:11:14 | 000,447,248 | ---- | M] (Logitech Inc.) -- C:\Program Files\Fichiers communs\LogiShrd\LQCVFX\COCIManager.exe
PRC - [2008/07/26 07:25:36 | 000,150,040 | ---- | M] (Logitech Inc.) -- C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe
PRC - [2008/07/26 07:23:42 | 000,186,904 | ---- | M] (Logitech Inc.) -- C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
PRC - [2008/04/14 03:34:03 | 001,037,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/07/12 03:00:36 | 000,132,496 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
PRC - [2007/07/01 14:34:04 | 000,068,856 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2006/11/04 18:39:08 | 001,119,888 | ---- | M] (Symantec Corporation) -- C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
PRC - [2006/09/06 18:13:28 | 000,151,552 | ---- | M] () -- C:\Program Files\Power Manager\PM.exe
PRC - [2006/09/05 19:29:50 | 000,139,264 | ---- | M] () -- C:\Program Files\Hotkey Management\FuncKey.exe
PRC - [2006/08/31 17:26:04 | 000,995,328 | ---- | M] () -- C:\Program Files\AVC Finger-sensing Pad Driver\fscp.exe
PRC - [2006/08/23 13:05:12 | 000,520,704 | ---- | M] () -- C:\Program Files\AVC Finger-sensing Pad Driver\fspadsvr.exe
PRC - [2006/08/16 09:42:00 | 000,143,426 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe
PRC - [2006/07/21 15:56:00 | 016,261,632 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\RTHDCPL.exe
PRC - [2005/04/15 15:13:00 | 000,045,056 | ---- | M] (Cyberlink Corp.) -- C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
PRC - [2003/06/19 22:25:00 | 000,322,120 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE


[color=#E56717]========== Modules (SafeList) ==========[/color]

MOD - [2010/02/26 21:49:12 | 000,549,888 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Chantal\Bureau\OTL.exe


[color=#E56717]========== Win32 Services (SafeList) ==========[/color]

SRV - File not found [Auto | Stopped] -- -- (Planificateur LiveUpdate automatique)
SRV - [2009/12/27 13:20:08 | 000,135,664 | ---- | M] (Google Inc.) [Auto | Stopped] -- C:\Program Files\Google\Update\GoogleUpdate.exe -- (gupdate) Service Google Update (gupdate)
SRV - [2009/11/12 16:33:00 | 000,545,568 | ---- | M] (Apple Inc.) [On_Demand | Running] -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service)
SRV - [2009/08/28 19:42:54 | 000,144,672 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2009/08/05 22:48:42 | 000,704,864 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Live\Family Safety\fsssvc.exe -- (fsssvc)
SRV - [2009/05/19 10:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)
SRV - [2009/03/24 18:33:39 | 000,183,280 | ---- | M] (Google) [Auto | Stopped] -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc)
SRV - [2008/12/12 11:17:38 | 000,238,888 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service)
SRV - [2008/11/26 18:18:46 | 000,155,160 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast4\ashServ.exe -- (avast! Antivirus)
SRV - [2008/11/26 18:18:32 | 000,254,040 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe -- (avast! Mail Scanner)
SRV - [2008/11/26 18:16:23 | 000,352,920 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe -- (avast! Web Scanner)
SRV - [2008/11/26 18:12:08 | 000,018,752 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe -- (aswUpdSv)
SRV - [2008/07/26 07:25:36 | 000,150,040 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv)
SRV - [2008/07/26 07:23:42 | 000,186,904 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe -- (LVCOMSer)
SRV - [2006/11/04 18:39:08 | 001,119,888 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe -- (Symantec Core LC)
SRV - [2006/08/23 13:05:12 | 000,520,704 | ---- | M] () [Auto | Running] -- C:\Program Files\AVC Finger-sensing Pad Driver\fspadsvr.exe -- (FspadSvc)
SRV - [2006/08/16 09:42:00 | 000,143,426 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\WINDOWS\system32\nvsvc32.exe -- (NVSvc)
SRV - [2003/06/19 22:25:00 | 000,322,120 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE -- (MDM)


[color=#E56717]========== Driver Services (SafeList) ==========[/color]

DRV - [2009/09/25 17:42:38 | 000,043,528 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20)
DRV - [2009/08/28 19:42:52 | 000,040,448 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbaapl.sys -- (USBAAPL)
DRV - [2009/08/05 22:48:42 | 000,054,752 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\fssfltr_tdi.sys -- (fssfltr)
DRV - [2009/05/18 14:17:00 | 000,026,600 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV - [2009/05/09 00:14:20 | 000,014,736 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nuidfltr.sys -- (NuidFltr)
DRV - [2009/02/20 20:44:35 | 000,717,296 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2008/11/26 18:18:18 | 000,094,032 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2008/11/26 18:17:36 | 000,111,184 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aswSP.sys -- (aswSP)
DRV - [2008/11/26 18:17:25 | 000,020,560 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2008/11/26 18:16:38 | 000,050,864 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2008/11/26 18:16:29 | 000,023,152 | ---- | M] (ALWIL Software) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2008/11/26 18:15:35 | 000,026,944 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2008/07/26 16:26:22 | 000,041,752 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LVUSBSta.sys -- (LVUSBSta)
DRV - [2008/07/26 16:22:34 | 002,570,520 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LV302V32.SYS -- (PID_PEPI) Logitech QuickCam IM(PID_PEPI)
DRV - [2008/07/26 07:25:02 | 000,025,624 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LVPr2Mon.sys -- (LVPr2Mon)
DRV - [2008/04/13 19:56:49 | 000,012,800 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usb8023.sys -- (USB_RNDIS_51)
DRV - [2008/04/13 17:36:05 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2007/11/13 11:25:54 | 000,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv)
DRV - [2007/07/11 15:51:48 | 000,019,840 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgusbdiag.sys -- (UsbDiag)
DRV - [2007/07/11 10:45:00 | 000,021,632 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgusbmodem.sys -- (USBModem)
DRV - [2007/07/11 10:40:18 | 000,012,416 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgusbbus.sys -- (usbbus)
DRV - [2006/11/04 18:39:08 | 000,010,344 | ---- | M] (Symantec Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\symlcbrd.sys -- (symlcbrd)
DRV - [2006/09/01 11:14:10 | 000,022,912 | ---- | M] (Asia Vital Components Co.,Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\fspad.sys -- (fspad)
DRV - [2006/08/16 09:42:00 | 003,687,008 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2006/07/24 15:15:00 | 004,353,024 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.Sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2006/07/03 16:11:20 | 000,217,600 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sis163u.sys -- (SIS163u)
DRV - [2006/06/18 22:38:18 | 000,043,520 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)
DRV - [2006/05/09 15:20:40 | 000,013,184 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2006/05/09 15:20:38 | 000,034,176 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
DRV - [2006/03/07 04:49:36 | 000,011,136 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvsmu.sys -- (nvsmu)
DRV - [2006/02/07 20:28:08 | 000,935,424 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSX_DPV.sys -- (HSF_DPV)
DRV - [2006/02/07 20:27:30 | 000,196,608 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSXHWAZL.sys -- (HSXHWAZL)
DRV - [2006/02/07 20:27:24 | 000,672,256 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSX_CNXT.sys -- (winachsf)
DRV - [2005/11/23 10:12:12 | 000,092,672 | ---- | M] (VIA Technologies inc,.ltd) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\viamraid.sys -- (viamraid)
DRV - [2005/10/12 12:07:12 | 000,874,240 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\iaStor.sys -- (iaStor)
DRV - [2005/10/04 23:57:08 | 000,012,544 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\mdmxsdk.sys -- (mdmxsdk)
DRV - [2005/09/09 17:56:14 | 000,006,144 | ---- | M] (http://www.internals.com) [Kernel | System | Running] -- C:\WINDOWS\system32\WinIo.sys -- (WINIO)
DRV - [2005/08/18 16:52:08 | 000,077,056 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\nvraid.sys -- (nvraid)
DRV - [2005/08/18 16:52:06 | 000,093,568 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\nvatabus.sys -- (nvatabus)
DRV - [2005/05/16 14:26:49 | 000,066,560 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\sfvfs02.sys -- (sfvfs02) StarForce Protection VFS Driver (version 2.x)
DRV - [2005/05/16 14:23:38 | 000,019,968 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\sfsync02.sys -- (sfsync02) StarForce Protection Synchronization Driver (version 2.x)
DRV - [2005/05/16 14:20:39 | 000,006,656 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\sfhlp02.sys -- (sfhlp02) StarForce Protection Helper Driver (version 2.x)
DRV - [2005/05/16 14:15:58 | 000,048,640 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\sfdrv01.sys -- (sfdrv01) StarForce Protection Environment Driver (version 1.x)
DRV - [2005/01/11 16:58:48 | 000,030,976 | ---- | M] (Silicon Integrated Systems Corp) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\SiSRaid2.sys -- (SiSRaid2)
DRV - [2004/08/05 13:00:00 | 000,017,792 | ---- | M] (Parallel Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink)
DRV - [2001/08/23 16:20:50 | 000,006,912 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\serscan.sys -- (StillCam)


[color=#E56717]========== Standard Registry (SafeList) ==========[/color]


[color=#E56717]========== Internet Explorer ==========[/color]

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = https://fr.yahoo.com/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/toolbar/ie8/sidebar.html
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/toolbar/ie8/sidebar.html
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/toolbar/ie8/sidebar.html


IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-3763117635-1304649363-3300054834-1007\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = https://www.google.com/?gws_rd=ssl
IE - HKU\S-1-5-21-3763117635-1304649363-3300054834-1007\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://portail.free.fr/
IE - HKU\S-1-5-21-3763117635-1304649363-3300054834-1007\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/toolbar/ie8/sidebar.html
IE - HKU\S-1-5-21-3763117635-1304649363-3300054834-1007\S-1-5-21-3763117635-1304649363-3300054834-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3763117635-1304649363-3300054834-1007\S-1-5-21-3763117635-1304649363-3300054834-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

[color=#E56717]========== FireFox ==========[/color]

FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:1.5.4.20081105


FF - HKLM\software\mozilla\Mozilla Firefox 3.5.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/02/19 08:29:38 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/02/19 08:29:38 | 000,000,000 | ---D | M]

[2009/08/10 11:24:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chantal\Application Data\Mozilla\Extensions
[2010/02/25 23:49:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chantal\Application Data\Mozilla\Firefox\Profiles\b8jxn1iy.default\extensions
[2009/11/26 19:32:46 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Documents and Settings\Chantal\Application Data\Mozilla\Firefox\Profiles\b8jxn1iy.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2009/08/10 11:23:40 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2009/07/30 23:44:21 | 000,001,516 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-france.xml
[2009/07/30 23:44:21 | 000,001,822 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\cnrtl-tlfi-fr.xml
[2009/07/30 23:44:21 | 000,000,757 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-france.xml
[2009/07/30 23:44:21 | 000,001,426 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-fr.xml
[2009/07/30 23:44:21 | 000,000,652 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-france.xml

O1 HOSTS File: ([2004/08/05 13:00:00 | 000,000,790 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Yahoo! Companion BHO) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_19_0.dll (Yahoo! Inc.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Programme d'aide de l'Assistant de connexion Windows Live) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll (Google Inc.)
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O2 - BHO: (EpsonToolBandKicker Class) - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O3 - HKLM\..\Toolbar: (Yahoo! Companion) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_19_0.dll (Yahoo! Inc.)
O3 - HKU\S-1-5-21-3763117635-1304649363-3300054834-1007\..\Toolbar\ShellBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O3 - HKU\S-1-5-21-3763117635-1304649363-3300054834-1007\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKU\S-1-5-21-3763117635-1304649363-3300054834-1007\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O3 - HKU\S-1-5-21-3763117635-1304649363-3300054834-1007\..\Toolbar\WebBrowser: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O3 - HKU\S-1-5-21-3763117635-1304649363-3300054834-1007\..\Toolbar\WebBrowser: (Yahoo! Companion) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_19_0.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [53089429] C:\Documents and Settings\All Users\Application Data\53089429\53089429.exe ()
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [avast!] C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)
O4 - HKLM..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [fscp] C:\Program Files\AVC Finger-sensing Pad Driver\fscp.exe ()
O4 - HKLM..\Run: [FuncKey] C:\Program Files\Hotkey Management\FuncKey.exe ()
O4 - HKLM..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe (HP)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [LogitechCommunicationsManager] C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe ()
O4 - HKLM..\Run: [LogitechQuickCamRibbon] C:\Program Files\Logitech\QuickCam\Quickcam.exe ()
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [PowerManager] C:\Program Files\Power Manager\PM.exe ()
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [RemoteControl] C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe (Cyberlink Corp.)
O4 - HKLM..\Run: [RTHDCPL] C:\WINDOWS\RTHDCPL.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SkyTel] C:\WINDOWS\SkyTel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKU\S-1-5-21-3763117635-1304649363-3300054834-1007..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\daemon.exe (DT Soft Ltd)
O4 - HKU\S-1-5-21-3763117635-1304649363-3300054834-1007..\Run: [EPSON Stylus D92 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBZE.EXE (SEIKO EPSON CORPORATION)
O4 - HKU\S-1-5-21-3763117635-1304649363-3300054834-1007..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe (Logitech Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\Chantal\Menu Démarrer\Programmes\Démarrage\winesm32.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-3763117635-1304649363-3300054834-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Organise-notes - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Program Files\Fichiers communs\Microsoft Shared\Reference 2001\EROProj.dll ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} http://messenger.zone.msn.com/MessengerGamesContent/GameContent/fr/uno1/GAME_UNO1.cab (UnoCtrl Class)
O16 - DPF: {88764F69-3831-4EC1-B40B-FF21D8381345} https://static.impots.gouv.fr/tdir/static/adpform/AdSignerADP-2.0.cab (AdVerifierADPCtrl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab (Java Plug-in 1.6.0_02)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab (Java Plug-in 1.6.0_02)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab (Minesweeper Flags Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\bwfile-8876480 {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll (Logitech Inc.)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msero {B0D92A71-886B-453B-A649-1B91F93801E7} - C:\Program Files\Fichiers communs\Microsoft Shared\Reference 2001\msero.dll ()
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Program Files\Fichiers communs\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop Components:0 (Ma page d'accueil) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\Chantal\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Chantal\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/16 08:25:25 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{454b9882-da85-11de-99ea-003005d8231f}\Shell\AutoRun\command - "" = F:\.\Start.exe -- File not found
O33 - MountPoints2\{b01ba108-4231-11de-9773-003005d8231f}\Shell\AutoRun\command - "" = h3.bat
O33 - MountPoints2\{b01ba108-4231-11de-9773-003005d8231f}\Shell\explore\Command - "" = h3.bat
O33 - MountPoints2\{b01ba108-4231-11de-9773-003005d8231f}\Shell\open\Command - "" = h3.bat
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]

[2010/02/26 21:49:11 | 000,549,888 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Chantal\Bureau\OTL.exe
[2010/02/26 21:35:47 | 001,400,378 | ---- | C] (Nicolas Coolman ) -- C:\Documents and Settings\Chantal\Bureau\ZHPDiag 1.25.12.exe
[2010/02/26 21:26:09 | 005,115,824 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Chantal\Bureau\mbam-setup.exe
[2010/02/26 17:46:20 | 000,000,000 | ---D | C] -- C:\UsbFix
[2010/02/26 16:35:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss
[2010/02/26 14:27:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\53089429
[2010/02/19 18:21:23 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Chantal\Recent
[2010/01/06 15:20:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple
[2009/12/27 22:35:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Google
[2009/12/27 13:20:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Google
[2009/07/22 04:45:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2006/12/12 19:28:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2006/09/16 08:27:50 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2006/09/16 08:27:49 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]

[2010/02/26 21:59:43 | 000,792,064 | ---- | M] () -- C:\WINDOWS\System32\drivers\zhtci.sys
[2010/02/26 21:56:27 | 000,515,418 | ---- | M] () -- C:\WINDOWS\System32\perfh00C.dat
[2010/02/26 21:56:27 | 000,446,018 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/02/26 21:56:27 | 000,086,956 | ---- | M] () -- C:\WINDOWS\System32\perfc00C.dat
[2010/02/26 21:56:27 | 000,073,224 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/02/26 21:56:26 | 001,133,996 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/02/26 21:51:54 | 000,000,876 | ---- | M] () -- C:\Documents and Settings\Chantal\Bureau\Security Tool.lnk
[2010/02/26 21:51:40 | 000,051,048 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2010/02/26 21:51:39 | 000,001,000 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2010/02/26 21:51:33 | 000,001,050 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/02/26 21:51:19 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/02/26 21:51:07 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/02/26 21:51:01 | 2146,414,592 | -HS- | M] () -- C:\hiberfil.sys
[2010/02/26 21:49:58 | 004,980,736 | ---- | M] () -- C:\Documents and Settings\Chantal\ntuser.dat
[2010/02/26 21:49:58 | 000,000,284 | -HS- | M] () -- C:\Documents and Settings\Chantal\ntuser.ini
[2010/02/26 21:49:12 | 000,549,888 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Chantal\Bureau\OTL.exe
[2010/02/26 21:35:51 | 001,400,378 | ---- | M] (Nicolas Coolman ) -- C:\Documents and Settings\Chantal\Bureau\ZHPDiag 1.25.12.exe
[2010/02/26 21:30:46 | 001,162,964 | ---- | M] () -- C:\Documents and Settings\Chantal\Bureau\ZHPDiag.zip
[2010/02/26 21:30:00 | 000,001,054 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/02/26 21:26:53 | 005,115,824 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Chantal\Bureau\mbam-setup.exe
[2010/02/26 21:17:32 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/02/26 17:43:54 | 001,775,008 | ---- | M] () -- C:\Documents and Settings\Chantal\Bureau\UsbFix.exe
[2010/02/26 17:35:51 | 003,873,109 | ---- | M] () -- C:\Documents and Settings\Chantal\Bureau\killbagle.exe
[2010/02/26 17:28:20 | 003,873,109 | ---- | M] () -- C:\Documents and Settings\Chantal\Bureau\ComboFix(3).exe
[2010/02/26 17:27:31 | 003,873,109 | ---- | M] () -- C:\Documents and Settings\Chantal\Bureau\ComboFix(2).exe
[2010/02/26 17:26:44 | 003,873,109 | ---- | M] () -- C:\Documents and Settings\Chantal\Bureau\ComboFix.exe
[2010/02/26 13:56:35 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2010/02/26 13:20:00 | 000,000,008 | ---- | M] () -- C:\Documents and Settings\Chantal\Application Data\avdrn.dat
[2010/02/25 18:48:42 | 000,044,286 | ---- | M] () -- C:\Documents and Settings\Chantal\Bureau\candidature424609_0121820.pdf
[2010/02/25 18:45:43 | 000,086,679 | ---- | M] () -- C:\Documents and Settings\Chantal\Bureau\candidature424609_9942454.pdf
[2010/02/25 18:33:08 | 000,044,400 | ---- | M] () -- C:\Documents and Settings\Chantal\Bureau\candidature424609_9185536.pdf
[2010/02/25 18:31:29 | 000,012,573 | ---- | M] () -- C:\Documents and Settings\Chantal\Bureau\candidature424609_9084020.pdf
[2010/02/24 15:20:01 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/02/24 14:03:41 | 000,118,272 | ---- | M] () -- C:\Documents and Settings\Chantal\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/02/24 13:57:05 | 738,786,968 | ---- | M] () -- C:\Documents and Settings\Chantal\Bureau\No.Speed.Limit.2009.FRENCH.DVDRip.XviD-ARTEFAC.avi
[2010/02/24 13:37:42 | 733,919,232 | ---- | M] () -- C:\Documents and Settings\Chantal\Bureau\Les.Trois.Royaumes.LIMITED.FRENCH.REPACK.1CD.DVDRip.XviD-GKS.avi
[2010/02/22 16:16:06 | 000,002,531 | ---- | M] () -- C:\Documents and Settings\Chantal\Bureau\Microsoft Excel.lnk
[2010/02/19 12:37:42 | 733,771,776 | ---- | M] () -- C:\Documents and Settings\Chantal\Bureau\Bride.Wars.TRUEFRENCH.DVDRiP.XViD-Bouboune.avi
[2010/02/19 12:13:54 | 734,672,896 | ---- | M] () -- C:\Documents and Settings\Chantal\Bureau\Le.Transporteur.3.TRUEFRENCH.DVDRiP.DivX-LERHO.avi
[2010/02/19 11:50:54 | 734,572,544 | ---- | M] () -- C:\Documents and Settings\Chantal\Bureau\Le Transporteur II.avi
[2010/02/19 00:09:59 | 719,001,600 | ---- | M] () -- C:\Documents and Settings\Chantal\Bureau\Le Transporteur I.avi
[2010/02/18 12:58:40 | 004,334,731 | ---- | M] () -- C:\Documents and Settings\Chantal\Bureau\FThuVI_maAs.mp3
[2010/02/18 12:17:41 | 004,087,717 | ---- | M] () -- C:\Documents and Settings\Chantal\Bureau\Eminem - Beautiful.mp3
[2010/02/13 20:42:12 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/02/13 08:56:48 | 747,450,368 | ---- | M] () -- C:\Documents and Settings\Chantal\Bureau\Lords.of.the.street.2009.FRENCHEDIT.DVDRIP.XVID-BN.DIV.avi
[2010/02/12 00:06:42 | 730,652,672 | ---- | M] () -- C:\Documents and Settings\Chantal\Bureau\Ultimi.Della.Classe.2008.FRENCH.DVDRip.XViD-MJK.avi
[2010/02/11 23:37:55 | 724,978,476 | ---- | M] () -- C:\Documents and Settings\Chantal\Bureau\Lilo et sitch upby LeoLeandro.avi
[2010/02/09 12:01:11 | 000,002,551 | ---- | M] () -- C:\Documents and Settings\Chantal\Bureau\Microsoft Word.lnk
[2010/02/04 04:28:30 | 000,001,921 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\Google Earth.lnk
[2010/02/03 14:14:04 | 752,090,214 | ---- | M] () -- C:\Documents and Settings\Chantal\Bureau\Volt.Star.Malgre.Lui.TRUEFRENCH.BDRIP.XviD-HARIJO.avi
[2010/02/02 23:37:25 | 666,574,064 | ---- | M] () -- C:\Documents and Settings\Chantal\Bureau\Florence Foresti - Juste pour rire (2008).avi
[2010/01/31 12:09:57 | 729,812,992 | ---- | M] () -- C:\Documents and Settings\Chantal\Bureau\Florence.Foresti.L.Abribus.FRENCH.DVDRip.XviD-By FuFu.avi
[2010/01/31 11:22:03 | 722,782,208 | ---- | M] () -- C:\Documents and Settings\Chantal\Bureau\The.Final.Destination.FRENCH.TS.MD.XviD-VODKA.avi
[2010/01/29 22:36:36 | 731,238,674 | ---- | M] () -- C:\Documents and Settings\Chantal\Bureau\Destination Finale 3.avi
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[color=#E56717]========== Files Created - No Company Name ==========[/color]

[2010/02/26 21:30:42 | 001,162,964 | ---- | C] () -- C:\Documents and Settings\Chantal\Bureau\ZHPDiag.zip
[2010/02/26 17:43:53 | 001,775,008 | ---- | C] () -- C:\Documents and Settings\Chantal\Bureau\UsbFix.exe
[2010/02/26 17:35:35 | 003,873,109 | ---- | C] () -- C:\Documents and Settings\Chantal\Bureau\killbagle.exe
[2010/02/26 17:28:20 | 003,873,109 | ---- | C] () -- C:\Documents and Settings\Chantal\Bureau\ComboFix(3).exe
[2010/02/26 17:27:30 | 003,873,109 | ---- | C] () -- C:\Documents and Settings\Chantal\Bureau\ComboFix(2).exe
[2010/02/26 17:26:43 | 003,873,109 | ---- | C] () -- C:\Documents and Settings\Chantal\Bureau\ComboFix.exe
[2010/02/26 17:07:08 | 2146,414,592 | -HS- | C] () -- C:\hiberfil.sys
[2010/02/26 14:27:06 | 000,000,876 | ---- | C] () -- C:\Documents and Settings\Chantal\Bureau\Security Tool.lnk
[2010/02/26 12:43:36 | 000,792,064 | ---- | C] () -- C:\WINDOWS\System32\drivers\zhtci.sys
[2010/02/26 12:43:12 | 000,000,012 | ---- | C] () -- C:\Documents and Settings\LocalService\Application Data\rbuwzv.dat
[2010/02/26 12:43:09 | 000,000,008 | ---- | C] () -- C:\Documents and Settings\Chantal\Application Data\avdrn.dat
[2010/02/25 18:48:42 | 000,044,286 | ---- | C] () -- C:\Documents and Settings\Chantal\Bureau\candidature424609_0121820.pdf
[2010/02/25 18:45:42 | 000,086,679 | ---- | C] () -- C:\Documents and Settings\Chantal\Bureau\candidature424609_9942454.pdf
[2010/02/25 18:33:07 | 000,044,400 | ---- | C] () -- C:\Documents and Settings\Chantal\Bureau\candidature424609_9185536.pdf
[2010/02/25 18:31:28 | 000,012,573 | ---- | C] () -- C:\Documents and Settings\Chantal\Bureau\candidature424609_9084020.pdf
[2010/02/24 13:43:24 | 738,786,968 | ---- | C] () -- C:\Documents and Settings\Chantal\Bureau\No.Speed.Limit.2009.FRENCH.DVDRip.XviD-ARTEFAC.avi
[2010/02/24 13:21:05 | 733,919,232 | ---- | C] () -- C:\Documents and Settings\Chantal\Bureau\Les.Trois.Royaumes.LIMITED.FRENCH.REPACK.1CD.DVDRip.XviD-GKS.avi
[2010/02/19 12:22:35 | 733,771,776 | ---- | C] () -- C:\Documents and Settings\Chantal\Bureau\Bride.Wars.TRUEFRENCH.DVDRiP.XViD-Bouboune.avi
[2010/02/19 11:54:11 | 734,672,896 | ---- | C] () -- C:\Documents and Settings\Chantal\Bureau\Le.Transporteur.3.TRUEFRENCH.DVDRiP.DivX-LERHO.avi
[2010/02/19 11:41:31 | 734,572,544 | ---- | C] () -- C:\Documents and Settings\Chantal\Bureau\Le Transporteur II.avi
[2010/02/18 22:58:30 | 719,001,600 | ---- | C] () -- C:\Documents and Settings\Chantal\Bureau\Le Transporteur I.avi
[2010/02/18 11:41:44 | 004,087,717 | ---- | C] () -- C:\Documents and Settings\Chantal\Bureau\Eminem - Beautiful.mp3
[2010/02/18 11:39:47 | 004,334,731 | ---- | C] () -- C:\Documents and Settings\Chantal\Bureau\FThuVI_maAs.mp3
[2010/02/13 08:45:50 | 747,450,368 | ---- | C] () -- C:\Documents and Settings\Chantal\Bureau\Lords.of.the.street.2009.FRENCHEDIT.DVDRIP.XVID-BN.DIV.avi
[2010/02/11 23:55:09 | 730,652,672 | ---- | C] () -- C:\Documents and Settings\Chantal\Bureau\Ultimi.Della.Classe.2008.FRENCH.DVDRip.XViD-MJK.avi
[2010/02/11 23:16:02 | 724,978,476 | ---- | C] () -- C:\Documents and Settings\Chantal\Bureau\Lilo et sitch upby LeoLeandro.avi
[2010/02/04 04:28:30 | 000,001,921 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\Google Earth.lnk
[2010/02/03 14:01:26 | 752,090,214 | ---- | C] () -- C:\Documents and Settings\Chantal\Bureau\Volt.Star.Malgre.Lui.TRUEFRENCH.BDRIP.XviD-HARIJO.avi
[2010/02/02 22:38:54 | 666,574,064 | ---- | C] () -- C:\Documents and Settings\Chantal\Bureau\Florence Foresti - Juste pour rire (2008).avi
[2010/01/31 11:44:52 | 729,812,992 | ---- | C] () -- C:\Documents and Settings\Chantal\Bureau\Florence.Foresti.L.Abribus.FRENCH.DVDRip.XviD-By FuFu.avi
[2010/01/31 11:12:59 | 722,782,208 | ---- | C] () -- C:\Documents and Settings\Chantal\Bureau\The.Final.Destination.FRENCH.TS.MD.XviD-VODKA.avi
[2010/01/29 21:47:43 | 731,238,674 | ---- | C] () -- C:\Documents and Settings\Chantal\Bureau\Destination Finale 3.avi
[2009/06/27 18:00:30 | 000,066,482 | R--- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2009/02/20 20:44:33 | 000,717,296 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2009/02/07 09:43:31 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\InsDrvZD.dll
[2008/07/26 07:25:02 | 000,025,624 | ---- | C] () -- C:\WINDOWS\System32\drivers\LVPr2Mon.sys
[2008/04/26 18:30:58 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2008/04/26 18:27:44 | 000,000,025 | ---- | C] () -- C:\WINDOWS\CDED92Euro.ini
[2007/11/30 16:08:52 | 000,000,031 | ---- | C] () -- C:\WINDOWS\yesmessenger.ini
[2006/11/27 10:45:48 | 000,118,272 | ---- | C] () -- C:\Documents and Settings\Chantal\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/11/17 20:48:51 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2006/11/04 18:33:32 | 000,000,135 | ---- | C] () -- C:\Documents and Settings\Chantal\Local Settings\Application Data\fusioncache.dat
[2006/09/16 09:48:02 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/09/16 09:35:21 | 000,000,497 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/09/16 09:31:12 | 000,000,180 | ---- | C] () -- C:\WINDOWS\Option.ini
[2006/09/16 09:29:02 | 000,143,360 | ---- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
[2006/09/16 09:22:30 | 000,000,829 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2006/09/16 08:28:30 | 000,000,926 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2006/09/16 08:22:11 | 000,003,712 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2006/09/15 07:19:52 | 001,662,976 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2006/09/15 07:19:52 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2006/09/15 07:19:52 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2006/09/15 07:19:51 | 001,470,464 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2006/09/15 07:19:51 | 000,573,440 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll
[2006/09/15 07:19:50 | 000,098,304 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll
[2006/09/15 07:17:27 | 000,135,168 | ---- | C] () -- C:\WINDOWS\System32\property.dll
[2000/07/24 11:40:47 | 000,069,120 | ---- | C] () -- C:\WINDOWS\System32\LTDLL.DLL
[2000/03/26 03:00:00 | 000,030,208 | ---- | C] () -- C:\WINDOWS\System32\clcd32.dll
[1999/09/20 21:43:10 | 000,006,784 | ---- | C] () -- C:\WINDOWS\System32\clcd16.dll
[1997/06/14 11:56:08 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\iyvu9_32.dll

[color=#E56717]========== LOP Check ==========[/color]

[2010/02/26 14:27:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\53089429
[2009/08/14 13:58:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Age of Empires 3
[2009/10/25 15:53:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Canneverbe Limited
[2009/02/20 20:52:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite
[2008/04/26 18:30:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EPSON
[2008/03/01 13:20:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Messenger Plus!
[2006/11/29 11:06:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\pixelStorm
[2008/04/26 18:34:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\UDL
[2009/12/18 14:28:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/10/25 15:53:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chantal\Application Data\Canneverbe_Limited
[2009/02/20 20:53:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chantal\Application Data\DAEMON Tools
[2009/02/20 20:54:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chantal\Application Data\DAEMON Tools Lite
[2009/02/20 20:53:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chantal\Application Data\DAEMON Tools Pro
[2009/10/26 08:13:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chantal\Application Data\DeepBurner
[2010/01/24 15:29:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chantal\Application Data\La Bataille pour la Terre du Milieu
[2009/06/27 17:59:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chantal\Application Data\Leadertech
[2008/12/26 17:34:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chantal\Application Data\LG Electronics
[2008/04/14 14:36:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chantal\Application Data\LimeWire
[2006/11/07 19:20:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chantal\Application Data\MSNInstaller
[2009/02/20 19:04:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chantal\Application Data\TeamViewer
[2009/06/24 21:33:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chantal\Application Data\temp

[color=#E56717]========== Purity Check ==========[/color]


< End of report >


Maintenant extras.txt

OTL Extras logfile created on: 26/02/2010 21:54:52 - Run 1
OTL by OldTimer - Version 3.1.30.3 Folder = C:\Documents and Settings\Chantal\Bureau
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy

2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 71,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 87,00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 111,79 Gb Total Space | 29,48 Gb Free Space | 26,37% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: NOM-A3B76CFC09D
Current User Name: Chantal
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

[color=#E56717]========== Extra Registry (SafeList) ==========[/color]


[color=#E56717]========== File Associations ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-3763117635-1304649363-3300054834-1007\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

[color=#E56717]========== Shell Spawning ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

[color=#E56717]========== Security Center Settings ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 1
"FirewallDisableNotify" = 1
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0

[color=#E56717]========== Authorized Applications List ==========[/color]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger -- (Logitech Inc.)
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" = C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live FolderShare -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Documents and Settings\Chantal\Mes documents\LimeWire\LimeWire.exe" = C:\Documents and Settings\Chantal\Mes documents\LimeWire\LimeWire.exe:*:Enabled:LimeWire -- (Lime Wire, LLC)
"C:\Program Files\KONAMI\Pro Evolution Soccer 2009\pes2009.exe" = C:\Program Files\KONAMI\Pro Evolution Soccer 2009\pes2009.exe:*:Enabled:Pro Evolution Soccer 2009 -- File not found
"C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger -- (Logitech Inc.)
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" = C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live FolderShare -- (Microsoft Corporation)
"C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour -- (Apple Inc.)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Program Files\EA GAMES\La Bataille pour la Terre du Milieu(tm)\game.dat" = C:\Program Files\EA GAMES\La Bataille pour la Terre du Milieu(tm)\game.dat:*:Enabled:La Bataille pour la Terre du Milieu(tm) -- ()


[color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0002040C-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Standard
"{01020101-5D65-445A-B3B4-3DCE72BA0C6C}" = Encyclopédie Microsoft Encarta DE LUXE 2001
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime
"{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}" = Google Earth
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Outil de téléchargement Windows Live
"{2075CB0A-D26F-4DAA-B424-5079296B43BA}" = Windows Live FolderShare
"{20C45B32-5AB6-46A4-94EF-58950CAF05E5}" = EPSON Attach To Email
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2A88F1BF-7041-4E42-84B1-6B4ACB83AC64}" = EPSON Scan Assistant
"{2ADE2157-7A5E-122C-B51D-EB8A01B15943}" = DeepBurner v1.9.0.228
"{2EAF7E61-068E-11DF-953C-005056806466}" = Google Earth
"{2EB81825-E9EE-44F4-8F51-1240C3898DC6}" = EPSON File Manager
"{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java(TM) 6 Update 2
"{350C940c-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3A0221AD-D30B-4320-8F9B-1D0F0E6C6843}" = Kit de Connexion Alice ADSL
"{3AF8FCCD-F51A-4014-9002-F195E1CBC876}" = Logitech QuickCam
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3F290582-3F4E-4B96-009C-E0BABAA40C42}" = La Bataille pour la Terre du Milieu(tm)
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{4634B21A-CC07-4396-890C-2B8168661FEA}" = Windows Live Writer
"{46ABBC54-1872-4AA3-95E2-F2C063A63F31}" = Installation Windows Live
"{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack
"{4EF69D40-4DC9-485E-95D3-B1C22F218FC8}" = upapp
"{552C83B7-0013-42EA-B285-1997D129DD53}" = SA31xx Device Manager & Media Converter
"{581CE7EA-A30D-0000-1211-088635773309}" = IEEE 802.11g Wireless LAN - USB
"{5DD76286-9BE7-4894-A990-E905E91AC818}" = Windows Live Mail
"{5E8A1B08-0FBD-4543-9646-F2C2D0D05750}" = Macromedia Flash Player 8
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
&q
0
Réponse 24 / 37
jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 040
 
fais le message 25

si tu as le rapport malwarebyte colle le nous
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 25 / 37
olive84
 
bein le message 25 je l'ai fais ça ma donner ce que j'ai poster
0
Réponse 26 / 37
olive84
 
comment s'apelle le rapport xe malwebite ?? je ne le toruve pkus en faite je sais pas ou il est merci
0
Réponse 27 / 37
Utilisateur anonyme
 
tu lance mawarebyts tu va dans l'onglet log et tu prend le premier rapport
0
Réponse 28 / 37
olive84
 
Malwarebytes' Anti-Malware 1.44
Version de la base de données: 3510
Windows 5.1.2600 Service Pack 3
Internet Explorer 6.0.2900.5512

27/02/2010 06:36:16
mbam-log-2010-02-27 (06-36-16).txt

Type de recherche: Examen complet (C:\|D:\|E:\|)
Eléments examinés: 212829
Temps écoulé: 1 hour(s), 9 minute(s), 13 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 2
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 4

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
C:\WINDOWS\system32\drivers\zhtci.sys (Rootkit.Agent) -> Delete on reboot.
C:\Documents and Settings\Chantal\Menu Démarrer\Programmes\Security Tool.LNK (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\_ex-08.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Chantal\Application Data\avdrn.dat (Malware.Trace) -> Quarantined and deleted successfully.
0
Réponse 29 / 37
Utilisateur anonyme
 
tu na pas mis malwarebyts a jour met le a jour est refais un scan
0
Réponse 30 / 37
jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 040
 
télécharge combofix (par sUBs) ici :

http://download.bleepingcomputer.com/sUBs/ComboFix.exe

et enregistre le sur le bureau.

déconnecte toi d'internet et ferme toutes tes applications.

désactive tes protections (antivirus, parefeu, garde en temps réel de l'antispyware)


double-clique sur combofix.exe et suis les instructions

à la fin, il va produire un rapport C:\ComboFix.txt

réactive ton parefeu, ton antivirus, la garde de ton antispyware

copie/colle le rapport C:\ComboFix.txt dans ta prochaine réponse.

Attention, n'utilise pas ta souris ni ton clavier (ni un autre système de pointage) pendant que le programme tourne. Cela pourrait figer l'ordi.

Tu as un tutoriel complet ici :

https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix
0
Réponse 31 / 37
olive84
 
je l'es mis a jour je refais le scan
0
Réponse 32 / 37
sabi
 
Bonjour depuis hier j'ai exactement le meme probleme que Olive84 je suis dans la M..... Je n'y comprend rien j'aurais besoin d'aide merci
0
Réponse 33 / 37
olive84
 
voila le rapport

Malwarebytes' Anti-Malware 1.44
Version de la base de données: 3800
Windows 5.1.2600 Service Pack 3
Internet Explorer 6.0.2900.5512

27/02/2010 17:14:02
mbam-log-2010-02-27 (17-14-02).txt

Type de recherche: Examen complet (C:\|D:\|E:\|)
Eléments examinés: 221335
Temps écoulé: 1 hour(s), 20 minute(s), 24 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 3

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
C:\WINDOWS\Temp\~TM6A1.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\zhtci.sys (HackTool.Agent) -> Delete on reboot.
C:\_OTL\MovedFiles\02262010_222047\C_Documents and Settings\All Users\Application Data\53089429\53089429.exe (Rogue.SecurityTool) -> Quarantined and deleted successfully.
0
Réponse 34 / 37
jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 040
 
message 33
0
Réponse 35 / 37
olive84
 
OK mais comment faire pour simplement desactiver mes pare feu etc j'ai avast mais j'en sais pas telement plus merci de me le dire =)
0
Réponse 36 / 37
jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 040
 
tu cliques avec le bouton droit sur la boule d'avast près de ton horloge et tu choisi de désactiver
0
Réponse 37 / 37
olive84
 
Aidez moi pitié les gens svp
-1

Discussions similaires

SecurityHealth est a désactiver ou pas au démarrage de W10 Pro 64 ?
Walti55 -
Walti55 -

2 réponses
Security boot fail lors du démarrage
Steu -
NBK -

4 réponses
Analyse de l'appli "AI SECURITY"
cl06 -
CCMBot -

1 réponse