Virus et problèmes suite à un téléchargement

Gautier6 -  
verni29 Messages postés 6805 Statut Contributeur sécurité -
Bonjour tout le monde,

Suite à un téléchargement douteux, il semble que mon ordinateur soit infecté par des virus. Il a l'air plus lent et souvent, quand j'essaye d'ouvrir une page internet, je tombe souvent au début sur une page bizarre...

C'est dans ce style là: [URL=http://www.hostingpics.net/viewer.php?id=635738virus.jpg][IMG]http://img7.hostingpics.net/thumbs/mini_635738virus.jpg[/IMG][/URL]


Il y a aussi une autre manifestation claire de virus, c'est une fausse analyse qui s'ouvre dans mon navigateur.

Voilà, j'espère que vous pourrez m'aider ;-)


A voir également:

48 réponses

Précédent
Réponse 21 / 48
Gautier6
 
OTL logfile created on: 02/06/2010 22:01:29 - Run 3
OTL by OldTimer - Version 3.2.5.2 Folder = c:\users\Gautier\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18904)
Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy

2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 53,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 77,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 137,44 Gb Total Space | 65,70 Gb Free Space | 47,80% Space Free | Partition Type: NTFS
Drive D: | 11,61 Gb Total Space | 1,67 Gb Free Space | 14,40% Space Free | Partition Type: NTFS
Drive E: | 3,09 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: PC-DE-GAUTIER
Current User Name: Gautier
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

[color=#E56717]========== Processes (SafeList) ==========/color

PRC - [2010/06/01 20:56:52 | 000,571,392 | ---- | M] (OldTimer Tools) -- c:\users\Gautier\Downloads\OTL.scr
PRC - [2010/04/03 10:16:38 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2009/10/06 18:11:02 | 001,858,144 | ---- | M] (Emsi Software GmbH) -- C:\Program Files\a-squared Free\a2service.exe
PRC - [2009/08/18 11:29:22 | 001,529,728 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
PRC - [2009/08/18 11:29:22 | 000,183,152 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
PRC - [2009/06/04 19:03:32 | 000,186,904 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2009/06/04 19:03:06 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
PRC - [2009/05/19 12:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
PRC - [2009/04/11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2008/01/19 09:38:38 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe


[color=#E56717]========== Modules (SafeList) ==========/color

MOD - [2010/06/01 20:56:52 | 000,571,392 | ---- | M] (OldTimer Tools) -- c:\users\Gautier\Downloads\OTL.scr
MOD - [2009/04/11 08:21:38 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll
MOD - [2008/01/19 09:33:00 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\msscript.ocx


[color=#E56717]========== Win32 Services (SafeList) ==========/color

SRV - File not found [Auto | Stopped] -- -- (Application Updater)
SRV - [2010/03/09 22:40:59 | 000,332,720 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2009/12/11 16:43:30 | 000,238,960 | ---- | M] (CybelSoft) [On_Demand | Stopped] -- C:\Program Files\ma-config.com\maconfservice.exe -- (maconfservice)
SRV - [2009/10/06 18:11:02 | 001,858,144 | ---- | M] (Emsi Software GmbH) [Auto | Running] -- C:\Program Files\a-squared Free\a2service.exe -- (a2free)
SRV - [2009/09/25 03:27:04 | 000,793,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\System32\FntCache.dll -- (FontCache)
SRV - [2009/08/24 13:36:45 | 000,377,344 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- winhttp.dll -- (WinHttpAutoProxySvc)
SRV - [2009/08/18 11:29:22 | 001,529,728 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2009/08/05 23:48:42 | 000,704,864 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Live\Family Safety\fsssvc.exe -- (fsssvc)
SRV - [2009/06/04 19:03:06 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe -- (IAANTMON) Intel(R)
SRV - [2009/05/20 10:50:20 | 002,772,302 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\System32\GameMon.des -- (npggsvc)
SRV - [2009/05/19 12:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)
SRV - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Running] -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)
SRV - [2008/01/19 09:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)
SRV - [2007/03/05 10:30:06 | 000,110,592 | ---- | M] (Hewlett-Packard Development Company, L.P.) [On_Demand | Stopped] -- C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe -- (Com4Qlb)


[color=#E56717]========== Driver Services (SafeList) ==========/color

DRV - [2010/02/03 15:56:56 | 000,026,176 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\hamachi.sys -- (hamachi)
DRV - [2009/12/11 16:45:18 | 000,014,336 | ---- | M] (CybelSoft) [Kernel | On_Demand | Stopped] -- C:\Program Files\ma-config.com\Drivers\driverhardwarev2.sys -- (driverhardwarev2)
DRV - [2009/08/25 15:54:25 | 000,043,520 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\Rtnicxp.sys -- (RTL8023xp)
DRV - [2009/08/05 23:48:42 | 000,054,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\fssfltr.sys -- (fssfltr)
DRV - [2009/06/04 18:43:16 | 000,330,264 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\iaStor.sys -- (iaStor)
DRV - [2009/02/26 12:39:50 | 004,569,088 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\igdkmd32.sys -- (igfx)
DRV - [2009/02/26 12:39:50 | 004,569,088 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\igdkmd32.sys -- (ialm)
DRV - [2008/01/08 19:58:46 | 000,165,424 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2007/10/11 13:17:56 | 000,176,640 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\CHDART.sys -- (HdAudAddService)
DRV - [2007/09/25 18:48:30 | 000,735,232 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\athr.sys -- (athr)
DRV - [2007/07/10 16:27:56 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2007/06/20 13:29:56 | 000,984,064 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\HSX_DPV.sys -- (HSF_DPV)
DRV - [2007/06/20 13:28:34 | 000,208,896 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\HSXHWAZL.sys -- (HSXHWAZL)
DRV - [2007/06/20 13:28:22 | 000,660,480 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\HSX_CNXT.sys -- (winachsf)
DRV - [2007/06/18 17:12:04 | 000,016,768 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV - [2007/01/31 15:33:46 | 000,005,632 | ---- | M] (GRISOFT, s.r.o.) [Kernel | Boot | Running] -- C:\Windows\System32\DRIVERS\avgarkt.sys -- (AVG Anti-Rootkit)
DRV - [2007/01/18 14:00:28 | 000,003,968 | ---- | M] (GRISOFT, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\AvgArCln.sys -- (AvgArCln)
DRV - [2006/11/02 11:51:45 | 000,900,712 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
DRV - [2006/11/02 11:51:38 | 000,420,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2006/11/02 11:51:34 | 000,316,520 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
DRV - [2006/11/02 11:51:32 | 000,297,576 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
DRV - [2006/11/02 11:51:25 | 000,235,112 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
DRV - [2006/11/02 11:51:25 | 000,232,040 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
DRV - [2006/11/02 11:51:00 | 000,147,048 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
DRV - [2006/11/02 11:50:45 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2006/11/02 11:50:41 | 000,112,232 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2006/11/02 11:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006/11/02 11:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
DRV - [2006/11/02 11:50:35 | 000,098,408 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2006/11/02 11:50:24 | 000,088,680 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
DRV - [2006/11/02 11:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006/11/02 11:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
DRV - [2006/11/02 11:50:16 | 000,071,784 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2006/11/02 11:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2006/11/02 11:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006/11/02 11:50:10 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
DRV - [2006/11/02 11:50:10 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2006/11/02 11:50:10 | 000,038,504 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid2.sys -- (SiSRaid2)
DRV - [2006/11/02 11:50:10 | 000,037,480 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
DRV - [2006/11/02 11:50:09 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc)
DRV - [2006/11/02 11:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
DRV - [2006/11/02 11:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006/11/02 11:50:05 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2006/11/02 11:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006/11/02 11:50:04 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2006/11/02 11:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006/11/02 11:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
DRV - [2006/11/02 11:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006/11/02 11:49:53 | 000,028,776 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
DRV - [2006/11/02 11:49:30 | 000,017,512 | ---- | M] (VIA Technologies, Inc.)
0
Réponse 22 / 48
verni29 Messages postés 6805 Statut Contributeur sécurité 180
 
gautier6,

le rapport est incomplet.
Poste le avec le site http://www.cijoint.fr

Comment se comporte le PC ?

A+
0
Réponse 23 / 48
Gautier6
 
Ah ok. Bah le pc se comporte normalement, plus de problèmes particuliers à part que j'ai plus d'antivirus. Sinon, j'arrive pas à retrouver le rapport pour le poster? Il est pas dans C/OTL
0
Réponse 24 / 48
verni29 Messages postés 6805 Statut Contributeur sécurité 180
 
Re,

Je pense aussi qu'il ne doit plus rester grand chose.

Pour OTL, tu le relances et tu obtiendras le rapport.

On installera ensuite un antivirus ( antivir ou avast5 , à toi de choisir )., ce qui permettra de faire une dernière vérification.

A+
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 25 / 48
Gautier6
 
Salut !
Ouais mais si je le relance, je pourrais pas mettre le rapport sur le site parce que je sais pas où il s'enregistre...

A+
0
Réponse 26 / 48
verni29 Messages postés 6805 Statut Contributeur sécurité 180
 
gautier6,

Le rapport est sauvegardé sur ton bureau.

A+
0
Réponse 27 / 48
Gautier6
 
Ah ok, je réessaie ;-)
0
Réponse 28 / 48
Gautier6
 
Je peux te poster le rapport en 2 parties? Parce que là j'ai dû faire une bourde et le rapport ne s'affiche pas sur le bureau...
0
Réponse 29 / 48
verni29 Messages postés 6805 Statut Contributeur sécurité 180
 
OK,

pas de problème.

A+
0
Réponse 30 / 48
Gautier6
 
OTL logfile created on: 05/06/2010 15:05:46 - Run 6
OTL by OldTimer - Version 3.2.5.2 Folder = c:\users\Gautier\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18904)
Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy

2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 44,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 71,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 137,44 Gb Total Space | 65,52 Gb Free Space | 47,67% Space Free | Partition Type: NTFS
Drive D: | 11,61 Gb Total Space | 1,59 Gb Free Space | 13,69% Space Free | Partition Type: NTFS
Drive E: | 3,09 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: PC-DE-GAUTIER
Current User Name: Gautier
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

[color=#E56717]========== Processes (SafeList) ==========[/color]

PRC - [2010/06/01 20:56:52 | 000,571,392 | ---- | M] (OldTimer Tools) -- c:\users\Gautier\Downloads\OTL.scr
PRC - [2010/04/03 10:16:38 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2009/10/06 18:11:02 | 001,858,144 | ---- | M] (Emsi Software GmbH) -- C:\Program Files\a-squared Free\a2service.exe
PRC - [2009/09/10 16:58:25 | 000,168,960 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmplayer.exe
PRC - [2009/08/18 11:29:22 | 001,529,728 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
PRC - [2009/08/18 11:29:22 | 000,183,152 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
PRC - [2009/06/04 19:03:32 | 000,186,904 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2009/06/04 19:03:06 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
PRC - [2009/05/19 12:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
PRC - [2009/04/11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2008/01/19 09:38:38 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe


[color=#E56717]========== Modules (SafeList) ==========[/color]

MOD - [2010/06/01 20:56:52 | 000,571,392 | ---- | M] (OldTimer Tools) -- c:\users\Gautier\Downloads\OTL.scr
MOD - [2009/04/11 08:21:38 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll
MOD - [2008/01/19 09:33:00 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\msscript.ocx


[color=#E56717]========== Win32 Services (SafeList) ==========[/color]

SRV - File not found [Auto | Stopped] -- -- (Application Updater)
SRV - [2010/05/11 11:34:36 | 000,271,728 | ---- | M] (CybelSoft) [On_Demand | Stopped] -- C:\Program Files\ma-config.com\maconfservice.exe -- (maconfservice)
SRV - [2010/03/09 22:40:59 | 000,332,720 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2009/10/06 18:11:02 | 001,858,144 | ---- | M] (Emsi Software GmbH) [Auto | Running] -- C:\Program Files\a-squared Free\a2service.exe -- (a2free)
SRV - [2009/09/25 03:27:04 | 000,793,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\System32\FntCache.dll -- (FontCache)
SRV - [2009/08/24 13:36:45 | 000,377,344 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- winhttp.dll -- (WinHttpAutoProxySvc)
SRV - [2009/08/18 11:29:22 | 001,529,728 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2009/08/05 23:48:42 | 000,704,864 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Live\Family Safety\fsssvc.exe -- (fsssvc)
SRV - [2009/06/04 19:03:06 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe -- (IAANTMON) Intel(R)
SRV - [2009/05/20 10:50:20 | 002,772,302 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\System32\GameMon.des -- (npggsvc)
SRV - [2009/05/19 12:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)
SRV - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Running] -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)
SRV - [2008/01/19 09:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)
SRV - [2007/03/05 10:30:06 | 000,110,592 | ---- | M] (Hewlett-Packard Development Company, L.P.) [On_Demand | Stopped] -- C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe -- (Com4Qlb)


[color=#E56717]========== Driver Services (SafeList) ==========[/color]

DRV - [2010/05/01 14:05:04 | 000,014,336 | ---- | M] (CybelSoft) [Kernel | On_Demand | Stopped] -- C:\Program Files\ma-config.com\Drivers\driverhardwarev2.sys -- (driverhardwarev2)
DRV - [2010/02/03 15:56:56 | 000,026,176 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\hamachi.sys -- (hamachi)
DRV - [2009/08/25 15:54:25 | 000,043,520 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\Rtnicxp.sys -- (RTL8023xp)
DRV - [2009/08/05 23:48:42 | 000,054,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\fssfltr.sys -- (fssfltr)
DRV - [2009/06/04 18:43:16 | 000,330,264 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\iaStor.sys -- (iaStor)
DRV - [2009/02/26 12:39:50 | 004,569,088 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\igdkmd32.sys -- (igfx)
DRV - [2009/02/26 12:39:50 | 004,569,088 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\igdkmd32.sys -- (ialm)
DRV - [2008/01/08 19:58:46 | 000,165,424 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2007/10/11 13:17:56 | 000,176,640 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\CHDART.sys -- (HdAudAddService)
DRV - [2007/09/25 18:48:30 | 000,735,232 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\athr.sys -- (athr)
DRV - [2007/07/10 16:27:56 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2007/06/20 13:29:56 | 000,984,064 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\HSX_DPV.sys -- (HSF_DPV)
DRV - [2007/06/20 13:28:34 | 000,208,896 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\HSXHWAZL.sys -- (HSXHWAZL)
DRV - [2007/06/20 13:28:22 | 000,660,480 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\HSX_CNXT.sys -- (winachsf)
DRV - [2007/06/18 17:12:04 | 000,016,768 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV - [2007/01/31 15:33:46 | 000,005,632 | ---- | M] (GRISOFT, s.r.o.) [Kernel | Boot | Running] -- C:\Windows\System32\DRIVERS\avgarkt.sys -- (AVG Anti-Rootkit)
DRV - [2007/01/18 14:00:28 | 000,003,968 | ---- | M] (GRISOFT, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\AvgArCln.sys -- (AvgArCln)
DRV - [2006/11/02 11:51:45 | 000,900,712 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
DRV - [2006/11/02 11:51:38 | 000,420,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2006/11/02 11:51:34 | 000,316,520 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
DRV - [2006/11/02 11:51:32 | 000,297,576 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
DRV - [2006/11/02 11:51:25 | 000,235,112 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
DRV - [2006/11/02 11:51:25 | 000,232,040 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
DRV - [2006/11/02 11:51:00 | 000,147,048 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
DRV - [2006/11/02 11:50:45 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2006/11/02 11:50:41 | 000,112,232 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2006/11/02 11:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006/11/02 11:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
DRV - [2006/11/02 11:50:35 | 000,098,408 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2006/11/02 11:50:24 | 000,088,680 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
DRV - [2006/11/02 11:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006/11/02 11:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
DRV - [2006/11/02 11:50:16 | 000,071,784 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2006/11/02 11:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2006/11/02 11:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006/11/02 11:50:10 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
DRV - [2006/11/02 11:50:10 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2006/11/02 11:50:10 | 000,038,504 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid2.sys -- (SiSRaid2)
DRV - [2006/11/02 11:50:10 | 000,037,480 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
DRV - [2006/11/02 11:50:09 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc)
DRV - [2006/11/02 11:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
DRV - [2006/11/02 11:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006/11/02 11:50:05 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2006/11/02 11:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006/11/02 11:50:04 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2006/11/02 11:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006/11/02 11:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
DRV - [2006/11/02 11:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006/11/02 11:49:53 | 000,028,776 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
DRV - [2006/11/02 11:49:30 | 000,017,512 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
DRV - [2006/11/02 11:49:28 | 000,016,488 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2006/11/02 11:49:20 | 000,014,952 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
DRV - [2006/11/02 10:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006/11/02 10:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
DRV - [2006/11/02 10:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
DRV - [2006/11/02 10:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
DRV - [2006/11/02 10:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
DRV - [2006/11/02 10:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
DRV - [2006/11/02 09:41:49 | 000,200,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\VSTAZL3.SYS -- (HSFHWAZL)
DRV - [2006/11/02 09:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)
DRV - [2006/11/02 09:30:54 | 000,117,760 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\E1G60I32.sys -- (E1G60) Intel(R)
DRV - [2006/11/02 09:30:53 | 000,464,384 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\BCMWL6.SYS -- (BCM43XV)
DRV - [2006/06/28 10:54:00 | 000,009,472 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\CPQBttn.sys -- (HBtnKey)


[color=#E56717]========== Standard Registry (SafeList) ==========[/color]


[color=#E56717]========== Internet Explorer ==========[/color]

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr?cobrand=compaq-notebook.msn.com&ocid=HPDHP&pc=CPNTDF

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.apeha.ru/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 1F 84 BE 00 7A DB 2A 4B 8F D9 21 C2 E1 2E 45 37 [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = local

[color=#E56717]========== FireFox ==========[/color]

FF - prefs.js..browser.search.defaultengine: ""
FF - prefs.js..browser.search.defaultenginename: ""
FF - prefs.js..browser.search.order.1: ""
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "https://www.apeha.ru/"
FF - prefs.js..extensions.enabledItems: {d5bc46d8-67c7-11dc-8c1d-0097498c2b7a}:1.0.0.1
FF - prefs.js..extensions.enabledItems: fbdislike@doweb.fr:1.0.1
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.8.20100408.6
FF - prefs.js..extensions.enabledItems: firefox@tvunetworks.com:2
FF - prefs.js..extensions.enabledItems: 4
FF - prefs.js..extensions.enabledItems: 9
FF - prefs.js..extensions.enabledItems: 1
FF - prefs.js..extensions.enabledItems: {5B52016C-D097-4aec-BE61-9F129D8FDDBA}:2.0
FF - prefs.js..keyword.URL: ""
FF - prefs.js..network.proxy.http: "localhost"
FF - prefs.js..network.proxy.http_port: 9666
FF - prefs.js..network.proxy.socks: "localhost"
FF - prefs.js..network.proxy.socks_port: 9050
FF - prefs.js..network.proxy.socks_remote_dns: true
FF - prefs.js..network.proxy.ssl: "localhost"
FF - prefs.js..network.proxy.ssl_port: 9666


FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/04/03 10:16:45 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/04/03 10:16:45 | 000,000,000 | ---D | M]
0
Réponse 31 / 48
Gautier6
 
[2009/08/20 16:24:52 | 000,000,000 | ---D | M] -- C:\Users\Gautier\AppData\Roaming\mozilla\Extensions
[2009/08/20 16:24:52 | 000,000,000 | ---D | M] -- C:\Users\Gautier\AppData\Roaming\mozilla\Extensions\mozswing@mozswing.org
[2010/06/04 23:58:27 | 000,000,000 | ---D | M] -- C:\Users\Gautier\AppData\Roaming\mozilla\Firefox\Profiles\41sgpmgd.default\extensions
[2010/04/28 06:25:33 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Gautier\AppData\Roaming\mozilla\Firefox\Profiles\41sgpmgd.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/12/16 22:48:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Gautier\AppData\Roaming\mozilla\Firefox\Profiles\41sgpmgd.default\extensions\{5B52016C-D097-4aec-BE61-9F129D8FDDBA}
[2010/04/28 06:25:27 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\Gautier\AppData\Roaming\mozilla\Firefox\Profiles\41sgpmgd.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2010/02/20 19:59:30 | 000,000,000 | ---D | M] -- C:\Users\Gautier\AppData\Roaming\mozilla\Firefox\Profiles\41sgpmgd.default\extensions\fbdislike@doweb.fr
[2009/11/08 11:03:22 | 000,000,000 | ---D | M] -- C:\Users\Gautier\AppData\Roaming\mozilla\Firefox\Profiles\41sgpmgd.default\extensions\firefox@tvunetworks.com
[2010/06/01 23:11:18 | 000,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2009/05/20 01:49:50 | 000,083,376 | ---- | M] (NHN USA Inc.) -- C:\Program Files\mozilla firefox\plugins\npijjiautoinstallpluginff.dll
[2009/08/17 07:42:14 | 000,073,728 | ---- | M] (NHN USA Inc. ) -- C:\Program Files\mozilla firefox\plugins\npijjiFFPlugin1.dll
[2006/09/26 14:03:14 | 000,098,304 | ---- | M] (Zylom) -- C:\Program Files\mozilla firefox\plugins\npzylomgamesplayer.dll
[2010/03/27 03:07:41 | 000,001,516 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-france.xml
[2010/03/27 03:07:41 | 000,001,822 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\cnrtl-tlfi-fr.xml
[2010/03/27 03:07:41 | 000,000,757 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-france.xml
[2010/03/27 03:07:41 | 000,001,426 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-fr.xml
[2010/03/27 03:07:41 | 000,000,956 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-france.xml

O1 HOSTS File: ([2010/06/01 23:42:24 | 000,000,027 | ---- | M]) - C:\WINDOWS\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Aide pour le lien d'Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll (Google Inc.)
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation)
O4 - HKLM..\Run: [UCam_Menu] C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll (Safer Networking Limited)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 212.27.40.240 212.27.40.241
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Users\Gautier\AppData\Roaming\Microsoft\Windows Photo Gallery\Papier peint de la Galerie de photos Windows.jpg
O24 - Desktop BackupWallPaper: C:\Users\Gautier\AppData\Roaming\Microsoft\Windows Photo Gallery\Papier peint de la Galerie de photos Windows.jpg
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O29 - HKLM SecurityProviders - (credssp.dll) - credssp.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/11/21 07:33:16 | 000,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2005/09/11 17:18:54 | 000,000,340 | -HS- | M] () - D:\AUTOMODE -- [ NTFS ]
O32 - AutoRun File - [2009/07/30 09:30:42 | 000,000,154 | R--- | M] () - E:\autorun.cfg -- [ CDFS ]
O32 - AutoRun File - [2009/09/17 10:12:00 | 000,566,272 | R--- | M] () - E:\autorun.exe -- [ CDFS ]
O32 - AutoRun File - [2009/09/17 10:12:00 | 000,004,286 | R--- | M] () - E:\autorun.ico -- [ CDFS ]
O32 - AutoRun File - [2009/09/17 10:12:00 | 000,000,049 | R--- | M] () - E:\autorun.inf -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

[color=#E56717]========== Files/Folders - Created Within 90 Days ==========/color

[2010/06/02 18:45:40 | 000,000,000 | ---D | C] -- C:\Users\Gautier\AppData\Roaming\Malwarebytes
[2010/06/02 18:45:33 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/06/02 18:45:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/06/02 18:45:31 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/06/02 18:45:31 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/06/02 08:35:38 | 001,093,632 | ---- | C] (Atheros Communications, Inc.) -- C:\Windows\System32\athr.sys
[2010/06/02 08:35:13 | 000,000,000 | ---D | C] -- C:\Windows\System32\nn-NO
[2010/06/02 08:35:12 | 000,393,216 | ---- | C] (Atheros) -- C:\Windows\System32\athihvs.dll
[2010/06/02 08:35:12 | 000,053,248 | ---- | C] (Atheros) -- C:\Windows\System32\athihvui.dll
[2010/06/02 08:34:38 | 000,000,000 | ---D | C] -- C:\Program Files\Atheros
[2010/06/02 08:34:37 | 000,000,000 | ---D | C] -- C:\Program Files\Cisco
[2010/06/01 23:45:04 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2010/06/01 23:45:04 | 000,000,000 | ---D | C] -- C:\Users\Gautier\AppData\Local\temp
[2010/06/01 23:44:24 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2010/06/01 23:30:20 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2010/06/01 23:30:20 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2010/06/01 23:30:20 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2010/06/01 23:29:50 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2010/06/01 23:28:30 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2010/06/01 23:27:17 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/06/01 22:46:52 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/06/01 17:52:04 | 000,000,000 | ---D | C] -- C:\Users\Gautier\Desktop\EMPIRE EARTH II
[2010/06/01 17:47:39 | 000,000,000 | ---D | C] -- C:\Users\Gautier\AppData\Roaming\Sierra
[2010/06/01 17:47:39 | 000,000,000 | ---D | C] -- C:\Users\Gautier\Documents\Empire Earth II
[2010/05/31 18:37:22 | 000,000,000 | ---D | C] -- C:\Users\Gautier\AppData\Local\Ares
[2010/05/31 16:19:14 | 000,000,000 | ---D | C] -- C:\Users\Gautier\AppData\Local\LogMeIn Hamachi
[2010/05/29 16:22:21 | 000,000,000 | ---D | C] -- C:\Users\Gautier\Desktop\Age of Empire Earth
[2010/04/14 15:05:16 | 000,000,000 | ---D | C] -- C:\Program Files\Football Manager 2010
[2010/04/01 14:56:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2010/03/29 20:36:35 | 000,000,000 | ---D | C] -- C:\Program Files\adslTV
[2010/03/15 21:52:24 | 000,000,000 | ---D | C] -- C:\Users\Gautier\Documents\My Videos
[2010/03/15 21:49:34 | 000,000,000 | ---D | C] -- C:\Users\Gautier\AppData\Roaming\Apowersoft
[2010/03/12 14:49:08 | 000,000,000 | ---D | C] -- C:\Users\Gautier\Desktop\Pyrénées - été 2007
[2010/03/12 14:48:52 | 000,000,000 | ---D | C] -- C:\Users\Gautier\Desktop\Hte-Tarentaise
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]

[color=#E56717]========== Files - Modified Within 90 Days ==========/color

[2010/06/05 15:06:49 | 005,767,168 | -HS- | M] () -- C:\Users\Gautier\NTUSER.DAT
[2010/06/05 14:58:29 | 000,000,165 | ---- | M] () -- C:\Users\Public\Documents\hpqp.ini
[2010/06/05 14:58:03 | 000,001,050 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/06/05 14:57:49 | 000,524,288 | -HS- | M] () -- C:\Users\Gautier\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms
[2010/06/05 14:57:49 | 000,065,536 | -HS- | M] () -- C:\Users\Gautier\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf
[2010/06/05 14:57:47 | 006,291,456 | -H-- | M] () -- C:\Users\Gautier\AppData\Local\IconCache.db
[2010/06/05 14:52:00 | 000,001,054 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/06/05 14:18:10 | 000,001,000 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2010/06/05 13:11:15 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/06/05 13:11:15 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/06/05 13:11:13 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/06/05 10:05:05 | 000,000,422 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{65B0E9EB-B80B-4C60-B6A6-A235BA7054DF}.job
[2010/06/05 10:02:25 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/06/05 10:02:17 | 2137,014,272 | -HS- | M] () -- C:\hiberfil.sys
[2010/06/04 18:34:35 | 001,470,810 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010/06/04 18:34:35 | 000,669,566 | ---- | M] () -- C:\Windows\System32\perfh00C.dat
[2010/06/04 18:34:35 | 000,587,178 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/06/04 18:34:35 | 000,123,556 | ---- | M] () -- C:\Windows\System32\perfc00C.dat
[2010/06/04 18:34:35 | 000,101,250 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/06/02 18:45:35 | 000,000,818 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/06/01 23:42:29 | 000,000,215 | ---- | M] () -- C:\Windows\system.ini
[2010/06/01 23:42:24 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2010/06/01 23:22:54 | 003,701,981 | R--- | M] () -- C:\Users\Gautier\Desktop\ComboFix.exe
[2010/06/01 20:56:14 | 000,000,039 | ---- | M] () -- C:\Users\Gautier\AppData\Roaming\24737dac
[2010/06/01 18:14:32 | 000,000,802 | ---- | M] () -- C:\Users\Gautier\Desktop\EE2 - Raccourci.lnk
[2010/05/31 21:14:24 | 000,004,836 | ---- | M] () -- C:\Users\Gautier\Documents\cc_20100531_211417.reg
[2010/05/29 16:33:12 | 000,000,860 | ---- | M] () -- C:\Users\Gautier\Desktop\Empire Earth - Raccourci.lnk
[2010/05/29 15:36:34 | 000,023,552 | ---- | M] () -- C:\Users\Gautier\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/05/17 17:57:00 | 000,002,073 | ---- | M] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2010/05/12 06:49:40 | 000,017,836 | ---- | M] () -- C:\Users\Gautier\Documents\Sujet d'invention 2.odt
[2010/05/11 22:29:48 | 000,010,501 | ---- | M] () -- C:\Users\Gautier\Documents\commentaire 2.odt
[2010/05/05 20:21:10 | 000,000,600 | ---- | M] () -- C:\Users\Gautier\PUTTY.RND
[2010/05/02 19:14:45 | 000,010,643 | ---- | M] () -- C:\Users\Gautier\Documents\lettre motivation.odt
[2010/04/29 21:42:56 | 000,331,512 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/04/28 08:14:16 | 000,019,483 | ---- | M] () -- C:\Users\Gautier\Documents\Sujet d'invention.odt
[2010/04/26 15:58:12 | 000,256,512 | ---- | M] () -- C:\Windows\PEV.exe
[2010/04/26 07:19:48 | 000,017,589 | ---- | M] () -- C:\Users\Gautier\Documents\dissertation SES.odt
[2010/04/14 15:10:15 | 000,000,861 | ---- | M] () -- C:\Users\Gautier\Desktop\Football Manager 2010.lnk
[2010/04/04 21:31:58 | 000,003,776 | ---- | M] () -- C:\Users\Gautier\Documents\cc_20100404_213055.reg
[2010/03/29 20:15:12 | 000,000,025 | ---- | M] () -- C:\Users\Gautier\Documents\tlm.asx
[2010/03/16 08:20:27 | 000,016,730 | ---- | M] () -- C:\Users\Gautier\Documents\déroulement oral.odt
[2010/03/16 00:35:36 | 000,010,032 | ---- | M] () -- C:\Users\Gautier\Documents\cc_20100315_233529.reg
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]

[color=#E56717]========== Files Created - No Company Name ==========/color

[2010/06/02 18:45:35 | 000,000,818 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/06/02 08:35:38 | 000,136,769 | ---- | C] () -- C:\Windows\System32\netathr.inf
[2010/06/02 08:35:38 | 000,043,486 | ---- | C] () -- C:\Windows\System32\athrext.cat
[2010/06/01 23:55:02 | 2137,014,272 | -HS- | C] () -- C:\hiberfil.sys
[2010/06/01 23:30:20 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
[2010/06/01 23:30:20 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2010/06/01 23:30:20 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2010/06/01 23:30:20 | 000,077,312 | ---- | C] () -- C:\Windows\MBR.exe
[2010/06/01 23:30:20 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2010/06/01 23:22:38 | 003,701,981 | R--- | C] () -- C:\Users\Gautier\Desktop\ComboFix.exe
[2010/06/01 18:14:32 | 000,000,802 | ---- | C] () -- C:\Users\Gautier\Desktop\EE2 - Raccourci.lnk
[2010/05/31 21:14:19 | 000,004,836 | ---- | C] () -- C:\Users\Gautier\Documents\cc_20100531_211417.reg
[2010/05/31 17:57:38 | 000,000,039 | ---- | C] () -- C:\Users\Gautier\AppData\Roaming\24737dac
[2010/05/29 16:33:12 | 000,000,860 | ---- | C] () -- C:\Users\Gautier\Desktop\Empire Earth - Raccourci.lnk
[2010/05/20 17:14:39 | 000,832,525 | ---- | C] () -- C:\Users\Gautier\Desktop\teknomap_widget.exe
[2010/05/17 17:57:00 | 000,002,073 | ---- | C] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2010/05/11 23:25:27 | 000,017,836 | ---- | C] () -- C:\Users\Gautier\Documents\Sujet d'invention 2.odt
[2010/05/11 22:05:04 | 000,010,501 | ---- | C] () -- C:\Users\Gautier\Documents\commentaire 2.odt
[2010/05/02 18:42:40 | 000,010,643 | ---- | C] () -- C:\Users\Gautier\Documents\lettre motivation.odt
[2010/04/24 18:45:22 | 000,017,589 | ---- | C] () -- C:\Users\Gautier\Documents\dissertation SES.odt
[2010/04/14 15:10:15 | 000,000,861 | ---- | C] () -- C:\Users\Gautier\Desktop\Football Manager 2010.lnk
[2010/04/04 21:31:55 | 000,003,776 | ---- | C] () -- C:\Users\Gautier\Documents\cc_20100404_213055.reg
[2010/03/29 20:13:41 | 000,000,025 | ---- | C] () -- C:\Users\Gautier\Documents\tlm.asx
[2010/03/16 00:35:31 | 000,010,032 | ---- | C] () -- C:\Users\Gautier\Documents\cc_20100315_233529.reg
[2010/03/15 21:12:58 | 000,016,730 | ---- | C] () -- C:\Users\Gautier\Documents\déroulement oral.odt
[2009/08/26 00:41:55 | 000,168,448 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2009/08/26 00:41:54 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini
[2009/08/26 00:41:50 | 000,881,664 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2009/08/26 00:41:50 | 000,205,824 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2009/08/26 00:41:49 | 003,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll
[2009/08/26 00:41:46 | 000,000,547 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll.manifest
[2009/08/26 00:41:45 | 000,085,504 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2009/08/22 00:33:28 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2008/04/09 02:25:17 | 000,140,288 | ---- | C] () -- C:\Windows\System32\igfxtvcx.dll
[2007/08/20 14:34:08 | 000,204,800 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1318.dll
[2007/08/20 14:25:00 | 000,910,720 | ---- | C] () -- C:\Windows\System32\igmedkrn.dll
[2006/11/02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 12:25:26 | 000,557,568 | ---- | C] () -- C:\Windows\System32\hpotscl1.dll
[2006/11/02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2002/10/08 02:07:38 | 000,011,376 | R--- | C] () -- C:\Windows\System32\drivers\SECDRV.SYS

[color=#E56717]========== LOP Check ==========/color

[2010/03/15 21:49:34 | 000,000,000 | ---D | M] -- C:\Users\Gautier\AppData\Roaming\Apowersoft
[2009/12/31 13:45:00 | 000,000,000 | ---D | M] -- C:\Users\Gautier\AppData\Roaming\DNA
[2010/02/08 01:23:08 | 000,000,000 | ---D | M] -- C:\Users\Gautier\AppData\Roaming\FreeFLVConverter
[2009/09/05 23:42:43 | 000,000,000 | -H-D | M] -- C:\Users\Gautier\AppData\Roaming\ijjigame
[2009/11/29 22:04:59 | 000,000,000 | ---D | M] -- C:\Users\Gautier\AppData\Roaming\KoffeeWare
[2010/06/04 00:14:57 | 000,000,000 | ---D | M] -- C:\Users\Gautier\AppData\Roaming\LimeWire
[2009/08/03 19:59:20 | 000,000,000 | ---D | M] -- C:\Users\Gautier\AppData\Roaming\OpenOffice.org
[2010/06/01 17:47:39 | 000,000,000 | ---D | M] -- C:\Users\Gautier\AppData\Roaming\Sierra
[2010/04/14 15:13:40 | 000,000,000 | ---D | M] -- C:\Users\Gautier\AppData\Roaming\Sports Interactive
[2009/08/30 17:07:37 | 000,000,000 | ---D | M] -- C:\Users\Gautier\AppData\Roaming\StreamTorrent
[2010/01/31 12:13:57 | 000,000,000 | ---D | M] -- C:\Users\Gautier\AppData\Roaming\Zylom
[2010/06/05 01:01:12 | 000,032,476 | ---- | M] () -- C:\WINDOWS\Tasks\SCHEDLGU.TXT
[2010/06/05 10:05:05 | 000,000,422 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{65B0E9EB-B80B-4C60-B6A6-A235BA7054DF}.job

[color=#E56717]========== Purity Check ==========/color


< End of report >
0
Réponse 32 / 48
verni29 Messages postés 6805 Statut Contributeur sécurité 180
 
gautier6,

Je vois que tu as toujours ces pages de démarrage vers le site russe et il y a également des ports d'ouverts pour utiliser un proxy.

Tu peux vérifier si tu as accès aux options internet dans le panneau de configuration ?

------------------------------------------------------------

1/ Relance OTL.exe.

* Sous l'onglet Personnalisation en bas de la fenêtre, copie-colle le texte suivant : 

:OTL 

PRC - [2009/04/11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe  
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.apeha.ru/  
FF - prefs.js..browser.startup.homepage: "https://www.apeha.ru/"  
FF - prefs.js..network.proxy.http_port: 9666  
FF - prefs.js..network.proxy.socks_port: 9050  
FF - prefs.js..network.proxy.ssl_port: 9666  

:reg 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] 
"OTL"=- 

:Commands 
[start explorer]


* Puis clique sur le bouton Correction en haut de la fenêtre.
* Laisse le programme travailler. ( Pas de redémarrage du PC )

Tu verras un log s'ouvrir après le fix (c'est le log qui montre si la suppression a réussi).
sauvegarde-le sur ton Bureau et poste-le après redémarrage.

Note : Si tu ne le trouves pas, c'est un fichier log dans C:\_OTL\MovedFiles
Regarde suivant la date : mmjjaaaa_xxxxxxxx.log

2/ Vide les quarantaines :

Pour ComboFix :
démarrer --> dans la zone de recherche, tape : 

ComboFix /uninstall
Puis valide par Entrée

pour malwarebytes :
Ouvre-le --> onglet quarantaine et supprime tout.

3/ Télécharge USBFix ( par El Desaparecido ) sur ton bureau.

* Double clic sur UsbFix.exe présent sur ton bureau .
* clique sur Recherche .
* Un message t'avertira de brancher les supports amovibles.
(!) Branche tes sources de données externes à ton PC, (clé USB, disque dur externe, etc...) susceptibles d'avoir été infectées sans les ouvrir
FAIS-LE.
* Laisse travailler l'outil.
* Ensuite post le rapport UsbFix.txt qui apparaitra.

Note : Le rapport UsbFix.txt est sauvegardé a la racine du disque. ( C:\UsbFix.txt )

A+
Allez jusqu'au bout de la procédure de désinfection.A
0
Réponse 33 / 48
Gautier6
 
Salut !
En effet, j'ai toujours cette page russe en démarrage...
Oui j'ai accès aux options internet dans le panneau de configuration et j'ai pu y voir que ma page de démarrage était tout le temps apena.ru...
Pour le reste, je m'en occupe ;-)
0
Réponse 34 / 48
Gautier6
 
Voilà j'ai tout fait sauf le truc avec combofix que j'ai pas compris.

Rapport OTL :

========== OTL ==========
Process explorer.exe killed successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
Prefs.js: "http://www.apeha.ru" removed from browser.startup.homepage
Prefs.js: 9666 removed from network.proxy.http_port
Prefs.js: 9050 removed from network.proxy.socks_port
Prefs.js: 9666 removed from network.proxy.ssl_port
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\\OTL not found.
========== COMMANDS ==========

OTL by OldTimer - Version 3.2.5.2 log created on 06072010_170811




Pour le rapport USBfix, quand il a fini l'analyse, il essaie de me l'ouvrir avec VLC...
0
Réponse 35 / 48
verni29 Messages postés 6805 Statut Contributeur sécurité 180
 
Re, 

Pour le rapport USBfix, quand il a fini l'analyse, il essaie de me l'ouvrir avec VLC...

Surprenant !!
Et cela te fait cela avec tous les fichiers .txt ?
N'as-tu pas fait une erreur en installant VLC ( association de fichiers ) ?

Essaie ceci :

Click droit sur le fichier USBFix.txt et choisis ouvir avec puis dans la fenêtre ouverte, choisis le bloc-notes.
Si il n'est pas dans la liste, clique sur parcourir et navigue jusqu'à C:\Windows\notepad.exe

A+
Allez jusqu'au bout de la procédure de désinfection.
0
Réponse 36 / 48
Gautier6
 
Une erreur n'est pas à exclure et ouais ça me fait ça avec tous les fichiers .txt.
0
Réponse 37 / 48
Gautier6
 
Tu parles de quel fichier USBFix.txt?
0
Réponse 38 / 48
verni29 Messages postés 6805 Statut Contributeur sécurité 180
 
Re,

de USBFix.txt pour la manip.
fais la manip pour essayer d'ouvrir USBFix.txt avec le bloc-notes;

Essaie ensuite avec d'autres fichiers .txt.

Si cela ne fonctionne pas, télécharge le fichier suivant sur ton bureau :
http://www.libellules.ch/assoc/vista_txt.reg

Puis fais un click droit sur ce fichier et choisis fusionner.

Vérifie ensuite que les fichiers .txt sont bien ouvert avec le bloc-notes.

A+
0
Réponse 39 / 48
G
 
Salut !

C'est bon finalement ça marche !


############################## | Usbfix 7.005 | [Recherche]

Utilisateur: Gautier (Administrateur) # PC-DE-GAUTIER [Hewlett-Packard Compaq Presario C700 Notebook PC]
Mis à jour le 07/06/10 par El Desaparecido / C_XX
Lancé à 12:49:04 | 12/06/2010
Site Web: http://pagesperso-orange.fr/NosTools/index.html
Contact: FindyKill.Contact@gmail.com

CPU: Intel(R) Pentium(R) Dual CPU T2370 @ 1.73GHz
CPU 2: Intel(R) Pentium(R) Dual CPU T2370 @ 1.73GHz
Microsoft® Windows Vista(TM) Édition Familiale Premium (6.0.6002 32-Bit) # Service Pack 2
Internet Explorer 8.0.6001.18928

Pare-feu Windows: Activé

RAM -> 2037 Mo
C:\ (%systemdrive%) -> Disque fixe # 137 Go (66 Go libre(s) - 48%) [] # NTFS
D:\ -> Disque fixe # 12 Go (1 Go libre(s) - 13%) [PRESARIO_RP] # NTFS
E:\ -> CD-ROM

################## | Éléments infectieux |

Présent! C:\Users\Gautier\AppData\Local\Temp\ytb.exe
Présent! E:\Autorun.inf
Présent! C:\$Recycle.Bin\S-1-5-21-2139877537-3687728945-1112707195-1000
Présent! D:\$Recycle.Bin\S-1-5-21-2139877537-3687728945-1112707195-1000
Présent! D:\$Recycle.Bin\S-1-5-21-2139877537-3687728945-1112707195-500

################## | Registre |

Présent! HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System|DisableRegistryTools
Présent! HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\explorer|NoDrives
Présent! HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\explorer|NoDrives

################## | Mountpoints2 |


################## | Vaccin |

(!) Cet ordinateur n'est pas vacciné!

################## | E.O.F |
0
Réponse 40 / 48
verni29 Messages postés 6805 Statut Contributeur sécurité 180
 
gautier6,

1/ Passe USBFix avec l'option Nettoyer.
Poste le rapport.
N'oublie pas de brancher les supports amovibles.

2/ Pour ton antivirus, comment cela se fait-il que tu n'en ais plus ?
Tu avais antivir qui est un bon antivirus gratuit.

C'est généralement cet antivirus qui est préconisé.
Ou la nouvelle version d'Avast.

Installe un de ces deux produits et lance une analyse complète.

A+
0