Sujet Précédent Sujet Suivant

Antimalware doctor a infecte mon pc

Résolu/Fermé
silverfx Messages postés 45 Date d'inscription mercredi 1 septembre 2010 Statut Membre Dernière intervention 31 décembre 2014 - 1 sept. 2010 à 22:38
silverfx Messages postés 45 Date d'inscription mercredi 1 septembre 2010 Statut Membre Dernière intervention 31 décembre 2014 - 17 sept. 2010 à 22:10
Bonjour, je voudrais supprimer ce programme et me proteger contre de future infection

Merci



A voir également:

36 réponses

Précédent
  • 1
  • 2
Réponse 21 / 36
silverfx
12 sept. 2010 à 19:33
OTL logfile created on: 9/12/2010 3:22:39 PM - Run
OTLPE by OldTimer - Version 3.1.40.0 Folder = X:\Programs\OTLPE
Microsoft Windows XP Service Pack 2 (Version = 5.1.2600) - Type = SYSTEM
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 86.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 95.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 93.15 Gb Total Space | 65.84 Gb Free Space | 70.68% Space Free | Partition Type: NTFS
Drive D: | 7.34 Gb Total Space | 5.36 Gb Free Space | 73.05% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive X: | 433.24 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: REATOGO
Current User Name: SYSTEM
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard
Using ControlSet: ControlSet002

[color=#E56717]========== Win32 Services (SafeList) ==========/color

SRV - File not found [Disabled] -- C:\WINDOWS\System32\hidserv.dll -- (HidServ)


[color=#E56717]========== Driver Services (SafeList) ==========/color

DRV - File not found [Kernel | On_Demand] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDCOMP)
DRV - File not found [Kernel | System] -- -- (PCIDump)
DRV - File not found [Kernel | On_Demand] -- C:\WINDOWS\System32\Drivers\PCASp50.sys -- (PCASp50)
DRV - File not found [Kernel | System] -- -- (lbrtfdc)
DRV - File not found [Kernel | System] -- -- (i2omgmt)
DRV - File not found [Kernel | System] -- -- (Changer)
DRV - File not found [Kernel | On_Demand] -- C:\ComboFix\catchme.sys -- (catchme)
DRV - [2010/05/10 14:41:30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/02/17 14:25:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2007/10/12 17:04:38 | 000,099,200 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\nwusbser.sys -- (NWUSBPort)
DRV - [2007/10/12 17:04:38 | 000,099,200 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\nwusbmdm.sys -- (NWUSBModem)
DRV - [2007/07/26 01:44:28 | 002,210,048 | ---- | M] (Intel® Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\w29n51.sys -- (w29n51) Intel(R)
DRV - [2005/05/23 11:31:46 | 001,034,752 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2005/05/23 11:30:54 | 000,222,720 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\HSFHWICH.sys -- (HSFHWICH)
DRV - [2005/05/23 11:30:42 | 000,716,288 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2005/04/18 08:26:00 | 000,230,912 | ---- | M] (Marvell) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\yk51x86.sys -- (yukonwxp)
DRV - [2005/03/31 16:46:58 | 000,350,976 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\camc6hal.sys -- (CAMCHALA)
DRV - [2005/03/31 16:46:10 | 000,038,016 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\camc6aud.sys -- (CAMCAUD)
DRV - [2005/03/31 10:21:00 | 000,159,488 | ---- | M] (Texas Instruments) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\tifm21.sys -- (tifm21)
DRV - [2003/04/09 12:44:00 | 000,227,200 | ---- | M] () [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\snpp106.sys -- (SNPP106) PC Camera (6029 CIF)


[color=#E56717]========== Standard Registry (SafeList) ==========/color


[color=#E56717]========== Internet Explorer ==========/color

IE - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\best_buy_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
IE - HKU\best_buy_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\best_buy_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local




[2009/04/19 09:50:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\best buy\Application Data\Mozilla\Firefox\extensions
[2009/04/19 09:50:26 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\best buy\Application Data\Mozilla\Firefox\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}

O1 HOSTS File: ([2010/09/06 15:45:34 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5612.1312\swg.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKU\best_buy_ON_C\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O4 - HKLM..\Run: [download] C:\Documents and Settings\best buy\Application Data\download2\svcnost.exe (download corp.)
O4 - HKLM..\Run: [RegistryMonitor1] C:\WINDOWS\system32\qtplugin.exe (Default Company)
O4 - HKLM..\Run: [RegistryWm] C:\WINDOWS\system32\qtwm.exe ()
O4 - HKU\best_buy_ON_C..\Run: [MobiLink Lite] C:\Program Files\Novatel Wireless\Mobilink\Lite.exe (Novatel Wireless)
O4 - HKU\best_buy_ON_C..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - HKU\best_buy_ON_C..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKLM..\RunOnce: [*uiauditwin.exe] C:\Program Files\uiauditwin.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\best_buy_ON_C\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\best_buy_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\best_buy_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\best_buy_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\LocalService_ON_C\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\LocalService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\NetworkService_ON_C\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\NetworkService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll (Google Inc.)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files\PokerStars.NET\PokerStarsUpdate.exe (PokerStars)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 24.200.241.37 24.201.245.77 24.200.243.189
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O24 - Desktop WallPaper: B:\Documents and Settings\Default User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: B:\Documents and Settings\Default User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/04/01 17:50:48 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: HidServ - C:\WINDOWS\System32\hidserv.dll File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found


SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PEVSystemStart - Service
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: procexp90.Sys - Driver
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PEVSystemStart - Service
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: procexp90.Sys - Driver
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vga.sys - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {15AA3580-03FA-4A96-A369-B8971EC8B3FB} - rundll32.exe "C:\Documents and Settings\NetworkService\Application Data\Bitrix Security\omusgg24.dll", DllUnrer
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - Microsoft NetShow Player
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {29E7D24F-BF30-45E7-8A40-AD27AFD8F5C6} - Microsoft .NET Framework 1.0 Hotfix (KB979904)
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.8
ActiveX: {5056b317-8d4c-43ee-8543-b9d1e234b8f4} - Security Update for Windows XP (KB923789)
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {73fa19d0-2d75-11d2-995d-00c04f98bbc9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {ACC563BC-4266-43f0-B6ED-9D38C4202C7E} -
ActiveX: {BDE0FA43-6952-4BA8-8C58-09AF690F88E1} - Microsoft .NET Framework 1.0 Hotfix (KB930494)
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E8EA5BD6-D931-4001-ABF6-81BAA500360A} - Microsoft .NET Framework 1.0 Hotfix (KB953295)
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {FDC11A6F-17D1-48f9-9EA3-9051954BAA24} - .NET Framework
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: msacm.vorbis - C:\WINDOWS\System32\vorbis.acm (HMS http://hp.vector.co.jp/authors/VA012897/)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)

[color=#E56717]========== Files/Folders - Created Within 30 Days ==========/color

[2010/09/12 12:11:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\best buy\Desktop\BurnCDCC
[2010/09/09 23:40:33 | 000,000,000 | R--D | C] -- C:\32788R22FWJFW
[2010/09/09 20:51:33 | 000,666,112 | ---- | C] (Mouskit AG) -- C:\Documents and Settings\best buy\Application Data\antispy.exe
[2010/09/09 20:49:26 | 001,472,000 | ---- | C] (Default Company) -- C:\WINDOWS\System32\qtplugin.exe
[2010/09/09 20:49:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\best buy\Application Data\download2
[2010/09/08 19:29:27 | 127,313,619 | ---- | C] (Igor Pavlov) -- C:\Documents and Settings\best buy\Desktop\OTLPENet.exe
[2010/09/07 15:03:43 | 000,502,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\winlogon.backup
[2010/09/07 15:03:41 | 001,032,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\explorer.backup
[2010/09/07 15:02:17 | 000,000,000 | ---D | C] -- C:\FR-files
[2010/09/06 21:13:31 | 000,000,000 | ---D | C] -- C:\WinFileReplace
[2010/09/06 16:23:01 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\NetworkService\Cookies
[2010/09/06 15:25:37 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/09/06 15:25:37 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/09/06 15:25:37 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/09/06 15:25:37 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010/09/06 15:25:18 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/09/06 15:25:16 | 000,000,000 | ---D | C] -- C:\ComboFix
[2010/09/06 15:24:51 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/09/03 09:43:18 | 000,000,000 | ---D | C] -- C:\Program Files\ZHPDiag
[2010/09/03 09:43:05 | 001,944,357 | ---- | C] (Nicolas Coolman ) -- C:\Documents and Settings\best buy\Desktop\ZHPDiag.exe
[2010/09/02 03:36:52 | 000,000,000 | R--D | C] -- C:\Documents and Settings\LocalService\Favorites
[2010/09/01 19:32:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\best buy\My Documents\musicouisti
[2010/09/01 18:21:45 | 000,000,000 | ---D | C] -- C:\Kill'em
[2010/09/01 18:21:34 | 000,000,000 | ---D | C] -- C:\Program Files\List_Kill'em
[2010/09/01 18:21:12 | 003,206,909 | ---- | C] (g3n-h@ckm@n ) -- C:\Documents and Settings\best buy\Desktop\List_Killem_Install.exe
[2010/09/01 16:48:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\best buy\Application Data\Malwarebytes
[2010/09/01 16:48:17 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/09/01 16:48:16 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/09/01 16:48:16 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/09/01 16:47:46 | 006,153,352 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\best buy\Desktop\mbam-setup-1.46.exe
[2010/08/28 22:09:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\best buy\Application Data\Bitrix Security
[2010/08/28 22:08:16 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\NetworkService\SendTo
[2010/08/28 22:08:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Identities
[2010/08/28 22:07:24 | 000,000,000 | R--D | C] -- C:\Documents and Settings\NetworkService\My Documents\My Pictures
[2010/08/28 22:07:24 | 000,000,000 | R--D | C] -- C:\Documents and Settings\NetworkService\My Documents\My Music
[2010/08/28 22:07:24 | 000,000,000 | R--D | C] -- C:\Documents and Settings\NetworkService\My Documents
[2010/08/28 22:06:30 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\NetworkService\Recent
[2010/08/28 22:06:30 | 000,000,000 | -HSD | C] -- C:\WINDOWS\system32\config\systemprofile\IETldCache
[2010/08/28 22:06:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Start Menu
[2010/08/28 22:06:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Desktop
[2010/08/28 22:06:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Bitrix Security
[2010/08/28 22:06:13 | 000,000,000 | ---D | C] -- C:\WINDOWS\system32\config\systemprofile\Application Data\Bitrix Security
[2010/08/26 21:06:23 | 000,000,000 | ---D | C] -- C:\Program Files\TuneUpMedia
[2010/08/24 02:03:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2010/08/24 02:03:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2010/08/20 06:07:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Sun
[2010/08/18 01:43:59 | 000,000,000 | R--D | C] -- C:\Documents and Settings\NetworkService\Favorites
[2010/08/16 16:15:26 | 000,094,208 | ---- | C] (MaresWEB) -- C:\WINDOWS\mprchst.exe
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

[color=#E56717]========== Files - Modified Within 30 Days ==========/color

[2010/09/12 13:57:54 | 000,229,376 | -H-- | M] () -- C:\Documents and Settings\NetworkService\NTUSER.DAT
[2010/09/12 13:57:54 | 000,229,376 | -H-- | M] () -- C:\Documents and Settings\LocalService\NTUSER.DAT
[2010/09/12 13:57:52 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/09/12 13:57:51 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/09/12 13:57:49 | 003,145,728 | -H-- | M] () -- C:\Documents and Settings\best buy\NTUSER.DAT
[2010/09/12 13:57:49 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\best buy\ntuser.ini
[2010/09/12 13:56:02 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/09/12 13:55:56 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/09/12 12:14:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/09/12 12:07:06 | 000,068,815 | ---- | M] () -- C:\Documents and Settings\best buy\Desktop\BurnCDCC.zip
[2010/09/12 12:00:24 | 454,287,360 | ---- | M] () -- C:\Documents and Settings\best buy\Desktop\OTLPE_New_Net.iso
[2010/09/11 15:16:23 | 000,000,480 | -H-- | M] () -- C:\WINDOWS\tasks\Norton Security Scan for best buy.job
[2010/09/10 14:34:01 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/09/10 11:36:45 | 000,260,226 | ---- | M] () -- C:\WINDOWS\System32\qtwm.exe
[2010/09/09 20:51:34 | 000,666,112 | ---- | M] (Mouskit AG) -- C:\Documents and Settings\best buy\Application Data\antispy.exe
[2010/09/09 20:49:24 | 001,472,000 | ---- | M] (Default Company) -- C:\WINDOWS\System32\qtplugin.exe
[2010/09/08 19:29:35 | 127,313,619 | ---- | M] (Igor Pavlov) -- C:\Documents and Settings\best buy\Desktop\OTLPENet.exe
[2010/09/06 21:13:30 | 000,890,272 | ---- | M] () -- C:\Documents and Settings\best buy\Desktop\WinFileReplace.exe
[2010/09/06 15:45:43 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/09/06 15:45:34 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/09/06 15:22:14 | 003,839,056 | R--- | M] () -- C:\Documents and Settings\best buy\Desktop\ComboFix.exe
[2010/09/04 09:22:10 | 000,363,520 | ---- | M] () -- C:\Documents and Settings\best buy\Desktop\rkill.scr
[2010/09/04 08:52:58 | 000,001,098 | ---- | M] () -- C:\WINDOWS\Kcuvafari.dat
[2010/09/04 08:52:58 | 000,000,000 | ---- | M] () -- C:\WINDOWS\Oconitu.bin
[2010/09/03 12:21:54 | 000,021,356 | ---- | M] () -- C:\Documents and Settings\best buy\Desktop\attachment.htm
[2010/09/03 09:45:03 | 000,077,652 | ---- | M] () -- C:\Documents and Settings\best buy\My Documents\log1
[2010/09/03 09:43:12 | 001,944,357 | ---- | M] (Nicolas Coolman ) -- C:\Documents and Settings\best buy\Desktop\ZHPDiag.exe
[2010/09/02 18:08:36 | 004,840,422 | -H-- | M] () -- C:\Documents and Settings\best buy\Local Settings\Application Data\IconCache.db
[2010/09/02 18:08:14 | 000,154,112 | ---- | M] () -- C:\Program Files\uiauditwin.exe
[2010/09/02 15:27:06 | 006,153,352 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\best buy\Desktop\mbam-setup-1.46.exe
[2010/09/01 18:21:45 | 000,001,620 | ---- | M] () -- C:\Documents and Settings\best buy\Desktop\List_Kill'em.lnk
[2010/09/01 18:21:18 | 003,206,909 | ---- | M] (g3n-h@ckm@n ) -- C:\Documents and Settings\best buy\Desktop\List_Killem_Install.exe
[2010/08/28 22:08:17 | 000,000,815 | ---- | M] () -- C:\Documents and Settings\NetworkService\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2010/08/28 22:08:16 | 000,000,079 | ---- | M] () -- C:\Documents and Settings\NetworkService\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf
[2010/08/28 22:06:31 | 000,000,005 | ---- | M] () -- C:\zrpt.xml
[2010/08/25 15:50:03 | 000,051,872 | ---- | M] () -- C:\Documents and Settings\best buy\Desktop\APMEX_com - Checkout.htm
[2010/08/20 12:15:05 | 000,001,791 | ---- | M] () -- C:\Documents and Settings\best buy\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2010/08/16 16:15:27 | 000,094,208 | ---- | M] (MaresWEB) -- C:\WINDOWS\mprchst.exe
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

[color=#E56717]========== Files Created - No Company Name ==========/color

[2010/09/12 12:07:06 | 000,068,815 | ---- | C] () -- C:\Documents and Settings\best buy\Desktop\BurnCDCC.zip
[2010/09/12 11:59:56 | 454,287,360 | ---- | C] () -- C:\Documents and Settings\best buy\Desktop\OTLPE_New_Net.iso
[2010/09/10 11:36:46 | 000,260,226 | ---- | C] () -- C:\WINDOWS\System32\qtwm.exe
[2010/09/06 21:12:43 | 000,890,272 | ---- | C] () -- C:\Documents and Settings\best buy\Desktop\WinFileReplace.exe
[2010/09/06 15:25:37 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/09/06 15:25:37 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/09/06 15:25:37 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/09/06 15:25:37 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/09/06 15:25:37 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/09/06 15:22:08 | 003,839,056 | R--- | C] () -- C:\Documents and Settings\best buy\Desktop\ComboFix.exe
[2010/09/04 09:22:10 | 000,363,520 | ---- | C] () -- C:\Documents and Settings\best buy\Desktop\rkill.scr
[2010/09/03 12:21:53 | 000,021,356 | ---- | C] () -- C:\Documents and Settings\best buy\Desktop\attachment.htm
[2010/09/03 09:45:03 | 000,077,652 | ---- | C] () -- C:\Documents and Settings\best buy\My Documents\log1
[2010/09/02 18:08:14 | 000,154,112 | ---- | C] () -- C:\Program Files\uiauditwin.exe
[2010/09/01 18:21:45 | 000,001,620 | ---- | C] () -- C:\Documents and Settings\best buy\Desktop\List_Kill'em.lnk
[2010/08/28 22:08:17 | 000,000,815 | ---- | C] () -- C:\Documents and Settings\NetworkService\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2010/08/28 22:08:16 | 000,000,079 | ---- | C] () -- C:\Documents and Settings\NetworkService\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf
[2010/08/28 22:06:12 | 000,000,005 | ---- | C] () -- C:\zrpt.xml
[2010/08/25 15:50:03 | 000,051,872 | ---- | C] () -- C:\Documents and Settings\best buy\Desktop\APMEX_com - Checkout.htm
[2010/02/27 04:21:55 | 000,000,024 | ---- | C] () -- C:\WINDOWS\System32\sysogg.dll
[2010/02/27 04:19:09 | 000,233,472 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll
[2010/02/26 21:21:37 | 000,227,200 | ---- | C] () -- C:\WINDOWS\System32\drivers\snpp106.sys
[2010/02/26 21:21:37 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\dsnpp106.dll
[2010/02/26 21:21:37 | 000,015,542 | ---- | C] () -- C:\WINDOWS\snpp106.ini
[2010/02/26 21:21:35 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\vsnpp106.dll
[2010/02/22 07:31:00 | 000,000,879 | ---- | C] () -- C:\WINDOWS\disney.ini
[2009/12/14 17:56:28 | 000,000,167 | ---- | C] () -- C:\Documents and Settings\best buy\udownload.dat
[2009/06/19 21:35:00 | 000,000,000 | ---- | C] () -- C:\WINDOWS\setup32.INI
[2009/04/30 09:27:02 | 000,000,131 | ---- | C] () -- C:\Documents and Settings\best buy\Local Settings\Application Data\fusioncache.dat
[2009/04/16 16:26:03 | 000,013,312 | ---- | C] () -- C:\Documents and Settings\best buy\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/04/01 19:18:45 | 000,000,178 | -HS- | C] () -- C:\Documents and Settings\best buy\ntuser.ini
[2009/04/01 19:18:44 | 000,126,976 | -H-- | C] () -- C:\Documents and Settings\best buy\ntuser.dat.LOG
[2009/04/01 19:18:42 | 003,145,728 | -H-- | C] () -- C:\Documents and Settings\best buy\NTUSER.DAT
[2009/04/01 18:08:30 | 000,229,376 | -H-- | C] () -- C:\Documents and Settings\LocalService\NTUSER.DAT
[2009/04/01 18:08:30 | 000,008,192 | -H-- | C] () -- C:\Documents and Settings\LocalService\ntuser.dat.LOG
[2009/04/01 18:08:30 | 000,000,020 | -HS- | C] () -- C:\Documents and Settings\LocalService\ntuser.ini
[2009/04/01 17:55:15 | 000,000,020 | -HS- | C] () -- C:\Documents and Settings\NetworkService\ntuser.ini
[2009/04/01 17:55:14 | 000,229,376 | -H-- | C] () -- C:\Documents and Settings\NetworkService\NTUSER.DAT
[2009/04/01 17:55:14 | 000,008,192 | -H-- | C] () -- C:\Documents and Settings\NetworkService\ntuser.dat.LOG
[2004/08/10 08:00:00 | 000,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys

[color=#E56717]========== LOP Check ==========/color

[2010/08/28 22:06:50 | 000,000,000 | ---D | M] -- C:\WINDOWS\system32\config\systemprofile\Application Data\Bitrix Security
[2010/07/14 17:21:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\best buy\Application Data\Azureus
[2010/08/28 22:09:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\best buy\Application Data\Bitrix Security
[2010/09/09 20:49:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\best buy\Application Data\download2
[2009/10/06 16:42:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\best buy\Application Data\iLike
[2009/10/31 19:31:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\best buy\Application Data\NetMedia Providers
[2009/04/07 18:56:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\best buy\Application Data\OpenOffice.org
[2009/10/31 20:02:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\best buy\Application Data\Publish Providers
[2009/10/31 23:41:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\best buy\Application Data\Sony
[2010/04/10 09:49:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\best buy\Application Data\SynthMaker
[2010/09/11 09:58:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\best buy\Application Data\TuneUpMedia
[2010/08/28 22:06:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Bitrix Security

[color=#E56717]========== Purity Check ==========/color



[color=#E56717]========== Custom Scans ==========/color


Invalid Environment Variable: %ALLUSERSPROFILE%\Application Data\*.

Invalid Environment Variable: %ALLUSERSPROFILE%\Application Data\*.exe

Invalid Environment Variable: %APPDATA%\*.

Invalid Environment Variable: %APPDATA%\*.exe

[color=#A23BEC]< %SYSTEMDRIVE%\*.exe >/color


[color=#A23BEC]< MD5 for: EXPLORER.EXE >/color
[2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\SoftwareDistribution\Download\e9500597a78495f397efb821e37bf356\explorer.exe
[2004/08/04 00:56:50 | 001,032,192 | ---- | M] (Microsoft Corporation) MD5=59C0416C549EC7FCB1AB827562EBD680 -- C:\WINDOWS\explorer.exe
[2004/08/04 00:56:50 | 001,032,192 | ---- | M] (Microsoft Corporation) MD5=A0732187050030AE399B241436565E64 -- C:\FR-files\explorer.exe

[color=#A23BEC]< MD5 for: USERINIT.EXE >/color
[2004/08/10 08:00:00 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- C:\WINDOWS\ERDNT\cache\userinit.exe
[2004/08/10 08:00:00 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- C:\WINDOWS\system32\dllcache\userinit.exe
[2004/08/10 08:00:00 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- C:\WINDOWS\system32\userinit.exe
[2008/04/13 20:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\SoftwareDistribution\Download\e9500597a78495f397efb821e37bf356\userinit.exe

[color=#A23BEC]< MD5 for: WINLOGON.EXE >/color
[2004/08/04 00:56:58 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:\FR-files\winlogon.exe
[2004/08/04 00:56:58 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=4755032342329E19F3C3A82C6AEB52BC -- C:\WINDOWS\system32\winlogon.exe
[2008/04/13 20:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\SoftwareDistribution\Download\e9500597a78495f397efb821e37bf356\winlogon.exe

[color=#A23BEC]< %systemroot%\*. /mp /s >/color

[color=#A23BEC]< %systemroot%\system32\*.dll /lockedfiles >/color
[2008/06/20 13:41:10 | 000,148,992 | ---- | M] (Microsoft Corporation)[b] Unable to obtain MD5/b -- C:\WINDOWS\system32\dnsapi.dll
[2010/05/06 06:41:49 | 011,076,096 | ---- | M] (Microsoft Corporation)[b] Unable to obtain MD5/b -- C:\WINDOWS\system32\ieframe.dll
[2010/05/06 06:41:50 | 001,985,536 | ---- | M] (Microsoft Corporation)[b] Unable to obtain MD5/b -- C:\WINDOWS\system32\iertutil.dll
[2004/08/10 08:00:00 | 000,274,944 | ---- | M] (Microsoft Corporation)[b] Unable to obtain MD5/b -- C:\WINDOWS\system32\mstask.dll
[2004/08/10 08:00:00 | 000,067,072 | ---- | M] (Microsoft Corporation)[b] Unable to obtain MD5/b -- C:\WINDOWS\system32\ntdsapi.dll
[2008/07/03 09:16:57 | 008,454,656 | ---- | M] (Microsoft Corporation)[b] Unable to obtain MD5/b -- C:\WINDOWS\system32\shell32.dll
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

[color=#A23BEC]< %systemroot%\Tasks\*.job /lockedfiles >/color

[color=#A23BEC]< %systemroot%\system32\drivers\*.sys /lockedfiles >/color

[color=#A23BEC]< %systemroot%\System32\config\*.sav >/color
[2009/04/01 12:32:49 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2009/04/01 12:32:49 | 000,659,456 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2009/04/01 12:32:49 | 000,888,832 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

[color=#A23BEC]< CREATERESTOREPOINT >/color
< End of report >
0
Réponse 22 / 36
jfkpresident Messages postés 13408 Date d'inscription lundi 3 septembre 2007 Statut Contributeur sécurité Dernière intervention 5 janvier 2015 1 175
12 sept. 2010 à 20:01
Maintenant relance Combofix et colle moi le nouveau rapport généré .
0
Réponse 23 / 36
silverfx Messages postés 45 Date d'inscription mercredi 1 septembre 2010 Statut Membre Dernière intervention 31 décembre 2014
12 sept. 2010 à 22:42
ComboFix 10-09-11.04 - best buy 12/09/2010 18:34:09.2.1 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.2.1033.18.2038.1698 [GMT -4:00]
Running from: c:\documents and settings\best buy\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\best buy\Application Data\antispy.exe
c:\documents and settings\best buy\Application Data\download2
c:\documents and settings\best buy\Application Data\download2\svcnost.exe
c:\windows\explorer.backup
c:\windows\system32\qtplugin.exe
c:\windows\system32\qtwm.exe

c:\windows\system32\winlogon.exe . . . is infected!!

c:\windows\explorer.exe . . . is infected!!

.
((((((((((((((((((((((((( Files Created from 2010-08-12 to 2010-09-12 )))))))))))))))))))))))))))))))
.

2010-09-07 19:02 . 2010-09-07 19:10 -------- d-----w- C:\FR-files
2010-09-07 01:13 . 2010-09-07 19:03 -------- d-----w- C:\WinFileReplace
2010-09-03 13:43 . 2010-09-05 22:04 -------- d-----w- c:\program files\ZHPDiag
2010-09-02 22:08 . 2010-09-02 22:08 154112 ----a-w- c:\program files\uiauditwin.exe
2010-09-01 22:21 . 2010-09-01 22:21 -------- d-----w- C:\Kill'em
2010-09-01 22:21 . 2010-09-02 00:12 -------- d-----w- c:\program files\List_Kill'em
2010-09-01 20:48 . 2010-09-01 20:48 -------- d-----w- c:\documents and settings\best buy\Application Data\Malwarebytes
2010-09-01 20:48 . 2010-04-29 19:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-09-01 20:48 . 2010-09-02 19:28 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-09-01 20:48 . 2010-09-01 20:48 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-09-01 20:48 . 2010-04-29 19:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-08-29 02:09 . 2010-08-29 02:09 -------- d-----w- c:\documents and settings\best buy\Application Data\Bitrix Security
2010-08-16 20:15 . 2010-08-16 20:15 94208 ----a-w- c:\windows\mprchst.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-11 13:58 . 2010-03-31 00:20 -------- d-----w- c:\documents and settings\best buy\Application Data\TuneUpMedia
2010-09-10 19:20 . 2010-03-28 22:59 -------- d-----w- c:\program files\Common Files\Symantec Shared
2010-09-04 12:52 . 2010-08-09 15:09 1098 ----a-w- c:\windows\Kcuvafari.dat
2010-09-04 12:52 . 2010-08-09 15:09 0 ----a-w- c:\windows\Oconitu.bin
2010-08-29 02:06 . 2010-08-29 02:06 -------- d-----w- c:\documents and settings\NetworkService\Application Data\Bitrix Security
2010-08-29 02:06 . 2010-08-29 02:06 35328 ----a-w- c:\documents and settings\NetworkService\Application Data\Bitrix Security\omusgg24.dll
2010-08-27 01:07 . 2010-08-27 01:06 -------- d-----w- c:\program files\TuneUpMedia
2010-08-10 01:41 . 2010-04-28 00:31 -------- d-----w- c:\program files\WindsorDirect 4
2010-08-10 01:19 . 2009-04-06 23:59 -------- d-----w- c:\program files\Interbank FX Trader 4
2010-07-14 23:48 . 2010-07-14 23:48 63488 ----a-w- c:\documents and settings\best buy\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
2010-07-14 23:48 . 2010-07-14 23:48 52224 ----a-w- c:\documents and settings\best buy\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-07-14 23:48 . 2010-07-14 23:48 117760 ----a-w- c:\documents and settings\best buy\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-07-14 23:47 . 2010-07-14 23:47 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-07-14 23:47 . 2010-07-14 23:47 -------- d-----w- c:\documents and settings\best buy\Application Data\SUPERAntiSpyware.com
2010-07-14 23:47 . 2010-07-14 23:47 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2010-07-14 23:37 . 2010-02-27 01:05 -------- d-----w- c:\documents and settings\best buy\Application Data\Skype
2010-07-14 18:08 . 2010-07-14 18:08 8177088 ----a-w- c:\documents and settings\best buy\Application Data\Azureus\tmp\AZU9009255397059514620.tmp\Vuze_4.4.0.6a_win32.exe
2010-07-14 01:25 . 2010-07-14 01:25 388096 ----a-r- c:\documents and settings\best buy\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-07-13 19:09 . 2010-07-13 19:09 8177088 ----a-w- c:\documents and settings\best buy\Application Data\Azureus\tmp\AZU7747234730128954097.tmp\Vuze_4.4.0.6a_win32.exe
2010-07-12 20:10 . 2010-07-12 20:10 8177088 ----a-w- c:\documents and settings\best buy\Application Data\Azureus\tmp\AZU8680552364548552618.tmp\Vuze_4.4.0.6a_win32.exe
2010-07-11 21:11 . 2010-07-11 21:11 8177088 ----a-w- c:\documents and settings\best buy\Application Data\Azureus\tmp\AZU8583878817867533226.tmp\Vuze_4.4.0.6a_win32.exe
2010-07-10 08:51 . 2010-07-10 08:51 8177088 ----a-w- c:\documents and settings\best buy\Application Data\Azureus\tmp\AZU8610685687447050337.tmp\Vuze_4.4.0.6a_win32.exe
2010-07-09 09:53 . 2010-07-09 09:53 8177088 ----a-w- c:\documents and settings\best buy\Application Data\Azureus\tmp\AZU1358946615186211749.tmp\Vuze_4.4.0.6a_win32.exe
2010-07-08 10:51 . 2010-07-08 10:51 8177088 ----a-w- c:\documents and settings\best buy\Application Data\Azureus\tmp\AZU7414953552972336392.tmp\Vuze_4.4.0.6a_win32.exe
2010-07-07 11:51 . 2010-07-07 11:51 8177088 ----a-w- c:\documents and settings\best buy\Application Data\Azureus\tmp\AZU1379120457693690473.tmp\Vuze_4.4.0.6a_win32.exe
2010-07-06 12:51 . 2010-07-06 12:51 8177088 ----a-w- c:\documents and settings\best buy\Application Data\Azureus\tmp\AZU8764909088273860730.tmp\Vuze_4.4.0.6a_win32.exe
2010-07-05 13:52 . 2010-07-05 13:52 8177088 ----a-w- c:\documents and settings\best buy\Application Data\Azureus\tmp\AZU2670704520102483743.tmp\Vuze_4.4.0.6a_win32.exe
2010-07-04 14:53 . 2010-07-04 14:53 8177088 ----a-w- c:\documents and settings\best buy\Application Data\Azureus\tmp\AZU85948305595346066.tmp\Vuze_4.4.0.6a_win32.exe
2010-07-03 15:53 . 2010-07-03 15:53 8177088 ----a-w- c:\documents and settings\best buy\Application Data\Azureus\tmp\AZU6788731722153072521.tmp\Vuze_4.4.0.6a_win32.exe
2010-07-02 16:53 . 2010-07-02 16:53 8177088 ----a-w- c:\documents and settings\best buy\Application Data\Azureus\tmp\AZU2010111990010075921.tmp\Vuze_4.4.0.6a_win32.exe
2010-07-01 17:52 . 2010-07-01 17:52 8177088 ----a-w- c:\documents and settings\best buy\Application Data\Azureus\tmp\AZU8710054746290046635.tmp\Vuze_4.4.0.6a_win32.exe
2010-06-30 18:55 . 2010-06-30 18:55 8177088 ----a-w- c:\documents and settings\best buy\Application Data\Azureus\tmp\AZU5460952575370106974.tmp\Vuze_4.4.0.6a_win32.exe
2010-06-29 19:55 . 2010-06-29 19:55 8177088 ----a-w- c:\documents and settings\best buy\Application Data\Azureus\tmp\AZU5686737456705255986.tmp\Vuze_4.4.0.6a_win32.exe
2010-06-28 20:53 . 2010-06-28 20:53 8177088 ----a-w- c:\documents and settings\best buy\Application Data\Azureus\tmp\AZU1982541926591147613.tmp\Vuze_4.4.0.6a_win32.exe
2010-06-27 21:54 . 2010-06-27 21:54 8177088 ----a-w- c:\documents and settings\best buy\Application Data\Azureus\tmp\AZU4002412701361903036.tmp\Vuze_4.4.0.6a_win32.exe
2010-06-25 11:06 . 2010-06-25 11:06 8177088 ----a-w- c:\documents and settings\best buy\Application Data\Azureus\tmp\AZU7363603460976945232.tmp\Vuze_4.4.0.6a_win32.exe
2010-06-24 12:07 . 2010-06-24 12:07 8086976 ----a-w- c:\documents and settings\best buy\Application Data\Azureus\tmp\AZU3785269914393871854.tmp\Vuze_4.4.0.6_win32.exe
2010-06-23 13:06 . 2010-06-23 13:06 8086976 ----a-w- c:\documents and settings\best buy\Application Data\Azureus\tmp\AZU6087866235411944873.tmp\Vuze_4.4.0.6_win32.exe
2010-06-22 14:06 . 2010-06-22 14:06 8086976 ----a-w- c:\documents and settings\best buy\Application Data\Azureus\tmp\AZU6583508687504943310.tmp\Vuze_4.4.0.6_win32.exe
2010-06-21 15:06 . 2010-06-21 15:06 8086976 ----a-w- c:\documents and settings\best buy\Application Data\Azureus\tmp\AZU6093415849878058340.tmp\Vuze_4.4.0.6_win32.exe
2010-06-20 16:06 . 2010-06-20 16:06 8086976 ----a-w- c:\documents and settings\best buy\Application Data\Azureus\tmp\AZU8321470404578442429.tmp\Vuze_4.4.0.6_win32.exe
2010-06-19 17:07 . 2010-06-19 17:07 8086976 ----a-w- c:\documents and settings\best buy\Application Data\Azureus\tmp\AZU6417968502227759199.tmp\Vuze_4.4.0.6_win32.exe
.

------- Sigcheck -------

[-] 2008-04-14 . ED0EF0A136DEC83DF69F04118870003E . 507904 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\e9500597a78495f397efb821e37bf356\winlogon.exe
[-] 2004-08-04 . 4755032342329E19F3C3A82C6AEB52BC . 502272 . . [5.1.2600.2180] . . c:\windows\system32\winlogon.exe

[-] 2008-04-14 . 12896823FB95BFB3DC9B46BCAEDC9923 . 1033728 . . [6.00.2900.5512] . . c:\windows\SoftwareDistribution\Download\e9500597a78495f397efb821e37bf356\explorer.exe
[-] 2004-08-04 . 59C0416C549EC7FCB1AB827562EBD680 . 1032192 . . [6.00.2900.2180] . . c:\windows\explorer.exe
.
((((((((((((((((((((((((((((( SnapShot@2010-09-06_19.45.43 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-09-12 22:33 . 2010-09-12 22:33 16384 c:\windows\Temp\Perflib_Perfdata_e4.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MobiLink Lite"="c:\program files\Novatel Wireless\MobiLink\Lite.exe" [2008-02-20 409672]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-04-10 39408]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2010-06-29 2403568]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-11-11 417792]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"*uiauditwin.exe"="c:\program files\uiauditwin.exe" [2010-09-02 154112]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe"=
"c:\\Program Files\\Vuze\\Azureus.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [17/02/2010 2:25 PM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [10/05/2010 2:41 PM 67656]
S2 gupdate1cab7461ac65b22;Google Update Service (gupdate1cab7461ac65b22);c:\program files\Google\Update\GoogleUpdate.exe [26/02/2010 8:45 PM 133104]
S3 SNPP106;PC Camera (6029 CIF);c:\windows\system32\drivers\snpp106.sys [26/02/2010 9:21 PM 227200]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{15AA3580-03FA-4A96-A369-B8971EC8B3FB}]
2010-08-29 02:06 35328 ----a-w- c:\documents and settings\NetworkService\Application Data\Bitrix Security\omusgg24.dll
.
Contents of the 'Scheduled Tasks' folder

2010-09-10 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34]

2010-09-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-27 00:45]

2010-09-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-27 00:45]

2010-09-11 c:\windows\Tasks\Norton Security Scan for best buy.job
- c:\program files\Norton Security Scan\Engine\2.7.3.34\Nss.exe [2010-03-27 14:06]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
IE: {{FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - c:\program files\PokerStars.NET\PokerStarsUpdate.exe
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-download - c:\documents and settings\best buy\Application Data\download2\svcnost.exe
HKLM-Run-RegistryWm - c:\windows\system32\qtwm.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-09-12 18:41
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(860)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
c:\windows\System32\BCMLogon.dll
.
Completion time: 2010-09-12 18:43:19
ComboFix-quarantined-files.txt 2010-09-12 22:43
ComboFix2.txt 2010-09-06 19:51

Pre-Run: 70,397,882,368 bytes free
Post-Run: 70,615,281,664 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect

- - End Of File - - CC1D40A815B7DB653B4254E7C5546DF7
0
Réponse 24 / 36
jfkpresident Messages postés 13408 Date d'inscription lundi 3 septembre 2007 Statut Contributeur sécurité Dernière intervention 5 janvier 2015 1 175
13 sept. 2010 à 21:00
Salut ,on continu :

-redemarre sous Reatogo , relançe OTLPE

-sous Custom Scan box copie_colle le contenu en gras ci dessous (en commençant bien à :OTL , les : inclus devant OTL) et cette fois ci clic RUNFIX

:OTL
DRV - File not found [Kernel | On_Demand] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDCOMP)
DRV - File not found [Kernel | System] -- -- (PCIDump)
DRV - File not found [Kernel | On_Demand] -- C:\WINDOWS\System32\Drivers\PCASp50.sys -- (PCASp50)
DRV - File not found [Kernel | System] -- -- (lbrtfdc)
DRV - File not found [Kernel | System] -- -- (i2omgmt)
DRV - File not found [Kernel | System] -- -- (Changer)
DRV - File not found [Kernel | On_Demand] -- C:\ComboFix\catchme.sys -- (catchme)
O4 - HKLM..\Run: [download] C:\Documents and Settings\best buy\Application Data\download2\svcnost.exe (download corp.)
O4 - HKLM..\Run: [RegistryMonitor1] C:\WINDOWS\system32\qtplugin.exe (Default Company)
O4 - HKLM..\Run: [RegistryWm] C:\WINDOWS\system32\qtwm.exe ()
O4 - HKLM..\RunOnce: [*uiauditwin.exe] C:\Program Files\uiauditwin.exe ()
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
:files
C:\Documents and Settings\best buy\Application Data\download2
C:\WINDOWS\mprchst.exe
C:\WINDOWS\tasks\Norton Security Scan for best buy.job
C:\Program Files\uiauditwin.exe
C:\zrpt.xml
C:\WINDOWS\explorer.exe|C:\WINDOWS\SoftwareDistribution\Download\e9500597a78495f397efb821e37bf356\explorer.exe /replace
C:\WINDOWS\system32\winlogon.exe|C:\WINDOWS\SoftwareDistribution\Download\e9500597a78495f397efb821e37bf356\winlogon.exe /replace
:reg
[HKLM\SOFTWARE_ON_C\Microsoft\Windows NT\CurrentVersion\Setup\RecoveryConsole]
"SetCommand"=dword:00000001
"SecurityLevel"=dword:00000001
[HKLM\SOFTWARE_ON_C\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=dword:000000ff
[HKLM\SOFTWARE_ON_C\Microsoft\Windows\CurrentVersion\Explorer]
"AlwaysUnloadDll"=dword:00000001
:commands
[emptytemp]


0
Utilisateur anonyme
13 sept. 2010 à 23:19
salut jfk

des fois le changement de service pack arrange bien des problemes.....
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 25 / 36
silverfx
14 sept. 2010 à 02:28
OTL logfile created on: 9/13/2010 9:24:12 PM - Run
OTLPE by OldTimer - Version 3.1.40.0 Folder = X:\Programs\OTLPE
Microsoft Windows XP Service Pack 2 (Version = 5.1.2600) - Type = SYSTEM
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 86.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 95.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 93.15 Gb Total Space | 65.77 Gb Free Space | 70.61% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive X: | 433.24 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: REATOGO
Current User Name: SYSTEM
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard
Using ControlSet: ControlSet002

[color=#E56717]========== Win32 Services (SafeList) ==========[/color]

SRV - File not found [Disabled] -- C:\WINDOWS\System32\hidserv.dll -- (HidServ)


[color=#E56717]========== Driver Services (SafeList) ==========[/color]

DRV - File not found [Kernel | On_Demand] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDCOMP)
DRV - File not found [Kernel | System] -- -- (PCIDump)
DRV - File not found [Kernel | On_Demand] -- C:\WINDOWS\System32\Drivers\PCASp50.sys -- (PCASp50)
DRV - File not found [Kernel | System] -- -- (lbrtfdc)
DRV - File not found [Kernel | System] -- -- (i2omgmt)
DRV - File not found [Kernel | System] -- -- (Changer)
DRV - File not found [Kernel | On_Demand] -- C:\DOCUME~1\BESTBU~1\LOCALS~1\Temp\catchme.sys -- (catchme)
DRV - [2010/05/10 14:41:30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/02/17 14:25:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2007/10/12 17:04:38 | 000,099,200 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\nwusbser.sys -- (NWUSBPort)
DRV - [2007/10/12 17:04:38 | 000,099,200 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\nwusbmdm.sys -- (NWUSBModem)
DRV - [2007/07/26 01:44:28 | 002,210,048 | ---- | M] (Intel® Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\w29n51.sys -- (w29n51) Intel(R)
DRV - [2005/05/23 11:31:46 | 001,034,752 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2005/05/23 11:30:54 | 000,222,720 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\HSFHWICH.sys -- (HSFHWICH)
DRV - [2005/05/23 11:30:42 | 000,716,288 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2005/04/18 08:26:00 | 000,230,912 | ---- | M] (Marvell) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\yk51x86.sys -- (yukonwxp)
DRV - [2005/03/31 16:46:58 | 000,350,976 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\camc6hal.sys -- (CAMCHALA)
DRV - [2005/03/31 16:46:10 | 000,038,016 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\camc6aud.sys -- (CAMCAUD)
DRV - [2005/03/31 10:21:00 | 000,159,488 | ---- | M] (Texas Instruments) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\tifm21.sys -- (tifm21)
DRV - [2003/04/09 12:44:00 | 000,227,200 | ---- | M] () [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\snpp106.sys -- (SNPP106) PC Camera (6029 CIF)


[color=#E56717]========== Standard Registry (SafeList) ==========[/color]


[color=#E56717]========== Internet Explorer ==========[/color]

IE - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\best_buy_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
IE - HKU\best_buy_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\best_buy_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local




[2009/04/19 09:50:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\best buy\Application Data\Mozilla\Firefox\extensions
[2009/04/19 09:50:26 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\best buy\Application Data\Mozilla\Firefox\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}

O1 HOSTS File: ([2010/09/12 18:41:16 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5612.1312\swg.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKU\best_buy_ON_C\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O4 - HKU\best_buy_ON_C..\Run: [MobiLink Lite] C:\Program Files\Novatel Wireless\Mobilink\Lite.exe (Novatel Wireless)
O4 - HKU\best_buy_ON_C..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - HKU\best_buy_ON_C..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKLM..\RunOnce: [*uiauditwin.exe] C:\Program Files\uiauditwin.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\best_buy_ON_C\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\best_buy_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\best_buy_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\best_buy_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\LocalService_ON_C\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\LocalService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\NetworkService_ON_C\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\NetworkService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll (Google Inc.)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files\PokerStars.NET\PokerStarsUpdate.exe (PokerStars)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 24.200.241.37 24.201.245.77 24.200.243.189
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O24 - Desktop WallPaper: B:\Documents and Settings\Default User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: B:\Documents and Settings\Default User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/04/01 17:50:48 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]

[2010/09/13 02:56:47 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\NetworkService\Cookies
[2010/09/12 18:29:44 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010/09/12 18:27:46 | 000,000,000 | ---D | C] -- C:\ComboFix
[2010/09/12 12:11:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\best buy\Desktop\BurnCDCC
[2010/09/08 19:29:27 | 127,313,619 | ---- | C] (Igor Pavlov) -- C:\Documents and Settings\best buy\Desktop\OTLPENet.exe
[2010/09/07 15:03:43 | 000,502,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\winlogon.backup
[2010/09/07 15:02:17 | 000,000,000 | ---D | C] -- C:\FR-files
[2010/09/06 21:13:31 | 000,000,000 | ---D | C] -- C:\WinFileReplace
[2010/09/06 15:25:37 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/09/06 15:25:37 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/09/06 15:25:37 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/09/06 15:25:37 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010/09/06 15:25:18 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/09/06 15:24:51 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/09/03 09:43:18 | 000,000,000 | ---D | C] -- C:\Program Files\ZHPDiag
[2010/09/03 09:43:05 | 001,944,357 | ---- | C] (Nicolas Coolman ) -- C:\Documents and Settings\best buy\Desktop\ZHPDiag.exe
[2010/09/02 03:36:52 | 000,000,000 | R--D | C] -- C:\Documents and Settings\LocalService\Favorites
[2010/09/01 19:32:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\best buy\My Documents\musicouisti
[2010/09/01 18:21:45 | 000,000,000 | ---D | C] -- C:\Kill'em
[2010/09/01 18:21:34 | 000,000,000 | ---D | C] -- C:\Program Files\List_Kill'em
[2010/09/01 18:21:12 | 003,206,909 | ---- | C] (g3n-h@ckm@n ) -- C:\Documents and Settings\best buy\Desktop\List_Killem_Install.exe
[2010/09/01 16:48:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\best buy\Application Data\Malwarebytes
[2010/09/01 16:48:17 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/09/01 16:48:16 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/09/01 16:48:16 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/09/01 16:47:46 | 006,153,352 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\best buy\Desktop\mbam-setup-1.46.exe
[2010/08/28 22:09:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\best buy\Application Data\Bitrix Security
[2010/08/28 22:08:16 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\NetworkService\SendTo
[2010/08/28 22:08:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Identities
[2010/08/28 22:07:24 | 000,000,000 | R--D | C] -- C:\Documents and Settings\NetworkService\My Documents\My Pictures
[2010/08/28 22:07:24 | 000,000,000 | R--D | C] -- C:\Documents and Settings\NetworkService\My Documents\My Music
[2010/08/28 22:07:24 | 000,000,000 | R--D | C] -- C:\Documents and Settings\NetworkService\My Documents
[2010/08/28 22:06:30 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\NetworkService\Recent
[2010/08/28 22:06:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Start Menu
[2010/08/28 22:06:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Desktop
[2010/08/28 22:06:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Bitrix Security
[2010/08/26 21:06:23 | 000,000,000 | ---D | C] -- C:\Program Files\TuneUpMedia
[2010/08/24 02:03:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2010/08/24 02:03:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2010/08/20 06:07:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Sun
[2010/08/18 01:43:59 | 000,000,000 | R--D | C] -- C:\Documents and Settings\NetworkService\Favorites
[2010/08/16 16:15:26 | 000,094,208 | ---- | C] (MaresWEB) -- C:\WINDOWS\mprchst.exe
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]

[2010/09/13 20:10:25 | 000,229,376 | -H-- | M] () -- C:\Documents and Settings\NetworkService\NTUSER.DAT
[2010/09/13 20:10:25 | 000,229,376 | -H-- | M] () -- C:\Documents and Settings\LocalService\NTUSER.DAT
[2010/09/13 20:10:22 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/09/13 20:10:20 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/09/13 20:10:17 | 003,145,728 | -H-- | M] () -- C:\Documents and Settings\best buy\NTUSER.DAT
[2010/09/13 20:10:17 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\best buy\ntuser.ini
[2010/09/13 19:14:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/09/13 17:19:38 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/09/13 15:21:38 | 000,000,480 | -H-- | M] () -- C:\WINDOWS\tasks\Norton Security Scan for best buy.job
[2010/09/12 18:41:23 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/09/12 18:41:16 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/09/12 18:29:53 | 000,000,325 | RHS- | M] () -- C:\boot.ini
[2010/09/12 18:25:26 | 003,842,758 | R--- | M] () -- C:\Documents and Settings\best buy\Desktop\ComboFix.exe
[2010/09/12 13:55:56 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/09/12 12:07:06 | 000,068,815 | ---- | M] () -- C:\Documents and Settings\best buy\Desktop\BurnCDCC.zip
[2010/09/12 12:00:24 | 454,287,360 | ---- | M] () -- C:\Documents and Settings\best buy\Desktop\OTLPE_New_Net.iso
[2010/09/10 14:34:01 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/09/08 19:29:35 | 127,313,619 | ---- | M] (Igor Pavlov) -- C:\Documents and Settings\best buy\Desktop\OTLPENet.exe
[2010/09/06 21:13:30 | 000,890,272 | ---- | M] () -- C:\Documents and Settings\best buy\Desktop\WinFileReplace.exe
[2010/09/04 09:22:10 | 000,363,520 | ---- | M] () -- C:\Documents and Settings\best buy\Desktop\rkill.scr
[2010/09/04 08:52:58 | 000,001,098 | ---- | M] () -- C:\WINDOWS\Kcuvafari.dat
[2010/09/04 08:52:58 | 000,000,000 | ---- | M] () -- C:\WINDOWS\Oconitu.bin
[2010/09/03 12:21:54 | 000,021,356 | ---- | M] () -- C:\Documents and Settings\best buy\Desktop\attachment.htm
[2010/09/03 09:45:03 | 000,077,652 | ---- | M] () -- C:\Documents and Settings\best buy\My Documents\log1
[2010/09/03 09:43:12 | 001,944,357 | ---- | M] (Nicolas Coolman ) -- C:\Documents and Settings\best buy\Desktop\ZHPDiag.exe
[2010/09/02 18:08:36 | 004,840,422 | -H-- | M] () -- C:\Documents and Settings\best buy\Local Settings\Application Data\IconCache.db
[2010/09/02 18:08:14 | 000,154,112 | ---- | M] () -- C:\Program Files\uiauditwin.exe
[2010/09/02 15:27:06 | 006,153,352 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\best buy\Desktop\mbam-setup-1.46.exe
[2010/09/01 18:21:45 | 000,001,620 | ---- | M] () -- C:\Documents and Settings\best buy\Desktop\List_Kill'em.lnk
[2010/09/01 18:21:18 | 003,206,909 | ---- | M] (g3n-h@ckm@n ) -- C:\Documents and Settings\best buy\Desktop\List_Killem_Install.exe
[2010/08/28 22:08:17 | 000,000,815 | ---- | M] () -- C:\Documents and Settings\NetworkService\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2010/08/28 22:08:16 | 000,000,079 | ---- | M] () -- C:\Documents and Settings\NetworkService\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf
[2010/08/28 22:06:31 | 000,000,005 | ---- | M] () -- C:\zrpt.xml
[2010/08/25 15:50:03 | 000,051,872 | ---- | M] () -- C:\Documents and Settings\best buy\Desktop\APMEX_com - Checkout.htm
[2010/08/20 12:15:05 | 000,001,791 | ---- | M] () -- C:\Documents and Settings\best buy\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2010/08/16 16:15:27 | 000,094,208 | ---- | M] (MaresWEB) -- C:\WINDOWS\mprchst.exe
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

[color=#E56717]========== Files Created - No Company Name ==========[/color]

[2010/09/12 18:29:53 | 000,000,209 | ---- | C] () -- C:\Boot.bak
[2010/09/12 18:29:48 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2010/09/12 12:07:06 | 000,068,815 | ---- | C] () -- C:\Documents and Settings\best buy\Desktop\BurnCDCC.zip
[2010/09/12 11:59:56 | 454,287,360 | ---- | C] () -- C:\Documents and Settings\best buy\Desktop\OTLPE_New_Net.iso
[2010/09/06 21:12:43 | 000,890,272 | ---- | C] () -- C:\Documents and Settings\best buy\Desktop\WinFileReplace.exe
[2010/09/06 15:25:37 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/09/06 15:25:37 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/09/06 15:25:37 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/09/06 15:25:37 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/09/06 15:25:37 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/09/06 15:22:08 | 003,842,758 | R--- | C] () -- C:\Documents and Settings\best buy\Desktop\ComboFix.exe
[2010/09/04 09:22:10 | 000,363,520 | ---- | C] () -- C:\Documents and Settings\best buy\Desktop\rkill.scr
[2010/09/03 12:21:53 | 000,021,356 | ---- | C] () -- C:\Documents and Settings\best buy\Desktop\attachment.htm
[2010/09/03 09:45:03 | 000,077,652 | ---- | C] () -- C:\Documents and Settings\best buy\My Documents\log1
[2010/09/02 18:08:14 | 000,154,112 | ---- | C] () -- C:\Program Files\uiauditwin.exe
[2010/09/01 18:21:45 | 000,001,620 | ---- | C] () -- C:\Documents and Settings\best buy\Desktop\List_Kill'em.lnk
[2010/08/28 22:08:17 | 000,000,815 | ---- | C] () -- C:\Documents and Settings\NetworkService\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2010/08/28 22:08:16 | 000,000,079 | ---- | C] () -- C:\Documents and Settings\NetworkService\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf
[2010/08/28 22:06:12 | 000,000,005 | ---- | C] () -- C:\zrpt.xml
[2010/08/25 15:50:03 | 000,051,872 | ---- | C] () -- C:\Documents and Settings\best buy\Desktop\APMEX_com - Checkout.htm
[2010/02/27 04:21:55 | 000,000,024 | ---- | C] () -- C:\WINDOWS\System32\sysogg.dll
[2010/02/27 04:19:09 | 000,233,472 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll
[2010/02/26 21:21:37 | 000,227,200 | ---- | C] () -- C:\WINDOWS\System32\drivers\snpp106.sys
[2010/02/26 21:21:37 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\dsnpp106.dll
[2010/02/26 21:21:37 | 000,015,542 | ---- | C] () -- C:\WINDOWS\snpp106.ini
[2010/02/26 21:21:35 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\vsnpp106.dll
[2010/02/22 07:31:00 | 000,000,879 | ---- | C] () -- C:\WINDOWS\disney.ini
[2009/12/14 17:56:28 | 000,000,167 | ---- | C] () -- C:\Documents and Settings\best buy\udownload.dat
[2009/06/19 21:35:00 | 000,000,000 | ---- | C] () -- C:\WINDOWS\setup32.INI
[2009/04/30 09:27:02 | 000,000,131 | ---- | C] () -- C:\Documents and Settings\best buy\Local Settings\Application Data\fusioncache.dat
[2009/04/16 16:26:03 | 000,013,312 | ---- | C] () -- C:\Documents and Settings\best buy\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/04/01 19:18:45 | 000,000,178 | -HS- | C] () -- C:\Documents and Settings\best buy\ntuser.ini
[2009/04/01 19:18:44 | 000,069,632 | -H-- | C] () -- C:\Documents and Settings\best buy\ntuser.dat.LOG
[2009/04/01 19:18:42 | 003,145,728 | -H-- | C] () -- C:\Documents and Settings\best buy\NTUSER.DAT
[2009/04/01 18:08:30 | 000,229,376 | -H-- | C] () -- C:\Documents and Settings\LocalService\NTUSER.DAT
[2009/04/01 18:08:30 | 000,008,192 | -H-- | C] () -- C:\Documents and Settings\LocalService\ntuser.dat.LOG
[2009/04/01 18:08:30 | 000,000,020 | -HS- | C] () -- C:\Documents and Settings\LocalService\ntuser.ini
[2009/04/01 17:55:15 | 000,000,020 | -HS- | C] () -- C:\Documents and Settings\NetworkService\ntuser.ini
[2009/04/01 17:55:14 | 000,229,376 | -H-- | C] () -- C:\Documents and Settings\NetworkService\NTUSER.DAT
[2009/04/01 17:55:14 | 000,008,192 | -H-- | C] () -- C:\Documents and Settings\NetworkService\ntuser.dat.LOG
[2004/08/10 08:00:00 | 000,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys

[color=#E56717]========== LOP Check ==========[/color]

[2010/08/28 22:06:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Bitrix Security
[2010/07/14 17:21:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\best buy\Application Data\Azureus
[2010/08/28 22:09:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\best buy\Application Data\Bitrix Security
[2009/10/06 16:42:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\best buy\Application Data\iLike
[2009/10/31 19:31:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\best buy\Application Data\NetMedia Providers
[2009/04/07 18:56:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\best buy\Application Data\OpenOffice.org
[2009/10/31 20:02:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\best buy\Application Data\Publish Providers
[2009/10/31 23:41:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\best buy\Application Data\Sony
[2010/04/10 09:49:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\best buy\Application Data\SynthMaker
[2010/09/11 09:58:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\best buy\Application Data\TuneUpMedia

[color=#E56717]========== Purity Check ==========[/color]



[color=#E56717]========== Custom Scans ==========[/color]


[color=#A23BEC]< :OTL >[/color]

[color=#A23BEC]< DRV - File not found [Kernel | On_Demand] -- -- (WDICA) >[/color]

[color=#A23BEC]< DRV - File not found [Kernel | On_Demand] -- -- (PDRFRAME) >[/color]

[color=#A23BEC]< DRV - File not found [Kernel | On_Demand] -- -- (PDRELI) >[/color]

[color=#A23BEC]< DRV - File not found [Kernel | On_Demand] -- -- (PDFRAME) >[/color]

[color=#A23BEC]< DRV - File not found [Kernel | On_Demand] -- -- (PDCOMP) >[/color]

[color=#A23BEC]< DRV - File not found [Kernel | System] -- -- (PCIDump) >[/color]

[color=#A23BEC]< DRV - File not found [Kernel | On_Demand] -- C:\WINDOWS\System32\Drivers\PCASp50.sys -- (PCASp50) >[/color]

[color=#A23BEC]< DRV - File not found [Kernel | System] -- -- (lbrtfdc) >[/color]

[color=#A23BEC]< DRV - File not found [Kernel | System] -- -- (i2omgmt) >[/color]

[color=#A23BEC]< DRV - File not found [Kernel | System] -- -- (Changer) >[/color]

[color=#A23BEC]< DRV - File not found [Kernel | On_Demand] -- C:\ComboFix\catchme.sys -- (catchme) >[/color]

[color=#A23BEC]< O4 - HKLM..\Run: [download] C:\Documents and Settings\best buy\Application Data\download2\svcnost.exe (download corp.) >[/color]

[color=#A23BEC]< O4 - HKLM..\Run: [RegistryMonitor1] C:\WINDOWS\system32\qtplugin.exe (Default Company) >[/color]

[color=#A23BEC]< O4 - HKLM..\Run: [RegistryWm] C:\WINDOWS\system32\qtwm.exe () >[/color]

[color=#A23BEC]< O4 - HKLM..\RunOnce: [*uiauditwin.exe] C:\Program Files\uiauditwin.exe () >[/color]

[color=#A23BEC]< [3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] >[/color]

[color=#A23BEC]< [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] >[/color]

[color=#A23BEC]< :files >[/color]

[color=#A23BEC]< C:\Documents and Settings\best buy\Application Data\download2 >[/color]

[color=#A23BEC]< C:\WINDOWS\mprchst.exe >[/color]
[2010/08/16 16:15:27 | 000,094,208 | ---- | M] (MaresWEB) -- C:\WINDOWS\mprchst.exe
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[color=#A23BEC]< C:\WINDOWS\tasks\Norton Security Scan for best buy.job >[/color]
[2010/09/13 15:21:38 | 000,000,480 | -H-- | M] () -- C:\WINDOWS\tasks\Norton Security Scan for best buy.job

[color=#A23BEC]< C:\Program Files\uiauditwin.exe >[/color]
[2010/09/02 18:08:14 | 000,154,112 | ---- | M] () -- C:\Program Files\uiauditwin.exe

[color=#A23BEC]< C:\zrpt.xml >[/color]
[2010/08/28 22:06:31 | 000,000,005 | ---- | M] () -- C:\zrpt.xml

[color=#A23BEC]< C:\WINDOWS\explorer.exe|C:\WINDOWS\SoftwareDistribution\Download\e9500597a78495f397efb821e37bf356\explorer.exe /replace >[/color]
Invalid Switch: replace

[color=#A23BEC]< C:\WINDOWS\system32\winlogon.exe|C:\WINDOWS\SoftwareDistribution\Download\e9500597a78495f397efb821e37bf356\winlogon.exe /replace >[/color]
Invalid Switch: replace


[color=#A23BEC]< :reg >[/color]

[color=#A23BEC]< [HKLM\SOFTWARE_ON_C\Microsoft\Windows NT\CurrentVersion\Setup\RecoveryConsole] >[/color]

[color=#A23BEC]< "SetCommand"=dword:00000001 >[/color]

[color=#A23BEC]< "SecurityLevel"=dword:00000001 >[/color]

[color=#A23BEC]< [HKLM\SOFTWARE_ON_C\Microsoft\Windows\CurrentVersion\policies\Explorer] >[/color]

[color=#A23BEC]< "NoDriveTypeAutoRun"=dword:000000ff >[/color]

[color=#A23BEC]< [HKLM\SOFTWARE_ON_C\Microsoft\Windows\CurrentVersion\Explorer] >[/color]

[color=#A23BEC]< "AlwaysUnloadDll"=dword:00000001 >[/color]

[color=#A23BEC]< :commands >[/color]

[color=#A23BEC]< [emptytemp] >[/color]

< End of report >
0
Réponse 26 / 36
jfkpresident Messages postés 13408 Date d'inscription lundi 3 septembre 2007 Statut Contributeur sécurité Dernière intervention 5 janvier 2015 1 175
14 sept. 2010 à 19:42
Ce n'est pas le bon rapport ou alors tu n'as pas cliqué sur "RUNFIX" apres avoir coller le script !
0
Réponse 27 / 36
silverfx Messages postés 45 Date d'inscription mercredi 1 septembre 2010 Statut Membre Dernière intervention 31 décembre 2014
15 sept. 2010 à 17:59
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\WDICA deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\PDRFRAME deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\PDRELI deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\PDFRAME deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\PDCOMP deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\PCIDump deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\PCASp50 deleted successfully.
File C:\WINDOWS\System32\Drivers\PCASp50.sys not found.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\lbrtfdc deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\i2omgmt deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Changer deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\catchme deleted successfully.
File C:\ComboFix\catchme.sys not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\download not found.
File C:\Documents and Settings\best buy\Application Data\download2\svcnost.exe not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\RegistryMonitor1 not found.
File C:\WINDOWS\system32\qtplugin.exe not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\RegistryWm not found.
File C:\WINDOWS\system32\qtwm.exe not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce\\*uiauditwin.exe deleted successfully.
Invalid CLSID key: *uiauditwin.exe
C:\Program Files\uiauditwin.exe moved successfully.
C:\WINDOWS\SET3.tmp deleted successfully.
C:\WINDOWS\SET4.tmp deleted successfully.
C:\WINDOWS\SET8.tmp deleted successfully.
C:\WINDOWS\System32\CONFIG.TMP deleted successfully.
========== FILES ==========
File\Folder C:\Documents and Settings\best buy\Application Data\download2 not found.
C:\WINDOWS\mprchst.exe moved successfully.
C:\WINDOWS\tasks\Norton Security Scan for best buy.job moved successfully.
File\Folder C:\Program Files\uiauditwin.exe not found.
C:\zrpt.xml moved successfully.
File C:\WINDOWS\explorer.exe successfully replaced with C:\WINDOWS\SoftwareDistribution\Download\e9500597a78495f397efb821e37bf356\explorer.exe
File C:\WINDOWS\system32\winlogon.exe successfully replaced with C:\WINDOWS\SoftwareDistribution\Download\e9500597a78495f397efb821e37bf356\winlogon.exe
========== REGISTRY ==========
HKLM\SOFTWARE_ON_C\Microsoft\Windows NT\CurrentVersion\Setup\RecoveryConsole\\"SetCommand"|dword:00000001 /E : value set successfully!
HKLM\SOFTWARE_ON_C\Microsoft\Windows NT\CurrentVersion\Setup\RecoveryConsole\\"SecurityLevel"|dword:00000001 /E : value set successfully!
HKLM\SOFTWARE_ON_C\Microsoft\Windows\CurrentVersion\policies\Explorer\\"NoDriveTypeAutoRun"|dword:000000ff /E : value set successfully!
HKLM\SOFTWARE_ON_C\Microsoft\Windows\CurrentVersion\Explorer\\"AlwaysUnloadDll"|dword:00000001 /E : value set successfully!
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: best buy
->Temp folder emptied: 356066 bytes
->Temporary Internet Files folder emptied: 5538194 bytes
->Java cache emptied: 118757743 bytes
->Google Chrome cache emptied: 6280249 bytes
->Apple Safari cache emptied: 5271552 bytes
->Flash cache emptied: 424483 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 721097 bytes
->Flash cache emptied: 3444 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Java cache emptied: 6459 bytes
->Flash cache emptied: 15924 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 16384 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 1343235 bytes

Total Files Cleaned = 132.00 mb


OTLPE by OldTimer - Version 3.1.40.0 log created on 09152010_125058
0
Réponse 28 / 36
jfkpresident Messages postés 13408 Date d'inscription lundi 3 septembre 2007 Statut Contributeur sécurité Dernière intervention 5 janvier 2015 1 175
15 sept. 2010 à 20:54
Ok ,c'est mieux -;)

peux tu relancer combofix et coller le nouveau rapport ainsi qu'un nouveau rapport ZhpDiag pour faire le point .
0
Réponse 29 / 36
silverfx Messages postés 45 Date d'inscription mercredi 1 septembre 2010 Statut Membre Dernière intervention 31 décembre 2014
15 sept. 2010 à 23:34
ComboFix 10-09-15.01 - best buy 15/09/2010 17:25:46.3.1 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.2.1033.18.2038.1613 [GMT -4:00]
Running from: c:\documents and settings\best buy\Desktop\ComboFix.exe
.

((((((((((((((((((((((((( Files Created from 2010-08-15 to 2010-09-15 )))))))))))))))))))))))))))))))
.

2010-09-15 16:50 . 2010-09-15 16:50 -------- d-----w- C:\_OTL
2010-09-07 19:02 . 2010-09-07 19:10 -------- d-----w- C:\FR-files
2010-09-07 01:13 . 2010-09-07 19:03 -------- d-----w- C:\WinFileReplace
2010-09-03 13:43 . 2010-09-05 22:04 -------- d-----w- c:\program files\ZHPDiag
2010-09-01 22:21 . 2010-09-01 22:21 -------- d-----w- C:\Kill'em
2010-09-01 22:21 . 2010-09-02 00:12 -------- d-----w- c:\program files\List_Kill'em
2010-09-01 20:48 . 2010-09-01 20:48 -------- d-----w- c:\documents and settings\best buy\Application Data\Malwarebytes
2010-09-01 20:48 . 2010-04-29 19:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-09-01 20:48 . 2010-09-02 19:28 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-09-01 20:48 . 2010-09-01 20:48 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-09-01 20:48 . 2010-04-29 19:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-08-29 02:09 . 2010-08-29 02:09 -------- d-----w- c:\documents and settings\best buy\Application Data\Bitrix Security

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-11 13:58 . 2010-03-31 00:20 -------- d-----w- c:\documents and settings\best buy\Application Data\TuneUpMedia
2010-09-10 19:20 . 2010-03-28 22:59 -------- d-----w- c:\program files\Common Files\Symantec Shared
2010-09-04 12:52 . 2010-08-09 15:09 1098 ----a-w- c:\windows\Kcuvafari.dat
2010-09-04 12:52 . 2010-08-09 15:09 0 ----a-w- c:\windows\Oconitu.bin
2010-08-29 02:06 . 2010-08-29 02:06 -------- d-----w- c:\documents and settings\NetworkService\Application Data\Bitrix Security
2010-08-29 02:06 . 2010-08-29 02:06 35328 ----a-w- c:\documents and settings\NetworkService\Application Data\Bitrix Security\omusgg24.dll
2010-08-27 01:07 . 2010-08-27 01:06 -------- d-----w- c:\program files\TuneUpMedia
2010-08-10 01:41 . 2010-04-28 00:31 -------- d-----w- c:\program files\WindsorDirect 4
2010-08-10 01:19 . 2009-04-06 23:59 -------- d-----w- c:\program files\Interbank FX Trader 4
2010-07-14 23:48 . 2010-07-14 23:48 63488 ----a-w- c:\documents and settings\best buy\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
2010-07-14 23:48 . 2010-07-14 23:48 52224 ----a-w- c:\documents and settings\best buy\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-07-14 23:48 . 2010-07-14 23:48 117760 ----a-w- c:\documents and settings\best buy\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-07-14 18:08 . 2010-07-14 18:08 8177088 ----a-w- c:\documents and settings\best buy\Application Data\Azureus\tmp\AZU9009255397059514620.tmp\Vuze_4.4.0.6a_win32.exe
2010-07-14 01:25 . 2010-07-14 01:25 388096 ----a-r- c:\documents and settings\best buy\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-07-13 19:09 . 2010-07-13 19:09 8177088 ----a-w- c:\documents and settings\best buy\Application Data\Azureus\tmp\AZU7747234730128954097.tmp\Vuze_4.4.0.6a_win32.exe
2010-07-12 20:10 . 2010-07-12 20:10 8177088 ----a-w- c:\documents and settings\best buy\Application Data\Azureus\tmp\AZU8680552364548552618.tmp\Vuze_4.4.0.6a_win32.exe
2010-07-11 21:11 . 2010-07-11 21:11 8177088 ----a-w- c:\documents and settings\best buy\Application Data\Azureus\tmp\AZU8583878817867533226.tmp\Vuze_4.4.0.6a_win32.exe
2010-07-10 08:51 . 2010-07-10 08:51 8177088 ----a-w- c:\documents and settings\best buy\Application Data\Azureus\tmp\AZU8610685687447050337.tmp\Vuze_4.4.0.6a_win32.exe
2010-07-09 09:53 . 2010-07-09 09:53 8177088 ----a-w- c:\documents and settings\best buy\Application Data\Azureus\tmp\AZU1358946615186211749.tmp\Vuze_4.4.0.6a_win32.exe
2010-07-08 10:51 . 2010-07-08 10:51 8177088 ----a-w- c:\documents and settings\best buy\Application Data\Azureus\tmp\AZU7414953552972336392.tmp\Vuze_4.4.0.6a_win32.exe
2010-07-07 11:51 . 2010-07-07 11:51 8177088 ----a-w- c:\documents and settings\best buy\Application Data\Azureus\tmp\AZU1379120457693690473.tmp\Vuze_4.4.0.6a_win32.exe
2010-07-06 12:51 . 2010-07-06 12:51 8177088 ----a-w- c:\documents and settings\best buy\Application Data\Azureus\tmp\AZU8764909088273860730.tmp\Vuze_4.4.0.6a_win32.exe
2010-07-05 13:52 . 2010-07-05 13:52 8177088 ----a-w- c:\documents and settings\best buy\Application Data\Azureus\tmp\AZU2670704520102483743.tmp\Vuze_4.4.0.6a_win32.exe
2010-07-04 14:53 . 2010-07-04 14:53 8177088 ----a-w- c:\documents and settings\best buy\Application Data\Azureus\tmp\AZU85948305595346066.tmp\Vuze_4.4.0.6a_win32.exe
2010-07-03 15:53 . 2010-07-03 15:53 8177088 ----a-w- c:\documents and settings\best buy\Application Data\Azureus\tmp\AZU6788731722153072521.tmp\Vuze_4.4.0.6a_win32.exe
2010-07-02 16:53 . 2010-07-02 16:53 8177088 ----a-w- c:\documents and settings\best buy\Application Data\Azureus\tmp\AZU2010111990010075921.tmp\Vuze_4.4.0.6a_win32.exe
2010-07-01 17:52 . 2010-07-01 17:52 8177088 ----a-w- c:\documents and settings\best buy\Application Data\Azureus\tmp\AZU8710054746290046635.tmp\Vuze_4.4.0.6a_win32.exe
2010-06-30 18:55 . 2010-06-30 18:55 8177088 ----a-w- c:\documents and settings\best buy\Application Data\Azureus\tmp\AZU5460952575370106974.tmp\Vuze_4.4.0.6a_win32.exe
2010-06-29 19:55 . 2010-06-29 19:55 8177088 ----a-w- c:\documents and settings\best buy\Application Data\Azureus\tmp\AZU5686737456705255986.tmp\Vuze_4.4.0.6a_win32.exe
2010-06-28 20:53 . 2010-06-28 20:53 8177088 ----a-w- c:\documents and settings\best buy\Application Data\Azureus\tmp\AZU1982541926591147613.tmp\Vuze_4.4.0.6a_win32.exe
2010-06-27 21:54 . 2010-06-27 21:54 8177088 ----a-w- c:\documents and settings\best buy\Application Data\Azureus\tmp\AZU4002412701361903036.tmp\Vuze_4.4.0.6a_win32.exe
2010-06-25 11:06 . 2010-06-25 11:06 8177088 ----a-w- c:\documents and settings\best buy\Application Data\Azureus\tmp\AZU7363603460976945232.tmp\Vuze_4.4.0.6a_win32.exe
2010-06-24 12:07 . 2010-06-24 12:07 8086976 ----a-w- c:\documents and settings\best buy\Application Data\Azureus\tmp\AZU3785269914393871854.tmp\Vuze_4.4.0.6_win32.exe
2010-06-23 13:06 . 2010-06-23 13:06 8086976 ----a-w- c:\documents and settings\best buy\Application Data\Azureus\tmp\AZU6087866235411944873.tmp\Vuze_4.4.0.6_win32.exe
2010-06-22 14:06 . 2010-06-22 14:06 8086976 ----a-w- c:\documents and settings\best buy\Application Data\Azureus\tmp\AZU6583508687504943310.tmp\Vuze_4.4.0.6_win32.exe
2010-06-21 15:06 . 2010-06-21 15:06 8086976 ----a-w- c:\documents and settings\best buy\Application Data\Azureus\tmp\AZU6093415849878058340.tmp\Vuze_4.4.0.6_win32.exe
2010-06-20 16:06 . 2010-06-20 16:06 8086976 ----a-w- c:\documents and settings\best buy\Application Data\Azureus\tmp\AZU8321470404578442429.tmp\Vuze_4.4.0.6_win32.exe
2010-06-19 17:07 . 2010-06-19 17:07 8086976 ----a-w- c:\documents and settings\best buy\Application Data\Azureus\tmp\AZU6417968502227759199.tmp\Vuze_4.4.0.6_win32.exe
.

------- Sigcheck -------

[-] 2008-04-14 . ED0EF0A136DEC83DF69F04118870003E . 507904 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\e9500597a78495f397efb821e37bf356\winlogon.exe
[-] 2008-04-14 . ED0EF0A136DEC83DF69F04118870003E . 507904 . . [5.1.2600.5512] . . c:\windows\system32\winlogon.exe

[-] 2008-04-14 . 12896823FB95BFB3DC9B46BCAEDC9923 . 1033728 . . [6.00.2900.5512] . . c:\windows\explorer.exe
[-] 2008-04-14 . 12896823FB95BFB3DC9B46BCAEDC9923 . 1033728 . . [6.00.2900.5512] . . c:\windows\SoftwareDistribution\Download\e9500597a78495f397efb821e37bf356\explorer.exe
.
((((((((((((((((((((((((((((( SnapShot@2010-09-06_19.45.43 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-09-15 17:06 . 2010-09-15 17:06 16384 c:\windows\Temp\Perflib_Perfdata_644.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MobiLink Lite"="c:\program files\Novatel Wireless\MobiLink\Lite.exe" [2008-02-20 409672]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-04-10 39408]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2010-06-29 2403568]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-11-11 417792]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe"=
"c:\\Program Files\\Vuze\\Azureus.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [17/02/2010 2:25 PM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [10/05/2010 2:41 PM 67656]
S2 gupdate1cab7461ac65b22;Google Update Service (gupdate1cab7461ac65b22);c:\program files\Google\Update\GoogleUpdate.exe [26/02/2010 8:45 PM 133104]
S3 SNPP106;PC Camera (6029 CIF);c:\windows\system32\drivers\snpp106.sys [26/02/2010 9:21 PM 227200]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{15AA3580-03FA-4A96-A369-B8971EC8B3FB}]
2010-08-29 02:06 35328 ----a-w- c:\documents and settings\NetworkService\Application Data\Bitrix Security\omusgg24.dll
.
Contents of the 'Scheduled Tasks' folder

2010-09-10 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34]

2010-09-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-27 00:45]

2010-09-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-27 00:45]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
IE: {{FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - c:\program files\PokerStars.NET\PokerStarsUpdate.exe
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-09-15 17:31
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(860)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
c:\windows\System32\BCMLogon.dll

- - - - - - - > 'explorer.exe'(624)
c:\windows\system32\WININET.dll
c:\windows\system32\msi.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
Completion time: 2010-09-15 17:33:46
ComboFix-quarantined-files.txt 2010-09-15 21:33
ComboFix2.txt 2010-09-12 22:43
ComboFix3.txt 2010-09-06 19:51

Pre-Run: 70,582,878,208 bytes free
Post-Run: 70,606,237,696 bytes free

- - End Of File - - 501FE86575DB4F93C71217DA72095CAB
0
Réponse 30 / 36
jfkpresident Messages postés 13408 Date d'inscription lundi 3 septembre 2007 Statut Contributeur sécurité Dernière intervention 5 janvier 2015 1 175
16 sept. 2010 à 06:28
Utilises le site Cijoint pour le rapport de ZhpDiag (il est incomplet)
0
Réponse 31 / 36
silverfx Messages postés 45 Date d'inscription mercredi 1 septembre 2010 Statut Membre Dernière intervention 31 décembre 2014
16 sept. 2010 à 22:59
http://www.cijoint.fr/cjlink.php?file=cj201009/cijcrSbSL6.txt
0
Réponse 32 / 36
jfkpresident Messages postés 13408 Date d'inscription lundi 3 septembre 2007 Statut Contributeur sécurité Dernière intervention 5 janvier 2015 1 175
16 sept. 2010 à 23:12
Déconnecte toi d'Internet et ferme toutes les applications ouvertes.

1/Double Clique sur l'icone ZhpFix .

2/ZhpFix va s'ouvrir ,clique sur "OK".

3/Coche ces cases (et pas d'autres !):

O44 - LFC:[MD5.6CFA2D7B56E0C2BD2769F112743AEE85] - 05/09/2010 - 5:04:59 PM ---A- . (.Pas de propriétaire - Pas de description.) -- C:\log.Txt [78425]
O81 - IFC: Internet Feature Controls [HKUS\.DEFAULT] [FEATURE_BROWSER_EMULATION] -- svchost.exe
O81 - IFC: Internet Feature Controls [HKUS\S-1-5-18] [FEATURE_BROWSER_EMULATION] -- svchost.exe

4/Pour finir clique sur "Nettoyer" .


5/colle le rapport obtenu .

Dis moi ensuite comment va le pc ?
0
Utilisateur anonyme
16 sept. 2010 à 23:18
O81 - IFC: Internet Feature Controls [HKUS\.DEFAULT] [FEATURE_BROWSER_EMULATION] -- svchost.exe
O81 - IFC: Internet Feature Controls [HKUS\S-1-5-18] [FEATURE_BROWSER_EMULATION] -- svchost.exe

salut si tu vires la premiere ligne , la deuxieme saute automatiquement
et pour preuve , la deuxieme ligne ne sera pas supprimée
0
jfkpresident Messages postés 13408 Date d'inscription lundi 3 septembre 2007 Statut Contributeur sécurité Dernière intervention 5 janvier 2015 1 175
16 sept. 2010 à 23:24
Salut gen -;)

Merci pour l'info ^^

Mais je doute que ces deux lignes aient un rapport direct avec TDSS ....Mais bon ....
0
Réponse 33 / 36
silverfx Messages postés 45 Date d'inscription mercredi 1 septembre 2010 Statut Membre Dernière intervention 31 décembre 2014
16 sept. 2010 à 23:44
J"ai ZHPDiag mais pas ZHPFix
0
Réponse 34 / 36
silverfx Messages postés 45 Date d'inscription mercredi 1 septembre 2010 Statut Membre Dernière intervention 31 décembre 2014
17 sept. 2010 à 00:00
Bon j'ai trouve le fix voici le rapport. Le pc va beaucoup mieux depuis quelque jours franchement ca valait le coup de faire toutes ces etapes. Yaurait il une facon de me proteger contre ces malware pour ne pas avoir a tout recommencer de nouveau

Rapport de ZHPFix v1.12.3142 par Nicolas Coolman, Update du 31/08/2010
Fichier d'export Registre :
Run by best buy at 16/09/2010 5:51:43 PM
Web site : http://www.premiumorange.com/zeb-help-process/zhpfix.html
Contact : nicolascoolman@yahoo.fr

========== Valeur(s) du Registre ==========
O81 - IFC: Internet Feature Controls [HKUS\.DEFAULT] [FEATURE_BROWSER_EMULATION] -- svchost.exe => Valeur supprimée avec succès
O81 - IFC: Internet Feature Controls [HKUS\S-1-5-18] [FEATURE_BROWSER_EMULATION] -- svchost.exe => Valeur absente

========== Fichier(s) ==========
c:\log.txt => Fichier supprimé au reboot


========== Récapitulatif ==========
2 : Valeur(s) du Registre
1 : Fichier(s)


End of the scan
0
Réponse 35 / 36
jfkpresident Messages postés 13408 Date d'inscription lundi 3 septembre 2007 Statut Contributeur sécurité Dernière intervention 5 janvier 2015 1 175
17 sept. 2010 à 20:14
Ok ,on va conclure la dessus :

==*Nettoyage des outils*==
Pour Xp : Double clique sur l'icône ZHPFix.exe sur ton Bureau.

Pour Vista : Clique droit sur l'icône ZHPFix.exe sur ton Bureau,
puis sélectionne 'Exécuter en tant qu'administrateur'.

Relance ZHPFix sur ton Bureau.

Clique sur le A rouge (Nettoyeur de Tools).

Clique sur Nettoyer.

Fais redémarrer l'ordi pour terminer le nettoyage.

=========

Je te conseille de mettre a jour ton Xp sp2 vers le sp3 ==> XP SP3

Met a jour ta console Java : https://www.java.com/fr/download/manual.jsp

=========

Maintenant que ton PC n'est plus infecté, désactive ta "Restauration du système" puis réactive la afin de créer un point de restauration sain.

* Désactivation :
Cliquer droit sur le "Poste de travail" > Propriétés > onglet "Restauration du système" > cocher la case "Désactiver la Restauration du système sur tous les lecteurs"
> Appliquer patiente jusqu a que cela soit marqué "désactivée" puis Ok.

* Activation :
Suivre le même chemin ; décocher la case "Désactiver la Restauration du système sur tous les lecteurs"
> Appliquer attends que cela soit a nouveau sur "surveillance" puis Ok. Redémarrer l'ordinateur..

==========

Je te conseille également de désinstaller Norton (peu éfficace et tres lourd ..) mais tu n'es pas obligé .

Si tu décides de le supprimer ,utilises cet utilitaire : http://service1.symantec.com/SUPPORT/INTER/tsgeninfointl.nsf/fr_docid/20050414110429924

A la place ,tu peux installer Antivir :

*Antivir (d'avira) Gratuit et en français : http://www.commentcamarche.net/download/telecharger-55-antivir

configurer antivir

Tu peux garder également MBAM sur ton pc .

=========

Installe également un vrai pare-feu :

OnlineArmor:https://www.commentcamarche.net/telecharger/securite/16545-online-armor-personal-firewall/

tutoriels:https://forum.pcastuces.com/sujet.asp?f=25&s=35606
:https://www.malekal.com/tutorial-online-armor-free/

Ne pas oublier de désactiver celui de Windows /!\

=========

Et pour finir installe et utilises régulierement Ccleaner:

Nettoyeurs (de fichiers inutiles) et autres :

*Ccleaner (gratuit)
Téléchargement :
https://www.01net.com/
Tuto :
https://www.vulgarisation-informatique.com/nettoyer-windows-ccleaner.php

Lors de l'installation, [décoche] l'option qui t'installerait la barre Yahoo !

un peu de lecture afin de ne pas revenir ici

En éspérant ne pas te revoir ici :)

Bye ^^
0
Réponse 36 / 36
silverfx Messages postés 45 Date d'inscription mercredi 1 septembre 2010 Statut Membre Dernière intervention 31 décembre 2014
17 sept. 2010 à 22:10
merci beaucoup
0