Virus Gendarmerie dernière génération
bache
-
plasmideryan Messages postés 23 Statut Membre -
plasmideryan Messages postés 23 Statut Membre -
Hello à tous,
Je suis en train de me battre contre le virus gendarmerie sur mon vieux pc win xp sp3. bien sur le mode sans échec ne fonctionne pas ni celui avec prise en charge réseau ni l'invite de commande !
du coup je suis sous reatogo avec scan otlpe...Je vous mets le rapport du scan ci dessous, pourriez vous m'aider pour la suite de la marche à suivre ?
-------------------------------------------------------------------
OTL logfile created on: 5/15/2012 11:19:55 AM - Run
OTLPE by OldTimer - Version 3.1.48.0 Folder = X:\Programs\OTLPE
Microsoft Windows XP Service Pack 3 (Version = 5.1.2600) - Type = SYSTEM
Internet Explorer (Version = 8.0.6001.18702)
Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy
2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 87.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 97.00% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 145.46 Gb Total Space | 0.91 Gb Free Space | 0.63% Space Free | Partition Type: NTFS
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet001
========== Win32 Services (SafeList) ==========
SRV - File not found [Disabled] -- -- (AppMgmt)
SRV - [2012/05/09 03:32:27 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012/05/09 03:32:25 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012/02/15 08:30:18 | 000,158,856 | R--- | M] (Skype Technologies) [Auto] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2011/05/25 08:06:20 | 000,037,664 | ---- | M] (Apple Inc.) [Auto] -- C:\Program Files\Fichiers communs\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2009/09/21 07:22:09 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand] -- C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009/08/18 05:29:22 | 001,529,728 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2003/03/03 08:33:40 | 000,143,360 | ---- | M] (Intel(R) Corporation) [On_Demand] -- C:\Program Files\Intel\NCS\Sync\NetSvc.exe -- (NetSvc)
========== Driver Services (SafeList) ==========
DRV - File not found [Kernel | On_Demand] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand] -- -- (wanatw) WAN Miniport (ATW)
DRV - File not found [Kernel | On_Demand] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDCOMP)
DRV - File not found [Kernel | System] -- -- (PCIDump)
DRV - File not found [Kernel | System] -- -- (lbrtfdc)
DRV - File not found [Kernel | System] -- -- (Changer)
DRV - File not found [Kernel | On_Demand] -- -- (bvrp_pci)
DRV - [2012/05/09 03:32:28 | 000,137,928 | ---- | M] (Avira GmbH) [Kernel | System] -- C:\WINDOWS\SYSTEM32\DRIVERS\avipbb.sys -- (avipbb)
DRV - [2012/05/09 03:32:28 | 000,083,392 | ---- | M] (Avira GmbH) [File_System | Auto] -- C:\WINDOWS\SYSTEM32\DRIVERS\avgntflt.sys -- (avgntflt)
DRV - [2011/12/09 07:40:53 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System] -- C:\WINDOWS\SYSTEM32\DRIVERS\avkmgr.sys -- (avkmgr)
DRV - [2010/06/17 09:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System] -- C:\WINDOWS\SYSTEM32\DRIVERS\ssmdrv.sys -- (ssmdrv)
DRV - [2008/10/21 05:22:48 | 000,114,600 | ---- | M] (MCCI Corporation) [Kernel | On_Demand] -- C:\WINDOWS\SYSTEM32\DRIVERS\s0017mdm.sys -- (s0017mdm)
DRV - [2008/10/21 05:22:48 | 000,109,736 | ---- | M] (MCCI Corporation) [Kernel | On_Demand] -- C:\WINDOWS\SYSTEM32\DRIVERS\s0017unic.sys -- (s0017unic) Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (WDM)
DRV - [2008/10/21 05:22:48 | 000,108,328 | ---- | M] (MCCI Corporation) [Kernel | On_Demand] -- C:\WINDOWS\SYSTEM32\DRIVERS\s0017mgmt.sys -- (s0017mgmt) Sony Ericsson Device 0017 USB WMC Device Management Drivers (WDM)
DRV - [2008/10/21 05:22:48 | 000,104,616 | ---- | M] (MCCI Corporation) [Kernel | On_Demand] -- C:\WINDOWS\SYSTEM32\DRIVERS\s0017obex.sys -- (s0017obex)
DRV - [2008/10/21 05:22:48 | 000,086,824 | ---- | M] (MCCI Corporation) [Kernel | On_Demand] -- C:\WINDOWS\SYSTEM32\DRIVERS\s0017bus.sys -- (s0017bus) Sony Ericsson Device 0017 driver (WDM)
DRV - [2008/10/21 05:22:48 | 000,026,024 | ---- | M] (MCCI Corporation) [Kernel | On_Demand] -- C:\WINDOWS\SYSTEM32\DRIVERS\s0017nd5.sys -- (s0017nd5) Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (NDIS)
DRV - [2008/10/21 05:22:48 | 000,015,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand] -- C:\WINDOWS\SYSTEM32\DRIVERS\s0017mdfl.sys -- (s0017mdfl)
DRV - [2008/01/09 06:28:34 | 000,027,632 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand] -- C:\WINDOWS\SYSTEM32\DRIVERS\seehcri.sys -- (seehcri)
DRV - [2004/03/05 17:15:34 | 000,647,929 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- C:\WINDOWS\SYSTEM32\DRIVERS\IntelC52.sys -- (IntelC52)
DRV - [2004/03/05 17:14:42 | 001,233,525 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- C:\WINDOWS\SYSTEM32\DRIVERS\IntelC51.sys -- (IntelC51)
DRV - [2004/03/05 17:13:52 | 000,060,949 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- C:\WINDOWS\SYSTEM32\DRIVERS\IntelC53.sys -- (IntelC53)
DRV - [2004/03/05 17:13:38 | 000,037,048 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- C:\WINDOWS\SYSTEM32\DRIVERS\mohfilt.sys -- (mohfilt)
DRV - [2003/02/11 08:25:14 | 000,009,216 | ---- | M] (Primax Electronics Ltd.) [Kernel | On_Demand] -- C:\WINDOWS\SYSTEM32\DRIVERS\pelusblf.sys -- (pelusblf)
DRV - [2003/01/10 08:55:32 | 000,016,384 | ---- | M] (Primax Electronics Ltd.) [Kernel | On_Demand] -- C:\WINDOWS\SYSTEM32\DRIVERS\PELMOUSE.SYS -- (pelmouse)
DRV - [2002/11/08 08:45:06 | 000,017,217 | ---- | M] (Dell Computer Corporation) [Kernel | System] -- C:\WINDOWS\SYSTEM32\DRIVERS\omci.sys -- (omci)
DRV - [2001/08/17 15:11:06 | 000,066,591 | ---- | M] (3Com Corporation) [Kernel | On_Demand] -- C:\WINDOWS\SYSTEM32\DRIVERS\EL90XBC5.SYS -- (EL90XBC)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.euro.dell.com/countries/f...en/default.htm
IE - HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,First Home Page = http://www.euro.dell.com/countries/f...en/default.htm
IE - HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.euro.dell.com/countries/f...en/default.htm
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVer sion\Internet Settings: "ProxyEnable" = 0
IE - HKU\LocalService_ON_C\Software\Microsoft\Windows\C urrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\Muriel_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.euro.dell.com/countries/f...en/default.htm
IE - HKU\Muriel_ON_C\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\Muriel_ON_C\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = https://www.google.fr/ [binary data]
IE - HKU\Muriel_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
IE - HKU\Muriel_ON_C\Software\Microsoft\Windows\Current Version\Internet Settings: "ProxyEnable" = 0
IE - HKU\NetworkService_ON_C\Software\Microsoft\Windows \CurrentVersion\Internet Settings: "ProxyEnable" = 0
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll ()
O1 HOSTS File: ([2002/08/30 02:00:00 | 000,000,790 | ---- | M]) - C:\WINDOWS\SYSTEM32\DRIVERS\ETC\HOSTS
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Objet d'aide à la navigation SFR) - {0F6E720A-1A6B-40E1-A294-1D4D19F156C8} - C:\Program Files\SFR\Kit\SFRNavErrorHelper.dll (SFR)
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Programme d'aide de l'Assistant de connexion Windows Live ID) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - No CLSID value found.
O3 - HKU\Muriel_ON_C\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKU\Muriel_ON_C\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files\Fichiers communs\Adobe\CS4ServiceManager\CS4ServiceManager. exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Fichiers communs\Apple\Mobile Device Support\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [KernelFaultCheck] File not found
O4 - HKLM..\Run: [Mouse Suite 98 Daemon] C:\WINDOWS\System32\ico.exe (Primax Electronics Ltd.)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [PCMService] File not found
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [UpdateManager] C:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe (Sonic Solutions)
O4 - HKLM..\Run: [VirusScan] File not found
O4 - HKU\Muriel_ON_C..\Run: [7897DC93] C:\Documents and Settings\Muriel\Application Data\Hnbhinbhinb\0BBF852F7897DC937507.exe ()
O4 - HKU\Muriel_ON_C..\Run: [EPSON Stylus DX5000 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIB VE.EXE (SEIKO EPSON CORPORATION)
O4 - HKU\Muriel_ON_C..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
O4 - Startup: C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Microsoft Office.lnk = C:\Program Files\Microsoft Office 2000 Professional\Office10\OSA.EXE (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\System: DisableTaskMgr = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\System: DisableRegedit = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVer sion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\LocalService_ON_C\SOFTWARE\Microsoft\Windows\C urrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Muriel_ON_C\SOFTWARE\Microsoft\Windows\Current Version\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Muriel_ON_C\SOFTWARE\Microsoft\Windows\Current Version\policies\System: DisableRegistryTools = 1
O7 - HKU\Muriel_ON_C\SOFTWARE\Microsoft\Windows\Current Version\policies\System: DisableRegedit = 1
O7 - HKU\NetworkService_ON_C\SOFTWARE\Microsoft\Windows \CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O16 - DPF: {0972B098-DEE9-4279-AC7E-4BAAA029102D} http://assets.photobox.com/assets/au...20110708070110 (PhotoboxPhotowaysUploader5 Control)
O16 - DPF: {474F00F5-3853-492C-AC3A-476512BBC336} http://picasaweb.google.com/s/v/51.26/uploader2.cab (UploadListView Class)
O16 - DPF: {4EFE4BE8-8771-4649-B3EF-D97374C8D2C2} https://particuliers.secure.lcl.fr/v...ormProtect.cab (KeybHunterWebInterface Class)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/wind...?1199739122650 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/micr...?1199809241968 (MUWebControl Class)
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} http://www.mypix.com/fr/fr/importer/ImageUploader4.cab (Image Uploader Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} http://java.sun.com/products/plugin/...ndows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_26)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Fichiers communs\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Fichiers communs\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Fichiers communs\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\21FA8A4A7897DC933552.exe) - C:\WINDOWS\SYSTEM32\21FA8A4A7897DC933552.exe ()
O27 - HKLM IFEO\msconfig.exe: Debugger - P9KDMF.EXE File not found
O27 - HKLM IFEO\regedit.exe: Debugger - P9KDMF.EXE File not found
O27 - HKLM IFEO\taskmgr.exe: Debugger - P9KDMF.EXE File not found
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2002/09/18 06:35:52 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 30 Days ==========
[2012/05/13 09:45:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Muriel\Mes documents\Downloads
[2012/05/13 09:36:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Muriel\Application Data\Hnbhinbhinb
[2012/04/29 07:44:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Muriel\Application Data\LolClient
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2012/05/15 03:54:22 | 000,000,434 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{72C4B2B6-8C2E-45E6-A6FB-3B028A18F7FE}.job
[2012/05/15 03:52:42 | 000,001,052 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/05/15 03:52:35 | 000,002,048 | --S- | M] () -- C:\WINDOWS\BOOTSTAT.DAT
[2012/05/15 03:52:33 | 2146,488,320 | -HS- | M] () -- C:\hiberfil.sys
[2012/05/15 03:35:45 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/05/14 16:27:01 | 000,001,056 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/05/13 10:45:01 | 000,000,722 | ---- | M] () -- C:\Documents and Settings\Muriel\Bureau\vlc.lnk
[2012/05/13 10:40:44 | 000,134,144 | ---- | M] () -- C:\Documents and Settings\Muriel\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/05/13 10:04:32 | 000,049,829 | ---- | M] () -- C:\Documents and Settings\Muriel\Mes documents\locked-RIB.jpg.uurv
[2012/05/13 10:03:47 | 000,083,643 | ---- | M] () -- C:\Documents and Settings\Muriel\Mes documents\locked-passeport.pdf.ggur
[2012/05/13 09:54:31 | 000,000,630 | ---- | M] () -- C:\Documents and Settings\Muriel\Bureau\µTorrent.lnk
[2012/05/13 09:37:12 | 000,092,060 | ---- | M] () -- C:\Documents and Settings\Muriel\Mes documents\locked-Feuille de service Episode 5.pdf.llrs
[2012/05/13 09:37:11 | 000,023,338 | ---- | M] () -- C:\Documents and Settings\Muriel\Mes documents\locked-DE107714 FRENCHNERD.pdf.wwmk
[2012/05/13 09:36:45 | 000,063,488 | ---- | M] () -- C:\Documents and Settings\Muriel\Mes documents\locked-1102032%20geoffray.ffxx
[2012/05/13 09:36:45 | 000,015,368 | ---- | M] () -- C:\Documents and Settings\Muriel\Mes documents\locked-AR-1275838897593.pdf.bbhi
[2012/05/13 09:36:37 | 000,004,982 | ---- | M] () -- C:\locked-DELL.SDR.yfcc
[2012/05/13 09:36:36 | 000,000,512 | ---- | M] () -- C:\locked-BOOTSECT.DOS.vruu
[2012/05/13 09:36:01 | 000,055,808 | -H-- | M] () -- C:\WINDOWS\System32\21FA8A4A7897DC933552.exe
[2012/05/11 15:50:49 | 000,600,154 | ---- | M] () -- C:\WINDOWS\System32\perfh00C.dat
[2012/05/11 15:50:49 | 000,114,456 | ---- | M] () -- C:\WINDOWS\System32\perfc00C.dat
[2012/05/11 15:50:48 | 000,504,076 | ---- | M] () -- C:\WINDOWS\System32\PERFH009.DAT
[2012/05/11 15:50:48 | 000,088,930 | ---- | M] () -- C:\WINDOWS\System32\PERFC009.DAT
[2012/05/11 08:28:35 | 002,109,272 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/05/11 06:38:06 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012/05/11 06:31:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Microsoft Silverlight
[2012/05/09 03:32:28 | 000,137,928 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys
[2012/05/09 03:32:28 | 000,083,392 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys
[2012/05/06 07:47:02 | 000,001,170 | ---- | M] () -- C:\WINDOWS\System32\WPA.DBL
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
========== Files Created - No Company Name ==========
[2012/05/13 10:45:01 | 000,000,722 | ---- | C] () -- C:\Documents and Settings\Muriel\Bureau\vlc.lnk
[2012/05/13 09:54:31 | 000,000,630 | ---- | C] () -- C:\Documents and Settings\Muriel\Bureau\µTorrent.lnk
[2012/05/13 09:36:30 | 000,960,056 | ---- | C] () -- C:\WINDOWS\System32\winsh324
[2012/05/13 09:36:30 | 000,960,056 | ---- | C] () -- C:\WINDOWS\System32\winsh323
[2012/05/13 09:36:30 | 000,960,056 | ---- | C] () -- C:\WINDOWS\System32\winsh322
[2012/05/13 09:36:30 | 000,960,056 | ---- | C] () -- C:\WINDOWS\System32\winsh321
[2012/05/13 09:36:30 | 000,960,056 | ---- | C] () -- C:\WINDOWS\System32\winsh320
[2012/05/13 09:36:01 | 000,055,808 | -H-- | C] () -- C:\WINDOWS\System32\21FA8A4A7897DC933552.exe
[2012/02/15 05:21:47 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2011/06/13 15:35:44 | 000,041,256 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2009/11/08 15:42:13 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\FSRremoC.DLL
[2009/11/08 15:42:13 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\FSRremoS.EXE
[2008/05/26 16:23:32 | 000,016,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2008/05/26 16:23:30 | 000,021,596 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2008/05/26 16:23:28 | 000,016,036 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2008/05/26 15:59:42 | 000,018,904 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschematrivial.b in
[2008/05/26 15:59:40 | 000,106,605 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschema.bin
[2008/03/23 11:56:24 | 000,000,305 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\addr_file.html
[2008/03/01 04:01:35 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2008/01/12 08:58:53 | 000,000,129 | ---- | C] () -- C:\Documents and Settings\Muriel\Local Settings\Application Data\fusioncache.dat
[2008/01/09 15:04:58 | 000,000,241 | ---- | C] () -- C:\WINDOWS\dellstat.ini
[2008/01/07 18:22:23 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2008/01/07 18:06:10 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2008/01/07 16:23:59 | 000,002,049 | ---- | C] () -- C:\Documents and Settings\Muriel\Application Data\QuickZip45.ini
[2008/01/07 16:08:06 | 000,000,497 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008/01/07 16:08:06 | 000,000,063 | ---- | C] () -- C:\WINDOWS\mdm.ini
[2008/01/07 16:08:01 | 000,000,000 | ---- | C] () -- C:\WINDOWS\NSREX.INI
[2008/01/07 14:37:20 | 000,134,144 | ---- | C] () -- C:\Documents and Settings\Muriel\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2004/12/20 06:08:28 | 000,155,648 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2004/12/20 06:03:26 | 000,679,936 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2004/10/26 18:39:05 | 003,375,104 | ---- | C] () -- C:\WINDOWS\System32\qt-mt331.dll
[2004/09/06 06:19:38 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2004/09/06 06:17:08 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2004/09/06 06:16:06 | 000,000,138 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2004/09/06 06:11:42 | 000,000,829 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/09/06 06:01:50 | 000,002,048 | --S- | C] () -- C:\WINDOWS\BOOTSTAT.DAT
[2004/09/06 06:01:04 | 000,600,154 | ---- | C] () -- C:\WINDOWS\System32\perfh00C.dat
[2004/09/06 06:01:04 | 000,504,076 | ---- | C] () -- C:\WINDOWS\System32\PERFH009.DAT
[2004/09/06 06:01:04 | 000,114,456 | ---- | C] () -- C:\WINDOWS\System32\perfc00C.dat
[2004/09/06 06:01:04 | 000,088,930 | ---- | C] () -- C:\WINDOWS\System32\PERFC009.DAT
[2004/09/06 06:00:58 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2004/09/06 06:00:51 | 000,003,712 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004/09/06 05:48:04 | 000,000,647 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2004/06/16 09:27:10 | 000,000,283 | ---- | C] () -- C:\WINDOWS\System32\DLBCPLC.INI
[2004/05/26 10:09:26 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\DSRIRREM.EXE
[2004/03/26 11:59:22 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2002/12/14 17:46:02 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\oggDS.dll
[2002/12/14 17:46:02 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\vorbis.dll
[2002/12/14 17:46:02 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\ogg.dll
[2002/12/14 16:46:04 | 000,921,600 | ---- | C] () -- C:\WINDOWS\System32\vorbisenc.dll
[2002/11/15 08:11:26 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\MMSwitch.dll
[2002/09/18 06:40:30 | 002,109,272 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2002/09/18 06:35:10 | 000,004,207 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2002/09/18 06:32:32 | 000,021,892 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2002/09/17 10:14:46 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\OEMBIOS.BIN
[2002/09/17 10:14:46 | 000,004,594 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2002/08/30 02:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\MLANG.DAT
[2002/08/30 02:00:00 | 000,322,810 | ---- | C] () -- C:\WINDOWS\System32\perfi00C.dat
[2002/08/30 02:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\PERFI009.DAT
[2002/08/30 02:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\DSSEC.DAT
[2002/08/30 02:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\MIB.BIN
[2002/08/30 02:00:00 | 000,034,108 | ---- | C] () -- C:\WINDOWS\System32\perfd00C.dat
[2002/08/30 02:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\PERFD009.DAT
[2002/08/30 02:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2002/08/30 02:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\NOISE.DAT
[1999/01/22 14:46:58 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL
========== LOP Check ==========
[2009/04/22 19:11:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Muriel\Application Data\Greyfirst
[2012/05/13 09:36:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Muriel\Application Data\Hnbhinbhinb
[2008/02/03 11:48:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Muriel\Application Data\Leadertech
[2012/04/29 07:44:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Muriel\Application Data\LolClient
[2012/05/13 14:14:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Muriel\Application Data\uTorrent
[2008/06/18 12:33:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Muriel\Application Data\Viewpoint
[2008/07/28 13:33:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Muriel\Application Data\Windows Desktop Search
[2009/01/26 17:34:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Muriel\Application Data\Windows Search
[2009/12/18 15:37:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BVRP Software
[2009/06/19 17:15:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EPSON
[2008/03/25 12:06:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IM
[2008/03/24 09:50:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IncrediMail
[2012/04/29 08:50:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PMB Files
[2004/09/06 06:18:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2010/08/15 13:53:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2008/01/08 13:15:00 | 000,000,258 | ---- | M] () -- C:\WINDOWS\Tasks\Rappel d'abonnement 1 auprès de l'ISP.job
[2012/05/15 03:54:22 | 000,000,434 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{72C4B2B6-8C2E-45E6-A6FB-3B028A18F7FE}.job
========== Purity Check ==========
< End of report >
------------------------------------------------------
Est ce que quelqu'un pourrait me dire la marche à suivre pour eradiquer cette merde ? ;)
Merci d'avance pour votre aide
Bache / Tibo
Je suis en train de me battre contre le virus gendarmerie sur mon vieux pc win xp sp3. bien sur le mode sans échec ne fonctionne pas ni celui avec prise en charge réseau ni l'invite de commande !
du coup je suis sous reatogo avec scan otlpe...Je vous mets le rapport du scan ci dessous, pourriez vous m'aider pour la suite de la marche à suivre ?
-------------------------------------------------------------------
OTL logfile created on: 5/15/2012 11:19:55 AM - Run
OTLPE by OldTimer - Version 3.1.48.0 Folder = X:\Programs\OTLPE
Microsoft Windows XP Service Pack 3 (Version = 5.1.2600) - Type = SYSTEM
Internet Explorer (Version = 8.0.6001.18702)
Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy
2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 87.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 97.00% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 145.46 Gb Total Space | 0.91 Gb Free Space | 0.63% Space Free | Partition Type: NTFS
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet001
========== Win32 Services (SafeList) ==========
SRV - File not found [Disabled] -- -- (AppMgmt)
SRV - [2012/05/09 03:32:27 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012/05/09 03:32:25 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012/02/15 08:30:18 | 000,158,856 | R--- | M] (Skype Technologies) [Auto] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2011/05/25 08:06:20 | 000,037,664 | ---- | M] (Apple Inc.) [Auto] -- C:\Program Files\Fichiers communs\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2009/09/21 07:22:09 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand] -- C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009/08/18 05:29:22 | 001,529,728 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2003/03/03 08:33:40 | 000,143,360 | ---- | M] (Intel(R) Corporation) [On_Demand] -- C:\Program Files\Intel\NCS\Sync\NetSvc.exe -- (NetSvc)
========== Driver Services (SafeList) ==========
DRV - File not found [Kernel | On_Demand] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand] -- -- (wanatw) WAN Miniport (ATW)
DRV - File not found [Kernel | On_Demand] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDCOMP)
DRV - File not found [Kernel | System] -- -- (PCIDump)
DRV - File not found [Kernel | System] -- -- (lbrtfdc)
DRV - File not found [Kernel | System] -- -- (Changer)
DRV - File not found [Kernel | On_Demand] -- -- (bvrp_pci)
DRV - [2012/05/09 03:32:28 | 000,137,928 | ---- | M] (Avira GmbH) [Kernel | System] -- C:\WINDOWS\SYSTEM32\DRIVERS\avipbb.sys -- (avipbb)
DRV - [2012/05/09 03:32:28 | 000,083,392 | ---- | M] (Avira GmbH) [File_System | Auto] -- C:\WINDOWS\SYSTEM32\DRIVERS\avgntflt.sys -- (avgntflt)
DRV - [2011/12/09 07:40:53 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System] -- C:\WINDOWS\SYSTEM32\DRIVERS\avkmgr.sys -- (avkmgr)
DRV - [2010/06/17 09:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System] -- C:\WINDOWS\SYSTEM32\DRIVERS\ssmdrv.sys -- (ssmdrv)
DRV - [2008/10/21 05:22:48 | 000,114,600 | ---- | M] (MCCI Corporation) [Kernel | On_Demand] -- C:\WINDOWS\SYSTEM32\DRIVERS\s0017mdm.sys -- (s0017mdm)
DRV - [2008/10/21 05:22:48 | 000,109,736 | ---- | M] (MCCI Corporation) [Kernel | On_Demand] -- C:\WINDOWS\SYSTEM32\DRIVERS\s0017unic.sys -- (s0017unic) Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (WDM)
DRV - [2008/10/21 05:22:48 | 000,108,328 | ---- | M] (MCCI Corporation) [Kernel | On_Demand] -- C:\WINDOWS\SYSTEM32\DRIVERS\s0017mgmt.sys -- (s0017mgmt) Sony Ericsson Device 0017 USB WMC Device Management Drivers (WDM)
DRV - [2008/10/21 05:22:48 | 000,104,616 | ---- | M] (MCCI Corporation) [Kernel | On_Demand] -- C:\WINDOWS\SYSTEM32\DRIVERS\s0017obex.sys -- (s0017obex)
DRV - [2008/10/21 05:22:48 | 000,086,824 | ---- | M] (MCCI Corporation) [Kernel | On_Demand] -- C:\WINDOWS\SYSTEM32\DRIVERS\s0017bus.sys -- (s0017bus) Sony Ericsson Device 0017 driver (WDM)
DRV - [2008/10/21 05:22:48 | 000,026,024 | ---- | M] (MCCI Corporation) [Kernel | On_Demand] -- C:\WINDOWS\SYSTEM32\DRIVERS\s0017nd5.sys -- (s0017nd5) Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (NDIS)
DRV - [2008/10/21 05:22:48 | 000,015,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand] -- C:\WINDOWS\SYSTEM32\DRIVERS\s0017mdfl.sys -- (s0017mdfl)
DRV - [2008/01/09 06:28:34 | 000,027,632 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand] -- C:\WINDOWS\SYSTEM32\DRIVERS\seehcri.sys -- (seehcri)
DRV - [2004/03/05 17:15:34 | 000,647,929 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- C:\WINDOWS\SYSTEM32\DRIVERS\IntelC52.sys -- (IntelC52)
DRV - [2004/03/05 17:14:42 | 001,233,525 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- C:\WINDOWS\SYSTEM32\DRIVERS\IntelC51.sys -- (IntelC51)
DRV - [2004/03/05 17:13:52 | 000,060,949 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- C:\WINDOWS\SYSTEM32\DRIVERS\IntelC53.sys -- (IntelC53)
DRV - [2004/03/05 17:13:38 | 000,037,048 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- C:\WINDOWS\SYSTEM32\DRIVERS\mohfilt.sys -- (mohfilt)
DRV - [2003/02/11 08:25:14 | 000,009,216 | ---- | M] (Primax Electronics Ltd.) [Kernel | On_Demand] -- C:\WINDOWS\SYSTEM32\DRIVERS\pelusblf.sys -- (pelusblf)
DRV - [2003/01/10 08:55:32 | 000,016,384 | ---- | M] (Primax Electronics Ltd.) [Kernel | On_Demand] -- C:\WINDOWS\SYSTEM32\DRIVERS\PELMOUSE.SYS -- (pelmouse)
DRV - [2002/11/08 08:45:06 | 000,017,217 | ---- | M] (Dell Computer Corporation) [Kernel | System] -- C:\WINDOWS\SYSTEM32\DRIVERS\omci.sys -- (omci)
DRV - [2001/08/17 15:11:06 | 000,066,591 | ---- | M] (3Com Corporation) [Kernel | On_Demand] -- C:\WINDOWS\SYSTEM32\DRIVERS\EL90XBC5.SYS -- (EL90XBC)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.euro.dell.com/countries/f...en/default.htm
IE - HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,First Home Page = http://www.euro.dell.com/countries/f...en/default.htm
IE - HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.euro.dell.com/countries/f...en/default.htm
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVer sion\Internet Settings: "ProxyEnable" = 0
IE - HKU\LocalService_ON_C\Software\Microsoft\Windows\C urrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\Muriel_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.euro.dell.com/countries/f...en/default.htm
IE - HKU\Muriel_ON_C\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\Muriel_ON_C\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = https://www.google.fr/ [binary data]
IE - HKU\Muriel_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
IE - HKU\Muriel_ON_C\Software\Microsoft\Windows\Current Version\Internet Settings: "ProxyEnable" = 0
IE - HKU\NetworkService_ON_C\Software\Microsoft\Windows \CurrentVersion\Internet Settings: "ProxyEnable" = 0
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll ()
O1 HOSTS File: ([2002/08/30 02:00:00 | 000,000,790 | ---- | M]) - C:\WINDOWS\SYSTEM32\DRIVERS\ETC\HOSTS
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Objet d'aide à la navigation SFR) - {0F6E720A-1A6B-40E1-A294-1D4D19F156C8} - C:\Program Files\SFR\Kit\SFRNavErrorHelper.dll (SFR)
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Programme d'aide de l'Assistant de connexion Windows Live ID) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - No CLSID value found.
O3 - HKU\Muriel_ON_C\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKU\Muriel_ON_C\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files\Fichiers communs\Adobe\CS4ServiceManager\CS4ServiceManager. exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Fichiers communs\Apple\Mobile Device Support\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [KernelFaultCheck] File not found
O4 - HKLM..\Run: [Mouse Suite 98 Daemon] C:\WINDOWS\System32\ico.exe (Primax Electronics Ltd.)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [PCMService] File not found
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [UpdateManager] C:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe (Sonic Solutions)
O4 - HKLM..\Run: [VirusScan] File not found
O4 - HKU\Muriel_ON_C..\Run: [7897DC93] C:\Documents and Settings\Muriel\Application Data\Hnbhinbhinb\0BBF852F7897DC937507.exe ()
O4 - HKU\Muriel_ON_C..\Run: [EPSON Stylus DX5000 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIB VE.EXE (SEIKO EPSON CORPORATION)
O4 - HKU\Muriel_ON_C..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
O4 - Startup: C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Microsoft Office.lnk = C:\Program Files\Microsoft Office 2000 Professional\Office10\OSA.EXE (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\System: DisableTaskMgr = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\System: DisableRegedit = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVer sion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\LocalService_ON_C\SOFTWARE\Microsoft\Windows\C urrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Muriel_ON_C\SOFTWARE\Microsoft\Windows\Current Version\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Muriel_ON_C\SOFTWARE\Microsoft\Windows\Current Version\policies\System: DisableRegistryTools = 1
O7 - HKU\Muriel_ON_C\SOFTWARE\Microsoft\Windows\Current Version\policies\System: DisableRegedit = 1
O7 - HKU\NetworkService_ON_C\SOFTWARE\Microsoft\Windows \CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O16 - DPF: {0972B098-DEE9-4279-AC7E-4BAAA029102D} http://assets.photobox.com/assets/au...20110708070110 (PhotoboxPhotowaysUploader5 Control)
O16 - DPF: {474F00F5-3853-492C-AC3A-476512BBC336} http://picasaweb.google.com/s/v/51.26/uploader2.cab (UploadListView Class)
O16 - DPF: {4EFE4BE8-8771-4649-B3EF-D97374C8D2C2} https://particuliers.secure.lcl.fr/v...ormProtect.cab (KeybHunterWebInterface Class)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/wind...?1199739122650 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/micr...?1199809241968 (MUWebControl Class)
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} http://www.mypix.com/fr/fr/importer/ImageUploader4.cab (Image Uploader Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} http://java.sun.com/products/plugin/...ndows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_26)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Fichiers communs\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Fichiers communs\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Fichiers communs\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\21FA8A4A7897DC933552.exe) - C:\WINDOWS\SYSTEM32\21FA8A4A7897DC933552.exe ()
O27 - HKLM IFEO\msconfig.exe: Debugger - P9KDMF.EXE File not found
O27 - HKLM IFEO\regedit.exe: Debugger - P9KDMF.EXE File not found
O27 - HKLM IFEO\taskmgr.exe: Debugger - P9KDMF.EXE File not found
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2002/09/18 06:35:52 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 30 Days ==========
[2012/05/13 09:45:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Muriel\Mes documents\Downloads
[2012/05/13 09:36:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Muriel\Application Data\Hnbhinbhinb
[2012/04/29 07:44:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Muriel\Application Data\LolClient
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2012/05/15 03:54:22 | 000,000,434 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{72C4B2B6-8C2E-45E6-A6FB-3B028A18F7FE}.job
[2012/05/15 03:52:42 | 000,001,052 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/05/15 03:52:35 | 000,002,048 | --S- | M] () -- C:\WINDOWS\BOOTSTAT.DAT
[2012/05/15 03:52:33 | 2146,488,320 | -HS- | M] () -- C:\hiberfil.sys
[2012/05/15 03:35:45 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/05/14 16:27:01 | 000,001,056 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/05/13 10:45:01 | 000,000,722 | ---- | M] () -- C:\Documents and Settings\Muriel\Bureau\vlc.lnk
[2012/05/13 10:40:44 | 000,134,144 | ---- | M] () -- C:\Documents and Settings\Muriel\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/05/13 10:04:32 | 000,049,829 | ---- | M] () -- C:\Documents and Settings\Muriel\Mes documents\locked-RIB.jpg.uurv
[2012/05/13 10:03:47 | 000,083,643 | ---- | M] () -- C:\Documents and Settings\Muriel\Mes documents\locked-passeport.pdf.ggur
[2012/05/13 09:54:31 | 000,000,630 | ---- | M] () -- C:\Documents and Settings\Muriel\Bureau\µTorrent.lnk
[2012/05/13 09:37:12 | 000,092,060 | ---- | M] () -- C:\Documents and Settings\Muriel\Mes documents\locked-Feuille de service Episode 5.pdf.llrs
[2012/05/13 09:37:11 | 000,023,338 | ---- | M] () -- C:\Documents and Settings\Muriel\Mes documents\locked-DE107714 FRENCHNERD.pdf.wwmk
[2012/05/13 09:36:45 | 000,063,488 | ---- | M] () -- C:\Documents and Settings\Muriel\Mes documents\locked-1102032%20geoffray.ffxx
[2012/05/13 09:36:45 | 000,015,368 | ---- | M] () -- C:\Documents and Settings\Muriel\Mes documents\locked-AR-1275838897593.pdf.bbhi
[2012/05/13 09:36:37 | 000,004,982 | ---- | M] () -- C:\locked-DELL.SDR.yfcc
[2012/05/13 09:36:36 | 000,000,512 | ---- | M] () -- C:\locked-BOOTSECT.DOS.vruu
[2012/05/13 09:36:01 | 000,055,808 | -H-- | M] () -- C:\WINDOWS\System32\21FA8A4A7897DC933552.exe
[2012/05/11 15:50:49 | 000,600,154 | ---- | M] () -- C:\WINDOWS\System32\perfh00C.dat
[2012/05/11 15:50:49 | 000,114,456 | ---- | M] () -- C:\WINDOWS\System32\perfc00C.dat
[2012/05/11 15:50:48 | 000,504,076 | ---- | M] () -- C:\WINDOWS\System32\PERFH009.DAT
[2012/05/11 15:50:48 | 000,088,930 | ---- | M] () -- C:\WINDOWS\System32\PERFC009.DAT
[2012/05/11 08:28:35 | 002,109,272 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/05/11 06:38:06 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012/05/11 06:31:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Microsoft Silverlight
[2012/05/09 03:32:28 | 000,137,928 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys
[2012/05/09 03:32:28 | 000,083,392 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys
[2012/05/06 07:47:02 | 000,001,170 | ---- | M] () -- C:\WINDOWS\System32\WPA.DBL
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
========== Files Created - No Company Name ==========
[2012/05/13 10:45:01 | 000,000,722 | ---- | C] () -- C:\Documents and Settings\Muriel\Bureau\vlc.lnk
[2012/05/13 09:54:31 | 000,000,630 | ---- | C] () -- C:\Documents and Settings\Muriel\Bureau\µTorrent.lnk
[2012/05/13 09:36:30 | 000,960,056 | ---- | C] () -- C:\WINDOWS\System32\winsh324
[2012/05/13 09:36:30 | 000,960,056 | ---- | C] () -- C:\WINDOWS\System32\winsh323
[2012/05/13 09:36:30 | 000,960,056 | ---- | C] () -- C:\WINDOWS\System32\winsh322
[2012/05/13 09:36:30 | 000,960,056 | ---- | C] () -- C:\WINDOWS\System32\winsh321
[2012/05/13 09:36:30 | 000,960,056 | ---- | C] () -- C:\WINDOWS\System32\winsh320
[2012/05/13 09:36:01 | 000,055,808 | -H-- | C] () -- C:\WINDOWS\System32\21FA8A4A7897DC933552.exe
[2012/02/15 05:21:47 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2011/06/13 15:35:44 | 000,041,256 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2009/11/08 15:42:13 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\FSRremoC.DLL
[2009/11/08 15:42:13 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\FSRremoS.EXE
[2008/05/26 16:23:32 | 000,016,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2008/05/26 16:23:30 | 000,021,596 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2008/05/26 16:23:28 | 000,016,036 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2008/05/26 15:59:42 | 000,018,904 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschematrivial.b in
[2008/05/26 15:59:40 | 000,106,605 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschema.bin
[2008/03/23 11:56:24 | 000,000,305 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\addr_file.html
[2008/03/01 04:01:35 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2008/01/12 08:58:53 | 000,000,129 | ---- | C] () -- C:\Documents and Settings\Muriel\Local Settings\Application Data\fusioncache.dat
[2008/01/09 15:04:58 | 000,000,241 | ---- | C] () -- C:\WINDOWS\dellstat.ini
[2008/01/07 18:22:23 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2008/01/07 18:06:10 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2008/01/07 16:23:59 | 000,002,049 | ---- | C] () -- C:\Documents and Settings\Muriel\Application Data\QuickZip45.ini
[2008/01/07 16:08:06 | 000,000,497 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008/01/07 16:08:06 | 000,000,063 | ---- | C] () -- C:\WINDOWS\mdm.ini
[2008/01/07 16:08:01 | 000,000,000 | ---- | C] () -- C:\WINDOWS\NSREX.INI
[2008/01/07 14:37:20 | 000,134,144 | ---- | C] () -- C:\Documents and Settings\Muriel\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2004/12/20 06:08:28 | 000,155,648 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2004/12/20 06:03:26 | 000,679,936 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2004/10/26 18:39:05 | 003,375,104 | ---- | C] () -- C:\WINDOWS\System32\qt-mt331.dll
[2004/09/06 06:19:38 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2004/09/06 06:17:08 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2004/09/06 06:16:06 | 000,000,138 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2004/09/06 06:11:42 | 000,000,829 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/09/06 06:01:50 | 000,002,048 | --S- | C] () -- C:\WINDOWS\BOOTSTAT.DAT
[2004/09/06 06:01:04 | 000,600,154 | ---- | C] () -- C:\WINDOWS\System32\perfh00C.dat
[2004/09/06 06:01:04 | 000,504,076 | ---- | C] () -- C:\WINDOWS\System32\PERFH009.DAT
[2004/09/06 06:01:04 | 000,114,456 | ---- | C] () -- C:\WINDOWS\System32\perfc00C.dat
[2004/09/06 06:01:04 | 000,088,930 | ---- | C] () -- C:\WINDOWS\System32\PERFC009.DAT
[2004/09/06 06:00:58 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2004/09/06 06:00:51 | 000,003,712 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004/09/06 05:48:04 | 000,000,647 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2004/06/16 09:27:10 | 000,000,283 | ---- | C] () -- C:\WINDOWS\System32\DLBCPLC.INI
[2004/05/26 10:09:26 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\DSRIRREM.EXE
[2004/03/26 11:59:22 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2002/12/14 17:46:02 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\oggDS.dll
[2002/12/14 17:46:02 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\vorbis.dll
[2002/12/14 17:46:02 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\ogg.dll
[2002/12/14 16:46:04 | 000,921,600 | ---- | C] () -- C:\WINDOWS\System32\vorbisenc.dll
[2002/11/15 08:11:26 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\MMSwitch.dll
[2002/09/18 06:40:30 | 002,109,272 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2002/09/18 06:35:10 | 000,004,207 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2002/09/18 06:32:32 | 000,021,892 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2002/09/17 10:14:46 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\OEMBIOS.BIN
[2002/09/17 10:14:46 | 000,004,594 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2002/08/30 02:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\MLANG.DAT
[2002/08/30 02:00:00 | 000,322,810 | ---- | C] () -- C:\WINDOWS\System32\perfi00C.dat
[2002/08/30 02:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\PERFI009.DAT
[2002/08/30 02:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\DSSEC.DAT
[2002/08/30 02:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\MIB.BIN
[2002/08/30 02:00:00 | 000,034,108 | ---- | C] () -- C:\WINDOWS\System32\perfd00C.dat
[2002/08/30 02:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\PERFD009.DAT
[2002/08/30 02:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2002/08/30 02:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\NOISE.DAT
[1999/01/22 14:46:58 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL
========== LOP Check ==========
[2009/04/22 19:11:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Muriel\Application Data\Greyfirst
[2012/05/13 09:36:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Muriel\Application Data\Hnbhinbhinb
[2008/02/03 11:48:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Muriel\Application Data\Leadertech
[2012/04/29 07:44:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Muriel\Application Data\LolClient
[2012/05/13 14:14:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Muriel\Application Data\uTorrent
[2008/06/18 12:33:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Muriel\Application Data\Viewpoint
[2008/07/28 13:33:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Muriel\Application Data\Windows Desktop Search
[2009/01/26 17:34:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Muriel\Application Data\Windows Search
[2009/12/18 15:37:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BVRP Software
[2009/06/19 17:15:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EPSON
[2008/03/25 12:06:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IM
[2008/03/24 09:50:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IncrediMail
[2012/04/29 08:50:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PMB Files
[2004/09/06 06:18:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2010/08/15 13:53:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2008/01/08 13:15:00 | 000,000,258 | ---- | M] () -- C:\WINDOWS\Tasks\Rappel d'abonnement 1 auprès de l'ISP.job
[2012/05/15 03:54:22 | 000,000,434 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{72C4B2B6-8C2E-45E6-A6FB-3B028A18F7FE}.job
========== Purity Check ==========
< End of report >
------------------------------------------------------
Est ce que quelqu'un pourrait me dire la marche à suivre pour eradiquer cette merde ? ;)
Merci d'avance pour votre aide
Bache / Tibo
A voir également:
- Virus Gendarmerie dernière génération
- Dernière version ccleaner gratuit français - Télécharger - Nettoyage
- Supprimer dernière page word - Guide
- Dernière version chrome - Accueil - Applications & Logiciels
- Virus mcafee - Accueil - Piratage
- Virus facebook demande d'amis - Accueil - Facebook
2 réponses
Télécharge le CD live de kaspersky à cette adresse:
https://support.kaspersky.com/viruses/krd18?level=2
Grave l'image .iso sur un CD/DVD avec ImgBurn:
http://www.imgburn.com/index.php?act=download
Dans ImgBurn, sélectionne dans le menu "Write image file to disc",
-sélectionne le document .iso de kaspersky,
- vérifie qu'il a bien l'option bootable,
-change la vitesse de gravure au plus bas que tu puisse pour éviter les erreurs,
-Attends jusqu'à ImgBurn te dise que la gravure est finie(si ton lecteur s'ouvre mais qu'ImgBurn ne te dit rien, referme ton lecteur pour qu'il finisse).
Après avoir graver ton CD, boot depuis celui-ci comme tu as fait avec oltpe,
-choisi ta langue(français ou anglais)
-accepte les conditions d'utilisations
-Il est possible que le cd t'affiche un message comme quoi ton ordi c'est mal éteint, clique sur "poursuivre".
-une fois dedans, va dans le menu en bas à gauche,
-puis dans terminal afin d'obtenir la fenêtre noire,
-puis tape en respectant les minuscules: windowsunlocker
-repère les fichiers en "suspicions modification"
-dans le menu en bas à gauche, appuie sur redémarrer.
Tu devrais retrouver ton écran!!
- Cependant, ce virus peut être droppé par les virus Zaccess ou sirefef,
Je te conseille donc de faire un scan avec MBAM,
https://www.commentcamarche.net/telecharger/securite/14361-malwarebytes-anti-malware/
TUTO: https://www.malekal.com/tutoriel-malwarebyte-anti-malware/
-puis un scan avec Panda qui devrais t'enlever si tu en as un:
https://www.pandasecurity.com/en/support/card?id=1672&idIdioma=2
Tout est expliqué, fait ensuite un autre scan avec MBAM et sa devrait être bon.
Si tu veux, tu peux même faire un rapport avec ZHP diag, et le poster sur le forum.
Tiens moi informer si tu as d'autres problèmes.
Si tu rencontres des problèmes, tu peux toujours faire un scan depuis le CD de kaspersky, et effacer les éléments qu'il te trouvera.
P.S.: Je te conseille plutôt avast! que avira antivir.
https://support.kaspersky.com/viruses/krd18?level=2
Grave l'image .iso sur un CD/DVD avec ImgBurn:
http://www.imgburn.com/index.php?act=download
Dans ImgBurn, sélectionne dans le menu "Write image file to disc",
-sélectionne le document .iso de kaspersky,
- vérifie qu'il a bien l'option bootable,
-change la vitesse de gravure au plus bas que tu puisse pour éviter les erreurs,
-Attends jusqu'à ImgBurn te dise que la gravure est finie(si ton lecteur s'ouvre mais qu'ImgBurn ne te dit rien, referme ton lecteur pour qu'il finisse).
Après avoir graver ton CD, boot depuis celui-ci comme tu as fait avec oltpe,
-choisi ta langue(français ou anglais)
-accepte les conditions d'utilisations
-Il est possible que le cd t'affiche un message comme quoi ton ordi c'est mal éteint, clique sur "poursuivre".
-une fois dedans, va dans le menu en bas à gauche,
-puis dans terminal afin d'obtenir la fenêtre noire,
-puis tape en respectant les minuscules: windowsunlocker
-repère les fichiers en "suspicions modification"
-dans le menu en bas à gauche, appuie sur redémarrer.
Tu devrais retrouver ton écran!!
- Cependant, ce virus peut être droppé par les virus Zaccess ou sirefef,
Je te conseille donc de faire un scan avec MBAM,
https://www.commentcamarche.net/telecharger/securite/14361-malwarebytes-anti-malware/
TUTO: https://www.malekal.com/tutoriel-malwarebyte-anti-malware/
-puis un scan avec Panda qui devrais t'enlever si tu en as un:
https://www.pandasecurity.com/en/support/card?id=1672&idIdioma=2
Tout est expliqué, fait ensuite un autre scan avec MBAM et sa devrait être bon.
Si tu veux, tu peux même faire un rapport avec ZHP diag, et le poster sur le forum.
Tiens moi informer si tu as d'autres problèmes.
Si tu rencontres des problèmes, tu peux toujours faire un scan depuis le CD de kaspersky, et effacer les éléments qu'il te trouvera.
P.S.: Je te conseille plutôt avast! que avira antivir.
