Besoin d'aide pour désinfectrion pc
Fermé
Sty_x
Messages postés
47
Date d'inscription
jeudi 11 février 2010
Statut
Membre
Dernière intervention
7 mars 2023
-
7 juin 2012 à 22:53
Utilisateur anonyme - 11 juin 2012 à 21:17
Utilisateur anonyme - 11 juin 2012 à 21:17
Bonjour,
J'ai récupéré un pc infecté par le virus "gendarmerie nationale".
-Au début il ne bootait même pas, enfin il bootait en boucle que se soit en mode normal, sans echec, ligne de com,... j'ai du utiliser HBCD pour réparer le disque dur, il a ensuite démarré mais toujours bloqué par le virus.
-Je suis passé par le live CD de kaspersky pour "tout" désinfecté (plus de 3000 menaces Oo).
-A partir de là le pc démarré, plus de virus mais tous les fichiers sont "locked-", gestionnaire de taches+regedit+msconfig,... sont absents. J'ai essayé l'utilitaire de kaspersky pour décrypter les fichier mais il demande un fichier non crypté et malheureusement je n'entrouvre pas...
J'ai fait des scans avec OTL, USBfix, GMER, Roguekiller je les mets en pièces jointes.
Sinon pour créer les live usb et faire des transfères j'ai utilisé une clef usb et un autre pc, dois-je faire quelque chose pour désinfecter l'autre pc? Il n'a pas l'air infecté.
Rapport USBfix
Rapport Rogue Killer
Rapport OTL
<code>OTL logfile created on: 07/06/2012 22:05:25 - Run 1
OTL by OldTimer - Version 3.2.46.2 Folder = C:\Documents and Settings\Plein Ciel\Mes documents\Téléchargements
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy
1,75 Gb Total Physical Memory | 1,02 Gb Available Physical Memory | 58,16% Memory free
3,60 Gb Paging File | 2,99 Gb Available in Paging File | 83,07% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 39,99 Gb Total Space | 20,96 Gb Free Space | 52,40% Space Free | Partition Type: NTFS
Drive D: | 109,05 Gb Total Space | 104,99 Gb Free Space | 96,27% Space Free | Partition Type: NTFS
Drive F: | 3,84 Gb Total Space | 3,30 Gb Free Space | 85,99% Space Free | Partition Type: FAT32
Drive G: | 3,77 Gb Total Space | 3,06 Gb Free Space | 81,26% Space Free | Partition Type: FAT32
Computer Name: PLEIN-A8CEBD639 | User Name: Plein Ciel | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
[color=#E56717]========== Processes (SafeList) ==========/color
PRC - [2012/06/07 22:04:27 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Plein Ciel\Mes documents\Téléchargements\OTL.exe
PRC - [2012/06/07 20:44:36 | 000,488,104 | ---- | M] (F-Secure Corporation) -- C:\Program Files\F-Secure\Anti-Virus\fsav32.exe
PRC - [2012/06/07 20:43:57 | 001,028,776 | ---- | M] (F-Secure Corporation) -- C:\Program Files\F-Secure\Anti-Virus\fssm32.exe
PRC - [2012/06/07 20:43:57 | 000,561,832 | ---- | M] (F-Secure Corporation) -- C:\Program Files\F-Secure\Anti-Virus\fsgk32.exe
PRC - [2012/06/07 20:43:26 | 000,061,088 | ---- | M] (F-Secure Corporation) -- C:\Program Files\F-Secure\ORSP Client\fsorsp.exe
PRC - [2012/06/01 17:37:13 | 000,913,888 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/04/04 15:56:38 | 000,462,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2010/03/04 22:38:00 | 000,071,096 | ---- | M] () -- C:\Program Files\CDBurnerXP\NMSAccessU.exe
PRC - [2009/08/10 11:48:14 | 000,199,264 | ---- | M] (F-Secure Corporation) -- C:\Program Files\F-Secure\Common\FSM32.EXE
PRC - [2009/08/10 11:48:14 | 000,186,976 | ---- | M] (F-Secure Corporation) -- C:\Program Files\F-Secure\Common\FSMA32.EXE
PRC - [2009/08/10 11:48:12 | 000,088,672 | ---- | M] (F-Secure Corporation) -- C:\Program Files\F-Secure\Common\FSHDLL32.EXE
PRC - [2009/08/10 11:47:10 | 000,522,848 | ---- | M] (F-Secure Corporation) -- C:\Program Files\F-Secure\FWES\program\fsdfwd.exe
PRC - [2009/08/10 11:46:10 | 000,219,744 | ---- | M] (F-Secure Corporation) -- C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
PRC - [2009/07/23 17:23:56 | 000,178,720 | ---- | M] () -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
PRC - [2009/07/23 17:23:54 | 000,387,616 | ---- | M] () -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
PRC - [2008/04/14 14:00:00 | 001,037,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/12/11 20:19:44 | 000,065,536 | ---- | M] (France Telecom SA) -- C:\Program Files\Fichiers communs\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
[color=#E56717]========== Modules (No Company Name) ==========/color
MOD - [2012/06/07 20:44:29 | 000,030,888 | ---- | M] () -- C:\Program Files\F-Secure\Anti-Virus\minifilter\hashlib_x86.dll
MOD - [2012/06/07 20:43:57 | 000,768,712 | ---- | M] () -- C:\Program Files\F-Secure\Anti-Virus\fm4av.dll
MOD - [2012/06/01 17:37:31 | 002,042,848 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2010/03/04 22:38:00 | 000,071,096 | ---- | M] () -- C:\Program Files\CDBurnerXP\NMSAccessU.exe
MOD - [2010/01/27 03:07:32 | 003,884,312 | ---- | M] () -- C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
MOD - [2009/08/10 11:48:02 | 000,236,128 | ---- | M] () -- \\?\c:\program files\f-secure\hips\fsumi.dll
MOD - [2009/08/10 11:48:00 | 000,330,336 | ---- | M] () -- \\?\c:\program files\f-secure\hips\fshook32.dll
MOD - [2009/08/10 11:46:48 | 000,081,920 | ---- | M] () -- C:\Program Files\F-Secure\FSGUI\strres.eng
MOD - [2009/08/10 11:46:36 | 000,920,160 | ---- | M] () -- C:\Program Files\F-Secure\FSGUI\gres.dll
MOD - [2009/08/10 11:46:30 | 000,045,056 | ---- | M] () -- C:\Program Files\F-Secure\FSGUI\fsavures.eng
MOD - [2009/08/10 11:46:24 | 000,838,240 | ---- | M] () -- C:\Program Files\F-Secure\FSGUI\about.dll
MOD - [2009/08/10 11:46:24 | 000,088,672 | ---- | M] () -- C:\Program Files\F-Secure\FSGUI\aboutres.dll
MOD - [2009/08/10 11:46:10 | 000,036,864 | ---- | M] () -- C:\Program Files\F-Secure\Anti-Virus\fsavhres.eng
MOD - [2009/07/23 17:23:56 | 000,178,720 | ---- | M] () -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
MOD - [2009/07/23 17:23:54 | 000,387,616 | ---- | M] () -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
MOD - [2009/07/23 17:23:48 | 000,436,768 | ---- | M] () -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\SpecialCase.dll
MOD - [2009/07/23 17:23:08 | 000,068,128 | ---- | M] () -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nv_common.dll
[color=#E56717]========== Win32 Services (SafeList) ==========/color
SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt)
SRV - [2012/06/07 20:43:26 | 000,061,088 | ---- | M] (F-Secure Corporation) [On_Demand | Running] -- C:\Program Files\F-Secure\ORSP Client\fsorsp.exe -- (FSORSPClient)
SRV - [2012/06/01 17:37:22 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2010/04/03 09:52:46 | 000,243,056 | ---- | M] (CybelSoft) [On_Demand | Stopped] -- C:\Program Files\ma-config.com\maconfservice.exe -- (maconfservice)
SRV - [2010/03/04 22:38:00 | 000,071,096 | ---- | M] () [Auto | Running] -- C:\Program Files\CDBurnerXP\NMSAccessU.exe -- (NMSAccess)
SRV - [2009/08/10 11:48:14 | 000,186,976 | ---- | M] (F-Secure Corporation) [Auto | Running] -- C:\Program Files\F-Secure\Common\FSMA32.EXE -- (FSMA)
SRV - [2009/08/10 11:47:10 | 000,522,848 | ---- | M] (F-Secure Corporation) [On_Demand | Running] -- C:\Program Files\F-Secure\FWES\program\fsdfwd.exe -- (FSDFWD)
SRV - [2009/08/10 11:46:10 | 000,219,744 | ---- | M] (F-Secure Corporation) [Auto | Running] -- C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe -- (F-Secure Gatekeeper Handler Starter)
SRV - [2009/07/23 17:23:56 | 000,178,720 | ---- | M] () [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe -- (nSvcIp)
SRV - [2009/07/23 17:23:54 | 000,387,616 | ---- | M] () [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe -- (ForceWare Intelligent Application Manager (IAM)) ForceWare Intelligent Application Manager (IAM)
SRV - [2008/12/23 15:52:44 | 000,132,096 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing)
SRV - [2008/04/14 14:00:00 | 000,114,176 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\netdde.exe -- (NetDDEdsdm)
SRV - [2008/04/14 14:00:00 | 000,114,176 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\netdde.exe -- (NetDDE)
SRV - [2008/04/14 14:00:00 | 000,053,248 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\mprdim.dll -- (RemoteAccess)
SRV - [2008/04/14 14:00:00 | 000,033,792 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\msgsvc.dll -- (Messenger)
SRV - [2008/04/14 14:00:00 | 000,033,280 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\clipsrv.exe -- (ClipSrv)
SRV - [2008/04/14 14:00:00 | 000,017,408 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\alrsvc.dll -- (Alerter)
SRV - [2007/12/11 20:19:44 | 000,065,536 | ---- | M] (France Telecom SA) [Auto | Running] -- C:\Program Files\Fichiers communs\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe -- (FTRTSVC)
SRV - [2006/10/26 19:49:34 | 000,441,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2006/10/26 14:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
[color=#E56717]========== Driver Services (SafeList) ==========/color
DRV - File not found [Kernel | On_Demand | Stopped] -- E:\DRIVER\Audio\winio.sys -- (WINIO)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | Boot | Stopped] -- system32\DRIVERS\viaagp1.sys -- (viaagp1)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\RTL8139.SYS -- (rtl8139) Pilote NT de carte Realtek PCI Fast Ethernet à base RTL8139(A/B/C)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - [2012/06/07 20:46:49 | 000,044,184 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\fsbts.sys -- (fsbts)
DRV - [2012/06/07 20:44:29 | 000,149,672 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Program Files\F-Secure\Anti-Virus\minifilter\fsgk.sys -- (F-Secure Gatekeeper)
DRV - [2012/04/04 15:56:40 | 000,022,344 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011/12/23 21:58:18 | 000,020,032 | ---- | M] (Devguru Co., Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\dgderdrv.sys -- (dgderdrv)
DRV - [2011/12/08 06:22:26 | 000,136,808 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssadmdm.sys -- (ssadmdm)
DRV - [2011/12/08 06:22:26 | 000,121,064 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssadbus.sys -- (ssadbus) SAMSUNG Android USB Composite Device driver (WDM)
DRV - [2011/12/08 06:22:26 | 000,114,280 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssadserd.sys -- (ssadserd) SAMSUNG Android USB Diagnostic Serial Port (WDM)
DRV - [2011/12/08 06:22:26 | 000,030,312 | ---- | M] (Google Inc) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssadadb.sys -- (androidusb)
DRV - [2011/12/08 06:22:26 | 000,012,776 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssadmdfl.sys -- (ssadmdfl) SAMSUNG Android USB Modem (Filter)
DRV - [2010/04/03 10:16:34 | 000,014,336 | ---- | M] (CybelSoft) [Kernel | On_Demand | Stopped] -- C:\Program Files\ma-config.com\Drivers\driverhardwarev2.sys -- (driverhardwarev2)
DRV - [2009/11/12 13:48:56 | 000,007,168 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\StarOpen.sys -- (StarOpen)
DRV - [2009/08/18 11:32:00 | 005,884,416 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2009/08/10 11:48:02 | 000,068,064 | ---- | M] (F-Secure Corporation) [Kernel | System | Running] -- C:\Program Files\F-Secure\HIPS\drivers\fshs.sys -- (F-Secure HIPS)
DRV - [2009/08/10 11:47:10 | 000,080,000 | ---- | M] (F-Secure Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\fsdfw.sys -- (FSFW)
DRV - [2009/08/10 11:46:12 | 000,039,776 | ---- | M] () [Kernel | Disabled | Stopped] -- C:\Program Files\F-Secure\Anti-Virus\win2k\fsfilter.sys -- (F-Secure Filter)
DRV - [2009/08/10 11:46:12 | 000,025,184 | ---- | M] () [Kernel | Disabled | Stopped] -- C:\Program Files\F-Secure\Anti-Virus\win2k\fsrec.sys -- (F-Secure Recognizer)
DRV - [2009/07/01 05:53:34 | 000,013,824 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2009/07/01 05:53:30 | 000,066,688 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
DRV - [2009/06/30 11:31:00 | 000,164,896 | R--- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\nvgts.sys -- (nvgts)
DRV - [2008/08/05 14:10:12 | 001,684,736 | ---- | M] (Creative) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Ambfilt.sys -- (Ambfilt)
DRV - [2008/04/14 14:00:00 | 000,800,256 | ---- | M] (Microsoft Corp., Veritas Software) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\dmboot.sys -- (dmboot)
DRV - [2008/04/14 14:00:00 | 000,154,496 | ---- | M] (Microsoft Corp., Veritas Software) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\dmio.sys -- (dmio)
DRV - [2008/04/14 14:00:00 | 000,120,576 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\pcmcia.sys -- (Pcmcia)
DRV - [2008/04/14 14:00:00 | 000,066,048 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\udfs.sys -- (Udfs)
DRV - [2008/04/14 14:00:00 | 000,013,952 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\cbidf2k.sys -- (cbidf2k)
DRV - [2008/04/14 14:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\acpiec.sys -- (ACPIEC)
DRV - [2008/04/14 14:00:00 | 000,005,888 | ---- | M] (Microsoft Corp., Veritas Software.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\dmload.sys -- (dmload)
DRV - [2008/04/13 20:55:34 | 000,701,440 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2007/12/18 04:46:34 | 000,044,800 | R--- | M] (Infineon Technologies AG) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ifxtpm.sys -- (IFXTPM)
DRV - [2007/04/16 16:46:34 | 000,033,792 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdPPM.sys -- (AmdPPM)
DRV - [2006/03/01 18:53:54 | 000,032,128 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\pcandis5.sys -- (PCANDIS5)
DRV - [2006/01/04 09:41:48 | 001,389,056 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Monfilt.sys -- (Monfilt)
DRV - [2004/08/13 04:56:20 | 000,005,810 | R--- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ASACPI.sys -- (MTsensor)
DRV - [2003/09/23 10:38:34 | 000,034,688 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\pcampr5.sys -- (PCAMPR5)
DRV - [2003/04/24 17:48:02 | 000,730,092 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
DRV - [2002/03/15 02:17:00 | 002,022,591 | R--- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\IntelC51.sys -- (IntelC51)
DRV - [2002/03/15 02:17:00 | 000,426,542 | R--- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\IntelC52.sys -- (IntelC52) Intel(R)
DRV - [2002/03/15 02:17:00 | 000,015,359 | R--- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\IntelC53.sys -- (IntelC53)
[color=#E56717]========== Standard Registry (SafeList) ==========/color
[color=#E56717]========== Internet Explorer ==========/color
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search bar = http://www.bing.com/spresults.aspx
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Binary data over 100 bytes]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = https://www.bing.com/?scope=web&mkt=fr-FR{searchTerms}&src={referrer:source?}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
IE - HKCU\..\SearchScopes,DefaultScope = {ad7269a0-43f9-43e3-894b-3f34bcd3a64b}
IE - HKCU\..\SearchScopes\${searchCLSID}: "URL" = https://www.bing.com/?scope=web&mkt=fr-FR{searchTerms}&src={referrer:source?}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = https://www.bing.com/?scope=web&mkt=fr-FR{searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{ad7269a0-43f9-43e3-894b-3f34bcd3a64b}: "URL" = https://www.hugedomains.com/domain_profile.cfm?d=iadah&e=com{searchTerms}
IE - HKCU\..\SearchScopes\{F81F00CB-E7A6-498F-A3F8-D145161C11C3}: "URL" = https://www.google.com/webhp?hl=en&gws_rd=ssl{searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
[color=#E56717]========== FireFox ==========/color
FF - user.js - File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL File not found
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@ma-config.com/HardwareDetection: C:\Program Files\ma-config.com\nphardwaredetection.dll (Cybelsoft)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.450: C:\Program Files\Real Alternative\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.448: C:\Program Files\Real Alternative\browser\plugins\nprpjplug.dll File not found
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/06/07 20:30:19 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\bdThunderbird@bitdefender.com: C:\Program Files\Bitdefender\Bitdefender 2012\bdtbext\
[2012/06/07 20:32:51 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Plein Ciel\Application Data\Mozilla\Extensions
[2012/06/07 20:30:19 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/06/01 17:38:43 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/06/01 20:15:03 | 000,001,516 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-france.xml
[2012/06/01 20:15:03 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/06/01 20:15:03 | 000,001,822 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\cnrtl-tlfi-fr.xml
[2012/06/01 20:15:03 | 000,001,154 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-france.xml
[2012/06/01 20:15:03 | 000,001,426 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-fr.xml
[2012/06/01 20:15:03 | 000,000,956 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-france.xml
O1 HOSTS File: ([2012/06/07 21:46:03 | 000,000,782 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O4 - HKLM..\Run: [F-Secure Manager] C:\Program Files\F-Secure\Common\FSM32.EXE (F-Secure Corporation)
O4 - HKLM..\Run: [F-Secure TNB] C:\Program Files\F-Secure\FSGUI\TNBUtil.exe (F-Secure Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 3
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000 File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\F-Secure\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\F-Secure\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\F-Secure\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Program Files\F-Secure\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O15 - HKCU\..Trusted Domains: mappy.com ([]http in Sites de confiance)
O15 - HKCU\..Trusted Domains: orange.fr ([]http in Sites de confiance)
O15 - HKCU\..Trusted Domains: voila.fr ([rw.search.ke] http in Sites de confiance)
O15 - HKCU\..Trusted Domains: weborama.fr ([orange] http in Sites de confiance)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1271424794531 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1271160955971 (MUWebControl Class)
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} http://fichiers.touslesdrivers.com/maconfig/MaConfig_4_0_2_0.cab (Ma-Config control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{98368638-ED9E-4078-9D72-30977479A2AE}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E4677CBF-B114-4F57-A4A4-45821D6B1B11}: DhcpNameServer = 192.168.1.1 192.168.1.1
O18 - Protocol\Handler\ipp\0x00000001 - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Fichiers communs\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\Userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop Components:0 (Ma page d'accueil) - About:Home
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Colline verdoyante.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Colline verdoyante.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/04/13 09:43:31 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2012/06/07 21:42:01 | 000,000,000 | R-SD | M] - C:\Autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2012/06/05 15:58:33 | 000,000,000 | ---D | M] - D:\Autobackup - Standard - 12-04-2010 -- [ NTFS ]
O32 - AutoRun File - [2012/06/05 15:58:43 | 000,000,000 | ---D | M] - D:\autobackup-win -- [ NTFS ]
O32 - AutoRun File - [2012/06/07 21:42:01 | 000,000,000 | R-SD | M] - D:\Autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2012/06/07 20:27:00 | 000,000,250 | ---- | M] () - F:\autorun_disable.reg -- [ FAT32 ]
O32 - AutoRun File - [2012/06/07 21:42:02 | 000,000,000 | R-SD | M] - F:\Autorun.inf -- [ FAT32 ]
O32 - AutoRun File - [2012/06/07 21:42:04 | 000,000,000 | R-SD | M] - G:\Autorun.inf -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
NetSvcs: 6to4 - File not found
NetSvcs: AppMgmt - %SystemRoot%\System32\appmgmts.dll File not found
NetSvcs: HidServ - %SystemRoot%\System32\hidserv.dll File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
[color=#E56717]========== Files/Folders - Created Within 30 Days ==========/color
[2012/06/07 21:57:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Plein Ciel\Application Data\Malwarebytes
[2012/06/07 21:57:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Malwarebytes' Anti-Malware
[2012/06/07 21:57:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2012/06/07 21:57:12 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012/06/07 21:57:11 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/06/07 21:49:23 | 000,000,000 | ---D | C] -- C:\Program Files\trend micro
[2012/06/07 21:49:23 | 000,000,000 | ---D | C] -- C:\rsit
[2012/06/07 21:44:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Plein Ciel\Bureau\RK_Quarantine
[2012/06/07 21:42:01 | 000,000,000 | R-SD | C] -- C:\Autorun.inf
[2012/06/07 21:39:47 | 000,000,000 | ---D | C] -- C:\UsbFix
[2012/06/07 20:53:44 | 000,153,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\regedit.exe
[2012/06/07 20:43:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Démarrer\Programmes\F-Secure Anti-Virus 2010
[2012/06/07 20:41:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\F-Secure
[2012/06/07 20:41:24 | 000,080,000 | ---- | C] (F-Secure Corporation) -- C:\WINDOWS\System32\drivers\fsdfw.sys
[2012/06/07 20:40:52 | 000,000,000 | ---D | C] -- C:\Program Files\F-Secure
[2012/06/07 20:38:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\fssg
[2012/06/07 20:38:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\f-secure
[2012/06/07 20:36:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Microsoft Office
[2012/06/07 20:36:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Plein Ciel\Mes documents\Téléchargements
[2012/06/07 20:35:59 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Works
[2012/06/07 20:35:45 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio
[2012/06/07 20:35:45 | 000,000,000 | ---D | C] -- C:\Program Files\Fichiers communs\DESIGNER
[2012/06/07 20:35:15 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft.NET
[2012/06/07 20:33:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\SHELLNEW
[2012/06/07 20:33:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Plein Ciel\Local Settings\Application Data\Microsoft Help
[2012/06/07 20:32:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Microsoft Help
[2012/06/07 20:32:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Plein Ciel\Local Settings\Application Data\Mozilla
[2012/06/07 20:32:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Plein Ciel\Application Data\Mozilla
[2012/06/07 20:32:37 | 000,000,000 | R--D | C] -- C:\MSOCache
[2012/06/07 20:31:46 | 001,061,888 | ---- | C] (J.C. Kessels) -- C:\WINDOWS\System32\MyDefragScreenSaver_v4.3.1.exe
[2012/06/07 20:31:46 | 000,475,648 | ---- | C] (J.C. Kessels) -- C:\WINDOWS\System32\MyDefragScreenSaver_v4.3.1.scr
[2012/06/07 20:31:46 | 000,000,000 | ---D | C] -- C:\Program Files\MyDefrag v4.3.1
[2012/06/07 20:31:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Démarrer\Programmes\MyDefrag v4.3.1
[2012/06/07 20:30:40 | 000,000,000 | ---D | C] -- C:\Program Files\Bitdefender
[2012/06/07 20:30:20 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service
[2012/06/07 20:30:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Mozilla
[2012/06/07 20:30:17 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2012/06/07 20:27:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\BDLogging
[2012/06/07 20:27:13 | 000,016,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spmsgXP_2k3.dll
[2012/06/07 20:27:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Bureau
[2012/06/05 15:55:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Plein Ciel\Local Settings\Application Data\iyqlpksa
[2012/05/30 15:42:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Orange
[2012/05/30 15:37:55 | 000,000,000 | ---D | C] -- C:\Program Files\Securitoo
[2012/05/30 15:37:19 | 000,065,536 | ---- | C] (France Telecom SA) -- C:\WINDOWS\System32\Autodial2000.dll
[2012/05/30 15:37:17 | 000,094,208 | ---- | C] (Printing Communications Assoc., Inc. (PCAUSA)) -- C:\WINDOWS\System32\w32n50.dll
[2012/05/30 15:37:17 | 000,034,688 | ---- | C] (Printing Communications Assoc., Inc. (PCAUSA)) -- C:\WINDOWS\System32\pcampr5.sys
[2012/05/30 15:37:17 | 000,032,128 | ---- | C] (Printing Communications Assoc., Inc. (PCAUSA)) -- C:\WINDOWS\System32\pcandis5.sys
[2012/05/30 15:37:05 | 000,000,000 | ---D | C] -- C:\Program Files\OrangeHSS
[2012/05/30 15:33:49 | 000,000,000 | ---D | C] -- C:\Program Files\Fichiers communs\France Telecom
[2012/05/30 15:33:48 | 001,060,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MFC71.dll
[2012/05/30 15:33:48 | 000,089,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\atl71.dll
[color=#E56717]========== Files - Modified Within 30 Days ==========/color
[2012/06/07 22:00:00 | 000,001,064 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/06/07 21:53:19 | 000,236,466 | ---- | M] () -- C:\WINDOWS\System32\NvApps.xml
[2012/06/07 21:53:13 | 000,001,060 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/06/07 21:53:07 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/06/07 21:53:03 | 1878,167,552 | -HS- | M] () -- C:\hiberfil.sys
[2012/06/07 21:46:03 | 000,000,782 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2012/06/07 21:42:02 | 000,180,993 | ---- | M] () -- C:\UsbFix_Upload_Me_PLEIN-A8CEBD639.zip
[2012/06/07 20:46:49 | 000,044,184 | ---- | M] () -- C:\WINDOWS\System32\drivers\fsbts.sys
[2012/06/07 20:44:09 | 000,516,510 | ---- | M] () -- C:\WINDOWS\System32\perfh00C.dat
[2012/06/07 20:44:09 | 000,447,350 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/06/07 20:44:09 | 000,088,380 | ---- | M] () -- C:\WINDOWS\System32\perfc00C.dat
[2012/06/07 20:44:09 | 000,074,426 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/06/07 20:42:45 | 000,012,598 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/06/07 20:42:40 | 000,306,808 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/06/07 20:30:40 | 000,102,085 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\1339093751.bdinstall.bin
[2012/06/07 20:30:25 | 000,000,442 | ---- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{605A8D75-41A8-4CCF-BE97-8174A5F5C468}.job
[2012/06/07 20:30:22 | 000,000,742 | ---- | M] () -- C:\Documents and Settings\Plein Ciel\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2012/06/07 20:28:24 | 000,238,064 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\1009888542.bdinstall.bin
[2012/06/07 20:27:16 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_avchv_01009.Wdf
[2012/06/07 20:27:15 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf
[2012/06/07 20:27:00 | 000,000,250 | ---- | M] () -- C:\Documents and Settings\Plein Ciel\Bureau\autorun_disable.reg
[2012/06/05 16:02:21 | 000,162,304 | ---- | M] () -- C:\locked-UNWISE.EXE.jgmi
[2012/06/05 16:01:44 | 000,245,760 | ---- | M] () -- C:\locked-Mag_Coffrets-070410.exe.yrpr
[2012/06/05 16:01:44 | 000,015,428 | ---- | M] () -- C:\Documents and Settings\Plein Ciel\locked-RefEdit.exd.jxyi
[2012/06/05 16:01:43 | 000,192,512 | ---- | M] () -- C:\Documents and Settings\Plein Ciel\Mes documents\locked-étiiquette TOUR DE FRANCE.pub.vlkl
[2012/06/05 16:01:43 | 000,100,864 | ---- | M] () -- C:\Documents and Settings\Plein Ciel\Mes documents\locked-étiiquette musique.pub.hlqk
[2012/06/05 16:01:43 | 000,083,456 | ---- | M] () -- C:\Documents and Settings\Plein Ciel\Mes documents\locked-étiiquettejeunesse.pub.ikpw
[2012/06/05 16:01:43 | 000,065,536 | ---- | M] () -- C:\Documents and Settings\Plein Ciel\Mes documents\locked-étiiquette rennes.pub.smfu
[2012/06/05 16:01:43 | 000,061,952 | ---- | M] () -- C:\Documents and Settings\Plein Ciel\Mes documents\locked-étiquettes a la découverte.pub.ndph
[2012/06/05 16:01:42 | 000,197,120 | ---- | M] () -- C:\Documents and Settings\Plein Ciel\Mes documents\locked-étiiquette LOISIRS CREATIFS PAQUES.pub.sifp
[2012/06/05 16:01:42 | 000,146,432 | ---- | M] () -- C:\Documents and Settings\Plein Ciel\Mes documents\locked-étiiquette LOISIRS CREATIFS.pub.wdhp
[2012/06/05 16:01:42 | 000,117,760 | ---- | M] () -- C:\Documents and Settings\Plein Ciel\Mes documents\locked-étiiquette MARRIANE 2.pub.irjx
[2012/06/05 16:01:42 | 000,104,448 | ---- | M] () -- C:\Documents and Settings\Plein Ciel\Mes documents\locked-étiiquette MARRIANE.pub.ljxw
[2012/06/05 16:01:42 | 000,071,168 | ---- | M] () -- C:\Documents and Settings\Plein Ciel\Mes documents\locked-étiiquette fete des pères.pub.ndry
[2012/06/05 16:01:41 | 021,073,936 | ---- | M] () -- C:\Documents and Settings\Plein Ciel\Mes documents\locked-vlc-1.1.11-win32.exe.ylkr
[2012/06/05 16:01:41 | 019,657,194 | ---- | M] () -- C:\Documents and Settings\Plein Ciel\Mes documents\locked-vlc-1.1.4-win32.exe.rqxn
[2012/06/05 16:01:41 | 000,193,024 | ---- | M] () -- C:\Documents and Settings\Plein Ciel\Mes documents\locked-étiiquette cuisine.pub.guym
[2012/06/05 16:01:41 | 000,159,232 | ---- | M] () -- C:\Documents and Settings\Plein Ciel\Mes documents\locked-vitrine bd fantasy.pub.rmxl
[2012/06/05 16:01:41 | 000,036,864 | ---- | M] () -- C:\Documents and Settings\Plein Ciel\Mes documents\locked-texte gallimard.pub.rrlz
[2012/06/05 16:01:27 | 000,041,984 | ---- | M] () -- C:\Documents and Settings\Plein Ciel\Mes documents\locked-PORTE.pub.jvlc
[2012/06/05 16:01:26 | 000,173,568 | ---- | M] () -- C:\Documents and Settings\Plein Ciel\Mes documents\locked-PLANTE.pub.bfrq
[2012/06/05 16:00:01 | 000,225,792 | ---- | M] () -- C:\Documents and Settings\Plein Ciel\Mes documents\locked-heroic fantaisy.pub.sprp
[2012/06/05 16:00:01 | 000,049,664 | ---- | M] () -- C:\Documents and Settings\Plein Ciel\Mes documents\locked-interdiction de manger.pub.olpe
[2012/06/05 16:00:01 | 000,046,080 | ---- | M] () -- C:\Documents and Settings\Plein Ciel\Mes documents\locked-il a lu.pub.wrio
[2012/06/05 16:00:00 | 015,231,488 | ---- | M] () -- C:\Documents and Settings\Plein Ciel\Mes documents\locked-eragon t4.pub.pspx
[2012/06/05 16:00:00 | 000,097,792 | ---- | M] () -- C:\Documents and Settings\Plein Ciel\Mes documents\locked-ETIQUETTE ETE.pub.lxum
[2012/06/05 16:00:00 | 000,080,384 | ---- | M] () -- C:\Documents and Settings\Plein Ciel\Mes documents\locked-Etiquettes coup de coeur.pub.yimd
[2012/06/05 16:00:00 | 000,078,848 | ---- | M] () -- C:\Documents and Settings\Plein Ciel\Mes documents\locked-ETIQUETTE kangourou.pub.kytr
[2012/06/05 16:00:00 | 000,064,512 | ---- | M] () -- C:\Documents and Settings\Plein Ciel\Mes documents\locked-etiquettes the queen 2.pub.dacr
[2012/06/05 16:00:00 | 000,061,440 | ---- | M] () -- C:\Documents and Settings\Plein Ciel\Mes documents\locked-etiquettes écrivains voyageurs 2.pub.eglh
[2012/06/05 16:00:00 | 000,061,440 | ---- | M] () -- C:\Documents and Settings\Plein Ciel\Mes documents\locked-ETIQUETTE.pub.tzbx
[2012/06/05 16:00:00 | 000,061,440 | ---- | M] () -- C:\Documents and Settings\Plein Ciel\Mes documents\locked-ETIQUETTE oeufs 2.pub.nsom
[2012/06/05 16:00:00 | 000,060,928 | ---- | M] () -- C:\Documents and Settings\Plein Ciel\Mes documents\locked-ETIQUETTE SPORT.pub.ovzb
[2012/06/05 16:00:00 | 000,058,368 | ---- | M] () -- C:\Documents and Settings\Plein Ciel\Mes documents\locked-etiquettes the queen.pub.nsto
[2012/06/05 16:00:00 | 000,054,784 | ---- | M] () -- C:\Documents and Settings\Plein Ciel\Mes documents\locked-ETIQUETTE oeufs.pub.wfag
[2012/06/05 16:00:00 | 000,052,736 | ---- | M] () -- C:\Documents and Settings\Plein Ciel\Mes documents\locked-etiquettes écrivains voyageurs.pub.rpbe
[2012/06/05 16:00:00 | 000,039,424 | ---- | M] () -- C:\Documents and Settings\Plein Ciel\Mes documents\locked-fermeture 18 h 45.pub.brit
[2012/06/05 15:59:59 | 005,766,144 | ---- | M] () -- C:\Documents and Settings\Plein Ciel\Mes documents\locked-ERAGON T4 2.pub.izdj
[2012/06/05 15:59:59 | 000,046,080 | ---- | M] () -- C:\Documents and Settings\Plein Ciel\Mes documents\locked-elle a lu.pub.exim
[2012/06/05 15:59:57 | 001,177,600 | ---- | M] () -- C:\Documents and Settings\Plein Ciel\Mes documents\locked-coup de coeur.pub.yrmh
[2012/06/05 15:59:57 | 000,284,160 | ---- | M] () -- C:\Documents and Settings\Plein Ciel\Mes documents\locked-COUP DE COEUR X 4 poche.pub.fmvp
[2012/06/05 15:59:57 | 000,274,944 | ---- | M] () -- C:\Documents and Settings\Plein Ciel\Mes documents\locked-COUP DE COEUR X 4 poche 2.pub.kybu
[2012/06/05 15:59:57 | 000,043,520 | ---- | M] () -- C:\Documents and Settings\Plein Ciel\Mes documents\locked-damien.pub.derj
[2012/06/05 15:59:55 | 001,959,936 | ---- | M] () -- C:\Documents and Settings\Plein Ciel\Mes documents\locked-Compositionrentree.pub.eoyv
[2012/06/05 15:59:55 | 000,041,984 | ---- | M] () -- C:\Documents and Settings\Plein Ciel\Mes documents\locked-Composition2.pub.fzvy
[2012/06/05 15:59:54 | 000,182,272 | ---- | M] () -- C:\Documents and Settings\Plein Ciel\Mes documents\locked-Composition COUP DE COEUR.pub.xvgm
[2012/06/05 15:59:54 | 000,052,224 | ---- | M] () -- C:\Documents and Settings\Plein Ciel\Mes documents\locked-chocolats rouge papille.pub.bmre
[2012/06/05 15:58:45 | 000,341,504 | ---- | M] () -- C:\Documents and Settings\Plein Ciel\Mes documents\locked-CARTE LOGO avec adresse.pub.maup
[2012/06/05 15:58:45 | 000,117,248 | ---- | M] () -- C:\Documents and Settings\Plein Ciel\Mes documents\locked-CARTES VOEUX 2011.pub.ubys
[2012/06/05 15:58:43 | 000,073,728 | ---- | M] () -- C:\Documents and Settings\Plein Ciel\Mes documents\locked-affiche paques.pub.uotm
[2012/06/05 15:58:43 | 000,038,912 | ---- | M] () -- C:\Documents and Settings\Plein Ciel\Mes documents\locked-25 février 2012.pub.nwrp
[2012/06/05 15:58:43 | 000,038,912 | ---- | M] () -- C:\Documents and Settings\Plein Ciel\Mes documents\locked-17 mars 2012.pub.lymg
[2012/06/05 15:58:43 | 000,028,651 | ---- | M] () -- C:\Documents and Settings\Plein Ciel\Mes documents\locked-1842756307_small_1.jpg.dvmf
[2012/06/05 15:58:39 | 000,000,332 | ---- | M] () -- C:\Documents and Settings\Plein Ciel\Bureau\locked-Sofia.url.nefw
[2012/06/05 15:57:51 | 000,000,336 | ---- | M] () -- C:\Documents and Settings\Plein Ciel\Bureau\locked-Mag_Coffrets_cadeaux.appref-ms.etfx
[2012/06/05 15:57:44 | 000,009,615 | ---- | M] () -- C:\locked-chewystewy.zip.hprc
[2012/05/31 15:22:03 | 000,606,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\crypt32.dll
[2012/05/18 15:34:37 | 000,035,328 | ---- | M] () -- C:\Documents and Settings\Plein Ciel\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[color=#E56717]========== Files Created - No Company Name ==========/color
[2012/06/07 21:42:02 | 000,180,993 | ---- | C] () -- C:\UsbFix_Upload_Me_PLEIN-A8CEBD639.zip
[2012/06/07 20:49:50 | 000,000,250 | ---- | C] () -- C:\Documents and Settings\Plein Ciel\Bureau\autorun_disable.reg
[2012/06/07 20:41:39 | 000,044,184 | ---- | C] () -- C:\WINDOWS\System32\drivers\fsbts.sys
[2012/06/07 20:30:40 | 000,102,085 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\1339093751.bdinstall.bin
[2012/06/07 20:30:22 | 000,000,742 | ---- | C] () -- C:\Documents and Settings\Plein Ciel\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2012/06/07 20:30:22 | 000,000,730 | ---- | C] () -- C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Mozilla Firefox.lnk
[2012/06/07 20:28:24 | 000,238,064 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\1009888542.bdinstall.bin
[2012/06/07 20:27:16 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_avchv_01009.Wdf
[2012/06/07 20:27:15 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\drivers\MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf
[2012/06/05 16:08:49 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/05/19 11:48:50 | 000,061,440 | ---- | C] () -- C:\Documents and Settings\Plein Ciel\Mes documents\locked-etiquettes écrivains voyageurs 2.pub.eglh
[2012/05/19 11:45:27 | 000,052,736 | ---- | C] () -- C:\Documents and Settings\Plein Ciel\Mes documents\locked-etiquettes écrivains voyageurs.pub.rpbe
[2012/05/12 19:19:16 | 001,505,880 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2012/05/10 16:53:58 | 000,064,512 | ---- | C] () -- C:\Documents and Settings\Plein Ciel\Mes documents\locked-etiquettes the queen 2.pub.dacr
[2012/05/10 16:51:36 | 000,058,368 | ---- | C] () -- C:\Documents and Settings\Plein Ciel\Mes documents\locked-etiquettes the queen.pub.nsto
[2012/02/16 08:45:30 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012/01/07 10:56:50 | 000,000,112 | ---- | C] () -- C:\WINDOWS\ActiveSkin.INI
[2011/12/23 21:58:28 | 000,030,568 | ---- | C] () -- C:\WINDOWS\MusiccityDownload.exe
[2011/12/23 21:58:24 | 000,974,848 | ---- | C] () -- C:\WINDOWS\System32\cis-2.4.dll
[2011/12/23 21:58:24 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\issacapi_bs-2.3.dll
[2011/12/23 21:58:24 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\issacapi_pe-2.3.dll
[2011/12/23 21:58:24 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\issacapi_se-2.3.dll
[2011/09/08 13:59:47 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\qttask.exe
[color=#E56717]========== LOP Check ==========/color
[2012/06/07 20:27:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BDLogging
[2010/04/14 17:56:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Canneverbe Limited
[2010/07/23 12:07:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CanonBJ
[2010/10/14 11:15:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJ
[2010/07/29 14:39:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJEGV
[2010/12/14 11:45:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJMyPrinter
[2010/07/29 14:34:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJScan
[2012/06/07 20:41:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\f-secure
[2012/06/07 20:53:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\fssg
[2010/04/16 15:14:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Infineon
[2010/04/14 16:54:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ma-config.com
[2012/01/03 17:45:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Samsung
[2010/04/13 11:34:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Temp
[2002/01/01 14:10:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Plein Ciel\Application Data\Auslogics
[2010/04/14 17:56:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Plein Ciel\Application Data\Canneverbe Limited
[2010/07
J'ai récupéré un pc infecté par le virus "gendarmerie nationale".
-Au début il ne bootait même pas, enfin il bootait en boucle que se soit en mode normal, sans echec, ligne de com,... j'ai du utiliser HBCD pour réparer le disque dur, il a ensuite démarré mais toujours bloqué par le virus.
-Je suis passé par le live CD de kaspersky pour "tout" désinfecté (plus de 3000 menaces Oo).
-A partir de là le pc démarré, plus de virus mais tous les fichiers sont "locked-", gestionnaire de taches+regedit+msconfig,... sont absents. J'ai essayé l'utilitaire de kaspersky pour décrypter les fichier mais il demande un fichier non crypté et malheureusement je n'entrouvre pas...
J'ai fait des scans avec OTL, USBfix, GMER, Roguekiller je les mets en pièces jointes.
Sinon pour créer les live usb et faire des transfères j'ai utilisé une clef usb et un autre pc, dois-je faire quelque chose pour désinfecter l'autre pc? Il n'a pas l'air infecté.
Rapport USBfix
############################## | UsbFix V 7.088 | [Suppression] Utilisateur: Plein Ciel (Administrateur) # PLEIN-A8CEBD639 Mis à jour le 16/05/2012 par El Desaparecido Lancé à 21:40:16 | 07/06/2012 Site Web: https://www.sosvirus.net/ Forum: http://forum.eldesaparecido.com Fichier suspect ? : http://eldesaparecido.com/upload.php Contact: contact@eldesaparecido.com PC: System manufacturer (System Product Name) (X86-based PC) # Desktop Computer CPU: AMD Athlon(tm) II X2 250 Processor (3013) RAM -> [ Total : 1791 | Free : 1002 ] BIOS: BIOS Date: 12/07/09 10:09:40 Ver: 08.00.14 BOOT: Normal boot OS: Microsoft Windows XP Édition familiale (5.1.2600 32-Bit) # Service Pack 3 WB: Windows Internet Explorer 8.0.6001.18702 SC: Security Center Service [ Enabled ] WU: Windows Update Service [ Enabled ] FW: Windows FireWall Service [ Enabled ] C:\ (%systemdrive%) -> Disque fixe # 40 Go (20 Go libre(s) - 50%) [] # NTFS D:\ -> Disque fixe # 109 Go (105 Go libre(s) - 96%) [data] # NTFS E:\ -> CD-ROM F:\ -> Disque amovible # 4 Go (3 Go libre(s) - 86%) [BUBBLE GUM] # FAT32 G:\ -> Disque amovible # 4 Go (3 Go libre(s) - 81%) [C3P-O] # FAT32 ################## | Processus Actif | C:\WINDOWS\System32\smss.exe (584) C:\WINDOWS\system32\winlogon.exe (656) C:\WINDOWS\system32\services.exe (700) C:\WINDOWS\system32\lsass.exe (712) C:\WINDOWS\system32\nvsvc32.exe (880) C:\WINDOWS\system32\svchost.exe (912) C:\WINDOWS\System32\svchost.exe (1056) C:\WINDOWS\system32\svchost.exe (1096) C:\WINDOWS\system32\spoolsv.exe (1468) C:\WINDOWS\Explorer.EXE (1752) C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe (2008) C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe (2044) C:\Program Files\F-Secure\Common\FSM32.EXE (128) C:\Program Files\F-Secure\Common\FSMA32.EXE (176) C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe (212) C:\Program Files\Java\jre6\bin\jqs.exe (256) C:\Program Files\CDBurnerXP\NMSAccessU.exe (304) C:\WINDOWS\system32\svchost.exe (404) C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe (1280) C:\Program Files\Google\Update\GoogleUpdate.exe (2492) C:\Program Files\F-Secure\Anti-Virus\FSGK32.EXE (2752) C:\Program Files\F-Secure\Anti-Virus\fssm32.exe (1780) C:\WINDOWS\system32\wuauclt.exe (508) C:\Program Files\Mozilla Firefox\firefox.exe (3512) C:\Program Files\Mozilla Firefox\plugin-container.exe (168) C:\WINDOWS\system32\wuauclt.exe (3292) C:\UsbFix\Go.exe (2904) ################## | Processus Stoppés | Stoppé! C:\WINDOWS\system32\nvsvc32.exe (880) Stoppé! C:\WINDOWS\system32\spoolsv.exe (1468) Stoppé! C:\WINDOWS\Explorer.EXE (1752) Stoppé! C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe (2008) Stoppé! C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe (2044) Stoppé! C:\Program Files\F-Secure\Common\FSMA32.EXE (176) Stoppé! C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe (212) Stoppé! C:\Program Files\Java\jre6\bin\jqs.exe (256) Stoppé! C:\Program Files\CDBurnerXP\NMSAccessU.exe (304) Stoppé! C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe (1280) Stoppé! C:\Program Files\Google\Update\GoogleUpdate.exe (2492) Stoppé! C:\Program Files\F-Secure\Anti-Virus\FSGK32.EXE (2752) Stoppé! C:\Program Files\F-Secure\Anti-Virus\fssm32.exe (1780) Stoppé! C:\WINDOWS\system32\wuauclt.exe (508) Stoppé! C:\Program Files\Mozilla Firefox\firefox.exe (3512) Stoppé! C:\Program Files\Mozilla Firefox\plugin-container.exe (168) Stoppé! C:\WINDOWS\system32\wuauclt.exe (3292) Stoppé! C:\Program Files\F-Secure\Common\FSLAUNCH.EXE (2708) ################## | Éléments infectieux | Supprimé! C:\DOCUME~1\PLEINC~1\LOCALS~1\Temp\preconfig.exe Supprimé! C:\Documents and Settings\Plein Ciel\Application Data\Temp Supprimé! C:\WINDOWS\regedit.com Supprimé! C:\Recycler\S-1-5-21-1606980848-1563985344-854245398-1004 Supprimé! D:\Recycler\S-1-5-21-1606980848-1563985344-854245398-1004 Supprimé! D:\Recycler\S-1-5-21-725345543-796845957-1417001333-1004 Supprimé! G:\autorun.inf (!) Fichiers temporaires supprimés. ################## | Registre | Supprimé! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe Supprimé! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\regedit.exe Supprimé! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe Supprimé! HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System|DisableRegedit Supprimé! HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System|DisableRegedit ################## | Mountpoints2 | Supprimé! HKCU\.\.\.\.\Explorer\MountPoints2\{05b3b5a8-4964-11df-970a-806d6172696f} ################## | Listing | [13/04/2010 - 09:43:31 | N | 0] C:\AUTOEXEC.BAT [07/06/2012 - 20:29:23 | N | 1012] C:\bdlog.txt [16/04/2010 - 15:09:35 | N | 228] C:\boot.ini [14/04/2008 - 14:00:00 | N | 4952] C:\Bootfont.bin [18/08/2010 - 10:18:22 | D ] C:\c3d5df414f55da3ec116dc8c [13/04/2010 - 09:43:31 | N | 0] C:\CONFIG.SYS [13/04/2010 - 09:57:45 | D ] C:\Documents and Settings [07/06/2012 - 20:42:40 | ASH | 1878167552] C:\hiberfil.sys [13/04/2010 - 09:43:31 | N | 0] C:\IO.SYS [05/06/2012 - 15:57:44 | N | 9615] C:\locked-chewystewy.zip.hprc [05/06/2012 - 16:01:44 | N | 1222] C:\locked-INSTALL.LOG.pgcl [05/06/2012 - 16:01:44 | N | 245760] C:\locked-Mag_Coffrets-070410.exe.yrpr [05/06/2012 - 16:02:13 | N | 2004] C:\locked-RHDSetup.log.ifjr [05/06/2012 - 16:02:21 | N | 162304] C:\locked-UNWISE.EXE.jgmi [05/06/2012 - 16:01:44 | D ] C:\Mag_Coffrets [13/04/2010 - 09:43:31 | N | 0] C:\MSDOS.SYS [07/06/2012 - 20:32:37 | RHD ] C:\MSOCache [14/04/2008 - 14:00:00 | N | 47564] C:\NTDETECT.COM [14/04/2008 - 14:00:00 | N | 252240] C:\ntldr [07/06/2012 - 20:42:39 | ASH | 2145386496] C:\pagefile.sys [07/06/2012 - 20:40:52 | D ] C:\Program Files [07/06/2012 - 21:37:49 | N | 2822] C:\RannohDecryptor.1.1.0.0_07.06.2012_21.25.43_log.txt [07/06/2012 - 21:40:56 | SHD ] C:\RECYCLER [03/06/2010 - 16:48:54 | D ] C:\Softwarenetz [05/06/2012 - 16:08:57 | SHD ] C:\System Volume Information [03/01/2012 - 17:56:08 | D ] C:\Temp [05/06/2012 - 16:02:17 | D ] C:\TransfertFTP [07/06/2012 - 21:40:56 | D ] C:\UsbFix [07/06/2012 - 21:41:59 | A | 4702] C:\UsbFix.txt [05/06/2012 - 16:02:21 | D ] C:\Wallpaper [07/06/2012 - 21:40:54 | D ] C:\WINDOWS [05/06/2012 - 15:58:33 | D ] D:\Autobackup - Standard - 12-04-2010 [05/06/2012 - 15:58:43 | D ] D:\autobackup-win [06/06/2012 - 10:02:43 | D ] D:\c1157bc8be03447c5ee8 [10/07/2009 - 13:01:00 | D ] D:\Documents and Settings [05/06/2012 - 15:59:56 | D ] D:\electre [06/06/2012 - 22:43:25 | D ] D:\Kaspersky Rescue Disk 10.0 [08/08/2009 - 11:38:57 | N | 1293] D:\Raccourci vers Catherine.lnk [07/06/2012 - 21:40:56 | SHD ] D:\RECYCLER [05/06/2012 - 16:43:04 | SHD ] D:\System Volume Information [07/06/2012 - 20:13:12 | D ] F:\Microsoft Office 2007 [07/06/2012 - 20:27:00 | N | 250] F:\autorun_disable.reg [07/06/2012 - 20:28:50 | N | 2082630] F:\MyDefrag-v4.3.1.exe [06/06/2012 - 23:55:48 | D ] G:\[BOOT] [07/12/2011 - 12:20:52 | D ] G:\HBCD [07/12/2011 - 13:42:16 | N | 3625] G:\changes.txt [07/12/2011 - 13:42:16 | N | 35750] G:\DefaultKeyboardPatch.zip [07/12/2011 - 13:42:16 | N | 272799] G:\grldr [07/12/2011 - 13:42:16 | N | 46942] G:\HBCD.txt [07/12/2011 - 13:42:16 | N | 465] G:\HBCDMenu.cmd [07/12/2011 - 13:42:16 | N | 5411] G:\menu.lst [07/06/2012 - 17:37:46 | N | 232648464] G:\bitdefender-antivirus-plus-2012_bitdefender_antivirus_plus_2012_francais_35804.exe ################## | Vaccin | C:\Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido) D:\Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido) F:\Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido) G:\Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido) ################## | Upload | Veuillez envoyer le fichier: C:\UsbFix_Upload_Me_PLEIN-A8CEBD639.zip http://eldesaparecido.com/upload.php Merci de votre contribution. ################## | E.O.F |
Rapport Rogue Killer
RogueKiller V7.5.4 [07/06/2012] par Tigzy mail: tigzyRK<at>gmail<dot>com Remontees: https://www.luanagames.com/index.fr.html Blog: http://tigzyrk.blogspot.com Systeme d'exploitation: Windows XP (5.1.2600 Service Pack 3) 32 bits version Demarrage : Mode normal Utilisateur: Plein Ciel [Droits d'admin] Mode: Recherche -- Date: 07/06/2012 21:45:18 ¤¤¤ Processus malicieux: 0 ¤¤¤ ¤¤¤ Entrees de registre: 5 ¤¤¤ [HJ] HKCU\[...]\Advanced : Start_ShowRecentDocs (0) -> FOUND [HJ] HKCU\[...]\Advanced : Start_ShowHelp (0) -> FOUND [HJ] HKCU\[...]\Advanced : Start_ShowPrinters (0) -> FOUND [HJ] HKCU\[...]\Advanced : Start_ShowSetProgramAccessAndDefaults (0) -> FOUND [HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND ¤¤¤ Fichiers / Dossiers particuliers: ¤¤¤ ¤¤¤ Driver: [CHARGE] ¤¤¤ ¤¤¤ Infection : ¤¤¤ ¤¤¤ Fichier HOSTS: ¤¤¤ 127.0.0.1 localhost ¤¤¤ MBR Verif: ¤¤¤ +++++ PhysicalDrive0: +++++ --- User --- [MBR] 8e334ae67421899b16932935052932fb [BSP] 3215ba1b83e2d2468f1c5d00b3562496 : Windows XP MBR Code Partition table: 0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 40954 Mo 1 - [XXXXXX] EXTEN (0x05) [VISIBLE] Offset (sectors): 83875365 | Size: 111670 Mo User = LL1 ... OK! User = LL2 ... OK! +++++ PhysicalDrive1: Generic Flash Disk USB Device +++++ --- User --- [MBR] f481a9f5281a973660265cadd5607292 [BSP] a32bd0d0bfcc9e1e8beb5747926af13e : MBR Code unknown Partition table: 0 - [ACTIVE] FAT32 (0x0b) [VISIBLE] Offset (sectors): 63 | Size: 3938 Mo User = LL1 ... OK! Error reading LL2 MBR! +++++ PhysicalDrive2: MIMOBOT USB Device +++++ --- User --- [MBR] c21f33c059ab6a065fab7b056f663a6b [BSP] f9940f9b37c54a891ac90bd562cb36d6 : MBR Code unknown Partition table: 0 - [XXXXXX] FAT32-LBA (0x0c) [VISIBLE] Offset (sectors): 63 | Size: 3863 Mo User = LL1 ... OK! Error reading LL2 MBR! Termine : << RKreport[1].txt >> RKreport[1].txt
Rapport OTL
<code>OTL logfile created on: 07/06/2012 22:05:25 - Run 1
OTL by OldTimer - Version 3.2.46.2 Folder = C:\Documents and Settings\Plein Ciel\Mes documents\Téléchargements
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy
1,75 Gb Total Physical Memory | 1,02 Gb Available Physical Memory | 58,16% Memory free
3,60 Gb Paging File | 2,99 Gb Available in Paging File | 83,07% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 39,99 Gb Total Space | 20,96 Gb Free Space | 52,40% Space Free | Partition Type: NTFS
Drive D: | 109,05 Gb Total Space | 104,99 Gb Free Space | 96,27% Space Free | Partition Type: NTFS
Drive F: | 3,84 Gb Total Space | 3,30 Gb Free Space | 85,99% Space Free | Partition Type: FAT32
Drive G: | 3,77 Gb Total Space | 3,06 Gb Free Space | 81,26% Space Free | Partition Type: FAT32
Computer Name: PLEIN-A8CEBD639 | User Name: Plein Ciel | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
[color=#E56717]========== Processes (SafeList) ==========/color
PRC - [2012/06/07 22:04:27 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Plein Ciel\Mes documents\Téléchargements\OTL.exe
PRC - [2012/06/07 20:44:36 | 000,488,104 | ---- | M] (F-Secure Corporation) -- C:\Program Files\F-Secure\Anti-Virus\fsav32.exe
PRC - [2012/06/07 20:43:57 | 001,028,776 | ---- | M] (F-Secure Corporation) -- C:\Program Files\F-Secure\Anti-Virus\fssm32.exe
PRC - [2012/06/07 20:43:57 | 000,561,832 | ---- | M] (F-Secure Corporation) -- C:\Program Files\F-Secure\Anti-Virus\fsgk32.exe
PRC - [2012/06/07 20:43:26 | 000,061,088 | ---- | M] (F-Secure Corporation) -- C:\Program Files\F-Secure\ORSP Client\fsorsp.exe
PRC - [2012/06/01 17:37:13 | 000,913,888 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/04/04 15:56:38 | 000,462,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2010/03/04 22:38:00 | 000,071,096 | ---- | M] () -- C:\Program Files\CDBurnerXP\NMSAccessU.exe
PRC - [2009/08/10 11:48:14 | 000,199,264 | ---- | M] (F-Secure Corporation) -- C:\Program Files\F-Secure\Common\FSM32.EXE
PRC - [2009/08/10 11:48:14 | 000,186,976 | ---- | M] (F-Secure Corporation) -- C:\Program Files\F-Secure\Common\FSMA32.EXE
PRC - [2009/08/10 11:48:12 | 000,088,672 | ---- | M] (F-Secure Corporation) -- C:\Program Files\F-Secure\Common\FSHDLL32.EXE
PRC - [2009/08/10 11:47:10 | 000,522,848 | ---- | M] (F-Secure Corporation) -- C:\Program Files\F-Secure\FWES\program\fsdfwd.exe
PRC - [2009/08/10 11:46:10 | 000,219,744 | ---- | M] (F-Secure Corporation) -- C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
PRC - [2009/07/23 17:23:56 | 000,178,720 | ---- | M] () -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
PRC - [2009/07/23 17:23:54 | 000,387,616 | ---- | M] () -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
PRC - [2008/04/14 14:00:00 | 001,037,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/12/11 20:19:44 | 000,065,536 | ---- | M] (France Telecom SA) -- C:\Program Files\Fichiers communs\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
[color=#E56717]========== Modules (No Company Name) ==========/color
MOD - [2012/06/07 20:44:29 | 000,030,888 | ---- | M] () -- C:\Program Files\F-Secure\Anti-Virus\minifilter\hashlib_x86.dll
MOD - [2012/06/07 20:43:57 | 000,768,712 | ---- | M] () -- C:\Program Files\F-Secure\Anti-Virus\fm4av.dll
MOD - [2012/06/01 17:37:31 | 002,042,848 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2010/03/04 22:38:00 | 000,071,096 | ---- | M] () -- C:\Program Files\CDBurnerXP\NMSAccessU.exe
MOD - [2010/01/27 03:07:32 | 003,884,312 | ---- | M] () -- C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
MOD - [2009/08/10 11:48:02 | 000,236,128 | ---- | M] () -- \\?\c:\program files\f-secure\hips\fsumi.dll
MOD - [2009/08/10 11:48:00 | 000,330,336 | ---- | M] () -- \\?\c:\program files\f-secure\hips\fshook32.dll
MOD - [2009/08/10 11:46:48 | 000,081,920 | ---- | M] () -- C:\Program Files\F-Secure\FSGUI\strres.eng
MOD - [2009/08/10 11:46:36 | 000,920,160 | ---- | M] () -- C:\Program Files\F-Secure\FSGUI\gres.dll
MOD - [2009/08/10 11:46:30 | 000,045,056 | ---- | M] () -- C:\Program Files\F-Secure\FSGUI\fsavures.eng
MOD - [2009/08/10 11:46:24 | 000,838,240 | ---- | M] () -- C:\Program Files\F-Secure\FSGUI\about.dll
MOD - [2009/08/10 11:46:24 | 000,088,672 | ---- | M] () -- C:\Program Files\F-Secure\FSGUI\aboutres.dll
MOD - [2009/08/10 11:46:10 | 000,036,864 | ---- | M] () -- C:\Program Files\F-Secure\Anti-Virus\fsavhres.eng
MOD - [2009/07/23 17:23:56 | 000,178,720 | ---- | M] () -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
MOD - [2009/07/23 17:23:54 | 000,387,616 | ---- | M] () -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
MOD - [2009/07/23 17:23:48 | 000,436,768 | ---- | M] () -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\SpecialCase.dll
MOD - [2009/07/23 17:23:08 | 000,068,128 | ---- | M] () -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nv_common.dll
[color=#E56717]========== Win32 Services (SafeList) ==========/color
SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt)
SRV - [2012/06/07 20:43:26 | 000,061,088 | ---- | M] (F-Secure Corporation) [On_Demand | Running] -- C:\Program Files\F-Secure\ORSP Client\fsorsp.exe -- (FSORSPClient)
SRV - [2012/06/01 17:37:22 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2010/04/03 09:52:46 | 000,243,056 | ---- | M] (CybelSoft) [On_Demand | Stopped] -- C:\Program Files\ma-config.com\maconfservice.exe -- (maconfservice)
SRV - [2010/03/04 22:38:00 | 000,071,096 | ---- | M] () [Auto | Running] -- C:\Program Files\CDBurnerXP\NMSAccessU.exe -- (NMSAccess)
SRV - [2009/08/10 11:48:14 | 000,186,976 | ---- | M] (F-Secure Corporation) [Auto | Running] -- C:\Program Files\F-Secure\Common\FSMA32.EXE -- (FSMA)
SRV - [2009/08/10 11:47:10 | 000,522,848 | ---- | M] (F-Secure Corporation) [On_Demand | Running] -- C:\Program Files\F-Secure\FWES\program\fsdfwd.exe -- (FSDFWD)
SRV - [2009/08/10 11:46:10 | 000,219,744 | ---- | M] (F-Secure Corporation) [Auto | Running] -- C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe -- (F-Secure Gatekeeper Handler Starter)
SRV - [2009/07/23 17:23:56 | 000,178,720 | ---- | M] () [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe -- (nSvcIp)
SRV - [2009/07/23 17:23:54 | 000,387,616 | ---- | M] () [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe -- (ForceWare Intelligent Application Manager (IAM)) ForceWare Intelligent Application Manager (IAM)
SRV - [2008/12/23 15:52:44 | 000,132,096 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing)
SRV - [2008/04/14 14:00:00 | 000,114,176 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\netdde.exe -- (NetDDEdsdm)
SRV - [2008/04/14 14:00:00 | 000,114,176 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\netdde.exe -- (NetDDE)
SRV - [2008/04/14 14:00:00 | 000,053,248 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\mprdim.dll -- (RemoteAccess)
SRV - [2008/04/14 14:00:00 | 000,033,792 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\msgsvc.dll -- (Messenger)
SRV - [2008/04/14 14:00:00 | 000,033,280 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\clipsrv.exe -- (ClipSrv)
SRV - [2008/04/14 14:00:00 | 000,017,408 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\alrsvc.dll -- (Alerter)
SRV - [2007/12/11 20:19:44 | 000,065,536 | ---- | M] (France Telecom SA) [Auto | Running] -- C:\Program Files\Fichiers communs\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe -- (FTRTSVC)
SRV - [2006/10/26 19:49:34 | 000,441,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2006/10/26 14:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
[color=#E56717]========== Driver Services (SafeList) ==========/color
DRV - File not found [Kernel | On_Demand | Stopped] -- E:\DRIVER\Audio\winio.sys -- (WINIO)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | Boot | Stopped] -- system32\DRIVERS\viaagp1.sys -- (viaagp1)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\RTL8139.SYS -- (rtl8139) Pilote NT de carte Realtek PCI Fast Ethernet à base RTL8139(A/B/C)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - [2012/06/07 20:46:49 | 000,044,184 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\fsbts.sys -- (fsbts)
DRV - [2012/06/07 20:44:29 | 000,149,672 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Program Files\F-Secure\Anti-Virus\minifilter\fsgk.sys -- (F-Secure Gatekeeper)
DRV - [2012/04/04 15:56:40 | 000,022,344 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011/12/23 21:58:18 | 000,020,032 | ---- | M] (Devguru Co., Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\dgderdrv.sys -- (dgderdrv)
DRV - [2011/12/08 06:22:26 | 000,136,808 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssadmdm.sys -- (ssadmdm)
DRV - [2011/12/08 06:22:26 | 000,121,064 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssadbus.sys -- (ssadbus) SAMSUNG Android USB Composite Device driver (WDM)
DRV - [2011/12/08 06:22:26 | 000,114,280 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssadserd.sys -- (ssadserd) SAMSUNG Android USB Diagnostic Serial Port (WDM)
DRV - [2011/12/08 06:22:26 | 000,030,312 | ---- | M] (Google Inc) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssadadb.sys -- (androidusb)
DRV - [2011/12/08 06:22:26 | 000,012,776 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssadmdfl.sys -- (ssadmdfl) SAMSUNG Android USB Modem (Filter)
DRV - [2010/04/03 10:16:34 | 000,014,336 | ---- | M] (CybelSoft) [Kernel | On_Demand | Stopped] -- C:\Program Files\ma-config.com\Drivers\driverhardwarev2.sys -- (driverhardwarev2)
DRV - [2009/11/12 13:48:56 | 000,007,168 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\StarOpen.sys -- (StarOpen)
DRV - [2009/08/18 11:32:00 | 005,884,416 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2009/08/10 11:48:02 | 000,068,064 | ---- | M] (F-Secure Corporation) [Kernel | System | Running] -- C:\Program Files\F-Secure\HIPS\drivers\fshs.sys -- (F-Secure HIPS)
DRV - [2009/08/10 11:47:10 | 000,080,000 | ---- | M] (F-Secure Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\fsdfw.sys -- (FSFW)
DRV - [2009/08/10 11:46:12 | 000,039,776 | ---- | M] () [Kernel | Disabled | Stopped] -- C:\Program Files\F-Secure\Anti-Virus\win2k\fsfilter.sys -- (F-Secure Filter)
DRV - [2009/08/10 11:46:12 | 000,025,184 | ---- | M] () [Kernel | Disabled | Stopped] -- C:\Program Files\F-Secure\Anti-Virus\win2k\fsrec.sys -- (F-Secure Recognizer)
DRV - [2009/07/01 05:53:34 | 000,013,824 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2009/07/01 05:53:30 | 000,066,688 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
DRV - [2009/06/30 11:31:00 | 000,164,896 | R--- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\nvgts.sys -- (nvgts)
DRV - [2008/08/05 14:10:12 | 001,684,736 | ---- | M] (Creative) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Ambfilt.sys -- (Ambfilt)
DRV - [2008/04/14 14:00:00 | 000,800,256 | ---- | M] (Microsoft Corp., Veritas Software) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\dmboot.sys -- (dmboot)
DRV - [2008/04/14 14:00:00 | 000,154,496 | ---- | M] (Microsoft Corp., Veritas Software) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\dmio.sys -- (dmio)
DRV - [2008/04/14 14:00:00 | 000,120,576 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\pcmcia.sys -- (Pcmcia)
DRV - [2008/04/14 14:00:00 | 000,066,048 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\udfs.sys -- (Udfs)
DRV - [2008/04/14 14:00:00 | 000,013,952 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\cbidf2k.sys -- (cbidf2k)
DRV - [2008/04/14 14:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\acpiec.sys -- (ACPIEC)
DRV - [2008/04/14 14:00:00 | 000,005,888 | ---- | M] (Microsoft Corp., Veritas Software.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\dmload.sys -- (dmload)
DRV - [2008/04/13 20:55:34 | 000,701,440 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2007/12/18 04:46:34 | 000,044,800 | R--- | M] (Infineon Technologies AG) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ifxtpm.sys -- (IFXTPM)
DRV - [2007/04/16 16:46:34 | 000,033,792 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdPPM.sys -- (AmdPPM)
DRV - [2006/03/01 18:53:54 | 000,032,128 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\pcandis5.sys -- (PCANDIS5)
DRV - [2006/01/04 09:41:48 | 001,389,056 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Monfilt.sys -- (Monfilt)
DRV - [2004/08/13 04:56:20 | 000,005,810 | R--- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ASACPI.sys -- (MTsensor)
DRV - [2003/09/23 10:38:34 | 000,034,688 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\pcampr5.sys -- (PCAMPR5)
DRV - [2003/04/24 17:48:02 | 000,730,092 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
DRV - [2002/03/15 02:17:00 | 002,022,591 | R--- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\IntelC51.sys -- (IntelC51)
DRV - [2002/03/15 02:17:00 | 000,426,542 | R--- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\IntelC52.sys -- (IntelC52) Intel(R)
DRV - [2002/03/15 02:17:00 | 000,015,359 | R--- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\IntelC53.sys -- (IntelC53)
[color=#E56717]========== Standard Registry (SafeList) ==========/color
[color=#E56717]========== Internet Explorer ==========/color
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search bar = http://www.bing.com/spresults.aspx
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Binary data over 100 bytes]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = https://www.bing.com/?scope=web&mkt=fr-FR{searchTerms}&src={referrer:source?}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
IE - HKCU\..\SearchScopes,DefaultScope = {ad7269a0-43f9-43e3-894b-3f34bcd3a64b}
IE - HKCU\..\SearchScopes\${searchCLSID}: "URL" = https://www.bing.com/?scope=web&mkt=fr-FR{searchTerms}&src={referrer:source?}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = https://www.bing.com/?scope=web&mkt=fr-FR{searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{ad7269a0-43f9-43e3-894b-3f34bcd3a64b}: "URL" = https://www.hugedomains.com/domain_profile.cfm?d=iadah&e=com{searchTerms}
IE - HKCU\..\SearchScopes\{F81F00CB-E7A6-498F-A3F8-D145161C11C3}: "URL" = https://www.google.com/webhp?hl=en&gws_rd=ssl{searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
[color=#E56717]========== FireFox ==========/color
FF - user.js - File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL File not found
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@ma-config.com/HardwareDetection: C:\Program Files\ma-config.com\nphardwaredetection.dll (Cybelsoft)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.450: C:\Program Files\Real Alternative\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.448: C:\Program Files\Real Alternative\browser\plugins\nprpjplug.dll File not found
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/06/07 20:30:19 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\bdThunderbird@bitdefender.com: C:\Program Files\Bitdefender\Bitdefender 2012\bdtbext\
[2012/06/07 20:32:51 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Plein Ciel\Application Data\Mozilla\Extensions
[2012/06/07 20:30:19 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/06/01 17:38:43 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/06/01 20:15:03 | 000,001,516 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-france.xml
[2012/06/01 20:15:03 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/06/01 20:15:03 | 000,001,822 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\cnrtl-tlfi-fr.xml
[2012/06/01 20:15:03 | 000,001,154 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-france.xml
[2012/06/01 20:15:03 | 000,001,426 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-fr.xml
[2012/06/01 20:15:03 | 000,000,956 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-france.xml
O1 HOSTS File: ([2012/06/07 21:46:03 | 000,000,782 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O4 - HKLM..\Run: [F-Secure Manager] C:\Program Files\F-Secure\Common\FSM32.EXE (F-Secure Corporation)
O4 - HKLM..\Run: [F-Secure TNB] C:\Program Files\F-Secure\FSGUI\TNBUtil.exe (F-Secure Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 3
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000 File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\F-Secure\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\F-Secure\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\F-Secure\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Program Files\F-Secure\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O15 - HKCU\..Trusted Domains: mappy.com ([]http in Sites de confiance)
O15 - HKCU\..Trusted Domains: orange.fr ([]http in Sites de confiance)
O15 - HKCU\..Trusted Domains: voila.fr ([rw.search.ke] http in Sites de confiance)
O15 - HKCU\..Trusted Domains: weborama.fr ([orange] http in Sites de confiance)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1271424794531 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1271160955971 (MUWebControl Class)
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} http://fichiers.touslesdrivers.com/maconfig/MaConfig_4_0_2_0.cab (Ma-Config control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{98368638-ED9E-4078-9D72-30977479A2AE}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E4677CBF-B114-4F57-A4A4-45821D6B1B11}: DhcpNameServer = 192.168.1.1 192.168.1.1
O18 - Protocol\Handler\ipp\0x00000001 - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Fichiers communs\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\Userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop Components:0 (Ma page d'accueil) - About:Home
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Colline verdoyante.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Colline verdoyante.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/04/13 09:43:31 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2012/06/07 21:42:01 | 000,000,000 | R-SD | M] - C:\Autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2012/06/05 15:58:33 | 000,000,000 | ---D | M] - D:\Autobackup - Standard - 12-04-2010 -- [ NTFS ]
O32 - AutoRun File - [2012/06/05 15:58:43 | 000,000,000 | ---D | M] - D:\autobackup-win -- [ NTFS ]
O32 - AutoRun File - [2012/06/07 21:42:01 | 000,000,000 | R-SD | M] - D:\Autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2012/06/07 20:27:00 | 000,000,250 | ---- | M] () - F:\autorun_disable.reg -- [ FAT32 ]
O32 - AutoRun File - [2012/06/07 21:42:02 | 000,000,000 | R-SD | M] - F:\Autorun.inf -- [ FAT32 ]
O32 - AutoRun File - [2012/06/07 21:42:04 | 000,000,000 | R-SD | M] - G:\Autorun.inf -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
NetSvcs: 6to4 - File not found
NetSvcs: AppMgmt - %SystemRoot%\System32\appmgmts.dll File not found
NetSvcs: HidServ - %SystemRoot%\System32\hidserv.dll File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
[color=#E56717]========== Files/Folders - Created Within 30 Days ==========/color
[2012/06/07 21:57:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Plein Ciel\Application Data\Malwarebytes
[2012/06/07 21:57:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Malwarebytes' Anti-Malware
[2012/06/07 21:57:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2012/06/07 21:57:12 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012/06/07 21:57:11 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/06/07 21:49:23 | 000,000,000 | ---D | C] -- C:\Program Files\trend micro
[2012/06/07 21:49:23 | 000,000,000 | ---D | C] -- C:\rsit
[2012/06/07 21:44:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Plein Ciel\Bureau\RK_Quarantine
[2012/06/07 21:42:01 | 000,000,000 | R-SD | C] -- C:\Autorun.inf
[2012/06/07 21:39:47 | 000,000,000 | ---D | C] -- C:\UsbFix
[2012/06/07 20:53:44 | 000,153,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\regedit.exe
[2012/06/07 20:43:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Démarrer\Programmes\F-Secure Anti-Virus 2010
[2012/06/07 20:41:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\F-Secure
[2012/06/07 20:41:24 | 000,080,000 | ---- | C] (F-Secure Corporation) -- C:\WINDOWS\System32\drivers\fsdfw.sys
[2012/06/07 20:40:52 | 000,000,000 | ---D | C] -- C:\Program Files\F-Secure
[2012/06/07 20:38:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\fssg
[2012/06/07 20:38:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\f-secure
[2012/06/07 20:36:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Microsoft Office
[2012/06/07 20:36:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Plein Ciel\Mes documents\Téléchargements
[2012/06/07 20:35:59 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Works
[2012/06/07 20:35:45 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio
[2012/06/07 20:35:45 | 000,000,000 | ---D | C] -- C:\Program Files\Fichiers communs\DESIGNER
[2012/06/07 20:35:15 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft.NET
[2012/06/07 20:33:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\SHELLNEW
[2012/06/07 20:33:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Plein Ciel\Local Settings\Application Data\Microsoft Help
[2012/06/07 20:32:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Microsoft Help
[2012/06/07 20:32:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Plein Ciel\Local Settings\Application Data\Mozilla
[2012/06/07 20:32:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Plein Ciel\Application Data\Mozilla
[2012/06/07 20:32:37 | 000,000,000 | R--D | C] -- C:\MSOCache
[2012/06/07 20:31:46 | 001,061,888 | ---- | C] (J.C. Kessels) -- C:\WINDOWS\System32\MyDefragScreenSaver_v4.3.1.exe
[2012/06/07 20:31:46 | 000,475,648 | ---- | C] (J.C. Kessels) -- C:\WINDOWS\System32\MyDefragScreenSaver_v4.3.1.scr
[2012/06/07 20:31:46 | 000,000,000 | ---D | C] -- C:\Program Files\MyDefrag v4.3.1
[2012/06/07 20:31:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Démarrer\Programmes\MyDefrag v4.3.1
[2012/06/07 20:30:40 | 000,000,000 | ---D | C] -- C:\Program Files\Bitdefender
[2012/06/07 20:30:20 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service
[2012/06/07 20:30:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Mozilla
[2012/06/07 20:30:17 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2012/06/07 20:27:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\BDLogging
[2012/06/07 20:27:13 | 000,016,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spmsgXP_2k3.dll
[2012/06/07 20:27:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Bureau
[2012/06/05 15:55:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Plein Ciel\Local Settings\Application Data\iyqlpksa
[2012/05/30 15:42:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Orange
[2012/05/30 15:37:55 | 000,000,000 | ---D | C] -- C:\Program Files\Securitoo
[2012/05/30 15:37:19 | 000,065,536 | ---- | C] (France Telecom SA) -- C:\WINDOWS\System32\Autodial2000.dll
[2012/05/30 15:37:17 | 000,094,208 | ---- | C] (Printing Communications Assoc., Inc. (PCAUSA)) -- C:\WINDOWS\System32\w32n50.dll
[2012/05/30 15:37:17 | 000,034,688 | ---- | C] (Printing Communications Assoc., Inc. (PCAUSA)) -- C:\WINDOWS\System32\pcampr5.sys
[2012/05/30 15:37:17 | 000,032,128 | ---- | C] (Printing Communications Assoc., Inc. (PCAUSA)) -- C:\WINDOWS\System32\pcandis5.sys
[2012/05/30 15:37:05 | 000,000,000 | ---D | C] -- C:\Program Files\OrangeHSS
[2012/05/30 15:33:49 | 000,000,000 | ---D | C] -- C:\Program Files\Fichiers communs\France Telecom
[2012/05/30 15:33:48 | 001,060,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MFC71.dll
[2012/05/30 15:33:48 | 000,089,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\atl71.dll
[color=#E56717]========== Files - Modified Within 30 Days ==========/color
[2012/06/07 22:00:00 | 000,001,064 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/06/07 21:53:19 | 000,236,466 | ---- | M] () -- C:\WINDOWS\System32\NvApps.xml
[2012/06/07 21:53:13 | 000,001,060 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/06/07 21:53:07 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/06/07 21:53:03 | 1878,167,552 | -HS- | M] () -- C:\hiberfil.sys
[2012/06/07 21:46:03 | 000,000,782 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2012/06/07 21:42:02 | 000,180,993 | ---- | M] () -- C:\UsbFix_Upload_Me_PLEIN-A8CEBD639.zip
[2012/06/07 20:46:49 | 000,044,184 | ---- | M] () -- C:\WINDOWS\System32\drivers\fsbts.sys
[2012/06/07 20:44:09 | 000,516,510 | ---- | M] () -- C:\WINDOWS\System32\perfh00C.dat
[2012/06/07 20:44:09 | 000,447,350 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/06/07 20:44:09 | 000,088,380 | ---- | M] () -- C:\WINDOWS\System32\perfc00C.dat
[2012/06/07 20:44:09 | 000,074,426 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/06/07 20:42:45 | 000,012,598 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/06/07 20:42:40 | 000,306,808 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/06/07 20:30:40 | 000,102,085 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\1339093751.bdinstall.bin
[2012/06/07 20:30:25 | 000,000,442 | ---- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{605A8D75-41A8-4CCF-BE97-8174A5F5C468}.job
[2012/06/07 20:30:22 | 000,000,742 | ---- | M] () -- C:\Documents and Settings\Plein Ciel\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2012/06/07 20:28:24 | 000,238,064 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\1009888542.bdinstall.bin
[2012/06/07 20:27:16 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_avchv_01009.Wdf
[2012/06/07 20:27:15 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf
[2012/06/07 20:27:00 | 000,000,250 | ---- | M] () -- C:\Documents and Settings\Plein Ciel\Bureau\autorun_disable.reg
[2012/06/05 16:02:21 | 000,162,304 | ---- | M] () -- C:\locked-UNWISE.EXE.jgmi
[2012/06/05 16:01:44 | 000,245,760 | ---- | M] () -- C:\locked-Mag_Coffrets-070410.exe.yrpr
[2012/06/05 16:01:44 | 000,015,428 | ---- | M] () -- C:\Documents and Settings\Plein Ciel\locked-RefEdit.exd.jxyi
[2012/06/05 16:01:43 | 000,192,512 | ---- | M] () -- C:\Documents and Settings\Plein Ciel\Mes documents\locked-étiiquette TOUR DE FRANCE.pub.vlkl
[2012/06/05 16:01:43 | 000,100,864 | ---- | M] () -- C:\Documents and Settings\Plein Ciel\Mes documents\locked-étiiquette musique.pub.hlqk
[2012/06/05 16:01:43 | 000,083,456 | ---- | M] () -- C:\Documents and Settings\Plein Ciel\Mes documents\locked-étiiquettejeunesse.pub.ikpw
[2012/06/05 16:01:43 | 000,065,536 | ---- | M] () -- C:\Documents and Settings\Plein Ciel\Mes documents\locked-étiiquette rennes.pub.smfu
[2012/06/05 16:01:43 | 000,061,952 | ---- | M] () -- C:\Documents and Settings\Plein Ciel\Mes documents\locked-étiquettes a la découverte.pub.ndph
[2012/06/05 16:01:42 | 000,197,120 | ---- | M] () -- C:\Documents and Settings\Plein Ciel\Mes documents\locked-étiiquette LOISIRS CREATIFS PAQUES.pub.sifp
[2012/06/05 16:01:42 | 000,146,432 | ---- | M] () -- C:\Documents and Settings\Plein Ciel\Mes documents\locked-étiiquette LOISIRS CREATIFS.pub.wdhp
[2012/06/05 16:01:42 | 000,117,760 | ---- | M] () -- C:\Documents and Settings\Plein Ciel\Mes documents\locked-étiiquette MARRIANE 2.pub.irjx
[2012/06/05 16:01:42 | 000,104,448 | ---- | M] () -- C:\Documents and Settings\Plein Ciel\Mes documents\locked-étiiquette MARRIANE.pub.ljxw
[2012/06/05 16:01:42 | 000,071,168 | ---- | M] () -- C:\Documents and Settings\Plein Ciel\Mes documents\locked-étiiquette fete des pères.pub.ndry
[2012/06/05 16:01:41 | 021,073,936 | ---- | M] () -- C:\Documents and Settings\Plein Ciel\Mes documents\locked-vlc-1.1.11-win32.exe.ylkr
[2012/06/05 16:01:41 | 019,657,194 | ---- | M] () -- C:\Documents and Settings\Plein Ciel\Mes documents\locked-vlc-1.1.4-win32.exe.rqxn
[2012/06/05 16:01:41 | 000,193,024 | ---- | M] () -- C:\Documents and Settings\Plein Ciel\Mes documents\locked-étiiquette cuisine.pub.guym
[2012/06/05 16:01:41 | 000,159,232 | ---- | M] () -- C:\Documents and Settings\Plein Ciel\Mes documents\locked-vitrine bd fantasy.pub.rmxl
[2012/06/05 16:01:41 | 000,036,864 | ---- | M] () -- C:\Documents and Settings\Plein Ciel\Mes documents\locked-texte gallimard.pub.rrlz
[2012/06/05 16:01:27 | 000,041,984 | ---- | M] () -- C:\Documents and Settings\Plein Ciel\Mes documents\locked-PORTE.pub.jvlc
[2012/06/05 16:01:26 | 000,173,568 | ---- | M] () -- C:\Documents and Settings\Plein Ciel\Mes documents\locked-PLANTE.pub.bfrq
[2012/06/05 16:00:01 | 000,225,792 | ---- | M] () -- C:\Documents and Settings\Plein Ciel\Mes documents\locked-heroic fantaisy.pub.sprp
[2012/06/05 16:00:01 | 000,049,664 | ---- | M] () -- C:\Documents and Settings\Plein Ciel\Mes documents\locked-interdiction de manger.pub.olpe
[2012/06/05 16:00:01 | 000,046,080 | ---- | M] () -- C:\Documents and Settings\Plein Ciel\Mes documents\locked-il a lu.pub.wrio
[2012/06/05 16:00:00 | 015,231,488 | ---- | M] () -- C:\Documents and Settings\Plein Ciel\Mes documents\locked-eragon t4.pub.pspx
[2012/06/05 16:00:00 | 000,097,792 | ---- | M] () -- C:\Documents and Settings\Plein Ciel\Mes documents\locked-ETIQUETTE ETE.pub.lxum
[2012/06/05 16:00:00 | 000,080,384 | ---- | M] () -- C:\Documents and Settings\Plein Ciel\Mes documents\locked-Etiquettes coup de coeur.pub.yimd
[2012/06/05 16:00:00 | 000,078,848 | ---- | M] () -- C:\Documents and Settings\Plein Ciel\Mes documents\locked-ETIQUETTE kangourou.pub.kytr
[2012/06/05 16:00:00 | 000,064,512 | ---- | M] () -- C:\Documents and Settings\Plein Ciel\Mes documents\locked-etiquettes the queen 2.pub.dacr
[2012/06/05 16:00:00 | 000,061,440 | ---- | M] () -- C:\Documents and Settings\Plein Ciel\Mes documents\locked-etiquettes écrivains voyageurs 2.pub.eglh
[2012/06/05 16:00:00 | 000,061,440 | ---- | M] () -- C:\Documents and Settings\Plein Ciel\Mes documents\locked-ETIQUETTE.pub.tzbx
[2012/06/05 16:00:00 | 000,061,440 | ---- | M] () -- C:\Documents and Settings\Plein Ciel\Mes documents\locked-ETIQUETTE oeufs 2.pub.nsom
[2012/06/05 16:00:00 | 000,060,928 | ---- | M] () -- C:\Documents and Settings\Plein Ciel\Mes documents\locked-ETIQUETTE SPORT.pub.ovzb
[2012/06/05 16:00:00 | 000,058,368 | ---- | M] () -- C:\Documents and Settings\Plein Ciel\Mes documents\locked-etiquettes the queen.pub.nsto
[2012/06/05 16:00:00 | 000,054,784 | ---- | M] () -- C:\Documents and Settings\Plein Ciel\Mes documents\locked-ETIQUETTE oeufs.pub.wfag
[2012/06/05 16:00:00 | 000,052,736 | ---- | M] () -- C:\Documents and Settings\Plein Ciel\Mes documents\locked-etiquettes écrivains voyageurs.pub.rpbe
[2012/06/05 16:00:00 | 000,039,424 | ---- | M] () -- C:\Documents and Settings\Plein Ciel\Mes documents\locked-fermeture 18 h 45.pub.brit
[2012/06/05 15:59:59 | 005,766,144 | ---- | M] () -- C:\Documents and Settings\Plein Ciel\Mes documents\locked-ERAGON T4 2.pub.izdj
[2012/06/05 15:59:59 | 000,046,080 | ---- | M] () -- C:\Documents and Settings\Plein Ciel\Mes documents\locked-elle a lu.pub.exim
[2012/06/05 15:59:57 | 001,177,600 | ---- | M] () -- C:\Documents and Settings\Plein Ciel\Mes documents\locked-coup de coeur.pub.yrmh
[2012/06/05 15:59:57 | 000,284,160 | ---- | M] () -- C:\Documents and Settings\Plein Ciel\Mes documents\locked-COUP DE COEUR X 4 poche.pub.fmvp
[2012/06/05 15:59:57 | 000,274,944 | ---- | M] () -- C:\Documents and Settings\Plein Ciel\Mes documents\locked-COUP DE COEUR X 4 poche 2.pub.kybu
[2012/06/05 15:59:57 | 000,043,520 | ---- | M] () -- C:\Documents and Settings\Plein Ciel\Mes documents\locked-damien.pub.derj
[2012/06/05 15:59:55 | 001,959,936 | ---- | M] () -- C:\Documents and Settings\Plein Ciel\Mes documents\locked-Compositionrentree.pub.eoyv
[2012/06/05 15:59:55 | 000,041,984 | ---- | M] () -- C:\Documents and Settings\Plein Ciel\Mes documents\locked-Composition2.pub.fzvy
[2012/06/05 15:59:54 | 000,182,272 | ---- | M] () -- C:\Documents and Settings\Plein Ciel\Mes documents\locked-Composition COUP DE COEUR.pub.xvgm
[2012/06/05 15:59:54 | 000,052,224 | ---- | M] () -- C:\Documents and Settings\Plein Ciel\Mes documents\locked-chocolats rouge papille.pub.bmre
[2012/06/05 15:58:45 | 000,341,504 | ---- | M] () -- C:\Documents and Settings\Plein Ciel\Mes documents\locked-CARTE LOGO avec adresse.pub.maup
[2012/06/05 15:58:45 | 000,117,248 | ---- | M] () -- C:\Documents and Settings\Plein Ciel\Mes documents\locked-CARTES VOEUX 2011.pub.ubys
[2012/06/05 15:58:43 | 000,073,728 | ---- | M] () -- C:\Documents and Settings\Plein Ciel\Mes documents\locked-affiche paques.pub.uotm
[2012/06/05 15:58:43 | 000,038,912 | ---- | M] () -- C:\Documents and Settings\Plein Ciel\Mes documents\locked-25 février 2012.pub.nwrp
[2012/06/05 15:58:43 | 000,038,912 | ---- | M] () -- C:\Documents and Settings\Plein Ciel\Mes documents\locked-17 mars 2012.pub.lymg
[2012/06/05 15:58:43 | 000,028,651 | ---- | M] () -- C:\Documents and Settings\Plein Ciel\Mes documents\locked-1842756307_small_1.jpg.dvmf
[2012/06/05 15:58:39 | 000,000,332 | ---- | M] () -- C:\Documents and Settings\Plein Ciel\Bureau\locked-Sofia.url.nefw
[2012/06/05 15:57:51 | 000,000,336 | ---- | M] () -- C:\Documents and Settings\Plein Ciel\Bureau\locked-Mag_Coffrets_cadeaux.appref-ms.etfx
[2012/06/05 15:57:44 | 000,009,615 | ---- | M] () -- C:\locked-chewystewy.zip.hprc
[2012/05/31 15:22:03 | 000,606,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\crypt32.dll
[2012/05/18 15:34:37 | 000,035,328 | ---- | M] () -- C:\Documents and Settings\Plein Ciel\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[color=#E56717]========== Files Created - No Company Name ==========/color
[2012/06/07 21:42:02 | 000,180,993 | ---- | C] () -- C:\UsbFix_Upload_Me_PLEIN-A8CEBD639.zip
[2012/06/07 20:49:50 | 000,000,250 | ---- | C] () -- C:\Documents and Settings\Plein Ciel\Bureau\autorun_disable.reg
[2012/06/07 20:41:39 | 000,044,184 | ---- | C] () -- C:\WINDOWS\System32\drivers\fsbts.sys
[2012/06/07 20:30:40 | 000,102,085 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\1339093751.bdinstall.bin
[2012/06/07 20:30:22 | 000,000,742 | ---- | C] () -- C:\Documents and Settings\Plein Ciel\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2012/06/07 20:30:22 | 000,000,730 | ---- | C] () -- C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Mozilla Firefox.lnk
[2012/06/07 20:28:24 | 000,238,064 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\1009888542.bdinstall.bin
[2012/06/07 20:27:16 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_avchv_01009.Wdf
[2012/06/07 20:27:15 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\drivers\MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf
[2012/06/05 16:08:49 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/05/19 11:48:50 | 000,061,440 | ---- | C] () -- C:\Documents and Settings\Plein Ciel\Mes documents\locked-etiquettes écrivains voyageurs 2.pub.eglh
[2012/05/19 11:45:27 | 000,052,736 | ---- | C] () -- C:\Documents and Settings\Plein Ciel\Mes documents\locked-etiquettes écrivains voyageurs.pub.rpbe
[2012/05/12 19:19:16 | 001,505,880 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2012/05/10 16:53:58 | 000,064,512 | ---- | C] () -- C:\Documents and Settings\Plein Ciel\Mes documents\locked-etiquettes the queen 2.pub.dacr
[2012/05/10 16:51:36 | 000,058,368 | ---- | C] () -- C:\Documents and Settings\Plein Ciel\Mes documents\locked-etiquettes the queen.pub.nsto
[2012/02/16 08:45:30 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012/01/07 10:56:50 | 000,000,112 | ---- | C] () -- C:\WINDOWS\ActiveSkin.INI
[2011/12/23 21:58:28 | 000,030,568 | ---- | C] () -- C:\WINDOWS\MusiccityDownload.exe
[2011/12/23 21:58:24 | 000,974,848 | ---- | C] () -- C:\WINDOWS\System32\cis-2.4.dll
[2011/12/23 21:58:24 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\issacapi_bs-2.3.dll
[2011/12/23 21:58:24 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\issacapi_pe-2.3.dll
[2011/12/23 21:58:24 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\issacapi_se-2.3.dll
[2011/09/08 13:59:47 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\qttask.exe
[color=#E56717]========== LOP Check ==========/color
[2012/06/07 20:27:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BDLogging
[2010/04/14 17:56:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Canneverbe Limited
[2010/07/23 12:07:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CanonBJ
[2010/10/14 11:15:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJ
[2010/07/29 14:39:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJEGV
[2010/12/14 11:45:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJMyPrinter
[2010/07/29 14:34:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJScan
[2012/06/07 20:41:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\f-secure
[2012/06/07 20:53:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\fssg
[2010/04/16 15:14:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Infineon
[2010/04/14 16:54:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ma-config.com
[2012/01/03 17:45:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Samsung
[2010/04/13 11:34:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Temp
[2002/01/01 14:10:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Plein Ciel\Application Data\Auslogics
[2010/04/14 17:56:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Plein Ciel\Application Data\Canneverbe Limited
[2010/07
A voir également:
- Besoin d'aide pour désinfectrion pc
- Test performance pc - Guide
- Google meet pour pc - Télécharger - Messagerie
- Telecharger whatsapp pour pc - Télécharger - Messagerie
- Reinitialiser pc - Guide
- Pc lent - Guide
4 réponses
Utilisateur anonyme
8 juin 2012 à 02:24
8 juin 2012 à 02:24
salut
Désactive toutes tes protections si possible , antivirus , sandbox , etc....
telecharge et enregistre Pre_Scan sur ton bureau :
http://forums-fec.be/gen-hackman/Pre_Scan.exe
http://general-changelog-team.fr/fr/downloads/viewdownload/41-outils-de-gen-hackman/52-pre-scan
Avertissement :Il y aura une extinction du bureau pendant le scan --> pas de panique.
une fois telechargé lance-le , laisse faire le scan jusqu'à l'apparition de "Pre_scan_la_date_et_l'heure.txt" sur le bureau.
si l'outil est relancé plusieurs fois , il te proposera un menu et qu'aucune option n'est demandée, lance l'option "Kill"
si l'outil est bloqué par l'infection utilise cette version avec extension .pif :
http://forums-fec.be/gen-hackman/Pre_Scan.pif
ou cette version renommée winlogon.exe :
http://forums-fec.be/gen-hackman/winlogon.exe
si l'outil detecte un proxy et que tu n'en as pas installé clique sur "supprimer le proxy"
Il se peut qu'une multitude de fenêtres noires clignotent , laisse-le travailler
Poste Pre_Scan_la_date_et_l'heure.txt qui apparaitra sur le bureau en fin de scan
NE LE POSTE PAS SUR LE FORUM !!! (il est trop long)
Heberge le rapport sur http://pjjoint.malekal.com puis donne le lien obtenu en echange sur le forum où tu te fais aider
Désactive toutes tes protections si possible , antivirus , sandbox , etc....
telecharge et enregistre Pre_Scan sur ton bureau :
http://forums-fec.be/gen-hackman/Pre_Scan.exe
http://general-changelog-team.fr/fr/downloads/viewdownload/41-outils-de-gen-hackman/52-pre-scan
Avertissement :Il y aura une extinction du bureau pendant le scan --> pas de panique.
une fois telechargé lance-le , laisse faire le scan jusqu'à l'apparition de "Pre_scan_la_date_et_l'heure.txt" sur le bureau.
si l'outil est relancé plusieurs fois , il te proposera un menu et qu'aucune option n'est demandée, lance l'option "Kill"
si l'outil est bloqué par l'infection utilise cette version avec extension .pif :
http://forums-fec.be/gen-hackman/Pre_Scan.pif
ou cette version renommée winlogon.exe :
http://forums-fec.be/gen-hackman/winlogon.exe
si l'outil detecte un proxy et que tu n'en as pas installé clique sur "supprimer le proxy"
Il se peut qu'une multitude de fenêtres noires clignotent , laisse-le travailler
Poste Pre_Scan_la_date_et_l'heure.txt qui apparaitra sur le bureau en fin de scan
NE LE POSTE PAS SUR LE FORUM !!! (il est trop long)
Heberge le rapport sur http://pjjoint.malekal.com puis donne le lien obtenu en echange sur le forum où tu te fais aider
Sty_x
Messages postés
47
Date d'inscription
jeudi 11 février 2010
Statut
Membre
Dernière intervention
7 mars 2023
84
8 juin 2012 à 18:48
8 juin 2012 à 18:48
voila le rapport : https://pjjoint.malekal.com/files.php?id=20120608_i13c8w8d9v7
Sty_x
Messages postés
47
Date d'inscription
jeudi 11 février 2010
Statut
Membre
Dernière intervention
7 mars 2023
84
9 juin 2012 à 11:28
9 juin 2012 à 11:28
Une idée?
Utilisateur anonyme
11 juin 2012 à 21:17
11 juin 2012 à 21:17
Selectionne tout le texte en gras ci-dessous sans les lignes de dessus-dessous, puis (clic droit/copier ou ctrl+c) :
___________________________________________________
Kill::
Registry::
[-HKU\S-1-5-21-1606980848-1563985344-854245398-1004\Software\Microsoft\Internet Explorer\SearchScopes\{ad7269a0-43f9-43e3-894b-3f34bcd3a64b}]
[-HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\QuickTime Task]
[-HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}]
[-HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}]
[-HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}]
[-HKLM\Software\BrowserChoice]
File::
C:\Documents and Settings\Plein Ciel\Local Settings\Application Data\evjtucpd.log
C:\Documents and Settings\Plein Ciel\Local Settings\Application Data\granhbtg.log
C:\Documents and Settings\Plein Ciel\Local Settings\Application Data\hdsdmkte.log
C:\Documents and Settings\Plein Ciel\Local Settings\Application Data\nglopjnj.log
C:\Documents and Settings\Plein Ciel\Local Settings\Application Data\pxulmjfc.log
C:\Documents and Settings\Plein Ciel\Local Settings\Application Data\qotynmab.log
C:\Documents and Settings\Plein Ciel\Local Settings\Application Data\swpdwjom.log
C:\Documents and Settings\Plein Ciel\Local Settings\Application Data\rgipbmhp.log
C:\Documents and Settings\Plein Ciel\Local Settings\Application Data\twfsuqod.log
C:\Documents and Settings\Plein Ciel\Local Settings\Application Data\wpdkdfxh.log
Folder::
C:\Documents and Settings\Plein Ciel\Application Data\xmkkq1rg3wjtpjglfxhdvrrkwxmdajbr2
C:\Documents and Settings\Plein Ciel\Local Settings\Application Data\iyqlpksa
MBR::
clean::
Reboot::
___________________________________________________
Relance Pre_scan puis choisis l'option "Script"
une page va s'ouvrir
logiquement le texte que tu as sélectionné s'y trouve déjà , donc tu fermes et le programme va travailler.
sinon colle-le (clic droit/coller ou ctrl+V) dans la page vierge.
puis onglet fichier => enregistrer (pas enregistrer sous...) , puis ferme le texte
des fenetres noires risquent de clignoter , c'est normal , c'est le programme qui travaille
poste Pre_Script.txt qui apparaitra sur le bureau en fin de travail
===================
▶ Téléchargez UsbFix (créé par El Desaparecido) sur votre Bureau.
▶ Si votre antivirus affiche une alerte, ignorez-la et désactivez l'antivirus temporairement.
▶ Branchez toutes vos sources de données externes à votre PC (clé USB, disque dur externe, etc...) sans les ouvrir.
▶ Double cliquez sur UsbFix.exe.
▶ Cliquez sur Suppression.
▶ Laissez travailler l'outil.
▶ À la fin du scan, un rapport va s'afficher, postez-le dans votre prochaine réponse sur le forum.
▶ Le rapport est aussi sauvegardé à la racine du disque système ( C:\UsbFix.txt ).
▶ Tutoriel vidéo
=====================
suis ce tutoriel !
https://forums.cnetfrance.fr/tutoriels-securite-informatique/179557-dr-web-cureit-le-tutoriel
___________________________________________________
Kill::
Registry::
[-HKU\S-1-5-21-1606980848-1563985344-854245398-1004\Software\Microsoft\Internet Explorer\SearchScopes\{ad7269a0-43f9-43e3-894b-3f34bcd3a64b}]
[-HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\QuickTime Task]
[-HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}]
[-HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}]
[-HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}]
[-HKLM\Software\BrowserChoice]
File::
C:\Documents and Settings\Plein Ciel\Local Settings\Application Data\evjtucpd.log
C:\Documents and Settings\Plein Ciel\Local Settings\Application Data\granhbtg.log
C:\Documents and Settings\Plein Ciel\Local Settings\Application Data\hdsdmkte.log
C:\Documents and Settings\Plein Ciel\Local Settings\Application Data\nglopjnj.log
C:\Documents and Settings\Plein Ciel\Local Settings\Application Data\pxulmjfc.log
C:\Documents and Settings\Plein Ciel\Local Settings\Application Data\qotynmab.log
C:\Documents and Settings\Plein Ciel\Local Settings\Application Data\swpdwjom.log
C:\Documents and Settings\Plein Ciel\Local Settings\Application Data\rgipbmhp.log
C:\Documents and Settings\Plein Ciel\Local Settings\Application Data\twfsuqod.log
C:\Documents and Settings\Plein Ciel\Local Settings\Application Data\wpdkdfxh.log
Folder::
C:\Documents and Settings\Plein Ciel\Application Data\xmkkq1rg3wjtpjglfxhdvrrkwxmdajbr2
C:\Documents and Settings\Plein Ciel\Local Settings\Application Data\iyqlpksa
MBR::
clean::
Reboot::
___________________________________________________
Relance Pre_scan puis choisis l'option "Script"
une page va s'ouvrir
logiquement le texte que tu as sélectionné s'y trouve déjà , donc tu fermes et le programme va travailler.
sinon colle-le (clic droit/coller ou ctrl+V) dans la page vierge.
puis onglet fichier => enregistrer (pas enregistrer sous...) , puis ferme le texte
des fenetres noires risquent de clignoter , c'est normal , c'est le programme qui travaille
poste Pre_Script.txt qui apparaitra sur le bureau en fin de travail
===================
▶ Téléchargez UsbFix (créé par El Desaparecido) sur votre Bureau.
▶ Si votre antivirus affiche une alerte, ignorez-la et désactivez l'antivirus temporairement.
▶ Branchez toutes vos sources de données externes à votre PC (clé USB, disque dur externe, etc...) sans les ouvrir.
▶ Double cliquez sur UsbFix.exe.
▶ Cliquez sur Suppression.
▶ Laissez travailler l'outil.
▶ À la fin du scan, un rapport va s'afficher, postez-le dans votre prochaine réponse sur le forum.
▶ Le rapport est aussi sauvegardé à la racine du disque système ( C:\UsbFix.txt ).
▶ Tutoriel vidéo
=====================
suis ce tutoriel !
https://forums.cnetfrance.fr/tutoriels-securite-informatique/179557-dr-web-cureit-le-tutoriel
