Il y a actuellement 598 visiteurs
Dimanche 22 Décembre 2024
accueilactualitésdossierscomparer les prixtélécharger gratuitement vos logicielsoffres d'emploiforum informatique
Connexion
Créer un compte

envoi de mails automatique (zombie pc)

Un ordinateur qui ralentit, des écrans publicitaires qui apparaissent, des applications qui refusent de démarrer ou encore votre navigateur qui s'obstine à ouvrir une page douteuse sont autant d'éléments qui indiquent que l'intégrité de votre ordinateur est menacée par un virus. Vous trouverez dans ce forum quelques conseils et logiciels pour surfer tranquillement.
Règles du forum
Pour afficher un rapport d'analyse ou un rapport d'infection (HijackThis, OTL, AdwCleaner etc...)‎, veuillez utiliser le système de fichiers joints interne au forum. Seuls les formats les .txt et .log de moins de 1Mo sont acceptés. Pour obtenir de l'aide pour insérer vos fichiers joints, veuillez consulter ce tutoriel

envoi de mails automatique (zombie pc)

Message le 19 Déc 2010 08:58

Bonjour, mon pc envoie des mails automatiquement ! ci-joint le rapport hijackthis, d'avance merci pour votre aide.


Code: Tout sélectionner
        Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 08:51:08, on 19/12/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16876)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Fichiers communs\Acronis\Schedule2\schedul2.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\SuperCopier2\SuperCopier2.exe
C:\Program Files\AVG\AVG9\avgfws9.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SFR\Kit\9props.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe
C:\Program Files\REALTEK\USB Wireless LAN Utility\RtWLan.exe
C:\Program Files\AVG\AVG9\avgemc.exe
C:\Program Files\AVG\AVG9\avgam.exe
C:\Program Files\AVG\AVG9\Identity Protection\agent\bin\avgidsmonitor.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Program Files\GridinSoft Trojan Killer\trojankiller.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Megaupload\Mega Manager\MegaManager.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
O2 - BHO: MegaIEMn - {bf00e119-21a3-4fd1-b178-3b8537e75c92} - C:\Program Files\Megaupload\Mega Manager\MegaIEMn.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [SuperCopier2.exe] C:\Program Files\SuperCopier2\SuperCopier2.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Connexion SFR 9props.exe] "C:\Program Files\SFR\Kit\9props.exe" /trayicon
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: REALTEK USB Wireless LAN Utility.lnk = C:\Program Files\REALTEK\USB Wireless LAN Utility\RtWLan.exe
O8 - Extra context menu item: &Envoyer à OneNote - res://C:\PROGRA~1\Microsoft Office\Office14\ONBttnIE.dll/105
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\Microsoft Office\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Liens de téléchargement avec Mega Manager... - C:\Program Files\Megaupload\Mega Manager\mm_file.htm
O8 - Extra context menu item: Télécharger avec Mipony - file://C:\Program Files\MiPony\Browser\IEContext.htm
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\Microsoft Office\Office12\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\ServicePackFiles\i386\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\ServicePackFiles\i386\msmsgs.exe
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
O20 - AppInit_DLLs: ,RemoveFocusRect.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Fichiers communs\Acronis\Schedule2\schedul2.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG E-mail Scanner (avg9emc) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgemc.exe
O23 - Service: AVG WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: AVG Firewall (avgfws9) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgfws9.exe
O23 - Service: AVG9IDSAgent (AVGIDSAgent) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NMSAccess - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe
O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe

--
End of file - 6842 bytes
ricus68
Visiteur Confirmé
Visiteur Confirmé
 
Messages: 16
Inscription: 19 Déc 2010 08:53
 


Re: envoi de mails automatique (zombie pc)

Message le 19 Déc 2010 09:09

Salut ricus68 & bienvenue sur PCI!

Applique dans un premier temps cette procédure :
preparer-demande-aide-desinfection-vt-54149.html

Poste les rapports ici que je voye cela de plus prés! :wink:
Avatar de l'utilisateur
danakil
Expert(e)
Expert(e)
 
Messages: 1363
Inscription: 16 Juil 2009 09:47
 

Re: envoi de mails automatique (zombie pc)

Message le 19 Déc 2010 13:09

Merci pour l'accueil, je vais appliquer la procédure et je tiens le forum au courant de la suite, à plus, Ricus.
ricus68
Visiteur Confirmé
Visiteur Confirmé
 
Messages: 16
Inscription: 19 Déc 2010 08:53
 

Re: envoi de mails automatique (zombie pc)

Message le 20 Déc 2010 14:36

Bonjour, je poste les rapports :

Code: Tout sélectionner
  OTL logfile created on: 20/12/2010 14:21:12 - Run 1
OTL by OldTimer - Version 3.2.17.4     Folder = G:\Téléchargements
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy
 
511,00 Mb Total Physical Memory | 170,00 Mb Available Physical Memory | 33,00% Memory free
1,00 Gb Paging File | 1,00 Gb Available in Paging File | 44,00% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 14,65 Gb Total Space | 5,63 Gb Free Space | 38,41% Space Free | Partition Type: NTFS
Drive G: | 22,61 Gb Total Space | 3,46 Gb Free Space | 15,31% Space Free | Partition Type: NTFS
 
Computer Name: LE_MIEN | User Name: Administrateur | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
[color=#E56717]========== Processes (SafeList) ==========[/color]
 
PRC - [2010/12/20 14:18:53 | 000,602,112 | ---- | M] (OldTimer Tools) -- G:\Téléchargements\OTL.exe
PRC - [2010/12/20 13:16:52 | 000,521,141 | ---- | M] () -- C:\UsbFix\UsbFix.exe
PRC - [2010/12/12 15:04:29 | 000,016,856 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\plugin-container.exe
PRC - [2010/12/12 15:04:26 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010/11/25 10:43:44 | 002,069,344 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgtray.exe
PRC - [2010/11/25 10:41:03 | 002,331,544 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgfws9.exe
PRC - [2010/11/25 10:41:02 | 000,725,344 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgcsrvx.exe
PRC - [2010/11/23 20:11:00 | 000,621,920 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgnsx.exe
PRC - [2010/11/03 11:00:42 | 002,113,024 | ---- | M] (Megaupload Limited) -- C:\Program Files\Megaupload\Mega Manager\MegaManager.exe
PRC - [2010/08/01 07:32:06 | 000,921,952 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgemc.exe
PRC - [2010/07/14 11:49:48 | 000,515,424 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgrsx.exe
PRC - [2010/07/14 11:49:33 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe
PRC - [2010/07/14 11:49:21 | 000,596,560 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSMonitor.exe
PRC - [2010/07/14 11:49:20 | 005,897,808 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe
PRC - [2010/07/14 11:49:06 | 001,101,152 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgchsvx.exe
PRC - [2010/07/14 11:48:59 | 000,842,592 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgam.exe
PRC - [2010/03/04 22:38:00 | 000,071,096 | ---- | M] () -- C:\Program Files\CDBurnerXP\NMSAccessU.exe
PRC - [2009/11/13 11:59:54 | 000,486,216 | ---- | M] (TuneUp Software) -- C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe
PRC - [2009/11/13 11:57:42 | 001,021,256 | ---- | M] (TuneUp Software) -- C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe
PRC - [2009/10/15 09:53:54 | 000,959,808 | ---- | M] (SFR) -- C:\Program Files\SFR\Kit\9props.exe
PRC - [2008/10/17 13:25:42 | 000,554,264 | ---- | M] (Acronis) -- C:\Program Files\Fichiers communs\Acronis\Schedule2\schedul2.exe
PRC - [2008/04/14 03:34:03 | 001,037,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/11/29 14:51:30 | 000,815,104 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Program Files\REALTEK\USB Wireless LAN Utility\RtWLan.exe
PRC - [2007/06/11 10:25:42 | 006,731,312 | ---- | M] (GRISOFT s.r.o.) -- C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
PRC - [2007/05/30 13:31:10 | 000,312,880 | ---- | M] (GRISOFT s.r.o.) -- C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
PRC - [2006/07/07 17:45:00 | 001,052,672 | ---- | M] (SFX TEAM) -- C:\Program Files\SuperCopier2\SuperCopier2.exe
 
 
[color=#E56717]========== Modules (SafeList) ==========[/color]
 
MOD - [2010/12/20 14:18:53 | 000,602,112 | ---- | M] (OldTimer Tools) -- G:\Téléchargements\OTL.exe
MOD - [2007/01/23 21:14:04 | 000,069,632 | ---- | M] () -- C:\WINDOWS\system32\RemoveFocusRect.dll
MOD - [2006/07/07 17:12:46 | 000,086,528 | ---- | M] (SFX TEAM) -- C:\Program Files\SuperCopier2\SC2Hook.dll
 
 
[color=#E56717]========== Win32 Services (SafeList) ==========[/color]
 
SRV - File not found [Disabled | Stopped] -- C:\WINDOWS\System32\tlntsvr.exe -- (TlntSvr)
SRV - File not found [Disabled | Stopped] -- C:\WINDOWS\System32\hidserv.dll -- (HidServ)
SRV - File not found [On_Demand | Stopped] --  -- (DfSdkS)
SRV - [2010/11/25 10:41:03 | 002,331,544 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgfws9.exe -- (avgfws9)
SRV - [2010/08/01 07:32:06 | 000,921,952 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgemc.exe -- (avg9emc)
SRV - [2010/07/14 11:49:33 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2010/07/14 11:49:20 | 005,897,808 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2010/03/22 16:04:50 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010/03/04 22:38:00 | 000,071,096 | ---- | M] () [Auto | Running] -- C:\Program Files\CDBurnerXP\NMSAccessU.exe -- (NMSAccess)
SRV - [2010/02/19 08:11:08 | 000,435,016 | ---- | M] (TuneUp Software) [On_Demand | Stopped] -- C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe -- (TuneUp.Defrag)
SRV - [2009/11/13 11:57:42 | 001,021,256 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe -- (TuneUp.UtilitiesSvc)
SRV - [2009/11/13 11:53:42 | 000,030,024 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\WINDOWS\system32\uxtuneup.dll -- (UxTuneUp)
SRV - [2008/11/04 00:06:28 | 000,441,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2008/10/17 13:25:42 | 000,554,264 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files\Fichiers communs\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc)
SRV - [2007/05/30 13:31:10 | 000,312,880 | ---- | M] (GRISOFT s.r.o.) [Auto | Running] -- C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe -- (AVG Anti-Spyware Guard)
SRV - [2006/10/26 13:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
 
 
[color=#E56717]========== Driver Services (SafeList) ==========[/color]
 
DRV - [2010/07/14 11:49:55 | 000,243,024 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (AvgTdiX)
DRV - [2010/07/14 11:49:47 | 000,029,584 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2010/07/14 11:49:24 | 000,122,448 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSDriver.sys -- (AVGIDSDriverxpx)
DRV - [2010/07/14 11:49:24 | 000,030,288 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSFilter.sys -- (AVGIDSFilterxpx)
DRV - [2010/07/14 11:49:24 | 000,026,192 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSShim.sys -- (AVGIDSShimxpx)
DRV - [2010/07/14 11:49:24 | 000,025,168 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\AVGIDSxx.sys -- (AVGIDSErHrxpx)
DRV - [2010/07/14 11:49:11 | 000,216,400 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2010/04/03 16:42:41 | 000,052,872 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\System32\Drivers\avgrkx86.sys -- (AvgRkx86)
DRV - [2010/04/03 16:42:23 | 000,030,104 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\avgfwdx.sys -- (Avgfwfd)
DRV - [2010/04/03 16:42:23 | 000,030,104 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\avgfwdx.sys -- (Avgfwdx)
DRV - [2010/03/04 15:22:12 | 000,134,272 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\snman380.sys -- (snapman380) Acronis Snapshots Manager (Build 380)
DRV - [2010/02/11 11:47:29 | 000,017,134 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\PCANDIS5.sys -- (PCANDIS5)
DRV - [2010/01/29 11:40:04 | 000,082,320 | ---- | M] (EZB Systems, Inc.) [File_System | System | Running] -- C:\Program Files\UltraISO\drivers\ISODrive.sys -- (ISODrive)
DRV - [2009/11/12 13:48:56 | 000,007,168 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\StarOpen.sys -- (StarOpen)
DRV - [2009/10/14 07:24:44 | 000,010,064 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Running] -- C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys -- (TuneUpUtilitiesDrv)
DRV - [2009/05/23 00:08:32 | 000,029,696 | ---- | M] (Elaborate Bytes AG) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\VClone.sys -- (VClone)
DRV - [2009/05/05 08:58:30 | 000,013,976 | ---- | M] (VIA Technologies, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\videX32.sys -- (videX32)
DRV - [2009/04/16 10:33:31 | 000,008,552 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\asctrm.sys -- (ASCTRM)
DRV - [2008/09/24 09:40:22 | 004,122,368 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\alcxwdm.sys -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
DRV - [2008/02/29 11:12:34 | 000,037,008 | ---- | M] (Logicool, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2008/02/29 11:12:28 | 000,035,472 | ---- | M] (Logicool, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2007/10/25 08:20:40 | 000,270,720 | ---- | M] (Realtek Semiconductor Corporation                           ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RTL8187B.sys -- (RTL8187B)
DRV - [2007/05/30 13:10:42 | 000,011,000 | ---- | M] () [Kernel | System | Running] -- C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.sys -- (AVG Anti-Spyware Driver)
DRV - [2007/05/30 13:10:42 | 000,010,872 | ---- | M] (GRISOFT, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AvgAsCln.sys -- (AvgAsCln)
DRV - [2006/10/22 11:22:00 | 003,994,624 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2005/07/11 17:10:11 | 000,019,200 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AnyDVD.sys -- (AnyDVD)
DRV - [2005/04/21 12:40:36 | 000,010,624 | ---- | M] (Elaborate Bytes AG) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\ElbyCDIO.sys -- (ElbyCDIO)
DRV - [2004/10/15 12:50:20 | 000,015,295 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BrScnUsb.sys -- (BrScnUsb)
DRV - [2003/07/02 03:42:00 | 000,027,904 | ---- | M] (VIA Technologies, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\viaagp1.sys -- (viaagp1)
 
 
[color=#E56717]========== Standard Registry (SafeList) ==========[/color]
 
 
[color=#E56717]========== Internet Explorer ==========[/color]
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-73586283-162531612-682003330-500\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKU\S-1-5-21-73586283-162531612-682003330-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
[color=#E56717]========== FireFox ==========[/color]
 
FF - prefs.js..browser.search.defaultenginename: "Search the web (Babylon)"
FF - prefs.js..browser.search.defaultthis.engineName: "mipony-plugin Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2465030&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.order.1: "Search the web (Babylon)"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.startup.homepage: "http://www.google.fr/"
FF - prefs.js..extensions.enabledItems: {1018e4d6-728f-4b20-ad56-37578a4de76b}:4.0.11
FF - prefs.js..extensions.enabledItems: newtaburl@sogame.cat:2.2.0
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.2
FF - prefs.js..extensions.enabledItems: support@easy-hideip.com:1.0
FF - prefs.js..extensions.enabledItems: {40a1f5d7-afc2-498f-b264-02668d616ff6}:1.1
FF - prefs.js..extensions.enabledItems: {e0204bd5-9d31-402b-a99d-a6aa8ffebdca}:1.2.5
FF - prefs.js..extensions.enabledItems: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20100908
FF - prefs.js..extensions.enabledItems: {4176DFF4-4698-11DE-BEEB-45DA55D89593}:0.8.6
FF - prefs.js..network.proxy.share_proxy_settings: true
 
FF - user.js..browser.search.openintab: false
 
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/12/13 15:52:42 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/12/12 15:04:34 | 000,000,000 | ---D | M]
 
[2010/11/24 08:29:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrateur\Application Data\Mozilla\Extensions
[2010/11/24 08:29:39 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrateur\Application Data\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2010/12/20 12:00:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\fehwkizw.default\extensions
[2010/11/24 14:56:22 | 000,000,000 | ---D | M] (Flagfox) -- C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\fehwkizw.default\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}
[2010/05/01 06:37:54 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\fehwkizw.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/11/27 15:50:01 | 000,000,000 | ---D | M] (Mega Manager Integration) -- C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\fehwkizw.default\extensions\{40a1f5d7-afc2-498f-b264-02668d616ff6}
[2010/12/05 09:19:58 | 000,000,000 | ---D | M] (AniWeather) -- C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\fehwkizw.default\extensions\{4176DFF4-4698-11DE-BEEB-45DA55D89593}
[2010/12/05 09:11:26 | 000,000,000 | ---D | M] (WOT) -- C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\fehwkizw.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2010/12/11 15:11:58 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\fehwkizw.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010/12/05 09:09:29 | 000,000,000 | ---D | M] (Torbutton) -- C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\fehwkizw.default\extensions\{e0204bd5-9d31-402b-a99d-a6aa8ffebdca}
[2010/03/04 07:17:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\fehwkizw.default\extensions\newtaburl@sogame.cat
[2010/03/09 15:15:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\fehwkizw.default\extensions\support@easy-hideip.com
[2010/01/20 12:16:46 | 000,000,929 | ---- | M] () -- C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\fehwkizw.default\searchplugins\conduit.xml
[2010/12/20 12:00:13 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/11/25 21:06:47 | 000,001,516 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-france.xml
[2010/11/25 21:06:47 | 000,001,822 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\cnrtl-tlfi-fr.xml
[2010/11/25 21:06:47 | 000,000,757 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-france.xml
[2010/11/25 21:06:47 | 000,001,426 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-fr.xml
[2010/11/25 21:06:47 | 000,000,956 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-france.xml
 
O1 HOSTS File: ([2010/03/22 16:44:15 | 000,002,170 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: 127.0.0.1            activate.adobe.com
O1 - Hosts: 127.0.0.1            practivate.adobe.com
O1 - Hosts: 127.0.0.1            ereg.adobe.com
O1 - Hosts: 127.0.0.1            activate.wip3.adobe.com
O1 - Hosts: 127.0.0.1            wip3.adobe.com
O1 - Hosts: 127.0.0.1            3dns-3.adobe.com
O1 - Hosts: 127.0.0.1            3dns-2.adobe.com
O1 - Hosts: 127.0.0.1            adobe-dns.adobe.com
O1 - Hosts: 127.0.0.1            adobe-dns-2.adobe.com
O1 - Hosts: 127.0.0.1            adobe-dns-3.adobe.com
O1 - Hosts: 127.0.0.1            ereg.wip3.adobe.com
O1 - Hosts: 127.0.0.1            activate-sea.adobe.com
O1 - Hosts: 127.0.0.1            wwis-dubc1-vip60.adobe.com
O1 - Hosts: 127.0.0.1            activate-sjc0.adobe.com
O1 - Hosts: 127.0.0.1            practivate.adobe.com
O1 - Hosts: 127.0.0.1            ereg.adobe.com
O1 - Hosts: 127.0.0.1            activate.wip3.adobe.com
O1 - Hosts: 127.0.0.1            wip3.adobe.com
O1 - Hosts: 127.0.0.1            3dns-3.adobe.com
O1 - Hosts: 127.0.0.1            3dns-2.adobe.com
O1 - Hosts: 127.0.0.1            adobe-dns.adobe.com
O1 - Hosts: 127.0.0.1            adobe-dns-2.adobe.com
O1 - Hosts: 127.0.0.1            adobe-dns-3.adobe.com
O1 - Hosts: 127.0.0.1            ereg.wip3.adobe.com
O1 - Hosts: 16 more lines...
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (IeMonitorBho Class) - {bf00e119-21a3-4fd1-b178-3b8537e75c92} - C:\Program Files\Megaupload\Mega Manager\MegaIEMn.dll (Megaupload Limited)
O3 - HKU\S-1-5-21-73586283-162531612-682003330-500\..\Toolbar\WebBrowser: (no name) - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - No CLSID value found.
O3 - HKU\S-1-5-21-73586283-162531612-682003330-500\..\Toolbar\WebBrowser: (no name) - {F2E259E8-0FC8-438C-A6E0-342DD80FA53E} - No CLSID value found.
O4 - HKLM..\Run: [!AVG Anti-Spyware] C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe (GRISOFT s.r.o.)
O4 - HKLM..\Run: [Adobe ARM] C:\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKU\S-1-5-21-73586283-162531612-682003330-500..\Run: [Connexion SFR 9props.exe] C:\Program Files\SFR\Kit\9props.exe (SFR)
O4 - HKU\S-1-5-21-73586283-162531612-682003330-500..\Run: [SuperCopier2.exe] C:\Program Files\SuperCopier2\SuperCopier2.exe (SFX TEAM)
O4 - HKLM..\RunOnce: []  File not found
O4 - Startup: C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\REALTEK USB Wireless LAN Utility.lnk = C:\Program Files\REALTEK\USB Wireless LAN Utility\RtWLan.exe (Realtek Semiconductor Corp.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-73586283-162531612-682003330-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-73586283-162531612-682003330-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 1
O7 - HKU\S-1-5-21-73586283-162531612-682003330-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: StartMenuLogOff = 1
O7 - HKU\S-1-5-21-73586283-162531612-682003330-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoUserNameInStartMenu = 1
O8 - Extra context menu item: Liens de téléchargement avec Mega Manager... - C:\Program Files\Megaupload\Mega Manager\mm_file.htm ()
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\ServicePackFiles\i386\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\ServicePackFiles\i386\msmsgs.exe (Microsoft Corporation)
O15 - HKU\S-1-5-21-73586283-162531612-682003330-500\..Trusted Domains: aol.com ([objects] * is out of zone range -  5)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Fichiers communs\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (RemoveFocusRect.dll) - C:\WINDOWS\System32\RemoveFocusRect.dll ()
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O24 - Desktop Components:0 (Ma page d'accueil) - About:Home
O28 - HKLM ShellExecuteHooks: {57B86673-276A-48B2-BAE7-C6DBB3020EB8} - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll (GRISOFT s.r.o.)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/04/02 20:10:01 | 000,000,028 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2010/12/20 14:18:06 | 000,000,000 | RHSD | M] - C:\Autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2010/12/20 14:18:09 | 000,000,000 | RHSD | M] - G:\Autorun.inf -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O34 - HKLM BootExecute: (BtDfSDK) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]
 
[2010/12/20 14:18:06 | 000,000,000 | RHSD | C] -- C:\Autorun.inf
[2010/12/20 14:17:29 | 000,000,000 | ---D | C] -- C:\UsbFix
[2010/12/19 13:23:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrateur\Local Settings\Application Data\WMTools Downloaded Files
[2010/12/19 13:16:41 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrateur\Mes documents\Mes vidéos
[2010/12/19 08:50:50 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2010/12/19 07:52:19 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Administrateur\Recent
[2010/12/16 17:47:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrateur\Local Settings\Application Data\WahOO
[2010/12/15 14:23:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrateur\Application Data\Grisoft
[2010/12/15 14:22:42 | 000,010,872 | ---- | C] (GRISOFT, s.r.o.) -- C:\WINDOWS\System32\drivers\AvgAsCln.sys
[2010/12/15 14:22:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Grisoft
[2010/12/15 14:22:36 | 000,000,000 | ---D | C] -- C:\Program Files\Grisoft
[2010/12/11 14:52:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Canneverbe Limited
[2010/12/11 14:52:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrateur\Application Data\Canneverbe Limited
[2010/12/07 10:42:32 | 000,000,000 | ---D | C] -- C:\Program Files\CDBurnerXP
[2010/12/05 08:54:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Megamedia
[2010/11/26 18:42:30 | 000,000,000 | ---D | C] -- C:\Program Files\NoVirusThanks
[2010/11/24 08:29:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrateur\Local Settings\Application Data\Thunderbird
[2010/11/24 08:29:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrateur\Application Data\Thunderbird
[2010/11/24 08:28:56 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Thunderbird
[2010/11/23 18:59:04 | 000,270,720 | ---- | C] (Realtek Semiconductor Corporation                           ) -- C:\WINDOWS\System32\drivers\RTL8187B.sys
[2010/11/23 18:59:04 | 000,270,720 | ---- | C] (Realtek Semiconductor Corporation                           ) -- C:\WINDOWS\System\rtl8187B.sys
[22 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
 
[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]
 
[2010/12/20 13:56:35 | 000,000,050 | ---- | M] () -- C:\WINDOWS\MegaManager.INI
[2010/12/20 12:01:27 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Administrateur\Local Settings\Application Data\prvlcl.dat
[2010/12/20 11:52:10 | 069,114,192 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2010/12/20 11:39:52 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/12/20 11:38:49 | 000,065,578 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2010/12/20 11:37:33 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/12/19 08:50:53 | 000,001,740 | ---- | M] () -- C:\Documents and Settings\Administrateur\Bureau\HijackThis.lnk
[2010/12/18 09:34:18 | 000,639,984 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\iavifw.avm
[2010/12/16 17:47:36 | 000,000,906 | ---- | M] () -- C:\Documents and Settings\Administrateur\Bureau\WahOO.lnk
[2010/12/15 14:22:51 | 000,000,859 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\AVG Anti-Spyware.lnk
[2010/12/09 18:07:07 | 000,035,840 | ---- | M] () -- C:\Documents and Settings\Administrateur\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/12/07 10:42:36 | 000,001,636 | ---- | M] () -- C:\Documents and Settings\Administrateur\Application Data\Microsoft\Internet Explorer\Quick Launch\CDBurnerXP.lnk
[2010/12/07 10:42:35 | 000,001,618 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\CDBurnerXP.lnk
[2010/12/05 08:58:08 | 000,000,050 | ---- | M] () -- C:\WINDOWS\Megakey.INI
[2010/12/03 14:38:31 | 000,002,583 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\ACDSee Pro 2.5.lnk
[2010/11/27 16:03:09 | 000,000,804 | ---- | M] () -- C:\Documents and Settings\Administrateur\Application Data\Microsoft\Internet Explorer\Quick Launch\Lecteur Windows Media.lnk
[2010/11/27 15:48:15 | 000,001,670 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\Mega Manager.lnk
[2010/11/27 15:48:15 | 000,001,670 | ---- | M] () -- C:\Documents and Settings\Administrateur\Application Data\Microsoft\Internet Explorer\Quick Launch\Mega Manager.lnk
[2010/11/26 18:42:39 | 000,000,862 | ---- | M] () -- C:\Documents and Settings\Administrateur\Application Data\Microsoft\Internet Explorer\Quick Launch\NoVirusThanks Malware Remover.lnk
[2010/11/26 18:42:39 | 000,000,844 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\NoVirusThanks Malware Remover.lnk
[2010/11/24 14:57:09 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\CCleaner.lnk
[2010/11/23 18:59:29 | 000,001,900 | ---- | M] () -- C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\REALTEK USB Wireless LAN Utility.lnk
[2010/11/21 15:09:28 | 000,500,872 | ---- | M] () -- C:\WINDOWS\System32\perfh00C.dat
[2010/11/21 15:09:28 | 000,432,492 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/11/21 15:09:28 | 000,080,748 | ---- | M] () -- C:\WINDOWS\System32\perfc00C.dat
[2010/11/21 15:09:28 | 000,067,448 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[22 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
 
[color=#E56717]========== Files Created - No Company Name ==========[/color]
 
[2010/12/19 08:50:53 | 000,001,740 | ---- | C] () -- C:\Documents and Settings\Administrateur\Bureau\HijackThis.lnk
[2010/12/16 17:47:36 | 000,000,906 | ---- | C] () -- C:\Documents and Settings\Administrateur\Bureau\WahOO.lnk
[2010/12/15 14:22:51 | 000,000,859 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\AVG Anti-Spyware.lnk
[2010/12/07 10:42:36 | 000,001,636 | ---- | C] () -- C:\Documents and Settings\Administrateur\Application Data\Microsoft\Internet Explorer\Quick Launch\CDBurnerXP.lnk
[2010/12/07 10:42:35 | 000,001,618 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\CDBurnerXP.lnk
[2010/12/07 10:42:33 | 000,007,168 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys
[2010/12/05 08:58:07 | 000,000,050 | ---- | C] () -- C:\WINDOWS\Megakey.INI
[2010/12/04 08:08:09 | 000,001,670 | ---- | C] () -- C:\Documents and Settings\Administrateur\Application Data\Microsoft\Internet Explorer\Quick Launch\Mega Manager.lnk
[2010/11/27 16:03:09 | 000,000,804 | ---- | C] () -- C:\Documents and Settings\Administrateur\Application Data\Microsoft\Internet Explorer\Quick Launch\Lecteur Windows Media.lnk
[2010/11/27 15:48:15 | 000,001,670 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\Mega Manager.lnk
[2010/11/26 18:42:39 | 000,000,862 | ---- | C] () -- C:\Documents and Settings\Administrateur\Application Data\Microsoft\Internet Explorer\Quick Launch\NoVirusThanks Malware Remover.lnk
[2010/11/26 18:42:39 | 000,000,844 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\NoVirusThanks Malware Remover.lnk
[2010/11/24 14:57:08 | 000,000,682 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\CCleaner.lnk
[2010/11/23 18:59:29 | 000,001,900 | ---- | C] () -- C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\REALTEK USB Wireless LAN Utility.lnk
[2010/04/09 16:57:13 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Administrateur\Local Settings\Application Data\prvlcl.dat
[2010/03/16 22:43:19 | 000,000,040 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\.zreglib
[2010/03/03 20:18:46 | 000,035,520 | ---- | C] () -- C:\WINDOWS\System32\drivers\RKHit.sys
[2010/02/08 17:07:54 | 000,032,256 | ---- | C] () -- C:\WINDOWS\avsredirect.dll
[2010/01/08 20:45:41 | 000,000,050 | ---- | C] () -- C:\WINDOWS\MegaManager.INI
[2009/12/07 19:17:27 | 000,000,192 | ---- | C] () -- C:\Documents and Settings\Administrateur\Application Data\burnaware.ini
[2009/09/28 10:36:47 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2009/04/22 20:46:51 | 000,000,169 | ---- | C] () -- C:\WINDOWS\RtlRack.ini
[2009/04/16 17:38:30 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\RemoveFocusRect.dll
[2009/04/16 12:53:20 | 000,037,888 | ---- | C] () -- C:\WINDOWS\System32\setupnt.dll
[2009/04/16 11:51:49 | 000,004,205 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2009/04/16 11:12:30 | 000,035,840 | ---- | C] () -- C:\Documents and Settings\Administrateur\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/04/16 10:44:25 | 000,000,473 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI
[2009/04/16 10:44:25 | 000,000,027 | ---- | C] () -- C:\WINDOWS\BRPP2KA.INI
[2009/04/16 10:41:15 | 000,031,831 | ---- | C] () -- C:\WINDOWS\maxlink.ini
[2009/04/16 10:26:56 | 000,278,528 | ---- | C] () -- C:\Program Files\Fichiers communs\FDEUnInstaller.exe
[2009/04/16 10:17:16 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
[2006/10/22 11:22:00 | 001,662,976 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2006/10/22 11:22:00 | 001,470,464 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2006/10/22 11:22:00 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2006/10/22 11:22:00 | 000,581,632 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll
[2006/10/22 11:22:00 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2006/10/22 11:22:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2006/10/22 11:22:00 | 000,212,992 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll
 
[color=#E56717]========== LOP Check ==========[/color]
 
[2009/04/16 15:11:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrateur\Application Data\ACD Systems
[2010/03/04 15:28:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrateur\Application Data\Acronis
[2010/03/27 09:51:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrateur\Application Data\Ashampoo
[2010/03/02 14:53:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrateur\Application Data\Auslogics
[2010/12/11 14:52:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrateur\Application Data\Canneverbe Limited
[2010/04/02 16:21:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrateur\Application Data\CheckPoint
[2010/02/25 22:18:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrateur\Application Data\CheeseSoft
[2010/03/07 18:01:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrateur\Application Data\Copernic
[2010/02/08 17:16:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrateur\Application Data\CoyoteReplay
[2010/02/17 20:38:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrateur\Application Data\Delete Cookie
[2010/03/07 20:34:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrateur\Application Data\Faces
[2010/03/24 22:05:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrateur\Application Data\GlarySoft
[2010/12/15 14:23:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrateur\Application Data\Grisoft
[2010/03/09 15:13:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrateur\Application Data\HideIPEasy
[2010/02/19 15:51:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrateur\Application Data\Megaupload
[2009/04/16 13:56:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrateur\Application Data\Micro Application
[2010/03/27 12:12:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrateur\Application Data\Mipony
[2010/03/03 20:12:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrateur\Application Data\Morpheus Software
[2010/03/29 18:01:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrateur\Application Data\OpenOffice.org
[2010/04/04 15:13:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrateur\Application Data\QUAD Backups
[2009/10/06 16:26:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrateur\Application Data\Sports Interactive
[2010/05/11 19:55:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrateur\Application Data\TeraCopy
[2010/03/24 22:42:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrateur\Application Data\thecleaner
[2010/11/24 08:29:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrateur\Application Data\Thunderbird
[2009/04/16 13:49:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrateur\Application Data\TuneUp Software
[2010/03/27 11:24:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrateur\Application Data\Uniblue
[2010/04/20 07:22:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrateur\Application Data\WNR
[2010/01/15 17:07:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrateur\Application Data\XnView
[2009/04/16 13:01:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ACD Systems
[2010/03/04 15:28:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Acronis
[2010/03/01 15:52:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2010/03/27 09:51:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ashampoo
[2010/04/04 14:44:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
[2010/12/11 14:52:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Canneverbe Limited
[2010/05/11 20:53:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CDRWIN 8
[2010/12/15 14:22:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Grisoft
[2010/03/20 11:54:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HideIPEasy
[2010/03/07 20:41:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Innovative Solutions
[2010/05/11 20:51:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Licenses
[2010/01/10 08:44:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Megaupload
[2010/04/24 08:30:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters
[2010/02/11 18:39:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ScanSoft
[2010/02/17 20:40:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TuneUp Software
[2010/03/22 14:57:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2010/04/20 07:22:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WNR
[2010/08/28 07:34:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/04/16 13:48:32 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\All Users\Application Data\{55A29068-F2CE-456C-9148-C869879E2357}
[2010/02/17 20:40:38 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\All Users\Application Data\{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}
[2010/12/05 08:54:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Megamedia
[2010/02/18 08:00:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\TuneUp Software
[2010/04/04 14:33:08 | 000,000,330 | ---- | M] () -- C:\WINDOWS\Tasks\GlaryInitialize.job
[2010/03/01 12:10:16 | 000,000,534 | ---- | M] () -- C:\WINDOWS\Tasks\Recherche de problèmes automatique.job
[2010/12/20 12:40:25 | 000,032,410 | ---- | M] () -- C:\WINDOWS\Tasks\SCHEDLGU.TXT
 
[color=#E56717]========== Purity Check ==========[/color]
 
 

< End of report >


Code: Tout sélectionner
 OTL Extras logfile created on: 20/12/2010 14:21:12 - Run 1
OTL by OldTimer - Version 3.2.17.4     Folder = G:\Téléchargements
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy
 
511,00 Mb Total Physical Memory | 170,00 Mb Available Physical Memory | 33,00% Memory free
1,00 Gb Paging File | 1,00 Gb Available in Paging File | 44,00% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 14,65 Gb Total Space | 5,63 Gb Free Space | 38,41% Space Free | Partition Type: NTFS
Drive G: | 22,61 Gb Total Space | 3,46 Gb Free Space | 15,31% Space Free | Partition Type: NTFS
 
Computer Name: LE_MIEN | User Name: Administrateur | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
[color=#E56717]========== Extra Registry (SafeList) ==========[/color]
 
 
[color=#E56717]========== File Associations ==========[/color]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
 
[HKEY_USERS\S-1-5-21-73586283-162531612-682003330-500\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
[color=#E56717]========== Shell Spawning ==========[/color]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [ACDSee Pro 2.5.Browse] -- "C:\Program Files\ACD Systems\ACDSee Pro\2.5\ACDSeeQVPro25.exe" "%1" (ACD Systems)
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[color=#E56717]========== Security Center Settings ==========[/color]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
 
[color=#E56717]========== System Restore Settings ==========[/color]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
 
[color=#E56717]========== Firewall Settings ==========[/color]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
 
[color=#E56717]========== Authorized Applications List ==========[/color]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Fichiers communs\AOL\ACS\AOLacsd.exe" = C:\Program Files\Fichiers communs\AOL\ACS\AOLacsd.exe:*:Enabled:AOL -- File not found
"C:\Program Files\Fichiers communs\AOL\ACS\AOLDial.exe" = C:\Program Files\Fichiers communs\AOL\ACS\AOLDial.exe:*:Enabled:AOL -- File not found
"C:\Program Files\AOL 9.0\waol.exe" = C:\Program Files\AOL 9.0\waol.exe:*:Enabled:AOL 9.0 -- File not found
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Java\jre6\bin\javaw.exe" = C:\Program Files\Java\jre6\bin\javaw.exe:*:Enabled:Java(TM) Platform SE binary -- (Sun Microsystems, Inc.)
"C:\Program Files\AVG\AVG9\avgam.exe" = C:\Program Files\AVG\AVG9\avgam.exe:*:Enabled:avgam.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG9\avgdiagex.exe" = C:\Program Files\AVG\AVG9\avgdiagex.exe:*:Enabled:avgdiagex.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG9\avgemc.exe" = C:\Program Files\AVG\AVG9\avgemc.exe:*:Enabled:avgemc.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG9\avgupd.exe" = C:\Program Files\AVG\AVG9\avgupd.exe:*:Enabled:avgupd.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG9\avgnsx.exe" = C:\Program Files\AVG\AVG9\avgnsx.exe:*:Enabled:avgnsx.exe -- (AVG Technologies CZ, s.r.o.)
 
 
[color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0271A4CB-D48C-4CDF-826F-62EE8D91663F}_is1" = WahOO
"{0BD83598-C2EF-3343-847B-7D2E84599128}" = Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - FRA
"{10ACC836-F47B-4236-96A5-DF52076EE70A}_is1" = NoVirusThanks Malware Remover 2.7.0.1
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216018FF}" = Java(TM) 6 Update 18
"{2D95950E-6D76-43E7-94A5-D9DBA2FD29E4}" = ACDSee Pro 2.5
"{332CC6BF-E6C7-48EE-BA3D-435E576AD67F}" = PaperPort Image Printer
"{3B6E3FC6-274C-4B6C-BC85-5C3B15DE18E2}" = Mega Manager
"{3E31821C-7917-367E-938E-E65FC413EA31}" = Microsoft .NET Framework 3.5 Language Pack SP1 - fra
"{607169F0-07F6-4797-99D2-D5E7C4715E20}" = Mega Manager
"{72AD53CC-CCC0-3757-8480-9EE176866A7C}" = Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - FRA
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8686D4FE-62EF-46FB-B9FD-00679EB381FF}_is1" = Trojan Killer 2.0
"{90120000-0010-040C-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders  (French) 12
"{90120000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2007
"{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0015-040C-0000-0000000FF1CE}" = Microsoft Office Access MUI (French) 2007
"{90120000-0015-040C-0000-0000000FF1CE}_PROPLUS_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-040C-0000-0000000FF1CE}" = Microsoft Office Excel MUI (French) 2007
"{90120000-0016-040C-0000-0000000FF1CE}_PROPLUS_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-040C-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (French) 2007
"{90120000-0018-040C-0000-0000000FF1CE}_PROPLUS_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-040C-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (French) 2007
"{90120000-0019-040C-0000-0000000FF1CE}_PROPLUS_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-040C-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (French) 2007
"{90120000-001A-040C-0000-0000000FF1CE}_PROPLUS_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-040C-0000-0000000FF1CE}" = Microsoft Office Word MUI (French) 2007
"{90120000-001B-040C-0000-0000000FF1CE}_PROPLUS_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0401-0000-0000000FF1CE}" = Microsoft Office Proof (Arabic) 2007
"{90120000-001F-0401-0000-0000000FF1CE}_PROPLUS_{14809F99-C601-4D4A-9391-F1E8FAA964C5}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_PROPLUS_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROPLUS_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROPLUS_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0413-0000-0000000FF1CE}" = Microsoft Office Proof (Dutch) 2007
"{90120000-001F-0413-0000-0000000FF1CE}_PROPLUS_{D66D5A44-E480-4BA4-B4F2-C554F6B30EBB}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_PROPLUS_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-040C-0000-0000000FF1CE}" = Microsoft Office Proofing (French) 2007
"{90120000-0044-040C-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (French) 2007
"{90120000-0044-040C-0000-0000000FF1CE}_PROPLUS_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-040C-0000-0000000FF1CE}" = Microsoft Office Shared MUI (French) 2007
"{90120000-006E-040C-0000-0000000FF1CE}_PROPLUS_{B165D3C2-40AE-4D39-86F7-E5C87C4264C0}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{97C82B44-D408-4F14-9252-47FC1636D23E}_is1" = IZArc 3.81
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A3FEC306-FBFF-4B0D-95B9-F9C67C65079E}" = Brother MFL-Pro Suite
"{AC76BA86-7AD7-1036-7B44-A94000000001}" = Adobe Reader 9.4.1 - Français
"{B6C89654-A6A2-477C-873B-724EC1C56407}" = ScanSoft PaperPort 11
"{BE686891-3C56-4714-AFEF-341A7867BA80}" = REALTEK USB Wireless LAN Driver and Utility
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Photoshop 7.0" = Adobe Photoshop 7.0
"AnyDVD" = AnyDVD
"AVG9Uninstall" = AVG 9.0
"AVGAntiSpyware75" = AVG Anti-Spyware 7.5
"CCleaner" = CCleaner
"Cloneur Expert" = Cloneur Expert
"DVD Shrink_is1" = DVD Shrink 3.2
"Glary Utilities_is1" = Glary Utilities Pro 2.21.0.863
"HijackThis" = HijackThis 2.0.2
"InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Gestionnaire de périphériques de plate-forme
"Meteo Fusion _is1" = Meteo Fusion 1.5.9.11
"Microsoft .NET Framework 3.5 Language Pack SP1 - fra" = Module linguistique Microsoft .NET Framework 3.5 SP1- fra
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.6.13)" = Mozilla Firefox (3.6.13)
"MP3 CD Ripper_is1" = MP3 CD Ripper 4.01
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NetMeter_is1" = NetMeter 1.1.3
"NVIDIA Drivers" = NVIDIA Drivers
"PROPLUS" = Microsoft Office Professional Plus 2007
"SFR_Kit" = SFR - Kit de connexion
"StatBar_is1" = StatBar 2.406
"StreetPlugin" = Learn2 Player (Uninstall Only)
"SuperCopier2" = SuperCopier2
"TuneUp Utilities" = TuneUp Utilities
"UltraISO_is1" = UltraISO Premium V9.36
"Unlocker" = Unlocker 1.8.7
"Usbfix" = UsbFix By El Desaparecido & C_XX
"VLC media player" = VLC media player 1.0.1
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"WinRAR archiver" = WinRAR archiver
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
 
[color=#E56717]========== Last 10 Event Log Errors ==========[/color]
 
[ Application Events ]
Error - 01/03/2010 06:19:34 | Computer Name = LE_MIEN | Source = WmiAdapter | ID = 4099
Description = Échec de l'ouverture de services.
 
Error - 01/03/2010 06:19:35 | Computer Name = LE_MIEN | Source = WmiAdapter | ID = 4099
Description = Échec de l'ouverture de services.
 
Error - 01/03/2010 06:19:36 | Computer Name = LE_MIEN | Source = WmiAdapter | ID = 4099
Description = Échec de l'ouverture de services.
 
Error - 01/03/2010 06:19:36 | Computer Name = LE_MIEN | Source = WmiAdapter | ID = 4099
Description = Échec de l'ouverture de services.
 
Error - 01/03/2010 06:19:38 | Computer Name = LE_MIEN | Source = WmiAdapter | ID = 4099
Description = Échec de l'ouverture de services.
 
Error - 01/03/2010 06:19:39 | Computer Name = LE_MIEN | Source = WmiAdapter | ID = 4099
Description = Échec de l'ouverture de services.
 
Error - 01/03/2010 06:20:11 | Computer Name = LE_MIEN | Source = WmiAdapter | ID = 4099
Description = Échec de l'ouverture de services.
 
Error - 01/03/2010 06:20:12 | Computer Name = LE_MIEN | Source = WmiAdapter | ID = 4099
Description = Échec de l'ouverture de services.
 
Error - 01/03/2010 06:20:13 | Computer Name = LE_MIEN | Source = WmiAdapter | ID = 4099
Description = Échec de l'ouverture de services.
 
Error - 01/03/2010 06:20:19 | Computer Name = LE_MIEN | Source = WmiAdapter | ID = 4099
Description = Échec de l'ouverture de services.
 
[ System Events ]
Error - 27/02/2010 11:17:41 | Computer Name = LE_MIEN | Source = DCOM | ID = 10005
Description = DCOM a reçu l'erreur "%1058" lors de la mise en route du service StiSvc
 avec les arguments ""  pour démarrer le serveur :  {A1F4E726-8CF1-11D1-BF92-0060081ED811}
 
Error - 28/02/2010 03:39:07 | Computer Name = LE_MIEN | Source = Service Control Manager | ID = 7000
Description = Le service ElbyCDIO Driver n'a pas pu démarrer en raison de l'erreur :
   %%2
 
Error - 28/02/2010 04:03:07 | Computer Name = LE_MIEN | Source = Service Control Manager | ID = 7000
Description = Le service ElbyCDIO Driver n'a pas pu démarrer en raison de l'erreur :
   %%2
 
Error - 28/02/2010 04:18:49 | Computer Name = LE_MIEN | Source = DCOM | ID = 10005
Description = DCOM a reçu l'erreur "%1058" lors de la mise en route du service StiSvc
 avec les arguments ""  pour démarrer le serveur :  {A1F4E726-8CF1-11D1-BF92-0060081ED811}
 
Error - 28/02/2010 04:20:24 | Computer Name = LE_MIEN | Source = DCOM | ID = 10005
Description = DCOM a reçu l'erreur "%1058" lors de la mise en route du service StiSvc
 avec les arguments ""  pour démarrer le serveur :  {A1F4E726-8CF1-11D1-BF92-0060081ED811}
 
Error - 01/03/2010 06:18:47 | Computer Name = LE_MIEN | Source = Service Control Manager | ID = 7022
Description = Le service avast! Antivirus est en attente de démarrage.
 
Error - 01/03/2010 06:18:47 | Computer Name = LE_MIEN | Source = Service Control Manager | ID = 7000
Description = Le service ElbyCDIO Driver n'a pas pu démarrer en raison de l'erreur :
   %%2
 
Error - 01/03/2010 07:41:19 | Computer Name = LE_MIEN | Source = DCOM | ID = 10005
Description = DCOM a reçu l'erreur "%1058" lors de la mise en route du service StiSvc
 avec les arguments ""  pour démarrer le serveur :  {A1F4E726-8CF1-11D1-BF92-0060081ED811}
 
Error - 01/03/2010 07:42:58 | Computer Name = LE_MIEN | Source = DCOM | ID = 10005
Description = DCOM a reçu l'erreur "%1058" lors de la mise en route du service StiSvc
 avec les arguments ""  pour démarrer le serveur :  {A1F4E726-8CF1-11D1-BF92-0060081ED811}
 
Error - 01/03/2010 07:43:21 | Computer Name = LE_MIEN | Source = DCOM | ID = 10005
Description = DCOM a reçu l'erreur "%1058" lors de la mise en route du service StiSvc
 avec les arguments ""  pour démarrer le serveur :  {A1F4E726-8CF1-11D1-BF92-0060081ED811}
 
 
< End of report >


Merci...
ricus68
Visiteur Confirmé
Visiteur Confirmé
 
Messages: 16
Inscription: 19 Déc 2010 08:53
 

Re: envoi de mails automatique (zombie pc)

Message le 20 Déc 2010 18:11

Salut!

Tu as un joli locataire sur ton PC que l'on identifie sous le terme générique de RootKit.
Un RootKit est un Malware (virus, programme) qui agit furtivement pour pirater tes connexions ou alors utiliser tes connexions pour infester d'autres PC. Il installe aussi d'autres logiciels à ton insu ...

On va vérifier cela :
Connecte toi ici --> VirusTotal
> Clique sur la fenêtre Parcourir et recherche dans la fenêtre de ton Windows ce fichier en gras :
C:\WINDOWS\System32\drivers\RKHit.sys

(il se situe sur ta partition C:\, dans Windows et dans System32, tu le trouveras dans la fenêtre de droite)
> Sélectionne-le et clique ensuite sur Ouvrir dans la même fenêtre.
(Automatiquement cette ligne apparaîtra dans la fenêtre Parcourir)
> Clique enfin sur le bouton Send file et laisse le scan en ligne s'effectuer.
> En fin de scan (qui peut prendre plusieurs minutes) tu obtiendras un rapport.
> Copie ce rapport sur ton Bureau > connecte toi ici et poste le moi
Avatar de l'utilisateur
danakil
Expert(e)
Expert(e)
 
Messages: 1363
Inscription: 16 Juil 2009 09:47
 

Re: envoi de mails automatique (zombie pc)

Message le 20 Déc 2010 20:23

Bonsoir, je m'exécute (et merci pour l'aide) :

Code: Tout sélectionner
File already submitted: The file sent has already been analysed by VirusTotal in the past.
 This is same basic info regarding the sample itself and its last analysis:
MD5:   fde1282754cc09e4c4df85aca86fe5c5
Date first seen:   2009-02-09 11:27:51 (UTC)
Date last seen:   2010-09-29 16:40:42 (UTC)
Detection ratio:   0/43

0 VT Community user(s) with a total of 0 reputation credit(s) say(s) this sample is goodware. 0 VT Community user(s) with a total of 0 reputation credit(s) say(s) this sample is malware.
File name:
RKHit.sys
Submission date:
2010-12-20 19:17:05 (UTC)
Current status:
queued (#151) queued analysing finished
Result:
0/ 43 (0.0%)
   
VT Community

not reviewed
 Safety score: -
Compact
Print results
Antivirus    Version    Last Update    Result
AhnLab-V3   2010.12.20.06   2010.12.20   -
AntiVir   7.11.0.110   2010.12.20   -
Antiy-AVL   2.0.3.7   2010.12.20   -
Avast   4.8.1351.0   2010.12.20   -
Avast5   5.0.677.0   2010.12.20   -
AVG   9.0.0.851   2010.12.20   -
BitDefender   7.2   2010.12.20   -
CAT-QuickHeal   11.00   2010.12.20   -
ClamAV   0.96.4.0   2010.12.20   -
Command   5.2.11.5   2010.12.20   -
Comodo   7130   2010.12.20   -
DrWeb   5.0.2.03300   2010.12.20   -
Emsisoft   5.1.0.1   2010.12.20   -
eSafe   7.0.17.0   2010.12.19   -
eTrust-Vet   36.1.8050   2010.12.20   -
F-Prot   4.6.2.117   2010.12.20   -
F-Secure   9.0.16160.0   2010.12.20   -
Fortinet   4.2.254.0   2010.12.19   -
GData   21   2010.12.20   -
Ikarus   T3.1.1.90.0   2010.12.20   -
Jiangmin   13.0.900   2010.12.20   -
K7AntiVirus   9.73.3296   2010.12.20   -
Kaspersky   7.0.0.125   2010.12.20   -
McAfee   5.400.0.1158   2010.12.20   -
McAfee-GW-Edition   2010.1C   2010.12.20   -
Microsoft   1.6402   2010.12.20   -
NOD32   5718   2010.12.20   -
Norman   6.06.12   2010.12.20   -
nProtect   2010-12-20.01   2010.12.20   -
Panda   10.0.2.7   2010.12.20   -
PCTools   7.0.3.5   2010.12.20   -
Prevx   3.0   2010.12.20   -
Rising   22.78.06.04   2010.12.20   -
Sophos   4.60.0   2010.12.20   -
SUPERAntiSpyware   4.40.0.1006   2010.12.20   -
Symantec   20101.3.0.103   2010.12.20   -
TheHacker   6.7.0.1.103   2010.12.20   -
TrendMicro   9.120.0.1004   2010.12.20   -
TrendMicro-HouseCall   9.120.0.1004   2010.12.20   -
VBA32   3.12.14.2   2010.12.20   -
VIPRE   7732   2010.12.20   -
ViRobot   2010.12.20.4210   2010.12.20   -
VirusBuster   13.6.104.2   2010.12.20   -
Additional information
Show all
MD5   : fde1282754cc09e4c4df85aca86fe5c5
SHA1  : ed81ec1ea664baab7c505505d438f2d63341bd0f
SHA256: 1d74065373f5be07d8d927ae96a685f8a036b167722dd42a7977aaa00d571cd8
ssdeep: 768:Lp5xc53aqYJ2t6LL8np3S9uWKbxLjk8ILplEbc/fLMbz:LpnMaqYJ2cLL8np35Xbxk8ILTE
b0kz
File size : 35520 bytes
First seen: 2009-02-09 11:27:51
Last seen : 2010-12-20 19:17:05
TrID:
Win32 Executable Generic (58.4%)
Clipper DOS Executable (13.8%)
Generic Win/DOS Executable (13.7%)
DOS Executable Generic (13.7%)
VXD Driver (0.2%)
sigcheck:
publisher....: n/a
copyright....: Copyright (C) QiWang Corporation
product......: RKHit
description..: RKHit
original name: RKHit
internal name: RKHit
file version.: 2, 0, 0, 0
comments.....: n/a
signers......: Qiwang Computer
VeriSign Class 3 Code Signing 2004 CA
Class 3 Public Primary Certification Authority
signing date.: 10:29 AM 2/5/2009
verified.....: -
packers (Kaspersky): PE_Patch
PEInfo: PE structure information

[[ basic data ]]
entrypointaddress: 0x6385
timedatestamp....: 0x48CF79AC (Tue Sep 16 09:17:32 2008)
machinetype......: 0x14c (I386)

[[ 6 section(s) ]]
name, viradd, virsiz, rawdsiz, ntropy, md5
.text, 0x480, 0x4AB0, 0x4B00, 6.37, 62a8aa7f7ddf4867ec356dd14aad7fa2
.rdata, 0x4F80, 0x2E4, 0x300, 3.83, e958541d1f801eb43098a072ff1fc0da
.data, 0x5280, 0x1090, 0x1100, 0.01, 15800a9c230a2a86476577d9a2d48c09
INIT, 0x6380, 0x95C, 0x980, 5.34, 2a686358bd7d2f9323c5fc4fd43d7092
.rsrc, 0x6D00, 0x2E0, 0x300, 3.01, 368ed489a87b035095dba8505d52e7d5
.reloc, 0x7000, 0x572, 0x580, 6.26, 7d0865f0d3bcc6e87505dbf8dc22247d

[[ 2 import(s) ]]
ntoskrnl.exe: _except_handler3, MmUnlockPages, ObfDereferenceObject, KeUnstackDetachProcess, KeStackAttachProcess, DbgPrint, PsLookupProcessByProcessId, MmIsAddressValid, KeInitializeSpinLock, ObReferenceObjectByName, IoDriverObjectType, RtlInitUnicodeString, ExFreePool, _stricmp, strrchr, ExAllocatePoolWithTag, ZwQuerySystemInformation, IoFileObjectType, ZwClose, ObReferenceObjectByHandle, ZwOpenKey, PsProcessType, IoDeviceObjectType, MmSectionObjectType, ZwUnmapViewOfSection, ZwMapViewOfSection, ZwCreateSection, ZwOpenFile, RtlImageDirectoryEntryToData, NtBuildNumber, RtlAppendUnicodeStringToString, RtlVolumeDeviceToDosName, IoCreateFile, wcscpy, ProbeForRead, IoGetCurrentProcess, KeGetCurrentThread, KeServiceDescriptorTable, ObQueryNameString, ObReferenceObjectByPointer, IoAllocateMdl, PsGetVersion, MmUserProbeAddress, IoThreadToProcess, PsLookupThreadByThreadId, NtGlobalFlag, PsThreadType, IofCallDriver, ZwOpenDirectoryObject, MmGetVirtualForPhysical, MmGetPhysicalAddress, MmSystemRangeStart, IoFreeIrp, KeSetEvent, KeWaitForSingleObject, MmBuildMdlForNonPagedPool, IoAllocateIrp, IoGetBaseFileSystemDeviceObject, KeInitializeEvent, IoGetDeviceObjectPointer, ZwQuerySymbolicLinkObject, ZwOpenSymbolicLinkObject, swprintf, IoGetConfigurationInformation, ZwTerminateProcess, PsGetCurrentProcessId, KeInsertQueueApc, KeInitializeApc, KeClearEvent, ExfInterlockedInsertTailList, ExfInterlockedRemoveHeadList, IoCreateSynchronizationEvent, MmGetSystemRoutineAddress, IoDeleteDevice, IoDeleteSymbolicLink, RtlInitAnsiString, IofCompleteRequest, IoCreateSymbolicLink, IoCreateDevice, KeTickCount, KeBugCheckEx, MmProbeAndLockPages, MmMapLockedPagesSpecifyCache, ObOpenObjectByPointer, IoFreeMdl
HAL.dll: KfAcquireSpinLock, KfReleaseSpinLock, KeStallExecutionProcessor

VT Community

0

    This file has never been reviewed by any VT Community member. Be the first one to comment on it! 
ricus68
Visiteur Confirmé
Visiteur Confirmé
 
Messages: 16
Inscription: 19 Déc 2010 08:53
 

Re: envoi de mails automatique (zombie pc)

Message le 21 Déc 2010 02:42

Hum!
Pas trés concluant les avis de VirusTotal.

On va fouiller un peu plus loin.

• Télécharge ZHPDiag de Nicolas coolman sur ton Bureau.
• Double clique sur le fichier d'installation, puis installe le avec les paramètres par défaut (Coche "Créer une icône sur le bureau")
• Lance ZHPDiag en double cliquant sur l'icône Image présente sur ton Bureau.
[Clique droit -> Exécuter en tant qu'Administrateur ( Vista/seven )]
• Clique sur la loupe en haut à gauche, puis laisse l'outil scanner le PC.
• Une fois le scan terminé, clique sur l'icône en forme de disquette et enregistre le fichier sur ton Bureau.
• Poste le contenu du rapport dans ta prochaine réponse en utilisant ce site : http://www.cijoint.fr/

> ... sur le site de cijoint :
• Clique sur Parcourir pour rechercher le rapport puis sur Cliquez ici pour déposer le fichier
• Copie et colle ici le lien web qui te sera donné.
• Il est de type : http://www.cijoint.fr/cjlink.php?file=c ... 8MD0zB.txt
Avatar de l'utilisateur
danakil
Expert(e)
Expert(e)
 
Messages: 1363
Inscription: 16 Juil 2009 09:47
 

Re: envoi de mails automatique (zombie pc)

Message le 21 Déc 2010 20:27

Bonsoir, voilà un nouveau rapport...

Code: Tout sélectionner
http://www.cijoint.fr/cjlink.php?file=cj201012/cijYeA5OIU.txt


Merci...
ricus68
Visiteur Confirmé
Visiteur Confirmé
 
Messages: 16
Inscription: 19 Déc 2010 08:53
 

Re: envoi de mails automatique (zombie pc)

Message le 23 Déc 2010 14:08

Salut,

danakil n'est pas dispo en ce moment, peux-tu faire cela stp...dans l'ordre...

Télécharge >>> AD-Remover <<< ( de C_XX ) sur ton bureau.

- Double-clique sur le fichier AD-R.exe Image pour lancer le tool.

- Pour Vista /Seven faire un cliques droit sur l'icône et choisir "Exécuter en tant qu'administrateur"

- Cliques sur "Nettoyer".

- Ensuite laisse le scan s'effectuer tranquillement sans te servir du PC

- Poste le rapport.txt qui s'ouvre.

au cas ou,le rapport est sauvegarder ici
C:\AD-Report-scan+"date"

Si jamais tu dois relancer AD-R.exe tu devras te servir du raccourci Imagecréer durant son installation

ensuite...

  • Vue que tu as Malwarebytes, met le à jour et fais un scan rapide.
  • Poste moi le rapport stp.

ensuite...

* relance OTL.
* Assure toi d'avoir fermé toutes les applications en court de fonctionnement.

* Quand la fenêtre d'OTL apparaît, assure toi que dans la section "Rapport" (en haut à droite) la case "rapport minimal " soit cochée.

* Coches les case situées devant "Tous les utilisateurs", " Recherche LOP" et "Recherche Purity".

* Copier et colle le contenue de cette citation dans la partie inférieure d'OTL "personnalisation"

C:\WINDOWS\system32\windows32\*.* /s


* Cliques sur l'icône "Analyse" (en haut à gauche) .
* Laisse le scan aller à son terme sans te servir du PC
* A la fin du scan un rapports va s'ouvrir "OTL.Txt"
* Copie et colle le rapport dans ta réponse stp...
* Note: tu n'auras pas de rapport "extrat.txt cette fois ci

@++
Avatar de l'utilisateur
jeanmimigab
PC-Infopraticien
PC-Infopraticien
 
Messages: 2986
Inscription: 29 Nov 2009 12:05
 

Re: envoi de mails automatique (zombie pc)

Message le 27 Déc 2010 15:35

Bonjour et merci pour ton aide, voilà les deux nouveux rapports :

Code: Tout sélectionner
 ======= RAPPORT D'AD-REMOVER 2.0.0.2,C | UNIQUEMENT XP/VISTA/7 =======

Mis à jour par TeamXscript le 22/12/10 à 11:40
Contact: AdRemover[DOT]contact[AT]gmail[DOT]com
Site web: http://www.teamxscript.org

C:\Program Files\Ad-Remover\main.exe (SCAN [2]) -> Lancé à 15:05:54 le 27/12/2010, Mode normal

Microsoft Windows XP Professionnel Service Pack 3 (X86)
Administrateur@LE_MIEN ( )
 
============== RECHERCHE ==============





============== SCAN ADDITIONNEL ==============

** Mozilla Firefox Version [3.6.13 (fr)] **

-- C:\Documents and Settings\Administrateur\Application Data\Mozilla\FireFox\Profiles\fehwkizw.default\Prefs.js --
browser.download.dir, G:\\Téléchargements
browser.download.lastDir, C:\\Documents and Settings\\Administrateur\\Bureau
browser.search.defaultenginename, Search the web (Babylon)
browser.search.selectedEngine, Google
browser.startup.homepage, hxxp://www.google.fr/
browser.startup.homepage_override.mstone, rv:1.9.2.13
privacy.popups.showBrowserMessage, false

========================================

** Internet Explorer Version [7.0.5730.13] **

[HKCU\Software\Microsoft\Internet Explorer\Main]
Default_Page_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Do404Search: 0x01000000
Enable Browser Extensions: yes
Local Page: C:\WINDOWS\SYSTEM32\blank.htm
Search bar: hxxp://go.microsoft.com/fwlink/?linkid=54896
Show_ToolBar: yes
Start Page: hxxp://fr.msn.com/

[HKLM\Software\Microsoft\Internet Explorer\Main]
Default_Page_URL: hxxp://go.microsoft.com/fwlink/?LinkId=54896
Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Delete_Temp_Files_On_Exit: yes
Local Page: C:\WINDOWS\SYSTEM32\blank.htm
Search bar: hxxp://search.msn.com/spbasic.htm
Search Page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Start Page: hxxp://fr.msn.com/

[HKLM\Software\Microsoft\Internet Explorer\ABOUTURLS]
Tabs: res://ieframe.dll/tabswelcome.htm
Blank: res://mshtml.dll/blank.htm

========================================

C:\Program Files\Ad-Remover\Quarantine: 1 Fichier(s)
C:\Program Files\Ad-Remover\Backup: 16 Fichier(s)

C:\Ad-Report-CLEAN[1].txt - 27/12/2010 (3501 Octet(s))
C:\Ad-Report-SCAN[2].txt - 27/12/2010 (2322 Octet(s))

Fin à: 15:11:24, 27/12/2010
 
============== E.O.F ==============


Code: Tout sélectionner
  OTL logfile created on: 27/12/2010 15:22:30 - Run 2
OTL by OldTimer - Version 3.2.18.0     Folder = C:\Documents and Settings\Administrateur\Bureau
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy
 
511,00 Mb Total Physical Memory | 125,00 Mb Available Physical Memory | 25,00% Memory free
1,00 Gb Paging File | 1,00 Gb Available in Paging File | 71,00% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 14,65 Gb Total Space | 4,25 Gb Free Space | 28,99% Space Free | Partition Type: NTFS
Drive G: | 22,61 Gb Total Space | 2,69 Gb Free Space | 11,89% Space Free | Partition Type: NTFS
 
Computer Name: LE_MIEN | User Name: Administrateur | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
[color=#E56717]========== Processes (SafeList) ==========[/color]
 
PRC - C:\Documents and Settings\Administrateur\Bureau\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files\Megaupload\Mega Manager\MegaManager.exe (Megaupload Limited)
PRC - C:\Program Files\CDBurnerXP\NMSAccessU.exe ()
PRC - C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe (TuneUp Software)
PRC - C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe (TuneUp Software)
PRC - C:\Program Files\SFR\Kit\9props.exe (SFR)
PRC - C:\Program Files\Fichiers communs\BitDefender\BitDefender Update Service\livesrv.exe (BitDefender SRL)
PRC - C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe (BitDefender S. R. L.)
PRC - C:\Program Files\BitDefender\BitDefender 2009\seccenter.exe ()
PRC - C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe (BitDefender S.R.L.)
PRC - C:\Program Files\Fichiers communs\Acronis\Schedule2\schedul2.exe (Acronis)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\REALTEK\USB Wireless LAN Utility\RtWLan.exe (Realtek Semiconductor Corp.)
PRC - C:\Program Files\SuperCopier2\SuperCopier2.exe (SFX TEAM)
 
 
[color=#E56717]========== Modules (SafeList) ==========[/color]
 
MOD - C:\Documents and Settings\Administrateur\Bureau\OTL.exe (OldTimer Tools)
MOD - C:\Program Files\BitDefender\BitDefender 2009\BitDefender InnerFire\midas32-v1.5_48\plugin_registry.m32 (BitDefender S.R.L. Bucharest, ROMANIA)
MOD - C:\Program Files\BitDefender\BitDefender 2009\BitDefender InnerFire\midas32-v1.5_48\plugin_nt.m32 (BitDefender S.R.L. Bucharest, ROMANIA)
MOD - C:\Program Files\BitDefender\BitDefender 2009\BitDefender InnerFire\midas32-v1.5_48\plugin_fragments.m32 (BitDefender S.R.L. Bucharest, ROMANIA)
MOD - C:\Program Files\BitDefender\BitDefender 2009\BitDefender InnerFire\midas32-v1.5_48\plugin_net.m32 (BitDefender S.R.L. Bucharest, ROMANIA)
MOD - C:\Program Files\BitDefender\BitDefender 2009\BitDefender InnerFire\midas32-v1.5_48\plugin_extra.m32 (BitDefender S.R.L. Bucharest, ROMANIA)
MOD - C:\Program Files\BitDefender\BitDefender 2009\BitDefender InnerFire\midas32-v1.5_48\plugin_base.m32 (BitDefender S.R.L. Bucharest, ROMANIA)
MOD - C:\Program Files\BitDefender\BitDefender 2009\BitDefender InnerFire\midas32-v1.5_48\midas32.dll (BitDefender S.R.L. Bucharest, ROMANIA)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll (Microsoft Corporation)
MOD - C:\Program Files\SuperCopier2\SC2Hook.dll (SFX TEAM)
 
 
[color=#E56717]========== Win32 Services (SafeList) ==========[/color]
 
SRV - (TlntSvr) -- C:\WINDOWS\System32\tlntsvr.exe File not found
SRV - (HidServ) -- C:\WINDOWS\System32\hidserv.dll File not found
SRV - (DfSdkS) --  File not found
SRV - (scan) -- C:\Program Files\Fichiers communs\BitDefender\BitDefender Threat Scanner\scan.dll (S.C. BitDefender S.R.L)
SRV - (FLEXnet Licensing Service) -- C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
SRV - (NMSAccess) -- C:\Program Files\CDBurnerXP\NMSAccessU.exe ()
SRV - (TuneUp.Defrag) -- C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe (TuneUp Software)
SRV - (TuneUp.UtilitiesSvc) -- C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe (TuneUp Software)
SRV - (UxTuneUp) -- C:\WINDOWS\system32\uxtuneup.dll (TuneUp Software)
SRV - (LIVESRV) -- C:\Program Files\Fichiers communs\BitDefender\BitDefender Update Service\livesrv.exe (BitDefender SRL)
SRV - (VSSERV) -- C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe (BitDefender S. R. L.)
SRV - (odserv) -- C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\ODSERV.EXE (Microsoft Corporation)
SRV - (AcrSch2Svc) -- C:\Program Files\Fichiers communs\Acronis\Schedule2\schedul2.exe (Acronis)
SRV - (ose) -- C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
 
 
[color=#E56717]========== Driver Services (SafeList) ==========[/color]
 
DRV - (MEMSWEEP2) -- C:\WINDOWS\System32\5C.tmp File not found
DRV - (bdfm) -- C:\WINDOWS\system32\drivers\bdfm.sys (BitDefender S.R.L. Bucharest, ROMANIA)
DRV - (snapman380) Acronis Snapshots Manager (Build 380) -- C:\WINDOWS\system32\DRIVERS\snman380.sys (Acronis)
DRV - (PCANDIS5) -- C:\WINDOWS\system32\PCANDIS5.sys (Printing Communications Assoc., Inc. (PCAUSA))
DRV - (ISODrive) -- C:\Program Files\UltraISO\drivers\ISODrive.sys (EZB Systems, Inc.)
DRV - (StarOpen) -- C:\WINDOWS\System32\drivers\StarOpen.sys ()
DRV - (TuneUpUtilitiesDrv) -- C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys (TuneUp Software)
DRV - (VClone) -- C:\WINDOWS\system32\drivers\VClone.sys (Elaborate Bytes AG)
DRV - (videX32) -- C:\WINDOWS\system32\DRIVERS\videX32.sys (VIA Technologies, Inc.)
DRV - (ASCTRM) -- C:\WINDOWS\System32\drivers\asctrm.sys (Windows (R) 2000 DDK provider)
DRV - (bdfsfltr) -- C:\WINDOWS\system32\drivers\bdfsfltr.sys (BitDefender S.R.L. Bucharest, ROMANIA)
DRV - (Trufos) -- C:\Program Files\Fichiers communs\BitDefender\BitDefender Threat Scanner\trufos.sys (BitDefender S.R.L.)
DRV - (BDSelfPr) -- C:\Program Files\BitDefender\BitDefender 2009\bdselfpr.sys (BitDefender S.R.L.)
DRV - (ALCXWDM) Service for Realtek AC97 Audio (WDM) -- C:\WINDOWS\system32\drivers\alcxwdm.sys (Realtek Semiconductor Corp.)
DRV - (Profos) -- C:\Program Files\Fichiers communs\BitDefender\BitDefender Threat Scanner\profos.sys ()
DRV - (LMouFilt) -- C:\WINDOWS\system32\drivers\LMouFilt.Sys (Logicool, Inc.)
DRV - (LHidFilt) -- C:\WINDOWS\system32\drivers\LHidFilt.Sys (Logicool, Inc.)
DRV - (RTL8187B) -- C:\WINDOWS\system32\drivers\RTL8187B.sys (Realtek Semiconductor Corporation                           )
DRV - (nv) -- C:\WINDOWS\system32\drivers\nv4_mini.sys (NVIDIA Corporation)
DRV - (AnyDVD) -- C:\WINDOWS\system32\drivers\AnyDVD.sys (SlySoft, Inc.)
DRV - (ElbyCDIO) -- C:\WINDOWS\system32\drivers\ElbyCDIO.sys (Elaborate Bytes AG)
DRV - (BrScnUsb) -- C:\WINDOWS\system32\drivers\BrScnUsb.sys (Brother Industries Ltd.)
DRV - (viaagp1) -- C:\WINDOWS\system32\DRIVERS\viaagp1.sys (VIA Technologies, Inc.)
 
 
[color=#E56717]========== Standard Registry (SafeList) ==========[/color]
 
 
[color=#E56717]========== Internet Explorer ==========[/color]
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-73586283-162531612-682003330-500\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/
IE - HKU\S-1-5-21-73586283-162531612-682003330-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
[color=#E56717]========== FireFox ==========[/color]
 
FF - prefs.js..browser.search.defaultenginename: "Search the web (Babylon)"
FF - prefs.js..browser.search.defaultthis.engineName: "mipony-plugin Customized Web Search"
FF - prefs.js..browser.search.order.1: "Search the web (Babylon)"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.startup.homepage: "http://www.google.fr/"
FF - prefs.js..extensions.enabledItems: {1018e4d6-728f-4b20-ad56-37578a4de76b}:4.0.12
FF - prefs.js..extensions.enabledItems: newtaburl@sogame.cat:2.2.0
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3
FF - prefs.js..extensions.enabledItems: support@easy-hideip.com:1.0
FF - prefs.js..extensions.enabledItems: {40a1f5d7-afc2-498f-b264-02668d616ff6}:1.1
FF - prefs.js..extensions.enabledItems: {e0204bd5-9d31-402b-a99d-a6aa8ffebdca}:1.2.5
FF - prefs.js..extensions.enabledItems: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20100908
FF - prefs.js..extensions.enabledItems: {4176DFF4-4698-11DE-BEEB-45DA55D89593}:0.8.6
FF - prefs.js..network.proxy.share_proxy_settings: true
 
FF - user.js..browser.search.openintab: false
 
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/12/13 15:52:42 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/12/12 15:04:34 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.7\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2010/12/20 20:32:54 | 000,000,000 | ---D | M]
 
[2010/11/24 08:29:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrateur\Application Data\Mozilla\Extensions
[2010/11/24 08:29:39 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrateur\Application Data\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2010/12/27 15:00:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\fehwkizw.default\extensions
[2010/12/21 17:49:12 | 000,000,000 | ---D | M] (Flagfox) -- C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\fehwkizw.default\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}
[2010/05/01 06:37:54 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\fehwkizw.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/11/27 15:50:01 | 000,000,000 | ---D | M] (Mega Manager Integration) -- C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\fehwkizw.default\extensions\{40a1f5d7-afc2-498f-b264-02668d616ff6}
[2010/12/05 09:19:58 | 000,000,000 | ---D | M] (AniWeather) -- C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\fehwkizw.default\extensions\{4176DFF4-4698-11DE-BEEB-45DA55D89593}
[2010/12/05 09:11:26 | 000,000,000 | ---D | M] (WOT) -- C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\fehwkizw.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2010/12/27 14:45:54 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\fehwkizw.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010/12/05 09:09:29 | 000,000,000 | ---D | M] (Torbutton) -- C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\fehwkizw.default\extensions\{e0204bd5-9d31-402b-a99d-a6aa8ffebdca}
[2010/03/04 07:17:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\fehwkizw.default\extensions\newtaburl@sogame.cat
[2010/03/09 15:15:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\fehwkizw.default\extensions\support@easy-hideip.com
[2010/12/27 15:00:36 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/11/25 21:06:47 | 000,001,516 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-france.xml
[2010/11/25 21:06:47 | 000,001,822 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\cnrtl-tlfi-fr.xml
[2010/11/25 21:06:47 | 000,000,757 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-france.xml
[2010/11/25 21:06:47 | 000,001,426 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-fr.xml
[2010/11/25 21:06:47 | 000,000,956 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-france.xml
 
O1 HOSTS File: ([2010/03/22 16:44:15 | 000,002,170 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: 127.0.0.1            activate.adobe.com
O1 - Hosts: 127.0.0.1            practivate.adobe.com
O1 - Hosts: 127.0.0.1            ereg.adobe.com
O1 - Hosts: 127.0.0.1            activate.wip3.adobe.com
O1 - Hosts: 127.0.0.1            wip3.adobe.com
O1 - Hosts: 127.0.0.1            3dns-3.adobe.com
O1 - Hosts: 127.0.0.1            3dns-2.adobe.com
O1 - Hosts: 127.0.0.1            adobe-dns.adobe.com
O1 - Hosts: 127.0.0.1            adobe-dns-2.adobe.com
O1 - Hosts: 127.0.0.1            adobe-dns-3.adobe.com
O1 - Hosts: 127.0.0.1            ereg.wip3.adobe.com
O1 - Hosts: 127.0.0.1            activate-sea.adobe.com
O1 - Hosts: 127.0.0.1            wwis-dubc1-vip60.adobe.com
O1 - Hosts: 127.0.0.1            activate-sjc0.adobe.com
O1 - Hosts: 127.0.0.1            practivate.adobe.com
O1 - Hosts: 127.0.0.1            ereg.adobe.com
O1 - Hosts: 127.0.0.1            activate.wip3.adobe.com
O1 - Hosts: 127.0.0.1            wip3.adobe.com
O1 - Hosts: 127.0.0.1            3dns-3.adobe.com
O1 - Hosts: 127.0.0.1            3dns-2.adobe.com
O1 - Hosts: 127.0.0.1            adobe-dns.adobe.com
O1 - Hosts: 127.0.0.1            adobe-dns-2.adobe.com
O1 - Hosts: 127.0.0.1            adobe-dns-3.adobe.com
O1 - Hosts: 127.0.0.1            ereg.wip3.adobe.com
O1 - Hosts: 16 more lines...
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (IeMonitorBho Class) - {bf00e119-21a3-4fd1-b178-3b8537e75c92} - C:\Program Files\Megaupload\Mega Manager\MegaIEMn.dll (Megaupload Limited)
O3 - HKU\S-1-5-21-73586283-162531612-682003330-500\..\Toolbar\WebBrowser: (no name) - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - No CLSID value found.
O3 - HKU\S-1-5-21-73586283-162531612-682003330-500\..\Toolbar\WebBrowser: (no name) - {F2E259E8-0FC8-438C-A6E0-342DD80FA53E} - No CLSID value found.
O4 - HKLM..\Run: [Adobe ARM] C:\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [BDAgent] C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe (BitDefender S.R.L.)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKU\S-1-5-21-73586283-162531612-682003330-500..\Run: [Connexion SFR 9props.exe] C:\Program Files\SFR\Kit\9props.exe (SFR)
O4 - HKU\S-1-5-21-73586283-162531612-682003330-500..\Run: [SuperCopier2.exe] C:\Program Files\SuperCopier2\SuperCopier2.exe (SFX TEAM)
O4 - Startup: C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\REALTEK USB Wireless LAN Utility.lnk = C:\Program Files\REALTEK\USB Wireless LAN Utility\RtWLan.exe (Realtek Semiconductor Corp.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-73586283-162531612-682003330-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-73586283-162531612-682003330-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 1
O7 - HKU\S-1-5-21-73586283-162531612-682003330-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: StartMenuLogOff = 0
O7 - HKU\S-1-5-21-73586283-162531612-682003330-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoUserNameInStartMenu = 1
O8 - Extra context menu item: Liens de téléchargement avec Mega Manager... - C:\Program Files\Megaupload\Mega Manager\mm_file.htm ()
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\ServicePackFiles\i386\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\ServicePackFiles\i386\msmsgs.exe (Microsoft Corporation)
O15 - HKU\S-1-5-21-73586283-162531612-682003330-500\..Trusted Domains: aol.com ([objects] * is out of zone range -  5)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Fichiers communs\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop Components:0 (Ma page d'accueil) - About:Home
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/04/02 20:10:01 | 000,000,028 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2010/12/20 14:18:06 | 000,000,000 | RHSD | M] - C:\Autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2010/12/20 14:18:09 | 000,000,000 | RHSD | M] - G:\Autorun.inf -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O34 - HKLM BootExecute: (BtDfSDK) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]
 
[2010/12/27 15:18:38 | 000,602,624 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrateur\Bureau\OTL.exe
[2010/12/27 14:53:11 | 000,000,000 | ---D | C] -- C:\Program Files\Ad-Remover
[2010/12/27 13:58:03 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Administrateur\Recent
[2010/12/21 23:37:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrateur\Local Settings\Application Data\Opera
[2010/12/21 23:37:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrateur\Application Data\Opera
[2010/12/21 23:36:49 | 000,000,000 | ---D | C] -- C:\Program Files\Opera
[2010/12/21 20:33:40 | 000,000,000 | ---D | C] -- C:\Program Files\Panda Security
[2010/12/21 20:06:42 | 000,000,000 | ---D | C] -- C:\Program Files\ZHPDiag
[2010/12/20 20:39:12 | 000,000,000 | ---D | C] -- C:\Program Files\adslTV
[2010/12/20 20:00:34 | 000,000,000 | ---D | C] -- C:\Program Files\Sophos
[2010/12/20 19:43:06 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/12/20 19:43:01 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/12/20 19:43:01 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/12/20 17:06:45 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2010/12/20 17:00:58 | 000,000,000 | ---D | C] -- C:\8cc341a56ba0764b3313ace431
[2010/12/20 16:26:28 | 000,000,000 | ---D | C] -- C:\Program Files\Reference Assemblies
[2010/12/20 16:16:13 | 000,000,000 | ---D | C] -- C:\WINDOWS\ie7updates
[2010/12/20 15:46:33 | 000,953,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mfc40u.dll
[2010/12/20 15:46:32 | 000,974,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mfc42.dll
[2010/12/20 15:46:06 | 000,617,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\comctl32.dll
[2010/12/20 15:43:22 | 000,744,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\helpsvc.exe
[2010/12/20 15:43:17 | 000,040,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ndproxy.sys
[2010/12/20 15:21:12 | 000,045,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wab.exe
[2010/12/20 14:53:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrateur\Application Data\BitDefender
[2010/12/20 14:52:32 | 000,000,000 | ---D | C] -- C:\Program Files\BitDefender
[2010/12/20 14:52:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\BitDefender
[2010/12/20 14:51:34 | 000,000,000 | ---D | C] -- C:\Program Files\Fichiers communs\BitDefender
[2010/12/20 14:18:06 | 000,000,000 | RHSD | C] -- C:\Autorun.inf
[2010/12/20 14:17:29 | 000,000,000 | ---D | C] -- C:\UsbFix
[2010/12/19 13:23:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrateur\Local Settings\Application Data\WMTools Downloaded Files
[2010/12/19 13:16:41 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrateur\Mes documents\Mes vidéos
[2010/12/19 08:50:50 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2010/12/16 17:47:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrateur\Local Settings\Application Data\WahOO
[2010/12/15 14:22:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Grisoft
[2010/12/11 14:52:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Canneverbe Limited
[2010/12/11 14:52:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrateur\Application Data\Canneverbe Limited
[2010/12/07 10:42:32 | 000,000,000 | ---D | C] -- C:\Program Files\CDBurnerXP
[2010/12/05 08:54:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Megamedia
[22 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
 
[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]
 
[2010/12/27 15:14:20 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrateur\Bureau\OTL.exe
[2010/12/27 14:58:13 | 000,000,534 | ---- | M] () -- C:\WINDOWS\tasks\Recherche de problèmes automatique.job
[2010/12/27 14:57:44 | 000,065,578 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2010/12/27 14:57:35 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/12/27 14:57:30 | 000,000,330 | ---- | M] () -- C:\WINDOWS\tasks\GlaryInitialize.job
[2010/12/27 14:57:23 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/12/27 14:53:12 | 000,001,556 | ---- | M] () -- C:\Documents and Settings\Administrateur\Bureau\AD-R.lnk
[2010/12/27 11:18:11 | 000,000,050 | ---- | M] () -- C:\WINDOWS\MegaManager.INI
[2010/12/22 22:40:05 | 000,081,984 | ---- | M] () -- C:\WINDOWS\System32\bdod.bin
[2010/12/22 19:06:12 | 000,034,816 | ---- | M] () -- C:\Documents and Settings\Administrateur\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/12/21 23:36:52 | 000,001,510 | ---- | M] () -- C:\Documents and Settings\Administrateur\Application Data\Microsoft\Internet Explorer\Quick Launch\Opera.lnk
[2010/12/21 23:36:52 | 000,001,492 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\Opera.lnk
[2010/12/21 08:20:31 | 000,500,872 | ---- | M] () -- C:\WINDOWS\System32\perfh00C.dat
[2010/12/21 08:20:31 | 000,432,492 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/12/21 08:20:31 | 000,080,748 | ---- | M] () -- C:\WINDOWS\System32\perfc00C.dat
[2010/12/21 08:20:31 | 000,067,448 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/12/21 07:44:24 | 000,292,480 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/12/20 20:39:32 | 000,000,606 | ---- | M] () -- C:\Documents and Settings\Administrateur\Bureau\adsl TV.lnk
[2010/12/20 20:32:57 | 000,001,698 | ---- | M] () -- C:\Documents and Settings\Administrateur\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Thunderbird.lnk
[2010/12/20 20:32:57 | 000,001,680 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\Mozilla Thunderbird.lnk
[2010/12/20 19:43:07 | 000,000,802 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\Malwarebytes' Anti-Malware.lnk
[2010/12/20 17:03:29 | 000,146,312 | ---- | M] (BitDefender S.R.L. Bucharest, ROMANIA) -- C:\WINDOWS\System32\drivers\bdfm.sys
[2010/12/20 15:03:37 | 000,000,850 | ---- | M] () -- C:\WINDOWS\System32\ProductTweaks.xml
[2010/12/20 15:03:37 | 000,000,385 | ---- | M] () -- C:\WINDOWS\System32\user_gensett.xml
[2010/12/20 14:53:07 | 000,001,901 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\BitDefender Free Edition 2009.lnk
[2010/12/20 12:01:27 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Administrateur\Local Settings\Application Data\prvlcl.dat
[2010/12/19 08:50:53 | 000,001,740 | ---- | M] () -- C:\Documents and Settings\Administrateur\Bureau\HijackThis.lnk
[2010/12/16 17:47:36 | 000,000,906 | ---- | M] () -- C:\Documents and Settings\Administrateur\Bureau\WahOO.lnk
[2010/12/07 10:42:36 | 000,001,636 | ---- | M] () -- C:\Documents and Settings\Administrateur\Application Data\Microsoft\Internet Explorer\Quick Launch\CDBurnerXP.lnk
[2010/12/07 10:42:35 | 000,001,618 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\CDBurnerXP.lnk
[2010/12/05 08:58:08 | 000,000,050 | ---- | M] () -- C:\WINDOWS\Megakey.INI
[2010/12/03 14:38:31 | 000,002,583 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\ACDSee Pro 2.5.lnk
[2010/11/29 17:42:18 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/11/29 17:42:06 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/11/27 16:03:09 | 000,000,804 | ---- | M] () -- C:\Documents and Settings\Administrateur\Application Data\Microsoft\Internet Explorer\Quick Launch\Lecteur Windows Media.lnk
[2010/11/27 15:48:15 | 000,001,670 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\Mega Manager.lnk
[2010/11/27 15:48:15 | 000,001,670 | ---- | M] () -- C:\Documents and Settings\Administrateur\Application Data\Microsoft\Internet Explorer\Quick Launch\Mega Manager.lnk
[22 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
 
[color=#E56717]========== Files Created - No Company Name ==========[/color]
 
[2010/12/27 14:53:11 | 000,001,556 | ---- | C] () -- C:\Documents and Settings\Administrateur\Bureau\AD-R.lnk
[2010/12/21 23:36:52 | 000,001,510 | ---- | C] () -- C:\Documents and Settings\Administrateur\Application Data\Microsoft\Internet Explorer\Quick Launch\Opera.lnk
[2010/12/21 23:36:52 | 000,001,492 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\Opera.lnk
[2010/12/20 20:39:32 | 000,000,606 | ---- | C] () -- C:\Documents and Settings\Administrateur\Bureau\adsl TV.lnk
[2010/12/20 20:32:57 | 000,001,698 | ---- | C] () -- C:\Documents and Settings\Administrateur\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Thunderbird.lnk
[2010/12/20 20:32:57 | 000,001,680 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\Mozilla Thunderbird.lnk
[2010/12/20 19:43:07 | 000,000,802 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\Malwarebytes' Anti-Malware.lnk
[2010/12/20 17:05:46 | 000,081,984 | ---- | C] () -- C:\WINDOWS\System32\bdod.bin
[2010/12/20 15:03:37 | 000,000,850 | ---- | C] () -- C:\WINDOWS\System32\ProductTweaks.xml
[2010/12/20 15:03:37 | 000,000,385 | ---- | C] () -- C:\WINDOWS\System32\user_gensett.xml
[2010/12/20 14:53:07 | 000,001,901 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\BitDefender Free Edition 2009.lnk
[2010/12/19 08:50:53 | 000,001,740 | ---- | C] () -- C:\Documents and Settings\Administrateur\Bureau\HijackThis.lnk
[2010/12/16 17:47:36 | 000,000,906 | ---- | C] () -- C:\Documents and Settings\Administrateur\Bureau\WahOO.lnk
[2010/12/07 10:42:36 | 000,001,636 | ---- | C] () -- C:\Documents and Settings\Administrateur\Application Data\Microsoft\Internet Explorer\Quick Launch\CDBurnerXP.lnk
[2010/12/07 10:42:35 | 000,001,618 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\CDBurnerXP.lnk
[2010/12/07 10:42:33 | 000,007,168 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys
[2010/12/05 08:58:07 | 000,000,050 | ---- | C] () -- C:\WINDOWS\Megakey.INI
[2010/12/04 08:08:09 | 000,001,670 | ---- | C] () -- C:\Documents and Settings\Administrateur\Application Data\Microsoft\Internet Explorer\Quick Launch\Mega Manager.lnk
[2010/11/27 16:03:09 | 000,000,804 | ---- | C] () -- C:\Documents and Settings\Administrateur\Application Data\Microsoft\Internet Explorer\Quick Launch\Lecteur Windows Media.lnk
[2010/11/27 15:48:15 | 000,001,670 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\Mega Manager.lnk
[2010/04/09 16:57:13 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Administrateur\Local Settings\Application Data\prvlcl.dat
[2010/03/16 22:43:19 | 000,000,040 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\.zreglib
[2010/03/03 20:18:46 | 000,035,520 | ---- | C] () -- C:\WINDOWS\System32\drivers\RKHit.sys
[2010/02/08 17:07:54 | 000,032,256 | ---- | C] () -- C:\WINDOWS\avsredirect.dll
[2010/01/08 20:45:41 | 000,000,050 | ---- | C] () -- C:\WINDOWS\MegaManager.INI
[2009/12/07 19:17:27 | 000,000,192 | ---- | C] () -- C:\Documents and Settings\Administrateur\Application Data\burnaware.ini
[2009/09/28 10:36:47 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2009/04/22 20:46:51 | 000,000,169 | ---- | C] () -- C:\WINDOWS\RtlRack.ini
[2009/04/16 17:38:30 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\RemoveFocusRect.dll
[2009/04/16 12:53:20 | 000,037,888 | ---- | C] () -- C:\WINDOWS\System32\setupnt.dll
[2009/04/16 11:51:49 | 000,004,205 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2009/04/16 11:12:30 | 000,034,816 | ---- | C] () -- C:\Documents and Settings\Administrateur\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/04/16 10:44:25 | 000,000,473 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI
[2009/04/16 10:44:25 | 000,000,027 | ---- | C] () -- C:\WINDOWS\BRPP2KA.INI
[2009/04/16 10:41:15 | 000,031,831 | ---- | C] () -- C:\WINDOWS\maxlink.ini
[2009/04/16 10:26:56 | 000,278,528 | ---- | C] () -- C:\Program Files\Fichiers communs\FDEUnInstaller.exe
[2009/04/16 10:17:16 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
[2008/10/09 16:31:54 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\txmlutil.dll
[2007/01/31 14:50:32 | 000,913,408 | ---- | C] () -- C:\WINDOWS\System32\xreglib.dll
[2006/10/22 11:22:00 | 001,662,976 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2006/10/22 11:22:00 | 001,470,464 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2006/10/22 11:22:00 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2006/10/22 11:22:00 | 000,581,632 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll
[2006/10/22 11:22:00 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2006/10/22 11:22:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2006/10/22 11:22:00 | 000,212,992 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll
 
[color=#E56717]========== LOP Check ==========[/color]
 
[2009/04/16 15:11:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrateur\Application Data\ACD Systems
[2010/03/04 15:28:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrateur\Application Data\Acronis
[2010/03/27 09:51:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrateur\Application Data\Ashampoo
[2010/03/02 14:53:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrateur\Application Data\Auslogics
[2010/12/20 14:53:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrateur\Application Data\BitDefender
[2010/12/11 14:52:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrateur\Application Data\Canneverbe Limited
[2010/04/02 16:21:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrateur\Application Data\CheckPoint
[2010/02/25 22:18:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrateur\Application Data\CheeseSoft
[2010/03/07 18:01:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrateur\Application Data\Copernic
[2010/02/08 17:16:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrateur\Application Data\CoyoteReplay
[2010/02/17 20:38:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrateur\Application Data\Delete Cookie
[2010/03/07 20:34:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrateur\Application Data\Faces
[2010/03/24 22:05:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrateur\Application Data\GlarySoft
[2010/03/09 15:13:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrateur\Application Data\HideIPEasy
[2010/02/19 15:51:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrateur\Application Data\Megaupload
[2009/04/16 13:56:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrateur\Application Data\Micro Application
[2010/03/27 12:12:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrateur\Application Data\Mipony
[2010/03/03 20:12:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrateur\Application Data\Morpheus Software
[2010/03/29 18:01:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrateur\Application Data\OpenOffice.org
[2010/12/21 23:37:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrateur\Application Data\Opera
[2010/04/04 15:13:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrateur\Application Data\QUAD Backups
[2009/10/06 16:26:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrateur\Application Data\Sports Interactive
[2010/05/11 19:55:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrateur\Application Data\TeraCopy
[2010/03/24 22:42:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrateur\Application Data\thecleaner
[2010/11/24 08:29:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrateur\Application Data\Thunderbird
[2009/04/16 13:49:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrateur\Application Data\TuneUp Software
[2010/03/27 11:24:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrateur\Application Data\Uniblue
[2010/04/20 07:22:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrateur\Application Data\WNR
[2010/01/15 17:07:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrateur\Application Data\XnView
[2009/04/16 13:01:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ACD Systems
[2010/03/04 15:28:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Acronis
[2010/03/01 15:52:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2010/03/27 09:51:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ashampoo
[2010/12/20 14:56:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BitDefender
[2010/12/11 14:52:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Canneverbe Limited
[2010/05/11 20:53:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CDRWIN 8
[2010/12/15 14:22:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Grisoft
[2010/03/20 11:54:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HideIPEasy
[2010/03/07 20:41:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Innovative Solutions
[2010/05/11 20:51:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Licenses
[2010/01/10 08:44:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Megaupload
[2010/04/24 08:30:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters
[2010/02/11 18:39:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ScanSoft
[2010/02/17 20:40:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TuneUp Software
[2010/03/22 14:57:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2010/04/20 07:22:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WNR
[2010/08/28 07:34:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/04/16 13:48:32 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\All Users\Application Data\{55A29068-F2CE-456C-9148-C869879E2357}
[2010/02/17 20:40:38 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\All Users\Application Data\{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}
[2010/12/05 08:54:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Megamedia
[2010/02/18 08:00:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\TuneUp Software
[2010/12/27 14:57:30 | 000,000,330 | ---- | M] () -- C:\WINDOWS\Tasks\GlaryInitialize.job
[2010/12/27 15:32:30 | 000,000,534 | ---- | M] () -- C:\WINDOWS\Tasks\Recherche de problèmes automatique.job
[2010/12/26 21:12:59 | 000,032,308 | ---- | M] () -- C:\WINDOWS\Tasks\SCHEDLGU.TXT
 
[color=#E56717]========== Purity Check ==========[/color]
 
 
 
[color=#E56717]========== Custom Scans ==========[/color]
 
 
[color=#A23BEC]< C:\WINDOWS\system32\windows32\*.* /s >[/color]

< End of report >
ricus68
Visiteur Confirmé
Visiteur Confirmé
 
Messages: 16
Inscription: 19 Déc 2010 08:53
 

Re: envoi de mails automatique (zombie pc)

Message le 27 Déc 2010 17:09

hello,

tu ne m'as pas poster le bon rapport ADR, c'est celui là que je veux "C:\Ad-Report-CLEAN[1].txt"

ensuite fais cela...

* Fais un double-clic sur l'icône d'OTL pour le lancer
/!\ pour Vista/Seven fais un clic-droit sur l'icône d'OTL et choisis "Exécuter en tant qu'administrateur"

* Assure toi d'avoir fermé toutes les applications en court de fonctionnement.

* Quand la fenêtre d'OTL apparaît, assure toi que dans la section "Rapport" (en haut à droite) la case "Rapport minimal" soit cochée.

* Copies et colles le contenue de cette citation dans la partie inférieure d'OTL "Personnalisation"


:Files
C:\WINDOWS\System32\drivers\RKHit.sys
C:\WINDOWS\system32\windows32

:OTL
DRV - (MEMSWEEP2) -- C:\WINDOWS\System32\5C.tmp File not found
[22 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

:Commands
[clearrestorepoints]
[emptytemp]
[EMPTYFLASH]
[RESETHOSTS]



* Cliques sur l'icône "Correction" (en haut à gauche) .
* Laisse le scan aller à son terme sans te servir du PC
* A la fin du scan un rapport va s'ouvrir "OTL.Txt"
* Copie et colle le rapports dans ta réponse stp...
* Au cas où, tu peux les retrouver dans le dossier C:\OTL ou sur ton bureau en fonction des cas rencontrés

ensuite...

  • télécharge Malwarebytes.
  • Téléchargement et tuto de Danakil à lire avant le scan.
  • Choisie "exécuter un examen rapide" et à la fin du scan , coche tous les éléments trouvés,et clique sur supprimer la sélection.
  • Poste moi le rapport stp.

@++ :wink:
Avatar de l'utilisateur
jeanmimigab
PC-Infopraticien
PC-Infopraticien
 
Messages: 2986
Inscription: 29 Nov 2009 12:05
 

Re: envoi de mails automatique (zombie pc)

Message le 28 Déc 2010 13:56

Bonjour, voici le nouveau rapport généré, et merci.

Code: Tout sélectionner
 All processes killed
========== FILES ==========
C:\WINDOWS\System32\drivers\RKHit.sys moved successfully.
File\Folder C:\WINDOWS\system32\windows32 not found.
========== OTL ==========
Service MEMSWEEP2 stopped successfully!
Service MEMSWEEP2 deleted successfully!
File  C:\WINDOWS\System32\5C.tmp File not found not found.
C:\WINDOWS\SET23.tmp deleted successfully.
C:\WINDOWS\SET24.tmp deleted successfully.
C:\WINDOWS\SET25.tmp deleted successfully.
C:\WINDOWS\SET26.tmp deleted successfully.
C:\WINDOWS\SET27.tmp deleted successfully.
C:\WINDOWS\SET28.tmp deleted successfully.
C:\WINDOWS\SET29.tmp deleted successfully.
C:\WINDOWS\SET2A.tmp deleted successfully.
C:\WINDOWS\SET2B.tmp deleted successfully.
C:\WINDOWS\SET2C.tmp deleted successfully.
C:\WINDOWS\SET2D.tmp deleted successfully.
C:\WINDOWS\SET2E.tmp deleted successfully.
C:\WINDOWS\SET2F.tmp deleted successfully.
C:\WINDOWS\SET3.tmp deleted successfully.
C:\WINDOWS\SET30.tmp deleted successfully.
C:\WINDOWS\SET31.tmp deleted successfully.
C:\WINDOWS\SET32.tmp deleted successfully.
C:\WINDOWS\SET33.tmp deleted successfully.
C:\WINDOWS\SET34.tmp deleted successfully.
C:\WINDOWS\SET35.tmp deleted successfully.
C:\WINDOWS\SET4.tmp deleted successfully.
C:\WINDOWS\SET8.tmp deleted successfully.
========== COMMANDS ==========
Error: Unable to interpret <[clearrestorepoints]> in the current context!
 
[EMPTYTEMP]
 
User: Administrateur
->Temp folder emptied: 10814841 bytes
->Temporary Internet Files folder emptied: 2676862 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 97809364 bytes
->Opera cache emptied: 0 bytes
->Flash cache emptied: 1563 bytes
 
User: All Users
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33664 bytes
 
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 16867 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 34313 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 106,00 mb
 
 
[EMPTYFLASH]
 
User: Administrateur
->Flash cache emptied: 0 bytes
 
User: All Users
 
User: Default User
 
User: LocalService
 
User: NetworkService
 
Total Flash Files Cleaned = 0,00 mb
 
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.18.0 log created on 12282010_135129

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...
ricus68
Visiteur Confirmé
Visiteur Confirmé
 
Messages: 16
Inscription: 19 Déc 2010 08:53
 

Re: envoi de mails automatique (zombie pc)

Message le 28 Déc 2010 14:07

hello,

c'est pas mal, il y a une pelletée de droppers qui ont dégagés :wink:

Poste le rapport Malwarebyte dès que tu l'as stp...
Avatar de l'utilisateur
jeanmimigab
PC-Infopraticien
PC-Infopraticien
 
Messages: 2986
Inscription: 29 Nov 2009 12:05
 

Re: envoi de mails automatique (zombie pc)

Message le 28 Déc 2010 15:00

Et voilà la suite...

Code: Tout sélectionner
  Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Version de la base de données: 5406

Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.13

28/12/2010 14:52:40
mbam-log-2010-12-28 (14-52-40).txt

Type d'examen: Examen complet (C:\|G:\|)
Elément(s) analysé(s): 173035
Temps écoulé: 49 minute(s), 14 seconde(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 0

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
(Aucun élément nuisible détecté)
ricus68
Visiteur Confirmé
Visiteur Confirmé
 
Messages: 16
Inscription: 19 Déc 2010 08:53
 

Re: envoi de mails automatique (zombie pc)

Message le 28 Déc 2010 16:24

bon c'est cool,

on va faire le ménage et attendre un peu (24/48 heures) pour voir ton problème de mail est résolu :wink:

Pour désinstaller OTL, lance-le et clique sur purge outil...accepte le redémarrage du PC si demander.

ensuite il faut créer un point de restauration propre et supprimer ceux infecté en purgeant la restauration système, pour cela utilise OneClick2RP de Laddy
Téléchargement et tuto ici

ensuite...

Pour nettoyer les fichiers temporaires,souvent source de problèmes divers et nettoyer la base de registre Windows fais cela...


  • Télécharge et installe Ccleaner en te rendant sur >> cette page <<
  • Clique en haut à droite de la page sur "Download Lastest Version" pour lancer le téléchargement.
  • Installe le et lance le...
  • Dans la barre d'outil à gauche, clique sur "Nettoyer" (en bas à droite)
  • Recommence cette opération jusqu'à ce que le message "0 octets supprimés" apparaisse dans la fenêtre de résultat.
  • Pour info ce nettoyage peu aussi s'effectuer de manière transparente collant Ccleaner /auto dans la commande "Exécuter" du menu démarrer.

    Nettoyer aussi ton registre en cliquant sur "Registre" dans la barre d'outils à gauche.
  • Clique ensuite sur "chercher des erreurs" en bas de la fenêtre, puis clique sur "corriger les erreurs sélectionnées".
  • Accepte la sauvegarde du registre proposée et suis les instructions de Ccleaner.
  • Pour info tu peux ouvrir Ccleaner directement à la rubrique "Registre" en collant Ccleaner /registry dans la fenêtre de commande "Exécuter" du menu démarrer.
  • Si tu as besoin tu as un tutoriel >> ici <<

=====================================================================================================

Pense à mettre à jours Windows:

  • La méthode la plus simple et l'utilisation de "Windows Update" qui se trouve dans ton menu démarrer


Pense à mettre à jours Java:


Pense à mettre à jour Acrobat reader si il est installé sur ton PC de cette manière:

  • Ouvre Acrobat reader, clique sur "aide" et choisis "rechercher des mises à jours..."

========================================================================================================
Procède à une Défragmentation afin d'optimiser les temps d'accès du disque dur lors de la lecture des :

  • Pour lancer une défragmentation, double-clique sur Poste de Travail,clic-droit sur le disque à défragmenter puis sur Propriétés.
  • Choisis l'onglet Outils puis clique sur défragmenter maintenant .
  • Cette opération est à renouveler régulièrement ( Environs une fois par mois ).

Image

=====================================================================================================





un peu de lecture sur la manière de protéger ton surf et ton ordinateur:


@++ :wink:
Avatar de l'utilisateur
jeanmimigab
PC-Infopraticien
PC-Infopraticien
 
Messages: 2986
Inscription: 29 Nov 2009 12:05
 

Suivante


Sujets similaires

Message [Réglé] PC ne redémarre plus- Réparation automatique bloquée
Bonjour.J'ai acheté un pc gamer d'occasion il y a plusieurs mois. Il fonctionnait très bien jusqu'à hier. J'ai un message d'erreur qui apparait quand je l'allume : "votre appareil a rencontré un problème et doit être redémarré. Nous collectons simplement des information relatives aux erreurs, p ...
Réponses: 3

Message Problème envoi fichier PDF
BonjourJ'aimerai envoyer un fichier PDF à un destinataire, sauf que je veux qu'il arrive en image "brute" si j'ose m'exprimer ainsi. je m'explique, mon fichier est sur acrobat et quand je l'envoi le destinataire à le document mais avec les plages d'illustration, etc...je prends comme exemp ...
Réponses: 2

Message envoi sms
Bonjour,Avec mon M23 samsung lorsque j’envoie un sms il ne part pas, pourquoi svp.Cdt
Réponses: 2

Message son notification mails
Bonjour,J'ai un j3 2016 et j'aimerais avoir une sonnerie lorsque je reçois un mail yahoo ou gmail.Comment faire svp
Réponses: 2

Message [Réglé] Préparation de la réparation automatique
Bonjour à tous Ce matin en voulant allumer mon pc j’ai ce message.Ça tourne en boucle puis ca m’envoie vers un écran bleu avec continuer vers w10 redémarrer etc.. hier tout fonctionnait bien.Merci de votre aide
Réponses: 37

Message Envoi mail VBscript - détection auto du SMTP
Bonjour.J'ai trouvé le code ci-dessous qui me permet d'envoyer un mail :Code: Tout sélectionnerConst cdoSendUsingPickup = 1 Const cdoSendUsingPort = 2 Const cdoAnonymous = 0 Const cdoBasic = 1 Const cdoNTLM = 2 '===========================================================EmailSender = "expediteu ...
Réponses: 5

Message Réponse Automatique Thunderbird
Bonjour à TousVoilà, tous les mois, j'envoie deux documents en PJ à une assurance avec mon adresse de messagerie orange , j'utilise Thunderbird, et j'ai trois adresse ( Orange, et deux GMAIL, une à moi, et une à ma femme), donc quand j'envoie ses deux documents à l'assurance, j'ai une réponse automa ...
Réponses: 15


Qui est en ligne

Utilisateurs parcourant ce forum: Aucun utilisateur enregistré et 20 invités


.: Nous contacter :: Flux RSS :: Données personnelles :.