envoi de mails automatique (zombie pc)

ricus68 · le 19 Déc 2010 08:58

Bonjour, mon pc envoie des mails automatiquement ! ci-joint le rapport hijackthis, d'avance merci pour votre aide.

Code: Tout sélectionner: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 08:51:08, on 19/12/2010 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16876) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\AVG\AVG9\avgchsvx.exe C:\Program Files\AVG\AVG9\avgrsx.exe C:\Program Files\AVG\AVG9\avgcsrvx.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Fichiers communs\Acronis\Schedule2\schedul2.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\PROGRA~1\AVG\AVG9\avgtray.exe C:\Program Files\AVG\AVG9\avgwdsvc.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe C:\Program Files\SuperCopier2\SuperCopier2.exe C:\Program Files\AVG\AVG9\avgfws9.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\SFR\Kit\9props.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\CDBurnerXP\NMSAccessU.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe C:\Program Files\REALTEK\USB Wireless LAN Utility\RtWLan.exe C:\Program Files\AVG\AVG9\avgemc.exe C:\Program Files\AVG\AVG9\avgam.exe C:\Program Files\AVG\AVG9\Identity Protection\agent\bin\avgidsmonitor.exe C:\Program Files\AVG\AVG9\avgnsx.exe C:\Program Files\AVG\AVG9\avgcsrvx.exe C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe C:\WINDOWS\System32\alg.exe C:\Program Files\AVG\AVG9\avgcsrvx.exe C:\Program Files\GridinSoft Trojan Killer\trojankiller.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\plugin-container.exe C:\Program Files\Megaupload\Mega Manager\MegaManager.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe C:\WINDOWS\system32\wbem\wmiprvse.exe O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll O2 - BHO: MegaIEMn - {bf00e119-21a3-4fd1-b178-3b8537e75c92} - C:\Program Files\Megaupload\Mega Manager\MegaIEMn.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - HKCU\..\Run: [SuperCopier2.exe] C:\Program Files\SuperCopier2\SuperCopier2.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Connexion SFR 9props.exe] "C:\Program Files\SFR\Kit\9props.exe" /trayicon O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: REALTEK USB Wireless LAN Utility.lnk = C:\Program Files\REALTEK\USB Wireless LAN Utility\RtWLan.exe O8 - Extra context menu item: &Envoyer à OneNote - res://C:\PROGRA~1\Microsoft Office\Office14\ONBttnIE.dll/105 O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\Microsoft Office\Office14\EXCEL.EXE/3000 O8 - Extra context menu item: Liens de téléchargement avec Mega Manager... - C:\Program Files\Megaupload\Mega Manager\mm_file.htm O8 - Extra context menu item: Télécharger avec Mipony - file://C:\Program Files\MiPony\Browser\IEContext.htm O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\Microsoft Office\Office12\REFIEBAR.DLL O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\ServicePackFiles\i386\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\ServicePackFiles\i386\msmsgs.exe O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll O20 - AppInit_DLLs: ,RemoveFocusRect.dll O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Fichiers communs\Acronis\Schedule2\schedul2.exe O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: AVG E-mail Scanner (avg9emc) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgemc.exe O23 - Service: AVG WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe O23 - Service: AVG Firewall (avgfws9) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgfws9.exe O23 - Service: AVG9IDSAgent (AVGIDSAgent) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: NMSAccess - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe -- End of file - 6842 bytes

danakil · le 19 Déc 2010 09:09

Salut ricus68 & bienvenue sur PCI!

Applique dans un premier temps cette procédure :
preparer-demande-aide-desinfection-vt-54149.html

Poste les rapports ici que je voye cela de plus prés! :wink:

ricus68 · le 19 Déc 2010 13:09

Merci pour l'accueil, je vais appliquer la procédure et je tiens le forum au courant de la suite, à plus, Ricus.

ricus68 · le 20 Déc 2010 14:36

Bonjour, je poste les rapports :

Code: Tout sélectionner: OTL logfile created on: 20/12/2010 14:21:12 - Run 1 OTL by OldTimer - Version 3.2.17.4 Folder = G:\Téléchargements Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 7.0.5730.13) Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy 511,00 Mb Total Physical Memory | 170,00 Mb Available Physical Memory | 33,00% Memory free 1,00 Gb Paging File | 1,00 Gb Available in Paging File | 44,00% Paging File free Paging file location(s): C:\pagefile.sys 768 1536 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 14,65 Gb Total Space | 5,63 Gb Free Space | 38,41% Space Free | Partition Type: NTFS Drive G: | 22,61 Gb Total Space | 3,46 Gb Free Space | 15,31% Space Free | Partition Type: NTFS Computer Name: LE_MIEN | User Name: Administrateur | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days [color=#E56717]========== Processes (SafeList) ==========[/color] PRC - [2010/12/20 14:18:53 | 000,602,112 | ---- | M] (OldTimer Tools) -- G:\Téléchargements\OTL.exe PRC - [2010/12/20 13:16:52 | 000,521,141 | ---- | M] () -- C:\UsbFix\UsbFix.exe PRC - [2010/12/12 15:04:29 | 000,016,856 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\plugin-container.exe PRC - [2010/12/12 15:04:26 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe PRC - [2010/11/25 10:43:44 | 002,069,344 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgtray.exe PRC - [2010/11/25 10:41:03 | 002,331,544 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgfws9.exe PRC - [2010/11/25 10:41:02 | 000,725,344 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgcsrvx.exe PRC - [2010/11/23 20:11:00 | 000,621,920 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgnsx.exe PRC - [2010/11/03 11:00:42 | 002,113,024 | ---- | M] (Megaupload Limited) -- C:\Program Files\Megaupload\Mega Manager\MegaManager.exe PRC - [2010/08/01 07:32:06 | 000,921,952 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgemc.exe PRC - [2010/07/14 11:49:48 | 000,515,424 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgrsx.exe PRC - [2010/07/14 11:49:33 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe PRC - [2010/07/14 11:49:21 | 000,596,560 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSMonitor.exe PRC - [2010/07/14 11:49:20 | 005,897,808 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe PRC - [2010/07/14 11:49:06 | 001,101,152 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgchsvx.exe PRC - [2010/07/14 11:48:59 | 000,842,592 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgam.exe PRC - [2010/03/04 22:38:00 | 000,071,096 | ---- | M] () -- C:\Program Files\CDBurnerXP\NMSAccessU.exe PRC - [2009/11/13 11:59:54 | 000,486,216 | ---- | M] (TuneUp Software) -- C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe PRC - [2009/11/13 11:57:42 | 001,021,256 | ---- | M] (TuneUp Software) -- C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe PRC - [2009/10/15 09:53:54 | 000,959,808 | ---- | M] (SFR) -- C:\Program Files\SFR\Kit\9props.exe PRC - [2008/10/17 13:25:42 | 000,554,264 | ---- | M] (Acronis) -- C:\Program Files\Fichiers communs\Acronis\Schedule2\schedul2.exe PRC - [2008/04/14 03:34:03 | 001,037,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe PRC - [2007/11/29 14:51:30 | 000,815,104 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Program Files\REALTEK\USB Wireless LAN Utility\RtWLan.exe PRC - [2007/06/11 10:25:42 | 006,731,312 | ---- | M] (GRISOFT s.r.o.) -- C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe PRC - [2007/05/30 13:31:10 | 000,312,880 | ---- | M] (GRISOFT s.r.o.) -- C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe PRC - [2006/07/07 17:45:00 | 001,052,672 | ---- | M] (SFX TEAM) -- C:\Program Files\SuperCopier2\SuperCopier2.exe [color=#E56717]========== Modules (SafeList) ==========[/color] MOD - [2010/12/20 14:18:53 | 000,602,112 | ---- | M] (OldTimer Tools) -- G:\Téléchargements\OTL.exe MOD - [2007/01/23 21:14:04 | 000,069,632 | ---- | M] () -- C:\WINDOWS\system32\RemoveFocusRect.dll MOD - [2006/07/07 17:12:46 | 000,086,528 | ---- | M] (SFX TEAM) -- C:\Program Files\SuperCopier2\SC2Hook.dll [color=#E56717]========== Win32 Services (SafeList) ==========[/color] SRV - File not found [Disabled | Stopped] -- C:\WINDOWS\System32\tlntsvr.exe -- (TlntSvr) SRV - File not found [Disabled | Stopped] -- C:\WINDOWS\System32\hidserv.dll -- (HidServ) SRV - File not found [On_Demand | Stopped] -- -- (DfSdkS) SRV - [2010/11/25 10:41:03 | 002,331,544 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgfws9.exe -- (avgfws9) SRV - [2010/08/01 07:32:06 | 000,921,952 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgemc.exe -- (avg9emc) SRV - [2010/07/14 11:49:33 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd) SRV - [2010/07/14 11:49:20 | 005,897,808 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe -- (AVGIDSAgent) SRV - [2010/03/22 16:04:50 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service) SRV - [2010/03/04 22:38:00 | 000,071,096 | ---- | M] () [Auto | Running] -- C:\Program Files\CDBurnerXP\NMSAccessU.exe -- (NMSAccess) SRV - [2010/02/19 08:11:08 | 000,435,016 | ---- | M] (TuneUp Software) [On_Demand | Stopped] -- C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe -- (TuneUp.Defrag) SRV - [2009/11/13 11:57:42 | 001,021,256 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe -- (TuneUp.UtilitiesSvc) SRV - [2009/11/13 11:53:42 | 000,030,024 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\WINDOWS\system32\uxtuneup.dll -- (UxTuneUp) SRV - [2008/11/04 00:06:28 | 000,441,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv) SRV - [2008/10/17 13:25:42 | 000,554,264 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files\Fichiers communs\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc) SRV - [2007/05/30 13:31:10 | 000,312,880 | ---- | M] (GRISOFT s.r.o.) [Auto | Running] -- C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe -- (AVG Anti-Spyware Guard) SRV - [2006/10/26 13:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE -- (ose) [color=#E56717]========== Driver Services (SafeList) ==========[/color] DRV - [2010/07/14 11:49:55 | 000,243,024 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (AvgTdiX) DRV - [2010/07/14 11:49:47 | 000,029,584 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (AvgMfx86) DRV - [2010/07/14 11:49:24 | 000,122,448 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSDriver.sys -- (AVGIDSDriverxpx) DRV - [2010/07/14 11:49:24 | 000,030,288 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSFilter.sys -- (AVGIDSFilterxpx) DRV - [2010/07/14 11:49:24 | 000,026,192 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSShim.sys -- (AVGIDSShimxpx) DRV - [2010/07/14 11:49:24 | 000,025,168 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\AVGIDSxx.sys -- (AVGIDSErHrxpx) DRV - [2010/07/14 11:49:11 | 000,216,400 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (AvgLdx86) DRV - [2010/04/03 16:42:41 | 000,052,872 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\System32\Drivers\avgrkx86.sys -- (AvgRkx86) DRV - [2010/04/03 16:42:23 | 000,030,104 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\avgfwdx.sys -- (Avgfwfd) DRV - [2010/04/03 16:42:23 | 000,030,104 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\avgfwdx.sys -- (Avgfwdx) DRV - [2010/03/04 15:22:12 | 000,134,272 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\snman380.sys -- (snapman380) Acronis Snapshots Manager (Build 380) DRV - [2010/02/11 11:47:29 | 000,017,134 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\PCANDIS5.sys -- (PCANDIS5) DRV - [2010/01/29 11:40:04 | 000,082,320 | ---- | M] (EZB Systems, Inc.) [File_System | System | Running] -- C:\Program Files\UltraISO\drivers\ISODrive.sys -- (ISODrive) DRV - [2009/11/12 13:48:56 | 000,007,168 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\StarOpen.sys -- (StarOpen) DRV - [2009/10/14 07:24:44 | 000,010,064 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Running] -- C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys -- (TuneUpUtilitiesDrv) DRV - [2009/05/23 00:08:32 | 000,029,696 | ---- | M] (Elaborate Bytes AG) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\VClone.sys -- (VClone) DRV - [2009/05/05 08:58:30 | 000,013,976 | ---- | M] (VIA Technologies, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\videX32.sys -- (videX32) DRV - [2009/04/16 10:33:31 | 000,008,552 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\asctrm.sys -- (ASCTRM) DRV - [2008/09/24 09:40:22 | 004,122,368 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\alcxwdm.sys -- (ALCXWDM) Service for Realtek AC97 Audio (WDM) DRV - [2008/02/29 11:12:34 | 000,037,008 | ---- | M] (Logicool, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LMouFilt.Sys -- (LMouFilt) DRV - [2008/02/29 11:12:28 | 000,035,472 | ---- | M] (Logicool, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LHidFilt.Sys -- (LHidFilt) DRV - [2007/10/25 08:20:40 | 000,270,720 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RTL8187B.sys -- (RTL8187B) DRV - [2007/05/30 13:10:42 | 000,011,000 | ---- | M] () [Kernel | System | Running] -- C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.sys -- (AVG Anti-Spyware Driver) DRV - [2007/05/30 13:10:42 | 000,010,872 | ---- | M] (GRISOFT, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AvgAsCln.sys -- (AvgAsCln) DRV - [2006/10/22 11:22:00 | 003,994,624 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv) DRV - [2005/07/11 17:10:11 | 000,019,200 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AnyDVD.sys -- (AnyDVD) DRV - [2005/04/21 12:40:36 | 000,010,624 | ---- | M] (Elaborate Bytes AG) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\ElbyCDIO.sys -- (ElbyCDIO) DRV - [2004/10/15 12:50:20 | 000,015,295 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BrScnUsb.sys -- (BrScnUsb) DRV - [2003/07/02 03:42:00 | 000,027,904 | ---- | M] (VIA Technologies, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\viaagp1.sys -- (viaagp1) [color=#E56717]========== Standard Registry (SafeList) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/ IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-73586283-162531612-682003330-500\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/ IE - HKU\S-1-5-21-73586283-162531612-682003330-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 [color=#E56717]========== FireFox ==========[/color] FF - prefs.js..browser.search.defaultenginename: "Search the web (Babylon)" FF - prefs.js..browser.search.defaultthis.engineName: "mipony-plugin Customized Web Search" FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2465030&SearchSource=3&q={searchTerms}" FF - prefs.js..browser.search.order.1: "Search the web (Babylon)" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.search.suggest.enabled: false FF - prefs.js..browser.startup.homepage: "http://www.google.fr/" FF - prefs.js..extensions.enabledItems: {1018e4d6-728f-4b20-ad56-37578a4de76b}:4.0.11 FF - prefs.js..extensions.enabledItems: newtaburl@sogame.cat:2.2.0 FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.2 FF - prefs.js..extensions.enabledItems: support@easy-hideip.com:1.0 FF - prefs.js..extensions.enabledItems: {40a1f5d7-afc2-498f-b264-02668d616ff6}:1.1 FF - prefs.js..extensions.enabledItems: {e0204bd5-9d31-402b-a99d-a6aa8ffebdca}:1.2.5 FF - prefs.js..extensions.enabledItems: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20100908 FF - prefs.js..extensions.enabledItems: {4176DFF4-4698-11DE-BEEB-45DA55D89593}:0.8.6 FF - prefs.js..network.proxy.share_proxy_settings: true FF - user.js..browser.search.openintab: false FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/12/13 15:52:42 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/12/12 15:04:34 | 000,000,000 | ---D | M] [2010/11/24 08:29:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrateur\Application Data\Mozilla\Extensions [2010/11/24 08:29:39 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrateur\Application Data\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} [2010/12/20 12:00:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\fehwkizw.default\extensions [2010/11/24 14:56:22 | 000,000,000 | ---D | M] (Flagfox) -- C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\fehwkizw.default\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b} [2010/05/01 06:37:54 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\fehwkizw.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010/11/27 15:50:01 | 000,000,000 | ---D | M] (Mega Manager Integration) -- C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\fehwkizw.default\extensions\{40a1f5d7-afc2-498f-b264-02668d616ff6} [2010/12/05 09:19:58 | 000,000,000 | ---D | M] (AniWeather) -- C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\fehwkizw.default\extensions\{4176DFF4-4698-11DE-BEEB-45DA55D89593} [2010/12/05 09:11:26 | 000,000,000 | ---D | M] (WOT) -- C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\fehwkizw.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2010/12/11 15:11:58 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\fehwkizw.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} [2010/12/05 09:09:29 | 000,000,000 | ---D | M] (Torbutton) -- C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\fehwkizw.default\extensions\{e0204bd5-9d31-402b-a99d-a6aa8ffebdca} [2010/03/04 07:17:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\fehwkizw.default\extensions\newtaburl@sogame.cat [2010/03/09 15:15:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\fehwkizw.default\extensions\support@easy-hideip.com [2010/01/20 12:16:46 | 000,000,929 | ---- | M] () -- C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\fehwkizw.default\searchplugins\conduit.xml [2010/12/20 12:00:13 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions [2010/11/25 21:06:47 | 000,001,516 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-france.xml [2010/11/25 21:06:47 | 000,001,822 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\cnrtl-tlfi-fr.xml [2010/11/25 21:06:47 | 000,000,757 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-france.xml [2010/11/25 21:06:47 | 000,001,426 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-fr.xml [2010/11/25 21:06:47 | 000,000,956 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-france.xml O1 HOSTS File: ([2010/03/22 16:44:15 | 000,002,170 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: 127.0.0.1 activate.adobe.com O1 - Hosts: 127.0.0.1 practivate.adobe.com O1 - Hosts: 127.0.0.1 ereg.adobe.com O1 - Hosts: 127.0.0.1 activate.wip3.adobe.com O1 - Hosts: 127.0.0.1 wip3.adobe.com O1 - Hosts: 127.0.0.1 3dns-3.adobe.com O1 - Hosts: 127.0.0.1 3dns-2.adobe.com O1 - Hosts: 127.0.0.1 adobe-dns.adobe.com O1 - Hosts: 127.0.0.1 adobe-dns-2.adobe.com O1 - Hosts: 127.0.0.1 adobe-dns-3.adobe.com O1 - Hosts: 127.0.0.1 ereg.wip3.adobe.com O1 - Hosts: 127.0.0.1 activate-sea.adobe.com O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com O1 - Hosts: 127.0.0.1 activate-sjc0.adobe.com O1 - Hosts: 127.0.0.1 practivate.adobe.com O1 - Hosts: 127.0.0.1 ereg.adobe.com O1 - Hosts: 127.0.0.1 activate.wip3.adobe.com O1 - Hosts: 127.0.0.1 wip3.adobe.com O1 - Hosts: 127.0.0.1 3dns-3.adobe.com O1 - Hosts: 127.0.0.1 3dns-2.adobe.com O1 - Hosts: 127.0.0.1 adobe-dns.adobe.com O1 - Hosts: 127.0.0.1 adobe-dns-2.adobe.com O1 - Hosts: 127.0.0.1 adobe-dns-3.adobe.com O1 - Hosts: 127.0.0.1 ereg.wip3.adobe.com O1 - Hosts: 16 more lines... O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.) O2 - BHO: (IeMonitorBho Class) - {bf00e119-21a3-4fd1-b178-3b8537e75c92} - C:\Program Files\Megaupload\Mega Manager\MegaIEMn.dll (Megaupload Limited) O3 - HKU\S-1-5-21-73586283-162531612-682003330-500\..\Toolbar\WebBrowser: (no name) - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - No CLSID value found. O3 - HKU\S-1-5-21-73586283-162531612-682003330-500\..\Toolbar\WebBrowser: (no name) - {F2E259E8-0FC8-438C-A6E0-342DD80FA53E} - No CLSID value found. O4 - HKLM..\Run: [!AVG Anti-Spyware] C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe (GRISOFT s.r.o.) O4 - HKLM..\Run: [Adobe ARM] C:\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.) O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation) O4 - HKU\S-1-5-21-73586283-162531612-682003330-500..\Run: [Connexion SFR 9props.exe] C:\Program Files\SFR\Kit\9props.exe (SFR) O4 - HKU\S-1-5-21-73586283-162531612-682003330-500..\Run: [SuperCopier2.exe] C:\Program Files\SuperCopier2\SuperCopier2.exe (SFX TEAM) O4 - HKLM..\RunOnce: [] File not found O4 - Startup: C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\REALTEK USB Wireless LAN Utility.lnk = C:\Program Files\REALTEK\USB Wireless LAN Utility\RtWLan.exe (Realtek Semiconductor Corp.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-73586283-162531612-682003330-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-73586283-162531612-682003330-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 1 O7 - HKU\S-1-5-21-73586283-162531612-682003330-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: StartMenuLogOff = 1 O7 - HKU\S-1-5-21-73586283-162531612-682003330-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoUserNameInStartMenu = 1 O8 - Extra context menu item: Liens de téléchargement avec Mega Manager... - C:\Program Files\Megaupload\Mega Manager\mm_file.htm () O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\ServicePackFiles\i386\msmsgs.exe (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\ServicePackFiles\i386\msmsgs.exe (Microsoft Corporation) O15 - HKU\S-1-5-21-73586283-162531612-682003330-500\..Trusted Domains: aol.com ([objects] * is out of zone range - 5) O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18) O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Fichiers communs\Microsoft Shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - AppInit_DLLs: (RemoveFocusRect.dll) - C:\WINDOWS\System32\RemoveFocusRect.dll () O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.) O24 - Desktop Components:0 (Ma page d'accueil) - About:Home O28 - HKLM ShellExecuteHooks: {57B86673-276A-48B2-BAE7-C6DBB3020EB8} - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll (GRISOFT s.r.o.) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2010/04/02 20:10:01 | 000,000,028 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O32 - AutoRun File - [2010/12/20 14:18:06 | 000,000,000 | RHSD | M] - C:\Autorun.inf -- [ NTFS ] O32 - AutoRun File - [2010/12/20 14:18:09 | 000,000,000 | RHSD | M] - G:\Autorun.inf -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) - File not found O34 - HKLM BootExecute: (BtDfSDK) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* [color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color] [2010/12/20 14:18:06 | 000,000,000 | RHSD | C] -- C:\Autorun.inf [2010/12/20 14:17:29 | 000,000,000 | ---D | C] -- C:\UsbFix [2010/12/19 13:23:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrateur\Local Settings\Application Data\WMTools Downloaded Files [2010/12/19 13:16:41 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrateur\Mes documents\Mes vidéos [2010/12/19 08:50:50 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro [2010/12/19 07:52:19 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Administrateur\Recent [2010/12/16 17:47:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrateur\Local Settings\Application Data\WahOO [2010/12/15 14:23:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrateur\Application Data\Grisoft [2010/12/15 14:22:42 | 000,010,872 | ---- | C] (GRISOFT, s.r.o.) -- C:\WINDOWS\System32\drivers\AvgAsCln.sys [2010/12/15 14:22:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Grisoft [2010/12/15 14:22:36 | 000,000,000 | ---D | C] -- C:\Program Files\Grisoft [2010/12/11 14:52:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Canneverbe Limited [2010/12/11 14:52:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrateur\Application Data\Canneverbe Limited [2010/12/07 10:42:32 | 000,000,000 | ---D | C] -- C:\Program Files\CDBurnerXP [2010/12/05 08:54:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Megamedia [2010/11/26 18:42:30 | 000,000,000 | ---D | C] -- C:\Program Files\NoVirusThanks [2010/11/24 08:29:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrateur\Local Settings\Application Data\Thunderbird [2010/11/24 08:29:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrateur\Application Data\Thunderbird [2010/11/24 08:28:56 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Thunderbird [2010/11/23 18:59:04 | 000,270,720 | ---- | C] (Realtek Semiconductor Corporation ) -- C:\WINDOWS\System32\drivers\RTL8187B.sys [2010/11/23 18:59:04 | 000,270,720 | ---- | C] (Realtek Semiconductor Corporation ) -- C:\WINDOWS\System\rtl8187B.sys [22 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [color=#E56717]========== Files - Modified Within 30 Days ==========[/color] [2010/12/20 13:56:35 | 000,000,050 | ---- | M] () -- C:\WINDOWS\MegaManager.INI [2010/12/20 12:01:27 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Administrateur\Local Settings\Application Data\prvlcl.dat [2010/12/20 11:52:10 | 069,114,192 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm [2010/12/20 11:39:52 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2010/12/20 11:38:49 | 000,065,578 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml [2010/12/20 11:37:33 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2010/12/19 08:50:53 | 000,001,740 | ---- | M] () -- C:\Documents and Settings\Administrateur\Bureau\HijackThis.lnk [2010/12/18 09:34:18 | 000,639,984 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\iavifw.avm [2010/12/16 17:47:36 | 000,000,906 | ---- | M] () -- C:\Documents and Settings\Administrateur\Bureau\WahOO.lnk [2010/12/15 14:22:51 | 000,000,859 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\AVG Anti-Spyware.lnk [2010/12/09 18:07:07 | 000,035,840 | ---- | M] () -- C:\Documents and Settings\Administrateur\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010/12/07 10:42:36 | 000,001,636 | ---- | M] () -- C:\Documents and Settings\Administrateur\Application Data\Microsoft\Internet Explorer\Quick Launch\CDBurnerXP.lnk [2010/12/07 10:42:35 | 000,001,618 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\CDBurnerXP.lnk [2010/12/05 08:58:08 | 000,000,050 | ---- | M] () -- C:\WINDOWS\Megakey.INI [2010/12/03 14:38:31 | 000,002,583 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\ACDSee Pro 2.5.lnk [2010/11/27 16:03:09 | 000,000,804 | ---- | M] () -- C:\Documents and Settings\Administrateur\Application Data\Microsoft\Internet Explorer\Quick Launch\Lecteur Windows Media.lnk [2010/11/27 15:48:15 | 000,001,670 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\Mega Manager.lnk [2010/11/27 15:48:15 | 000,001,670 | ---- | M] () -- C:\Documents and Settings\Administrateur\Application Data\Microsoft\Internet Explorer\Quick Launch\Mega Manager.lnk [2010/11/26 18:42:39 | 000,000,862 | ---- | M] () -- C:\Documents and Settings\Administrateur\Application Data\Microsoft\Internet Explorer\Quick Launch\NoVirusThanks Malware Remover.lnk [2010/11/26 18:42:39 | 000,000,844 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\NoVirusThanks Malware Remover.lnk [2010/11/24 14:57:09 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\CCleaner.lnk [2010/11/23 18:59:29 | 000,001,900 | ---- | M] () -- C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\REALTEK USB Wireless LAN Utility.lnk [2010/11/21 15:09:28 | 000,500,872 | ---- | M] () -- C:\WINDOWS\System32\perfh00C.dat [2010/11/21 15:09:28 | 000,432,492 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2010/11/21 15:09:28 | 000,080,748 | ---- | M] () -- C:\WINDOWS\System32\perfc00C.dat [2010/11/21 15:09:28 | 000,067,448 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [22 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [color=#E56717]========== Files Created - No Company Name ==========[/color] [2010/12/19 08:50:53 | 000,001,740 | ---- | C] () -- C:\Documents and Settings\Administrateur\Bureau\HijackThis.lnk [2010/12/16 17:47:36 | 000,000,906 | ---- | C] () -- C:\Documents and Settings\Administrateur\Bureau\WahOO.lnk [2010/12/15 14:22:51 | 000,000,859 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\AVG Anti-Spyware.lnk [2010/12/07 10:42:36 | 000,001,636 | ---- | C] () -- C:\Documents and Settings\Administrateur\Application Data\Microsoft\Internet Explorer\Quick Launch\CDBurnerXP.lnk [2010/12/07 10:42:35 | 000,001,618 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\CDBurnerXP.lnk [2010/12/07 10:42:33 | 000,007,168 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys [2010/12/05 08:58:07 | 000,000,050 | ---- | C] () -- C:\WINDOWS\Megakey.INI [2010/12/04 08:08:09 | 000,001,670 | ---- | C] () -- C:\Documents and Settings\Administrateur\Application Data\Microsoft\Internet Explorer\Quick Launch\Mega Manager.lnk [2010/11/27 16:03:09 | 000,000,804 | ---- | C] () -- C:\Documents and Settings\Administrateur\Application Data\Microsoft\Internet Explorer\Quick Launch\Lecteur Windows Media.lnk [2010/11/27 15:48:15 | 000,001,670 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\Mega Manager.lnk [2010/11/26 18:42:39 | 000,000,862 | ---- | C] () -- C:\Documents and Settings\Administrateur\Application Data\Microsoft\Internet Explorer\Quick Launch\NoVirusThanks Malware Remover.lnk [2010/11/26 18:42:39 | 000,000,844 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\NoVirusThanks Malware Remover.lnk [2010/11/24 14:57:08 | 000,000,682 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\CCleaner.lnk [2010/11/23 18:59:29 | 000,001,900 | ---- | C] () -- C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\REALTEK USB Wireless LAN Utility.lnk [2010/04/09 16:57:13 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Administrateur\Local Settings\Application Data\prvlcl.dat [2010/03/16 22:43:19 | 000,000,040 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\.zreglib [2010/03/03 20:18:46 | 000,035,520 | ---- | C] () -- C:\WINDOWS\System32\drivers\RKHit.sys [2010/02/08 17:07:54 | 000,032,256 | ---- | C] () -- C:\WINDOWS\avsredirect.dll [2010/01/08 20:45:41 | 000,000,050 | ---- | C] () -- C:\WINDOWS\MegaManager.INI [2009/12/07 19:17:27 | 000,000,192 | ---- | C] () -- C:\Documents and Settings\Administrateur\Application Data\burnaware.ini [2009/09/28 10:36:47 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini [2009/04/22 20:46:51 | 000,000,169 | ---- | C] () -- C:\WINDOWS\RtlRack.ini [2009/04/16 17:38:30 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\RemoveFocusRect.dll [2009/04/16 12:53:20 | 000,037,888 | ---- | C] () -- C:\WINDOWS\System32\setupnt.dll [2009/04/16 11:51:49 | 000,004,205 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI [2009/04/16 11:12:30 | 000,035,840 | ---- | C] () -- C:\Documents and Settings\Administrateur\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009/04/16 10:44:25 | 000,000,473 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI [2009/04/16 10:44:25 | 000,000,027 | ---- | C] () -- C:\WINDOWS\BRPP2KA.INI [2009/04/16 10:41:15 | 000,031,831 | ---- | C] () -- C:\WINDOWS\maxlink.ini [2009/04/16 10:26:56 | 000,278,528 | ---- | C] () -- C:\Program Files\Fichiers communs\FDEUnInstaller.exe [2009/04/16 10:17:16 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll [2006/10/22 11:22:00 | 001,662,976 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll [2006/10/22 11:22:00 | 001,470,464 | ---- | C] () -- C:\WINDOWS\System32\nview.dll [2006/10/22 11:22:00 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll [2006/10/22 11:22:00 | 000,581,632 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll [2006/10/22 11:22:00 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll [2006/10/22 11:22:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll [2006/10/22 11:22:00 | 000,212,992 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll [color=#E56717]========== LOP Check ==========[/color] [2009/04/16 15:11:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrateur\Application Data\ACD Systems [2010/03/04 15:28:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrateur\Application Data\Acronis [2010/03/27 09:51:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrateur\Application Data\Ashampoo [2010/03/02 14:53:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrateur\Application Data\Auslogics [2010/12/11 14:52:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrateur\Application Data\Canneverbe Limited [2010/04/02 16:21:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrateur\Application Data\CheckPoint [2010/02/25 22:18:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrateur\Application Data\CheeseSoft [2010/03/07 18:01:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrateur\Application Data\Copernic [2010/02/08 17:16:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrateur\Application Data\CoyoteReplay [2010/02/17 20:38:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrateur\Application Data\Delete Cookie [2010/03/07 20:34:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrateur\Application Data\Faces [2010/03/24 22:05:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrateur\Application Data\GlarySoft [2010/12/15 14:23:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrateur\Application Data\Grisoft [2010/03/09 15:13:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrateur\Application Data\HideIPEasy [2010/02/19 15:51:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrateur\Application Data\Megaupload [2009/04/16 13:56:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrateur\Application Data\Micro Application [2010/03/27 12:12:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrateur\Application Data\Mipony [2010/03/03 20:12:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrateur\Application Data\Morpheus Software [2010/03/29 18:01:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrateur\Application Data\OpenOffice.org [2010/04/04 15:13:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrateur\Application Data\QUAD Backups [2009/10/06 16:26:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrateur\Application Data\Sports Interactive [2010/05/11 19:55:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrateur\Application Data\TeraCopy [2010/03/24 22:42:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrateur\Application Data\thecleaner [2010/11/24 08:29:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrateur\Application Data\Thunderbird [2009/04/16 13:49:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrateur\Application Data\TuneUp Software [2010/03/27 11:24:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrateur\Application Data\Uniblue [2010/04/20 07:22:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrateur\Application Data\WNR [2010/01/15 17:07:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrateur\Application Data\XnView [2009/04/16 13:01:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ACD Systems [2010/03/04 15:28:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Acronis [2010/03/01 15:52:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software [2010/03/27 09:51:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ashampoo [2010/04/04 14:44:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9 [2010/12/11 14:52:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Canneverbe Limited [2010/05/11 20:53:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CDRWIN 8 [2010/12/15 14:22:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Grisoft [2010/03/20 11:54:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HideIPEasy [2010/03/07 20:41:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Innovative Solutions [2010/05/11 20:51:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Licenses [2010/01/10 08:44:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Megaupload [2010/04/24 08:30:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters [2010/02/11 18:39:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ScanSoft [2010/02/17 20:40:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TuneUp Software [2010/03/22 14:57:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip [2010/04/20 07:22:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WNR [2010/08/28 07:34:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521} [2009/04/16 13:48:32 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\All Users\Application Data\{55A29068-F2CE-456C-9148-C869879E2357} [2010/02/17 20:40:38 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\All Users\Application Data\{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC} [2010/12/05 08:54:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Megamedia [2010/02/18 08:00:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\TuneUp Software [2010/04/04 14:33:08 | 000,000,330 | ---- | M] () -- C:\WINDOWS\Tasks\GlaryInitialize.job [2010/03/01 12:10:16 | 000,000,534 | ---- | M] () -- C:\WINDOWS\Tasks\Recherche de problèmes automatique.job [2010/12/20 12:40:25 | 000,032,410 | ---- | M] () -- C:\WINDOWS\Tasks\SCHEDLGU.TXT [color=#E56717]========== Purity Check ==========[/color] < End of report >

Code: Tout sélectionner: OTL Extras logfile created on: 20/12/2010 14:21:12 - Run 1 OTL by OldTimer - Version 3.2.17.4 Folder = G:\Téléchargements Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 7.0.5730.13) Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy 511,00 Mb Total Physical Memory | 170,00 Mb Available Physical Memory | 33,00% Memory free 1,00 Gb Paging File | 1,00 Gb Available in Paging File | 44,00% Paging File free Paging file location(s): C:\pagefile.sys 768 1536 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 14,65 Gb Total Space | 5,63 Gb Free Space | 38,41% Space Free | Partition Type: NTFS Drive G: | 22,61 Gb Total Space | 3,46 Gb Free Space | 15,31% Space Free | Partition Type: NTFS Computer Name: LE_MIEN | User Name: Administrateur | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days [color=#E56717]========== Extra Registry (SafeList) ==========[/color] [color=#E56717]========== File Associations ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] [HKEY_USERS\S-1-5-21-73586283-162531612-682003330-500\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) [color=#E56717]========== Shell Spawning ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation) scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [ACDSee Pro 2.5.Browse] -- "C:\Program Files\ACD Systems\ACDSee Pro\2.5\ACDSeeQVPro25.exe" "%1" (ACD Systems) Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [color=#E56717]========== Security Center Settings ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "FirstRunDisabled" = 1 "AntiVirusDisableNotify" = 0 "FirewallDisableNotify" = 0 "UpdatesDisableNotify" = 0 "AntiVirusOverride" = 1 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall] [color=#E56717]========== System Restore Settings ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore] "DisableSR" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr] "Start" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService] "Start" = 2 [color=#E56717]========== Firewall Settings ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 0 "DoNotAllowExceptions" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] "1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007 "2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008 [color=#E56717]========== Authorized Applications List ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] "C:\Program Files\Fichiers communs\AOL\ACS\AOLacsd.exe" = C:\Program Files\Fichiers communs\AOL\ACS\AOLacsd.exe:*:Enabled:AOL -- File not found "C:\Program Files\Fichiers communs\AOL\ACS\AOLDial.exe" = C:\Program Files\Fichiers communs\AOL\ACS\AOLDial.exe:*:Enabled:AOL -- File not found "C:\Program Files\AOL 9.0\waol.exe" = C:\Program Files\AOL 9.0\waol.exe:*:Enabled:AOL 9.0 -- File not found [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "C:\Program Files\Java\jre6\bin\javaw.exe" = C:\Program Files\Java\jre6\bin\javaw.exe:*:Enabled:Java(TM) Platform SE binary -- (Sun Microsystems, Inc.) "C:\Program Files\AVG\AVG9\avgam.exe" = C:\Program Files\AVG\AVG9\avgam.exe:*:Enabled:avgam.exe -- (AVG Technologies CZ, s.r.o.) "C:\Program Files\AVG\AVG9\avgdiagex.exe" = C:\Program Files\AVG\AVG9\avgdiagex.exe:*:Enabled:avgdiagex.exe -- (AVG Technologies CZ, s.r.o.) "C:\Program Files\AVG\AVG9\avgemc.exe" = C:\Program Files\AVG\AVG9\avgemc.exe:*:Enabled:avgemc.exe -- (AVG Technologies CZ, s.r.o.) "C:\Program Files\AVG\AVG9\avgupd.exe" = C:\Program Files\AVG\AVG9\avgupd.exe:*:Enabled:avgupd.exe -- (AVG Technologies CZ, s.r.o.) "C:\Program Files\AVG\AVG9\avgnsx.exe" = C:\Program Files\AVG\AVG9\avgnsx.exe:*:Enabled:avgnsx.exe -- (AVG Technologies CZ, s.r.o.) [color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{0271A4CB-D48C-4CDF-826F-62EE8D91663F}_is1" = WahOO "{0BD83598-C2EF-3343-847B-7D2E84599128}" = Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - FRA "{10ACC836-F47B-4236-96A5-DF52076EE70A}_is1" = NoVirusThanks Malware Remover 2.7.0.1 "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{26A24AE4-039D-4CA4-87B4-2F83216018FF}" = Java(TM) 6 Update 18 "{2D95950E-6D76-43E7-94A5-D9DBA2FD29E4}" = ACDSee Pro 2.5 "{332CC6BF-E6C7-48EE-BA3D-435E576AD67F}" = PaperPort Image Printer "{3B6E3FC6-274C-4B6C-BC85-5C3B15DE18E2}" = Mega Manager "{3E31821C-7917-367E-938E-E65FC413EA31}" = Microsoft .NET Framework 3.5 Language Pack SP1 - fra "{607169F0-07F6-4797-99D2-D5E7C4715E20}" = Mega Manager "{72AD53CC-CCC0-3757-8480-9EE176866A7C}" = Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - FRA "{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable "{8686D4FE-62EF-46FB-B9FD-00679EB381FF}_is1" = Trojan Killer 2.0 "{90120000-0010-040C-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (French) 12 "{90120000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2007 "{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0015-040C-0000-0000000FF1CE}" = Microsoft Office Access MUI (French) 2007 "{90120000-0015-040C-0000-0000000FF1CE}_PROPLUS_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0016-040C-0000-0000000FF1CE}" = Microsoft Office Excel MUI (French) 2007 "{90120000-0016-040C-0000-0000000FF1CE}_PROPLUS_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0018-040C-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (French) 2007 "{90120000-0018-040C-0000-0000000FF1CE}_PROPLUS_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0019-040C-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (French) 2007 "{90120000-0019-040C-0000-0000000FF1CE}_PROPLUS_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001A-040C-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (French) 2007 "{90120000-001A-040C-0000-0000000FF1CE}_PROPLUS_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001B-040C-0000-0000000FF1CE}" = Microsoft Office Word MUI (French) 2007 "{90120000-001B-040C-0000-0000000FF1CE}_PROPLUS_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001F-0401-0000-0000000FF1CE}" = Microsoft Office Proof (Arabic) 2007 "{90120000-001F-0401-0000-0000000FF1CE}_PROPLUS_{14809F99-C601-4D4A-9391-F1E8FAA964C5}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007 "{90120000-001F-0407-0000-0000000FF1CE}_PROPLUS_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-0409-0000-0000000FF1CE}_PROPLUS_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007 "{90120000-001F-040C-0000-0000000FF1CE}_PROPLUS_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-0413-0000-0000000FF1CE}" = Microsoft Office Proof (Dutch) 2007 "{90120000-001F-0413-0000-0000000FF1CE}_PROPLUS_{D66D5A44-E480-4BA4-B4F2-C554F6B30EBB}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007 "{90120000-001F-0C0A-0000-0000000FF1CE}_PROPLUS_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-002C-040C-0000-0000000FF1CE}" = Microsoft Office Proofing (French) 2007 "{90120000-0044-040C-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (French) 2007 "{90120000-0044-040C-0000-0000000FF1CE}_PROPLUS_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-006E-040C-0000-0000000FF1CE}" = Microsoft Office Shared MUI (French) 2007 "{90120000-006E-040C-0000-0000000FF1CE}_PROPLUS_{B165D3C2-40AE-4D39-86F7-E5C87C4264C0}" = Microsoft Office 2007 Service Pack 2 (SP2) "{97C82B44-D408-4F14-9252-47FC1636D23E}_is1" = IZArc 3.81 "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2 "{A3FEC306-FBFF-4B0D-95B9-F9C67C65079E}" = Brother MFL-Pro Suite "{AC76BA86-7AD7-1036-7B44-A94000000001}" = Adobe Reader 9.4.1 - Français "{B6C89654-A6A2-477C-873B-724EC1C56407}" = ScanSoft PaperPort 11 "{BE686891-3C56-4714-AFEF-341A7867BA80}" = REALTEK USB Wireless LAN Driver and Utility "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2 "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "Adobe Photoshop 7.0" = Adobe Photoshop 7.0 "AnyDVD" = AnyDVD "AVG9Uninstall" = AVG 9.0 "AVGAntiSpyware75" = AVG Anti-Spyware 7.5 "CCleaner" = CCleaner "Cloneur Expert" = Cloneur Expert "DVD Shrink_is1" = DVD Shrink 3.2 "Glary Utilities_is1" = Glary Utilities Pro 2.21.0.863 "HijackThis" = HijackThis 2.0.2 "InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Gestionnaire de périphériques de plate-forme "Meteo Fusion _is1" = Meteo Fusion 1.5.9.11 "Microsoft .NET Framework 3.5 Language Pack SP1 - fra" = Module linguistique Microsoft .NET Framework 3.5 SP1- fra "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Mozilla Firefox (3.6.13)" = Mozilla Firefox (3.6.13) "MP3 CD Ripper_is1" = MP3 CD Ripper 4.01 "MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP "NetMeter_is1" = NetMeter 1.1.3 "NVIDIA Drivers" = NVIDIA Drivers "PROPLUS" = Microsoft Office Professional Plus 2007 "SFR_Kit" = SFR - Kit de connexion "StatBar_is1" = StatBar 2.406 "StreetPlugin" = Learn2 Player (Uninstall Only) "SuperCopier2" = SuperCopier2 "TuneUp Utilities" = TuneUp Utilities "UltraISO_is1" = UltraISO Premium V9.36 "Unlocker" = Unlocker 1.8.7 "Usbfix" = UsbFix By El Desaparecido & C_XX "VLC media player" = VLC media player 1.0.1 "Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5 "WinRAR archiver" = WinRAR archiver "Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0 [color=#E56717]========== Last 10 Event Log Errors ==========[/color] [ Application Events ] Error - 01/03/2010 06:19:34 | Computer Name = LE_MIEN | Source = WmiAdapter | ID = 4099 Description = Échec de l'ouverture de services. Error - 01/03/2010 06:19:35 | Computer Name = LE_MIEN | Source = WmiAdapter | ID = 4099 Description = Échec de l'ouverture de services. Error - 01/03/2010 06:19:36 | Computer Name = LE_MIEN | Source = WmiAdapter | ID = 4099 Description = Échec de l'ouverture de services. Error - 01/03/2010 06:19:36 | Computer Name = LE_MIEN | Source = WmiAdapter | ID = 4099 Description = Échec de l'ouverture de services. Error - 01/03/2010 06:19:38 | Computer Name = LE_MIEN | Source = WmiAdapter | ID = 4099 Description = Échec de l'ouverture de services. Error - 01/03/2010 06:19:39 | Computer Name = LE_MIEN | Source = WmiAdapter | ID = 4099 Description = Échec de l'ouverture de services. Error - 01/03/2010 06:20:11 | Computer Name = LE_MIEN | Source = WmiAdapter | ID = 4099 Description = Échec de l'ouverture de services. Error - 01/03/2010 06:20:12 | Computer Name = LE_MIEN | Source = WmiAdapter | ID = 4099 Description = Échec de l'ouverture de services. Error - 01/03/2010 06:20:13 | Computer Name = LE_MIEN | Source = WmiAdapter | ID = 4099 Description = Échec de l'ouverture de services. Error - 01/03/2010 06:20:19 | Computer Name = LE_MIEN | Source = WmiAdapter | ID = 4099 Description = Échec de l'ouverture de services. [ System Events ] Error - 27/02/2010 11:17:41 | Computer Name = LE_MIEN | Source = DCOM | ID = 10005 Description = DCOM a reçu l'erreur "%1058" lors de la mise en route du service StiSvc avec les arguments "" pour démarrer le serveur : {A1F4E726-8CF1-11D1-BF92-0060081ED811} Error - 28/02/2010 03:39:07 | Computer Name = LE_MIEN | Source = Service Control Manager | ID = 7000 Description = Le service ElbyCDIO Driver n'a pas pu démarrer en raison de l'erreur : %%2 Error - 28/02/2010 04:03:07 | Computer Name = LE_MIEN | Source = Service Control Manager | ID = 7000 Description = Le service ElbyCDIO Driver n'a pas pu démarrer en raison de l'erreur : %%2 Error - 28/02/2010 04:18:49 | Computer Name = LE_MIEN | Source = DCOM | ID = 10005 Description = DCOM a reçu l'erreur "%1058" lors de la mise en route du service StiSvc avec les arguments "" pour démarrer le serveur : {A1F4E726-8CF1-11D1-BF92-0060081ED811} Error - 28/02/2010 04:20:24 | Computer Name = LE_MIEN | Source = DCOM | ID = 10005 Description = DCOM a reçu l'erreur "%1058" lors de la mise en route du service StiSvc avec les arguments "" pour démarrer le serveur : {A1F4E726-8CF1-11D1-BF92-0060081ED811} Error - 01/03/2010 06:18:47 | Computer Name = LE_MIEN | Source = Service Control Manager | ID = 7022 Description = Le service avast! Antivirus est en attente de démarrage. Error - 01/03/2010 06:18:47 | Computer Name = LE_MIEN | Source = Service Control Manager | ID = 7000 Description = Le service ElbyCDIO Driver n'a pas pu démarrer en raison de l'erreur : %%2 Error - 01/03/2010 07:41:19 | Computer Name = LE_MIEN | Source = DCOM | ID = 10005 Description = DCOM a reçu l'erreur "%1058" lors de la mise en route du service StiSvc avec les arguments "" pour démarrer le serveur : {A1F4E726-8CF1-11D1-BF92-0060081ED811} Error - 01/03/2010 07:42:58 | Computer Name = LE_MIEN | Source = DCOM | ID = 10005 Description = DCOM a reçu l'erreur "%1058" lors de la mise en route du service StiSvc avec les arguments "" pour démarrer le serveur : {A1F4E726-8CF1-11D1-BF92-0060081ED811} Error - 01/03/2010 07:43:21 | Computer Name = LE_MIEN | Source = DCOM | ID = 10005 Description = DCOM a reçu l'erreur "%1058" lors de la mise en route du service StiSvc avec les arguments "" pour démarrer le serveur : {A1F4E726-8CF1-11D1-BF92-0060081ED811} < End of report >

Merci...

danakil · le 20 Déc 2010 18:11

Salut!

Tu as un joli locataire sur ton PC que l'on identifie sous le terme générique de RootKit.
Un RootKit est un Malware (virus, programme) qui agit furtivement pour pirater tes connexions ou alors utiliser tes connexions pour infester d'autres PC. Il installe aussi d'autres logiciels à ton insu ...

On va vérifier cela :
Connecte toi ici --> VirusTotal
> Clique sur la fenêtre Parcourir et recherche dans la fenêtre de ton Windows ce fichier en gras :

C:\WINDOWS\System32\drivers\RKHit.sys

(il se situe sur ta partition C:\, dans Windows et dans System32, tu le trouveras dans la fenêtre de droite)
> Sélectionne-le et clique ensuite sur Ouvrir dans la même fenêtre.
(Automatiquement cette ligne apparaîtra dans la fenêtre Parcourir)
> Clique enfin sur le bouton Send file et laisse le scan en ligne s'effectuer.
> En fin de scan (qui peut prendre plusieurs minutes) tu obtiendras un rapport.
> Copie ce rapport sur ton Bureau > connecte toi ici et poste le moi

ricus68 · le 20 Déc 2010 20:23

Bonsoir, je m'exécute (et merci pour l'aide) :

Code: Tout sélectionner: File already submitted: The file sent has already been analysed by VirusTotal in the past. This is same basic info regarding the sample itself and its last analysis: MD5: fde1282754cc09e4c4df85aca86fe5c5 Date first seen: 2009-02-09 11:27:51 (UTC) Date last seen: 2010-09-29 16:40:42 (UTC) Detection ratio: 0/43 0 VT Community user(s) with a total of 0 reputation credit(s) say(s) this sample is goodware. 0 VT Community user(s) with a total of 0 reputation credit(s) say(s) this sample is malware. File name: RKHit.sys Submission date: 2010-12-20 19:17:05 (UTC) Current status: queued (#151) queued analysing finished Result: 0/ 43 (0.0%) VT Community not reviewed Safety score: - Compact Print results Antivirus Version Last Update Result AhnLab-V3 2010.12.20.06 2010.12.20 - AntiVir 7.11.0.110 2010.12.20 - Antiy-AVL 2.0.3.7 2010.12.20 - Avast 4.8.1351.0 2010.12.20 - Avast5 5.0.677.0 2010.12.20 - AVG 9.0.0.851 2010.12.20 - BitDefender 7.2 2010.12.20 - CAT-QuickHeal 11.00 2010.12.20 - ClamAV 0.96.4.0 2010.12.20 - Command 5.2.11.5 2010.12.20 - Comodo 7130 2010.12.20 - DrWeb 5.0.2.03300 2010.12.20 - Emsisoft 5.1.0.1 2010.12.20 - eSafe 7.0.17.0 2010.12.19 - eTrust-Vet 36.1.8050 2010.12.20 - F-Prot 4.6.2.117 2010.12.20 - F-Secure 9.0.16160.0 2010.12.20 - Fortinet 4.2.254.0 2010.12.19 - GData 21 2010.12.20 - Ikarus T3.1.1.90.0 2010.12.20 - Jiangmin 13.0.900 2010.12.20 - K7AntiVirus 9.73.3296 2010.12.20 - Kaspersky 7.0.0.125 2010.12.20 - McAfee 5.400.0.1158 2010.12.20 - McAfee-GW-Edition 2010.1C 2010.12.20 - Microsoft 1.6402 2010.12.20 - NOD32 5718 2010.12.20 - Norman 6.06.12 2010.12.20 - nProtect 2010-12-20.01 2010.12.20 - Panda 10.0.2.7 2010.12.20 - PCTools 7.0.3.5 2010.12.20 - Prevx 3.0 2010.12.20 - Rising 22.78.06.04 2010.12.20 - Sophos 4.60.0 2010.12.20 - SUPERAntiSpyware 4.40.0.1006 2010.12.20 - Symantec 20101.3.0.103 2010.12.20 - TheHacker 6.7.0.1.103 2010.12.20 - TrendMicro 9.120.0.1004 2010.12.20 - TrendMicro-HouseCall 9.120.0.1004 2010.12.20 - VBA32 3.12.14.2 2010.12.20 - VIPRE 7732 2010.12.20 - ViRobot 2010.12.20.4210 2010.12.20 - VirusBuster 13.6.104.2 2010.12.20 - Additional information Show all MD5 : fde1282754cc09e4c4df85aca86fe5c5 SHA1 : ed81ec1ea664baab7c505505d438f2d63341bd0f SHA256: 1d74065373f5be07d8d927ae96a685f8a036b167722dd42a7977aaa00d571cd8 ssdeep: 768:Lp5xc53aqYJ2t6LL8np3S9uWKbxLjk8ILplEbc/fLMbz:LpnMaqYJ2cLL8np35Xbxk8ILTE b0kz File size : 35520 bytes First seen: 2009-02-09 11:27:51 Last seen : 2010-12-20 19:17:05 TrID: Win32 Executable Generic (58.4%) Clipper DOS Executable (13.8%) Generic Win/DOS Executable (13.7%) DOS Executable Generic (13.7%) VXD Driver (0.2%) sigcheck: publisher....: n/a copyright....: Copyright (C) QiWang Corporation product......: RKHit description..: RKHit original name: RKHit internal name: RKHit file version.: 2, 0, 0, 0 comments.....: n/a signers......: Qiwang Computer VeriSign Class 3 Code Signing 2004 CA Class 3 Public Primary Certification Authority signing date.: 10:29 AM 2/5/2009 verified.....: - packers (Kaspersky): PE_Patch PEInfo: PE structure information [[ basic data ]] entrypointaddress: 0x6385 timedatestamp....: 0x48CF79AC (Tue Sep 16 09:17:32 2008) machinetype......: 0x14c (I386) [[ 6 section(s) ]] name, viradd, virsiz, rawdsiz, ntropy, md5 .text, 0x480, 0x4AB0, 0x4B00, 6.37, 62a8aa7f7ddf4867ec356dd14aad7fa2 .rdata, 0x4F80, 0x2E4, 0x300, 3.83, e958541d1f801eb43098a072ff1fc0da .data, 0x5280, 0x1090, 0x1100, 0.01, 15800a9c230a2a86476577d9a2d48c09 INIT, 0x6380, 0x95C, 0x980, 5.34, 2a686358bd7d2f9323c5fc4fd43d7092 .rsrc, 0x6D00, 0x2E0, 0x300, 3.01, 368ed489a87b035095dba8505d52e7d5 .reloc, 0x7000, 0x572, 0x580, 6.26, 7d0865f0d3bcc6e87505dbf8dc22247d [[ 2 import(s) ]] ntoskrnl.exe: _except_handler3, MmUnlockPages, ObfDereferenceObject, KeUnstackDetachProcess, KeStackAttachProcess, DbgPrint, PsLookupProcessByProcessId, MmIsAddressValid, KeInitializeSpinLock, ObReferenceObjectByName, IoDriverObjectType, RtlInitUnicodeString, ExFreePool, _stricmp, strrchr, ExAllocatePoolWithTag, ZwQuerySystemInformation, IoFileObjectType, ZwClose, ObReferenceObjectByHandle, ZwOpenKey, PsProcessType, IoDeviceObjectType, MmSectionObjectType, ZwUnmapViewOfSection, ZwMapViewOfSection, ZwCreateSection, ZwOpenFile, RtlImageDirectoryEntryToData, NtBuildNumber, RtlAppendUnicodeStringToString, RtlVolumeDeviceToDosName, IoCreateFile, wcscpy, ProbeForRead, IoGetCurrentProcess, KeGetCurrentThread, KeServiceDescriptorTable, ObQueryNameString, ObReferenceObjectByPointer, IoAllocateMdl, PsGetVersion, MmUserProbeAddress, IoThreadToProcess, PsLookupThreadByThreadId, NtGlobalFlag, PsThreadType, IofCallDriver, ZwOpenDirectoryObject, MmGetVirtualForPhysical, MmGetPhysicalAddress, MmSystemRangeStart, IoFreeIrp, KeSetEvent, KeWaitForSingleObject, MmBuildMdlForNonPagedPool, IoAllocateIrp, IoGetBaseFileSystemDeviceObject, KeInitializeEvent, IoGetDeviceObjectPointer, ZwQuerySymbolicLinkObject, ZwOpenSymbolicLinkObject, swprintf, IoGetConfigurationInformation, ZwTerminateProcess, PsGetCurrentProcessId, KeInsertQueueApc, KeInitializeApc, KeClearEvent, ExfInterlockedInsertTailList, ExfInterlockedRemoveHeadList, IoCreateSynchronizationEvent, MmGetSystemRoutineAddress, IoDeleteDevice, IoDeleteSymbolicLink, RtlInitAnsiString, IofCompleteRequest, IoCreateSymbolicLink, IoCreateDevice, KeTickCount, KeBugCheckEx, MmProbeAndLockPages, MmMapLockedPagesSpecifyCache, ObOpenObjectByPointer, IoFreeMdl HAL.dll: KfAcquireSpinLock, KfReleaseSpinLock, KeStallExecutionProcessor VT Community 0 This file has never been reviewed by any VT Community member. Be the first one to comment on it!

danakil · le 21 Déc 2010 02:42

Hum!
Pas trés concluant les avis de VirusTotal.

On va fouiller un peu plus loin.

• Télécharge ZHPDiag de Nicolas coolman sur ton Bureau.
• Double clique sur le fichier d'installation, puis installe le avec les paramètres par défaut (Coche "Créer une icône sur le bureau")
• Lance ZHPDiag en double cliquant sur l'icône

présente sur ton Bureau.
[Clique droit -> Exécuter en tant qu'Administrateur ( Vista/seven )]
• Clique sur la loupe en haut à gauche, puis laisse l'outil scanner le PC.
• Une fois le scan terminé, clique sur l'icône en forme de disquette et enregistre le fichier sur ton Bureau.
• Poste le contenu du rapport dans ta prochaine réponse en utilisant ce site : http://www.cijoint.fr/

> ... sur le site de cijoint :
• Clique sur Parcourir pour rechercher le rapport puis sur Cliquez ici pour déposer le fichier
• Copie et colle ici le lien web qui te sera donné.
• Il est de type : http://www.cijoint.fr/cjlink.php?file=c ... 8MD0zB.txt

ricus68 · le 21 Déc 2010 20:27

Bonsoir, voilà un nouveau rapport...

Code: Tout sélectionner: http://www.cijoint.fr/cjlink.php?file=cj201012/cijYeA5OIU.txt

Merci...

jeanmimigab · le 23 Déc 2010 14:08

Salut,

danakil n'est pas dispo en ce moment, peux-tu faire cela stp...dans l'ordre...

Télécharge >>> AD-Remover <<< ( de C_XX ) sur ton bureau.

- Double-clique sur le fichier AD-R.exe

pour lancer le tool.

- Pour Vista /Seven faire un cliques droit sur l'icône et choisir "Exécuter en tant qu'administrateur"

- Cliques sur "Nettoyer".

- Ensuite laisse le scan s'effectuer tranquillement sans te servir du PC

- Poste le rapport.txt qui s'ouvre.

au cas ou,le rapport est sauvegarder ici
C:\AD-Report-scan+"date"

Si jamais tu dois relancer AD-R.exe tu devras te servir du raccourci

créer durant son installation

ensuite...

Vue que tu as Malwarebytes, met le à jour et fais un scan rapide.
Poste moi le rapport stp.

ensuite...

* relance OTL.
* Assure toi d'avoir fermé toutes les applications en court de fonctionnement.

* Quand la fenêtre d'OTL apparaît, assure toi que dans la section "Rapport" (en haut à droite) la case "rapport minimal " soit cochée.

* Coches les case situées devant "Tous les utilisateurs", " Recherche LOP" et "Recherche Purity".

* Copier et colle le contenue de cette citation dans la partie inférieure d'OTL "personnalisation"

C:\WINDOWS\system32\windows32\*.* /s

* Cliques sur l'icône "Analyse" (en haut à gauche) .
* Laisse le scan aller à son terme sans te servir du PC
* A la fin du scan un rapports va s'ouvrir "OTL.Txt"
* Copie et colle le rapport dans ta réponse stp...
* Note: tu n'auras pas de rapport "extrat.txt cette fois ci

@++

ricus68 · le 27 Déc 2010 15:35

Bonjour et merci pour ton aide, voilà les deux nouveux rapports :

Code: Tout sélectionner: ======= RAPPORT D'AD-REMOVER 2.0.0.2,C | UNIQUEMENT XP/VISTA/7 ======= Mis à jour par TeamXscript le 22/12/10 à 11:40 Contact: AdRemover[DOT]contact[AT]gmail[DOT]com Site web: http://www.teamxscript.org C:\Program Files\Ad-Remover\main.exe (SCAN [2]) -> Lancé à 15:05:54 le 27/12/2010, Mode normal Microsoft Windows XP Professionnel Service Pack 3 (X86) Administrateur@LE_MIEN ( ) ============== RECHERCHE ============== ============== SCAN ADDITIONNEL ============== ** Mozilla Firefox Version [3.6.13 (fr)] ** -- C:\Documents and Settings\Administrateur\Application Data\Mozilla\FireFox\Profiles\fehwkizw.default\Prefs.js -- browser.download.dir, G:\\TÃ©lÃ©chargements browser.download.lastDir, C:\\Documents and Settings\\Administrateur\\Bureau browser.search.defaultenginename, Search the web (Babylon) browser.search.selectedEngine, Google browser.startup.homepage, hxxp://www.google.fr/ browser.startup.homepage_override.mstone, rv:1.9.2.13 privacy.popups.showBrowserMessage, false ======================================== ** Internet Explorer Version [7.0.5730.13] ** [HKCU\Software\Microsoft\Internet Explorer\Main] Default_Page_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch Do404Search: 0x01000000 Enable Browser Extensions: yes Local Page: C:\WINDOWS\SYSTEM32\blank.htm Search bar: hxxp://go.microsoft.com/fwlink/?linkid=54896 Show_ToolBar: yes Start Page: hxxp://fr.msn.com/ [HKLM\Software\Microsoft\Internet Explorer\Main] Default_Page_URL: hxxp://go.microsoft.com/fwlink/?LinkId=54896 Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch Delete_Temp_Files_On_Exit: yes Local Page: C:\WINDOWS\SYSTEM32\blank.htm Search bar: hxxp://search.msn.com/spbasic.htm Search Page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch Start Page: hxxp://fr.msn.com/ [HKLM\Software\Microsoft\Internet Explorer\ABOUTURLS] Tabs: res://ieframe.dll/tabswelcome.htm Blank: res://mshtml.dll/blank.htm ======================================== C:\Program Files\Ad-Remover\Quarantine: 1 Fichier(s) C:\Program Files\Ad-Remover\Backup: 16 Fichier(s) C:\Ad-Report-CLEAN[1].txt - 27/12/2010 (3501 Octet(s)) C:\Ad-Report-SCAN[2].txt - 27/12/2010 (2322 Octet(s)) Fin à: 15:11:24, 27/12/2010 ============== E.O.F ==============

Code: Tout sélectionner: OTL logfile created on: 27/12/2010 15:22:30 - Run 2 OTL by OldTimer - Version 3.2.18.0 Folder = C:\Documents and Settings\Administrateur\Bureau Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 7.0.5730.13) Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy 511,00 Mb Total Physical Memory | 125,00 Mb Available Physical Memory | 25,00% Memory free 1,00 Gb Paging File | 1,00 Gb Available in Paging File | 71,00% Paging File free Paging file location(s): C:\pagefile.sys 768 1536 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 14,65 Gb Total Space | 4,25 Gb Free Space | 28,99% Space Free | Partition Type: NTFS Drive G: | 22,61 Gb Total Space | 2,69 Gb Free Space | 11,89% Space Free | Partition Type: NTFS Computer Name: LE_MIEN | User Name: Administrateur | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days [color=#E56717]========== Processes (SafeList) ==========[/color] PRC - C:\Documents and Settings\Administrateur\Bureau\OTL.exe (OldTimer Tools) PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Program Files\Megaupload\Mega Manager\MegaManager.exe (Megaupload Limited) PRC - C:\Program Files\CDBurnerXP\NMSAccessU.exe () PRC - C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe (TuneUp Software) PRC - C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe (TuneUp Software) PRC - C:\Program Files\SFR\Kit\9props.exe (SFR) PRC - C:\Program Files\Fichiers communs\BitDefender\BitDefender Update Service\livesrv.exe (BitDefender SRL) PRC - C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe (BitDefender S. R. L.) PRC - C:\Program Files\BitDefender\BitDefender 2009\seccenter.exe () PRC - C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe (BitDefender S.R.L.) PRC - C:\Program Files\Fichiers communs\Acronis\Schedule2\schedul2.exe (Acronis) PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation) PRC - C:\Program Files\REALTEK\USB Wireless LAN Utility\RtWLan.exe (Realtek Semiconductor Corp.) PRC - C:\Program Files\SuperCopier2\SuperCopier2.exe (SFX TEAM) [color=#E56717]========== Modules (SafeList) ==========[/color] MOD - C:\Documents and Settings\Administrateur\Bureau\OTL.exe (OldTimer Tools) MOD - C:\Program Files\BitDefender\BitDefender 2009\BitDefender InnerFire\midas32-v1.5_48\plugin_registry.m32 (BitDefender S.R.L. Bucharest, ROMANIA) MOD - C:\Program Files\BitDefender\BitDefender 2009\BitDefender InnerFire\midas32-v1.5_48\plugin_nt.m32 (BitDefender S.R.L. Bucharest, ROMANIA) MOD - C:\Program Files\BitDefender\BitDefender 2009\BitDefender InnerFire\midas32-v1.5_48\plugin_fragments.m32 (BitDefender S.R.L. Bucharest, ROMANIA) MOD - C:\Program Files\BitDefender\BitDefender 2009\BitDefender InnerFire\midas32-v1.5_48\plugin_net.m32 (BitDefender S.R.L. Bucharest, ROMANIA) MOD - C:\Program Files\BitDefender\BitDefender 2009\BitDefender InnerFire\midas32-v1.5_48\plugin_extra.m32 (BitDefender S.R.L. Bucharest, ROMANIA) MOD - C:\Program Files\BitDefender\BitDefender 2009\BitDefender InnerFire\midas32-v1.5_48\plugin_base.m32 (BitDefender S.R.L. Bucharest, ROMANIA) MOD - C:\Program Files\BitDefender\BitDefender 2009\BitDefender InnerFire\midas32-v1.5_48\midas32.dll (BitDefender S.R.L. Bucharest, ROMANIA) MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll (Microsoft Corporation) MOD - C:\Program Files\SuperCopier2\SC2Hook.dll (SFX TEAM) [color=#E56717]========== Win32 Services (SafeList) ==========[/color] SRV - (TlntSvr) -- C:\WINDOWS\System32\tlntsvr.exe File not found SRV - (HidServ) -- C:\WINDOWS\System32\hidserv.dll File not found SRV - (DfSdkS) -- File not found SRV - (scan) -- C:\Program Files\Fichiers communs\BitDefender\BitDefender Threat Scanner\scan.dll (S.C. BitDefender S.R.L) SRV - (FLEXnet Licensing Service) -- C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.) SRV - (NMSAccess) -- C:\Program Files\CDBurnerXP\NMSAccessU.exe () SRV - (TuneUp.Defrag) -- C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe (TuneUp Software) SRV - (TuneUp.UtilitiesSvc) -- C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe (TuneUp Software) SRV - (UxTuneUp) -- C:\WINDOWS\system32\uxtuneup.dll (TuneUp Software) SRV - (LIVESRV) -- C:\Program Files\Fichiers communs\BitDefender\BitDefender Update Service\livesrv.exe (BitDefender SRL) SRV - (VSSERV) -- C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe (BitDefender S. R. L.) SRV - (odserv) -- C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\ODSERV.EXE (Microsoft Corporation) SRV - (AcrSch2Svc) -- C:\Program Files\Fichiers communs\Acronis\Schedule2\schedul2.exe (Acronis) SRV - (ose) -- C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation) [color=#E56717]========== Driver Services (SafeList) ==========[/color] DRV - (MEMSWEEP2) -- C:\WINDOWS\System32\5C.tmp File not found DRV - (bdfm) -- C:\WINDOWS\system32\drivers\bdfm.sys (BitDefender S.R.L. Bucharest, ROMANIA) DRV - (snapman380) Acronis Snapshots Manager (Build 380) -- C:\WINDOWS\system32\DRIVERS\snman380.sys (Acronis) DRV - (PCANDIS5) -- C:\WINDOWS\system32\PCANDIS5.sys (Printing Communications Assoc., Inc. (PCAUSA)) DRV - (ISODrive) -- C:\Program Files\UltraISO\drivers\ISODrive.sys (EZB Systems, Inc.) DRV - (StarOpen) -- C:\WINDOWS\System32\drivers\StarOpen.sys () DRV - (TuneUpUtilitiesDrv) -- C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys (TuneUp Software) DRV - (VClone) -- C:\WINDOWS\system32\drivers\VClone.sys (Elaborate Bytes AG) DRV - (videX32) -- C:\WINDOWS\system32\DRIVERS\videX32.sys (VIA Technologies, Inc.) DRV - (ASCTRM) -- C:\WINDOWS\System32\drivers\asctrm.sys (Windows (R) 2000 DDK provider) DRV - (bdfsfltr) -- C:\WINDOWS\system32\drivers\bdfsfltr.sys (BitDefender S.R.L. Bucharest, ROMANIA) DRV - (Trufos) -- C:\Program Files\Fichiers communs\BitDefender\BitDefender Threat Scanner\trufos.sys (BitDefender S.R.L.) DRV - (BDSelfPr) -- C:\Program Files\BitDefender\BitDefender 2009\bdselfpr.sys (BitDefender S.R.L.) DRV - (ALCXWDM) Service for Realtek AC97 Audio (WDM) -- C:\WINDOWS\system32\drivers\alcxwdm.sys (Realtek Semiconductor Corp.) DRV - (Profos) -- C:\Program Files\Fichiers communs\BitDefender\BitDefender Threat Scanner\profos.sys () DRV - (LMouFilt) -- C:\WINDOWS\system32\drivers\LMouFilt.Sys (Logicool, Inc.) DRV - (LHidFilt) -- C:\WINDOWS\system32\drivers\LHidFilt.Sys (Logicool, Inc.) DRV - (RTL8187B) -- C:\WINDOWS\system32\drivers\RTL8187B.sys (Realtek Semiconductor Corporation ) DRV - (nv) -- C:\WINDOWS\system32\drivers\nv4_mini.sys (NVIDIA Corporation) DRV - (AnyDVD) -- C:\WINDOWS\system32\drivers\AnyDVD.sys (SlySoft, Inc.) DRV - (ElbyCDIO) -- C:\WINDOWS\system32\drivers\ElbyCDIO.sys (Elaborate Bytes AG) DRV - (BrScnUsb) -- C:\WINDOWS\system32\drivers\BrScnUsb.sys (Brother Industries Ltd.) DRV - (viaagp1) -- C:\WINDOWS\system32\DRIVERS\viaagp1.sys (VIA Technologies, Inc.) [color=#E56717]========== Standard Registry (SafeList) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/ IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-73586283-162531612-682003330-500\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/ IE - HKU\S-1-5-21-73586283-162531612-682003330-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 [color=#E56717]========== FireFox ==========[/color] FF - prefs.js..browser.search.defaultenginename: "Search the web (Babylon)" FF - prefs.js..browser.search.defaultthis.engineName: "mipony-plugin Customized Web Search" FF - prefs.js..browser.search.order.1: "Search the web (Babylon)" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.search.suggest.enabled: false FF - prefs.js..browser.startup.homepage: "http://www.google.fr/" FF - prefs.js..extensions.enabledItems: {1018e4d6-728f-4b20-ad56-37578a4de76b}:4.0.12 FF - prefs.js..extensions.enabledItems: newtaburl@sogame.cat:2.2.0 FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3 FF - prefs.js..extensions.enabledItems: support@easy-hideip.com:1.0 FF - prefs.js..extensions.enabledItems: {40a1f5d7-afc2-498f-b264-02668d616ff6}:1.1 FF - prefs.js..extensions.enabledItems: {e0204bd5-9d31-402b-a99d-a6aa8ffebdca}:1.2.5 FF - prefs.js..extensions.enabledItems: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20100908 FF - prefs.js..extensions.enabledItems: {4176DFF4-4698-11DE-BEEB-45DA55D89593}:0.8.6 FF - prefs.js..network.proxy.share_proxy_settings: true FF - user.js..browser.search.openintab: false FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/12/13 15:52:42 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/12/12 15:04:34 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.7\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2010/12/20 20:32:54 | 000,000,000 | ---D | M] [2010/11/24 08:29:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrateur\Application Data\Mozilla\Extensions [2010/11/24 08:29:39 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrateur\Application Data\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} [2010/12/27 15:00:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\fehwkizw.default\extensions [2010/12/21 17:49:12 | 000,000,000 | ---D | M] (Flagfox) -- C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\fehwkizw.default\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b} [2010/05/01 06:37:54 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\fehwkizw.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010/11/27 15:50:01 | 000,000,000 | ---D | M] (Mega Manager Integration) -- C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\fehwkizw.default\extensions\{40a1f5d7-afc2-498f-b264-02668d616ff6} [2010/12/05 09:19:58 | 000,000,000 | ---D | M] (AniWeather) -- C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\fehwkizw.default\extensions\{4176DFF4-4698-11DE-BEEB-45DA55D89593} [2010/12/05 09:11:26 | 000,000,000 | ---D | M] (WOT) -- C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\fehwkizw.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2010/12/27 14:45:54 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\fehwkizw.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} [2010/12/05 09:09:29 | 000,000,000 | ---D | M] (Torbutton) -- C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\fehwkizw.default\extensions\{e0204bd5-9d31-402b-a99d-a6aa8ffebdca} [2010/03/04 07:17:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\fehwkizw.default\extensions\newtaburl@sogame.cat [2010/03/09 15:15:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\fehwkizw.default\extensions\support@easy-hideip.com [2010/12/27 15:00:36 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions [2010/11/25 21:06:47 | 000,001,516 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-france.xml [2010/11/25 21:06:47 | 000,001,822 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\cnrtl-tlfi-fr.xml [2010/11/25 21:06:47 | 000,000,757 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-france.xml [2010/11/25 21:06:47 | 000,001,426 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-fr.xml [2010/11/25 21:06:47 | 000,000,956 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-france.xml O1 HOSTS File: ([2010/03/22 16:44:15 | 000,002,170 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: 127.0.0.1 activate.adobe.com O1 - Hosts: 127.0.0.1 practivate.adobe.com O1 - Hosts: 127.0.0.1 ereg.adobe.com O1 - Hosts: 127.0.0.1 activate.wip3.adobe.com O1 - Hosts: 127.0.0.1 wip3.adobe.com O1 - Hosts: 127.0.0.1 3dns-3.adobe.com O1 - Hosts: 127.0.0.1 3dns-2.adobe.com O1 - Hosts: 127.0.0.1 adobe-dns.adobe.com O1 - Hosts: 127.0.0.1 adobe-dns-2.adobe.com O1 - Hosts: 127.0.0.1 adobe-dns-3.adobe.com O1 - Hosts: 127.0.0.1 ereg.wip3.adobe.com O1 - Hosts: 127.0.0.1 activate-sea.adobe.com O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com O1 - Hosts: 127.0.0.1 activate-sjc0.adobe.com O1 - Hosts: 127.0.0.1 practivate.adobe.com O1 - Hosts: 127.0.0.1 ereg.adobe.com O1 - Hosts: 127.0.0.1 activate.wip3.adobe.com O1 - Hosts: 127.0.0.1 wip3.adobe.com O1 - Hosts: 127.0.0.1 3dns-3.adobe.com O1 - Hosts: 127.0.0.1 3dns-2.adobe.com O1 - Hosts: 127.0.0.1 adobe-dns.adobe.com O1 - Hosts: 127.0.0.1 adobe-dns-2.adobe.com O1 - Hosts: 127.0.0.1 adobe-dns-3.adobe.com O1 - Hosts: 127.0.0.1 ereg.wip3.adobe.com O1 - Hosts: 16 more lines... O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) O2 - BHO: (IeMonitorBho Class) - {bf00e119-21a3-4fd1-b178-3b8537e75c92} - C:\Program Files\Megaupload\Mega Manager\MegaIEMn.dll (Megaupload Limited) O3 - HKU\S-1-5-21-73586283-162531612-682003330-500\..\Toolbar\WebBrowser: (no name) - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - No CLSID value found. O3 - HKU\S-1-5-21-73586283-162531612-682003330-500\..\Toolbar\WebBrowser: (no name) - {F2E259E8-0FC8-438C-A6E0-342DD80FA53E} - No CLSID value found. O4 - HKLM..\Run: [Adobe ARM] C:\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [BDAgent] C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe (BitDefender S.R.L.) O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation) O4 - HKU\S-1-5-21-73586283-162531612-682003330-500..\Run: [Connexion SFR 9props.exe] C:\Program Files\SFR\Kit\9props.exe (SFR) O4 - HKU\S-1-5-21-73586283-162531612-682003330-500..\Run: [SuperCopier2.exe] C:\Program Files\SuperCopier2\SuperCopier2.exe (SFX TEAM) O4 - Startup: C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\REALTEK USB Wireless LAN Utility.lnk = C:\Program Files\REALTEK\USB Wireless LAN Utility\RtWLan.exe (Realtek Semiconductor Corp.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-73586283-162531612-682003330-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-73586283-162531612-682003330-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 1 O7 - HKU\S-1-5-21-73586283-162531612-682003330-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: StartMenuLogOff = 0 O7 - HKU\S-1-5-21-73586283-162531612-682003330-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoUserNameInStartMenu = 1 O8 - Extra context menu item: Liens de téléchargement avec Mega Manager... - C:\Program Files\Megaupload\Mega Manager\mm_file.htm () O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\ServicePackFiles\i386\msmsgs.exe (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\ServicePackFiles\i386\msmsgs.exe (Microsoft Corporation) O15 - HKU\S-1-5-21-73586283-162531612-682003330-500\..Trusted Domains: aol.com ([objects] * is out of zone range - 5) O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18) O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Fichiers communs\Microsoft Shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O24 - Desktop Components:0 (Ma page d'accueil) - About:Home O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2010/04/02 20:10:01 | 000,000,028 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O32 - AutoRun File - [2010/12/20 14:18:06 | 000,000,000 | RHSD | M] - C:\Autorun.inf -- [ NTFS ] O32 - AutoRun File - [2010/12/20 14:18:09 | 000,000,000 | RHSD | M] - G:\Autorun.inf -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) - File not found O34 - HKLM BootExecute: (BtDfSDK) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* [color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color] [2010/12/27 15:18:38 | 000,602,624 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrateur\Bureau\OTL.exe [2010/12/27 14:53:11 | 000,000,000 | ---D | C] -- C:\Program Files\Ad-Remover [2010/12/27 13:58:03 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Administrateur\Recent [2010/12/21 23:37:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrateur\Local Settings\Application Data\Opera [2010/12/21 23:37:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrateur\Application Data\Opera [2010/12/21 23:36:49 | 000,000,000 | ---D | C] -- C:\Program Files\Opera [2010/12/21 20:33:40 | 000,000,000 | ---D | C] -- C:\Program Files\Panda Security [2010/12/21 20:06:42 | 000,000,000 | ---D | C] -- C:\Program Files\ZHPDiag [2010/12/20 20:39:12 | 000,000,000 | ---D | C] -- C:\Program Files\adslTV [2010/12/20 20:00:34 | 000,000,000 | ---D | C] -- C:\Program Files\Sophos [2010/12/20 19:43:06 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys [2010/12/20 19:43:01 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2010/12/20 19:43:01 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2010/12/20 17:06:45 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2010/12/20 17:00:58 | 000,000,000 | ---D | C] -- C:\8cc341a56ba0764b3313ace431 [2010/12/20 16:26:28 | 000,000,000 | ---D | C] -- C:\Program Files\Reference Assemblies [2010/12/20 16:16:13 | 000,000,000 | ---D | C] -- C:\WINDOWS\ie7updates [2010/12/20 15:46:33 | 000,953,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mfc40u.dll [2010/12/20 15:46:32 | 000,974,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mfc42.dll [2010/12/20 15:46:06 | 000,617,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\comctl32.dll [2010/12/20 15:43:22 | 000,744,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\helpsvc.exe [2010/12/20 15:43:17 | 000,040,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ndproxy.sys [2010/12/20 15:21:12 | 000,045,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wab.exe [2010/12/20 14:53:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrateur\Application Data\BitDefender [2010/12/20 14:52:32 | 000,000,000 | ---D | C] -- C:\Program Files\BitDefender [2010/12/20 14:52:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\BitDefender [2010/12/20 14:51:34 | 000,000,000 | ---D | C] -- C:\Program Files\Fichiers communs\BitDefender [2010/12/20 14:18:06 | 000,000,000 | RHSD | C] -- C:\Autorun.inf [2010/12/20 14:17:29 | 000,000,000 | ---D | C] -- C:\UsbFix [2010/12/19 13:23:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrateur\Local Settings\Application Data\WMTools Downloaded Files [2010/12/19 13:16:41 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrateur\Mes documents\Mes vidéos [2010/12/19 08:50:50 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro [2010/12/16 17:47:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrateur\Local Settings\Application Data\WahOO [2010/12/15 14:22:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Grisoft [2010/12/11 14:52:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Canneverbe Limited [2010/12/11 14:52:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrateur\Application Data\Canneverbe Limited [2010/12/07 10:42:32 | 000,000,000 | ---D | C] -- C:\Program Files\CDBurnerXP [2010/12/05 08:54:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Megamedia [22 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [color=#E56717]========== Files - Modified Within 30 Days ==========[/color] [2010/12/27 15:14:20 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrateur\Bureau\OTL.exe [2010/12/27 14:58:13 | 000,000,534 | ---- | M] () -- C:\WINDOWS\tasks\Recherche de problèmes automatique.job [2010/12/27 14:57:44 | 000,065,578 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml [2010/12/27 14:57:35 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2010/12/27 14:57:30 | 000,000,330 | ---- | M] () -- C:\WINDOWS\tasks\GlaryInitialize.job [2010/12/27 14:57:23 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2010/12/27 14:53:12 | 000,001,556 | ---- | M] () -- C:\Documents and Settings\Administrateur\Bureau\AD-R.lnk [2010/12/27 11:18:11 | 000,000,050 | ---- | M] () -- C:\WINDOWS\MegaManager.INI [2010/12/22 22:40:05 | 000,081,984 | ---- | M] () -- C:\WINDOWS\System32\bdod.bin [2010/12/22 19:06:12 | 000,034,816 | ---- | M] () -- C:\Documents and Settings\Administrateur\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010/12/21 23:36:52 | 000,001,510 | ---- | M] () -- C:\Documents and Settings\Administrateur\Application Data\Microsoft\Internet Explorer\Quick Launch\Opera.lnk [2010/12/21 23:36:52 | 000,001,492 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\Opera.lnk [2010/12/21 08:20:31 | 000,500,872 | ---- | M] () -- C:\WINDOWS\System32\perfh00C.dat [2010/12/21 08:20:31 | 000,432,492 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2010/12/21 08:20:31 | 000,080,748 | ---- | M] () -- C:\WINDOWS\System32\perfc00C.dat [2010/12/21 08:20:31 | 000,067,448 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2010/12/21 07:44:24 | 000,292,480 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2010/12/20 20:39:32 | 000,000,606 | ---- | M] () -- C:\Documents and Settings\Administrateur\Bureau\adsl TV.lnk [2010/12/20 20:32:57 | 000,001,698 | ---- | M] () -- C:\Documents and Settings\Administrateur\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Thunderbird.lnk [2010/12/20 20:32:57 | 000,001,680 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\Mozilla Thunderbird.lnk [2010/12/20 19:43:07 | 000,000,802 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\Malwarebytes' Anti-Malware.lnk [2010/12/20 17:03:29 | 000,146,312 | ---- | M] (BitDefender S.R.L. Bucharest, ROMANIA) -- C:\WINDOWS\System32\drivers\bdfm.sys [2010/12/20 15:03:37 | 000,000,850 | ---- | M] () -- C:\WINDOWS\System32\ProductTweaks.xml [2010/12/20 15:03:37 | 000,000,385 | ---- | M] () -- C:\WINDOWS\System32\user_gensett.xml [2010/12/20 14:53:07 | 000,001,901 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\BitDefender Free Edition 2009.lnk [2010/12/20 12:01:27 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Administrateur\Local Settings\Application Data\prvlcl.dat [2010/12/19 08:50:53 | 000,001,740 | ---- | M] () -- C:\Documents and Settings\Administrateur\Bureau\HijackThis.lnk [2010/12/16 17:47:36 | 000,000,906 | ---- | M] () -- C:\Documents and Settings\Administrateur\Bureau\WahOO.lnk [2010/12/07 10:42:36 | 000,001,636 | ---- | M] () -- C:\Documents and Settings\Administrateur\Application Data\Microsoft\Internet Explorer\Quick Launch\CDBurnerXP.lnk [2010/12/07 10:42:35 | 000,001,618 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\CDBurnerXP.lnk [2010/12/05 08:58:08 | 000,000,050 | ---- | M] () -- C:\WINDOWS\Megakey.INI [2010/12/03 14:38:31 | 000,002,583 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\ACDSee Pro 2.5.lnk [2010/11/29 17:42:18 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys [2010/11/29 17:42:06 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2010/11/27 16:03:09 | 000,000,804 | ---- | M] () -- C:\Documents and Settings\Administrateur\Application Data\Microsoft\Internet Explorer\Quick Launch\Lecteur Windows Media.lnk [2010/11/27 15:48:15 | 000,001,670 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\Mega Manager.lnk [2010/11/27 15:48:15 | 000,001,670 | ---- | M] () -- C:\Documents and Settings\Administrateur\Application Data\Microsoft\Internet Explorer\Quick Launch\Mega Manager.lnk [22 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [color=#E56717]========== Files Created - No Company Name ==========[/color] [2010/12/27 14:53:11 | 000,001,556 | ---- | C] () -- C:\Documents and Settings\Administrateur\Bureau\AD-R.lnk [2010/12/21 23:36:52 | 000,001,510 | ---- | C] () -- C:\Documents and Settings\Administrateur\Application Data\Microsoft\Internet Explorer\Quick Launch\Opera.lnk [2010/12/21 23:36:52 | 000,001,492 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\Opera.lnk [2010/12/20 20:39:32 | 000,000,606 | ---- | C] () -- C:\Documents and Settings\Administrateur\Bureau\adsl TV.lnk [2010/12/20 20:32:57 | 000,001,698 | ---- | C] () -- C:\Documents and Settings\Administrateur\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Thunderbird.lnk [2010/12/20 20:32:57 | 000,001,680 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\Mozilla Thunderbird.lnk [2010/12/20 19:43:07 | 000,000,802 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\Malwarebytes' Anti-Malware.lnk [2010/12/20 17:05:46 | 000,081,984 | ---- | C] () -- C:\WINDOWS\System32\bdod.bin [2010/12/20 15:03:37 | 000,000,850 | ---- | C] () -- C:\WINDOWS\System32\ProductTweaks.xml [2010/12/20 15:03:37 | 000,000,385 | ---- | C] () -- C:\WINDOWS\System32\user_gensett.xml [2010/12/20 14:53:07 | 000,001,901 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\BitDefender Free Edition 2009.lnk [2010/12/19 08:50:53 | 000,001,740 | ---- | C] () -- C:\Documents and Settings\Administrateur\Bureau\HijackThis.lnk [2010/12/16 17:47:36 | 000,000,906 | ---- | C] () -- C:\Documents and Settings\Administrateur\Bureau\WahOO.lnk [2010/12/07 10:42:36 | 000,001,636 | ---- | C] () -- C:\Documents and Settings\Administrateur\Application Data\Microsoft\Internet Explorer\Quick Launch\CDBurnerXP.lnk [2010/12/07 10:42:35 | 000,001,618 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\CDBurnerXP.lnk [2010/12/07 10:42:33 | 000,007,168 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys [2010/12/05 08:58:07 | 000,000,050 | ---- | C] () -- C:\WINDOWS\Megakey.INI [2010/12/04 08:08:09 | 000,001,670 | ---- | C] () -- C:\Documents and Settings\Administrateur\Application Data\Microsoft\Internet Explorer\Quick Launch\Mega Manager.lnk [2010/11/27 16:03:09 | 000,000,804 | ---- | C] () -- C:\Documents and Settings\Administrateur\Application Data\Microsoft\Internet Explorer\Quick Launch\Lecteur Windows Media.lnk [2010/11/27 15:48:15 | 000,001,670 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\Mega Manager.lnk [2010/04/09 16:57:13 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Administrateur\Local Settings\Application Data\prvlcl.dat [2010/03/16 22:43:19 | 000,000,040 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\.zreglib [2010/03/03 20:18:46 | 000,035,520 | ---- | C] () -- C:\WINDOWS\System32\drivers\RKHit.sys [2010/02/08 17:07:54 | 000,032,256 | ---- | C] () -- C:\WINDOWS\avsredirect.dll [2010/01/08 20:45:41 | 000,000,050 | ---- | C] () -- C:\WINDOWS\MegaManager.INI [2009/12/07 19:17:27 | 000,000,192 | ---- | C] () -- C:\Documents and Settings\Administrateur\Application Data\burnaware.ini [2009/09/28 10:36:47 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini [2009/04/22 20:46:51 | 000,000,169 | ---- | C] () -- C:\WINDOWS\RtlRack.ini [2009/04/16 17:38:30 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\RemoveFocusRect.dll [2009/04/16 12:53:20 | 000,037,888 | ---- | C] () -- C:\WINDOWS\System32\setupnt.dll [2009/04/16 11:51:49 | 000,004,205 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI [2009/04/16 11:12:30 | 000,034,816 | ---- | C] () -- C:\Documents and Settings\Administrateur\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009/04/16 10:44:25 | 000,000,473 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI [2009/04/16 10:44:25 | 000,000,027 | ---- | C] () -- C:\WINDOWS\BRPP2KA.INI [2009/04/16 10:41:15 | 000,031,831 | ---- | C] () -- C:\WINDOWS\maxlink.ini [2009/04/16 10:26:56 | 000,278,528 | ---- | C] () -- C:\Program Files\Fichiers communs\FDEUnInstaller.exe [2009/04/16 10:17:16 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll [2008/10/09 16:31:54 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\txmlutil.dll [2007/01/31 14:50:32 | 000,913,408 | ---- | C] () -- C:\WINDOWS\System32\xreglib.dll [2006/10/22 11:22:00 | 001,662,976 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll [2006/10/22 11:22:00 | 001,470,464 | ---- | C] () -- C:\WINDOWS\System32\nview.dll [2006/10/22 11:22:00 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll [2006/10/22 11:22:00 | 000,581,632 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll [2006/10/22 11:22:00 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll [2006/10/22 11:22:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll [2006/10/22 11:22:00 | 000,212,992 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll [color=#E56717]========== LOP Check ==========[/color] [2009/04/16 15:11:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrateur\Application Data\ACD Systems [2010/03/04 15:28:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrateur\Application Data\Acronis [2010/03/27 09:51:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrateur\Application Data\Ashampoo [2010/03/02 14:53:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrateur\Application Data\Auslogics [2010/12/20 14:53:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrateur\Application Data\BitDefender [2010/12/11 14:52:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrateur\Application Data\Canneverbe Limited [2010/04/02 16:21:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrateur\Application Data\CheckPoint [2010/02/25 22:18:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrateur\Application Data\CheeseSoft [2010/03/07 18:01:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrateur\Application Data\Copernic [2010/02/08 17:16:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrateur\Application Data\CoyoteReplay [2010/02/17 20:38:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrateur\Application Data\Delete Cookie [2010/03/07 20:34:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrateur\Application Data\Faces [2010/03/24 22:05:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrateur\Application Data\GlarySoft [2010/03/09 15:13:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrateur\Application Data\HideIPEasy [2010/02/19 15:51:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrateur\Application Data\Megaupload [2009/04/16 13:56:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrateur\Application Data\Micro Application [2010/03/27 12:12:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrateur\Application Data\Mipony [2010/03/03 20:12:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrateur\Application Data\Morpheus Software [2010/03/29 18:01:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrateur\Application Data\OpenOffice.org [2010/12/21 23:37:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrateur\Application Data\Opera [2010/04/04 15:13:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrateur\Application Data\QUAD Backups [2009/10/06 16:26:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrateur\Application Data\Sports Interactive [2010/05/11 19:55:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrateur\Application Data\TeraCopy [2010/03/24 22:42:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrateur\Application Data\thecleaner [2010/11/24 08:29:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrateur\Application Data\Thunderbird [2009/04/16 13:49:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrateur\Application Data\TuneUp Software [2010/03/27 11:24:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrateur\Application Data\Uniblue [2010/04/20 07:22:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrateur\Application Data\WNR [2010/01/15 17:07:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrateur\Application Data\XnView [2009/04/16 13:01:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ACD Systems [2010/03/04 15:28:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Acronis [2010/03/01 15:52:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software [2010/03/27 09:51:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ashampoo [2010/12/20 14:56:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BitDefender [2010/12/11 14:52:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Canneverbe Limited [2010/05/11 20:53:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CDRWIN 8 [2010/12/15 14:22:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Grisoft [2010/03/20 11:54:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HideIPEasy [2010/03/07 20:41:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Innovative Solutions [2010/05/11 20:51:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Licenses [2010/01/10 08:44:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Megaupload [2010/04/24 08:30:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters [2010/02/11 18:39:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ScanSoft [2010/02/17 20:40:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TuneUp Software [2010/03/22 14:57:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip [2010/04/20 07:22:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WNR [2010/08/28 07:34:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521} [2009/04/16 13:48:32 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\All Users\Application Data\{55A29068-F2CE-456C-9148-C869879E2357} [2010/02/17 20:40:38 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\All Users\Application Data\{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC} [2010/12/05 08:54:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Megamedia [2010/02/18 08:00:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\TuneUp Software [2010/12/27 14:57:30 | 000,000,330 | ---- | M] () -- C:\WINDOWS\Tasks\GlaryInitialize.job [2010/12/27 15:32:30 | 000,000,534 | ---- | M] () -- C:\WINDOWS\Tasks\Recherche de problèmes automatique.job [2010/12/26 21:12:59 | 000,032,308 | ---- | M] () -- C:\WINDOWS\Tasks\SCHEDLGU.TXT [color=#E56717]========== Purity Check ==========[/color] [color=#E56717]========== Custom Scans ==========[/color] [color=#A23BEC]< C:\WINDOWS\system32\windows32\*.* /s >[/color] < End of report >

jeanmimigab · le 27 Déc 2010 17:09

hello,

tu ne m'as pas poster le bon rapport ADR, c'est celui là que je veux "C:\Ad-Report-CLEAN[1].txt"

ensuite fais cela...

* Fais un double-clic sur l'icône d'OTL pour le lancer
/!\ pour Vista/Seven fais un clic-droit sur l'icône d'OTL et choisis "Exécuter en tant qu'administrateur"

* Assure toi d'avoir fermé toutes les applications en court de fonctionnement.

* Quand la fenêtre d'OTL apparaît, assure toi que dans la section "Rapport" (en haut à droite) la case "Rapport minimal" soit cochée.

* Copies et colles le contenue de cette citation dans la partie inférieure d'OTL "Personnalisation"

:Files
C:\WINDOWS\System32\drivers\RKHit.sys
C:\WINDOWS\system32\windows32

:OTL
DRV - (MEMSWEEP2) -- C:\WINDOWS\System32\5C.tmp File not found
[22 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

:Commands
[clearrestorepoints]
[emptytemp]
[EMPTYFLASH]
[RESETHOSTS]

* Cliques sur l'icône "Correction" (en haut à gauche) .
* Laisse le scan aller à son terme sans te servir du PC
* A la fin du scan un rapport va s'ouvrir "OTL.Txt"
* Copie et colle le rapports dans ta réponse stp...
* Au cas où, tu peux les retrouver dans le dossier C:\OTL ou sur ton bureau en fonction des cas rencontrés

ensuite...

télécharge Malwarebytes.
Téléchargement et tuto de Danakil à lire avant le scan.
Choisie "exécuter un examen rapide" et à la fin du scan , coche tous les éléments trouvés,et clique sur supprimer la sélection.
Poste moi le rapport stp.

@++

ricus68 · le 28 Déc 2010 13:56

Bonjour, voici le nouveau rapport généré, et merci.

Code: Tout sélectionner: All processes killed ========== FILES ========== C:\WINDOWS\System32\drivers\RKHit.sys moved successfully. File\Folder C:\WINDOWS\system32\windows32 not found. ========== OTL ========== Service MEMSWEEP2 stopped successfully! Service MEMSWEEP2 deleted successfully! File C:\WINDOWS\System32\5C.tmp File not found not found. C:\WINDOWS\SET23.tmp deleted successfully. C:\WINDOWS\SET24.tmp deleted successfully. C:\WINDOWS\SET25.tmp deleted successfully. C:\WINDOWS\SET26.tmp deleted successfully. C:\WINDOWS\SET27.tmp deleted successfully. C:\WINDOWS\SET28.tmp deleted successfully. C:\WINDOWS\SET29.tmp deleted successfully. C:\WINDOWS\SET2A.tmp deleted successfully. C:\WINDOWS\SET2B.tmp deleted successfully. C:\WINDOWS\SET2C.tmp deleted successfully. C:\WINDOWS\SET2D.tmp deleted successfully. C:\WINDOWS\SET2E.tmp deleted successfully. C:\WINDOWS\SET2F.tmp deleted successfully. C:\WINDOWS\SET3.tmp deleted successfully. C:\WINDOWS\SET30.tmp deleted successfully. C:\WINDOWS\SET31.tmp deleted successfully. C:\WINDOWS\SET32.tmp deleted successfully. C:\WINDOWS\SET33.tmp deleted successfully. C:\WINDOWS\SET34.tmp deleted successfully. C:\WINDOWS\SET35.tmp deleted successfully. C:\WINDOWS\SET4.tmp deleted successfully. C:\WINDOWS\SET8.tmp deleted successfully. ========== COMMANDS ========== Error: Unable to interpret <[clearrestorepoints]> in the current context! [EMPTYTEMP] User: Administrateur ->Temp folder emptied: 10814841 bytes ->Temporary Internet Files folder emptied: 2676862 bytes ->Java cache emptied: 0 bytes ->FireFox cache emptied: 97809364 bytes ->Opera cache emptied: 0 bytes ->Flash cache emptied: 1563 bytes User: All Users User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes User: LocalService ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33664 bytes User: NetworkService ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32\dllcache .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 16867 bytes %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 34313 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 106,00 mb [EMPTYFLASH] User: Administrateur ->Flash cache emptied: 0 bytes User: All Users User: Default User User: LocalService User: NetworkService Total Flash Files Cleaned = 0,00 mb C:\WINDOWS\System32\drivers\etc\Hosts moved successfully. HOSTS file reset successfully OTL by OldTimer - Version 3.2.18.0 log created on 12282010_135129 Files\Folders moved on Reboot... Registry entries deleted on Reboot...

jeanmimigab · le 28 Déc 2010 14:07

hello,

c'est pas mal, il y a une pelletée de droppers qui ont dégagés :wink:

Poste le rapport Malwarebyte dès que tu l'as stp...

ricus68 · le 28 Déc 2010 15:00

Et voilà la suite...

Code: Tout sélectionner: Malwarebytes' Anti-Malware 1.50.1.1100 www.malwarebytes.org Version de la base de données: 5406 Windows 5.1.2600 Service Pack 3 Internet Explorer 7.0.5730.13 28/12/2010 14:52:40 mbam-log-2010-12-28 (14-52-40).txt Type d'examen: Examen complet (C:\|G:\|) Elément(s) analysé(s): 173035 Temps écoulé: 49 minute(s), 14 seconde(s) Processus mémoire infecté(s): 0 Module(s) mémoire infecté(s): 0 Clé(s) du Registre infectée(s): 0 Valeur(s) du Registre infectée(s): 0 Elément(s) de données du Registre infecté(s): 0 Dossier(s) infecté(s): 0 Fichier(s) infecté(s): 0 Processus mémoire infecté(s): (Aucun élément nuisible détecté) Module(s) mémoire infecté(s): (Aucun élément nuisible détecté) Clé(s) du Registre infectée(s): (Aucun élément nuisible détecté) Valeur(s) du Registre infectée(s): (Aucun élément nuisible détecté) Elément(s) de données du Registre infecté(s): (Aucun élément nuisible détecté) Dossier(s) infecté(s): (Aucun élément nuisible détecté) Fichier(s) infecté(s): (Aucun élément nuisible détecté)

jeanmimigab · le 28 Déc 2010 16:24

bon c'est cool,

on va faire le ménage et attendre un peu (24/48 heures) pour voir ton problème de mail est résolu :wink:

Pour désinstaller OTL, lance-le et clique sur purge outil...accepte le redémarrage du PC si demander.

ensuite il faut créer un point de restauration propre et supprimer ceux infecté en purgeant la restauration système, pour cela utilise OneClick2RP de Laddy
Téléchargement et tuto ici

ensuite...

Pour nettoyer les fichiers temporaires,souvent source de problèmes divers et nettoyer la base de registre Windows fais cela...

Télécharge et installe Ccleaner en te rendant sur >> cette page <<
Clique en haut à droite de la page sur "Download Lastest Version" pour lancer le téléchargement.
Installe le et lance le...
Dans la barre d'outil à gauche, clique sur "Nettoyer" (en bas à droite)
Recommence cette opération jusqu'à ce que le message "0 octets supprimés" apparaisse dans la fenêtre de résultat.
Pour info ce nettoyage peu aussi s'effectuer de manière transparente collant Ccleaner /auto dans la commande "Exécuter" du menu démarrer.

Nettoyer aussi ton registre en cliquant sur "Registre" dans la barre d'outils à gauche.
Clique ensuite sur "chercher des erreurs" en bas de la fenêtre, puis clique sur "corriger les erreurs sélectionnées".
Accepte la sauvegarde du registre proposée et suis les instructions de Ccleaner.
Pour info tu peux ouvrir Ccleaner directement à la rubrique "Registre" en collant Ccleaner /registry dans la fenêtre de commande "Exécuter" du menu démarrer.
Si tu as besoin tu as un tutoriel >> ici <<

=====================================================================================================

Pense à mettre à jours Windows:

La méthode la plus simple et l'utilisation de "Windows Update" qui se trouve dans ton menu démarrer

Pense à mettre à jours Java:

La méthode la plus simple et l'utilisation de >> JavaRa <<

Pense à mettre à jour Acrobat reader si il est installé sur ton PC de cette manière:

Ouvre Acrobat reader, clique sur "aide" et choisis "rechercher des mises à jours..."

========================================================================================================
Procède à une Défragmentation afin d'optimiser les temps d'accès du disque dur lors de la lecture des :

Pour lancer une défragmentation, double-clique sur Poste de Travail,clic-droit sur le disque à défragmenter puis sur Propriétés.
Choisis l'onglet Outils puis clique sur défragmenter maintenant .
Cette opération est à renouveler régulièrement ( Environs une fois par mois ).

=====================================================================================================

un peu de lecture sur la manière de protéger ton surf et ton ordinateur:

un Compte Utilisateur limité accroît la sécurité de l'ordinateur.
Quelques mesures préventives pour surfer couvert.
Comment éviter les imprudences d'installation.
Reconnaitre et éviter les infections Msn.
Si tu utilises "Face Book", lis >> cet article << afin de ne pas te faire piéger

@++

envoi de mails automatique (zombie pc)

envoi de mails automatique (zombie pc)

Re: envoi de mails automatique (zombie pc)

Re: envoi de mails automatique (zombie pc)

Re: envoi de mails automatique (zombie pc)

Re: envoi de mails automatique (zombie pc)

Re: envoi de mails automatique (zombie pc)

Re: envoi de mails automatique (zombie pc)

Re: envoi de mails automatique (zombie pc)

Re: envoi de mails automatique (zombie pc)

Re: envoi de mails automatique (zombie pc)

Re: envoi de mails automatique (zombie pc)

Re: envoi de mails automatique (zombie pc)

Re: envoi de mails automatique (zombie pc)

Re: envoi de mails automatique (zombie pc)

Re: envoi de mails automatique (zombie pc)

Sujets similaires

Qui est en ligne