Aide pour demande de Log

Sécurité et insécurité. Virus, Trojans, Spywares, Failles etc. …

Modérateur: Modérateurs et Modératrices

Règles du forum
Assiste.com a suspendu l'assistance à la décontamination après presque 15 ans sur l'ancien forum puis celui-ci. Voir :

Procédure de décontamination 1 - Anti-malware
Décontamination anti-malwares

Procédure de décontamination 2 - Anti-malware et antivirus (La Manip)
La Manip - Procédure standard de décontamination

Entretien périodique d'un PC sous Windows
Entretien périodique d'un PC sous Windows

Protection des navigateurs, de la navigation et de la vie privée
Protéger le navigateur, la navigation et la vie privée

Aide pour demande de Log

Messagede didw » 10 Déc 2009, 23:31

Bonsoir
voici le rapport émis par Mawarebytes..
J'ai essayé la manip avec OTL.exe mais lors du téléchargement, le pc me dit qu'il y a un virus et donc le téléchargement ne peux pas se faire!!
Je penses être bien infesté..

Merci pour votre aide

Didw


Malwarebytes' Anti-Malware 1.42
Version de la base de données: 3340
Windows 5.1.2600 Service Pack 3
Internet Explorer 6.0.2900.5512

10/12/2009 21:55:19
mbam-log-2009-12-10 (21-55-09).txt

Type de recherche: Examen complet (C:\|D:\|E:\|)
Eléments examinés: 211258
Temps écoulé: 59 minute(s), 18 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 7

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
C:\Qoobox\Quarantine\C\WINDOWS\system32\H8SRTsnvwixvapr.dll.vir (Trojan.FakeAlert) -> No action taken.
C:\Qoobox\Quarantine\C\WINDOWS\system32\H8SRTxnsdpqpajd.dll.vir (Trojan.FakeAlert) -> No action taken.
C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\H8SRTllrjqumoir.sys.vir (Malware.Packer) -> No action taken.
C:\System Volume Information\_restore{E6C9CA23-D5A3-401C-B9B0-7C9F09E5F657}\RP913\A0059613.dll (Trojan.FakeAlert) -> No action taken.
C:\System Volume Information\_restore{E6C9CA23-D5A3-401C-B9B0-7C9F09E5F657}\RP913\A0059614.dll (Trojan.FakeAlert) -> No action taken.
C:\System Volume Information\_restore{E6C9CA23-D5A3-401C-B9B0-7C9F09E5F657}\RP913\A0059669.sys (Rootkit.Agent) -> No action taken.
C:\System Volume Information\_restore{E6C9CA23-D5A3-401C-B9B0-7C9F09E5F657}\RP913\A0059612.sys (Malware.Packer) -> No action taken.
didw
 
Messages: 8
Inscription: 09 Déc 2009, 13:04

Fichier OTL pour log

Messagede didw » 10 Déc 2009, 23:55

Bonsoir
J'ai réussi à télécharger OTL.exe en virant F secure !!!mystère
Donc voici le fichier
OTL.txt

OTL logfile created on: 10/12/2009 23:48:43 - Run 1
OTL by OldTimer - Version 3.1.14.0 Folder = C:\Documents and Settings\Guss\Bureau
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy

1022,42 Mb Total Physical Memory | 606,93 Mb Available Physical Memory | 59,36% Memory free
2,40 Gb Paging File | 2,10 Gb Available in Paging File | 87,38% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 116,41 Gb Total Space | 64,38 Gb Free Space | 55,30% Space Free | Partition Type: NTFS
Drive D: | 110,61 Gb Total Space | 40,09 Gb Free Space | 36,24% Space Free | Partition Type: NTFS
Drive E: | 5,85 Gb Total Space | 1,07 Gb Free Space | 18,28% Space Free | Partition Type: FAT32
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: PCDIDIOUS
Current User Name: Guss
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2009/12/10 23:45:02 | 00,537,600 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Guss\Bureau\OTL.exe
PRC - [2009/11/25 00:51:35 | 00,138,680 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe
PRC - [2009/11/25 00:51:21 | 00,254,040 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
PRC - [2009/11/25 00:43:56 | 00,018,752 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
PRC - [2008/10/20 21:18:26 | 00,071,096 | ---- | M] () -- C:\Program Files\CDBurnerXP\NMSAccessU.exe
PRC - [2008/04/14 03:34:03 | 01,037,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/09/14 19:42:51 | 00,068,856 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2005/11/01 21:43:04 | 00,114,784 | ---- | M] () -- C:\Program Files\Home Cinema\PowerCinema\Kernel\TV\CLSched.exe
PRC - [2005/11/01 21:43:02 | 00,258,146 | ---- | M] () -- C:\Program Files\Home Cinema\PowerCinema\Kernel\TV\CLCapSvc.exe
PRC - [2005/11/01 21:42:24 | 01,073,152 | ---- | M] (Cyberlink) -- C:\Program Files\Home Cinema\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe
PRC - [2005/10/28 20:55:22 | 00,167,936 | ---- | M] () -- C:\Program Files\CyberLink\Shared Files\RichVideo.exe
PRC - [2005/09/22 23:21:00 | 00,131,139 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe
PRC - [2005/07/24 22:35:00 | 00,053,248 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
PRC - [2004/08/23 14:49:56 | 00,040,960 | ---- | M] (France Telecom) -- C:\WINDOWS\system32\FTRTSVC.exe
PRC - [2003/04/03 04:02:00 | 00,077,841 | ---- | M] (Network Associates, Inc.) -- C:\Program Files\McAfee\McAfee Firewall\cpd.exe


========== Modules (SafeList) ==========

MOD - [2009/12/10 23:45:02 | 00,537,600 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Guss\Bureau\OTL.exe


========== Win32 Services (SafeList) ==========

SRV - [2009/11/25 00:51:35 | 00,138,680 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe -- (avast! Antivirus)
SRV - [2009/11/25 00:51:21 | 00,254,040 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe -- (avast! Mail Scanner)
SRV - [2009/11/25 00:48:48 | 00,352,920 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe -- (avast! Web Scanner)
SRV - [2009/11/25 00:43:56 | 00,018,752 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe -- (aswUpdSv)
SRV - [2008/10/20 21:18:26 | 00,071,096 | ---- | M] () -- C:\Program Files\CDBurnerXP\NMSAccessU.exe -- (NMSAccessU)
SRV - [2007/09/11 19:14:23 | 00,138,168 | ---- | M] (Google) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc)
SRV - [2005/11/01 21:43:04 | 00,114,784 | ---- | M] () -- C:\Program Files\Home Cinema\PowerCinema\Kernel\TV\CLSched.exe -- (CLSched) CyberLink Task Scheduler (CTS)
SRV - [2005/11/01 21:43:02 | 00,258,146 | ---- | M] () -- C:\Program Files\Home Cinema\PowerCinema\Kernel\TV\CLCapSvc.exe -- (CLCapSvc) CyberLink Background Capture Service (CBCS)
SRV - [2005/11/01 21:42:24 | 01,073,152 | ---- | M] (Cyberlink) -- C:\Program Files\Home Cinema\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe -- (CyberLink Media Library Service)
SRV - [2005/10/28 20:55:22 | 00,167,936 | ---- | M] () -- C:\Program Files\CyberLink\Shared Files\RichVideo.exe -- (RichVideo) Cyberlink RichVideo Service(CRVS)
SRV - [2005/09/22 23:21:00 | 00,131,139 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe -- (NVSvc)
SRV - [2005/07/24 22:35:00 | 00,053,248 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe -- (LightScribeService)
SRV - [2005/04/04 00:41:10 | 00,069,632 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT)
SRV - [2004/08/23 14:49:56 | 00,040,960 | ---- | M] (France Telecom) -- C:\WINDOWS\system32\FTRTSVC.exe -- (FTRTSVC)
SRV - [2003/04/03 04:02:00 | 00,077,841 | ---- | M] (Network Associates, Inc.) -- C:\Program Files\McAfee\McAfee Firewall\CPD.EXE -- (McAfee Firewall)
SRV - [2001/11/12 13:31:48 | 00,020,480 | ---- | M] (X10) -- C:\Program Files\Common Files\X10\Common\X10nets.exe -- (x10nets)


========== Driver Services (SafeList) ==========

DRV - File not found -- -- (F-Secure Recognizer)
DRV - File not found -- -- (F-Secure Filter)
DRV - File not found -- -- (catchme)
DRV - [2009/11/25 00:50:59 | 00,094,160 | ---- | M] (ALWIL Software) -- C:\WINDOWS\system32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2009/11/25 00:50:12 | 00,114,768 | ---- | M] (ALWIL Software) -- C:\WINDOWS\system32\drivers\aswSP.sys -- (aswSP)
DRV - [2009/11/25 00:50:00 | 00,020,560 | ---- | M] (ALWIL Software) -- C:\WINDOWS\system32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2009/11/25 00:49:07 | 00,048,560 | ---- | M] (ALWIL Software) -- C:\WINDOWS\system32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2009/11/25 00:48:57 | 00,023,120 | ---- | M] (ALWIL Software) -- C:\WINDOWS\system32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2009/11/25 00:47:54 | 00,027,408 | ---- | M] (ALWIL Software) -- C:\WINDOWS\system32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2008/04/13 19:46:22 | 00,015,232 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\mpe.sys -- (MPE)
DRV - [2008/04/13 19:46:20 | 00,048,128 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\61883.sys -- (61883)
DRV - [2008/04/13 19:46:20 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\avc.sys -- (Avc)
DRV - [2008/04/13 19:46:09 | 00,051,200 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\msdv.sys -- (MSDV)
DRV - [2008/04/13 17:36:05 | 00,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2007/11/13 11:25:54 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv)
DRV - [2005/12/22 12:24:52 | 00,137,884 | ---- | M] (MCCI) -- C:\WINDOWS\system32\drivers\sscdmdm.sys -- (sscdmdm)
DRV - [2005/12/22 12:24:52 | 00,010,864 | ---- | M] (MCCI) -- C:\WINDOWS\system32\drivers\sscdmdfl.sys -- (sscdmdfl)
DRV - [2005/12/22 12:24:50 | 00,080,272 | ---- | M] (MCCI) -- C:\WINDOWS\system32\drivers\sscdbus.sys -- (sscdbus) SAMSUNG USB Composite Device driver (WDM)
DRV - [2005/10/19 19:34:43 | 00,019,915 | ---- | M] (Meetinghouse Data Communications) -- C:\WINDOWS\system32\drivers\AegisP.sys -- (AegisP) AEGIS Protocol (IEEE 802.1x)
DRV - [2005/10/17 14:52:58 | 00,826,112 | ---- | M] (Philips Semiconductors GmbH) -- C:\WINDOWS\system32\drivers\3xHybrid.sys -- (3xHybrid)
DRV - [2005/10/04 17:37:54 | 00,072,320 | ---- | M] (C-Media Corporation) -- C:\WINDOWS\system32\drivers\cmiucr.SYS -- (CMISTOR)
DRV - [2005/09/22 23:21:00 | 03,524,640 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2005/08/18 23:35:04 | 03,856,896 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2005/07/14 19:58:38 | 00,241,536 | ---- | M] (Ralink Technology Inc.) -- C:\WINDOWS\system32\drivers\rt2500usb.sys -- (RT2500USB)
DRV - [2005/06/30 12:16:00 | 01,094,848 | ---- | M] (Agere Systems) -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2005/05/19 15:52:58 | 00,017,792 | ---- | M] (X10 Wireless Technology, Inc.) -- C:\WINDOWS\system32\drivers\x10ufx2.sys -- (XUIF)
DRV - [2004/08/05 13:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink)
DRV - [2004/08/03 23:31:34 | 00,020,992 | ---- | M] (Realtek Semiconductor Corporation) -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Pilote NT de carte Realtek PCI Fast Ethernet à base RTL8139(A/B/C)
DRV - [2003/08/04 14:22:44 | 00,016,128 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) -- C:\WINDOWS\system32\PCANDIS5.SYS -- (PCANDIS5)
DRV - [2002/08/05 04:00:00 | 00,033,280 | ---- | M] (Network Associates, Inc.) -- C:\WINDOWS\system32\drivers\fw220.sys -- (McAfeePF)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie


IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.medion.fr/

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.medion.fr/

IE - HKU\S-1-5-21-1208811804-3374101001-118367071-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-1208811804-3374101001-118367071-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
IE - HKU\S-1-5-21-1208811804-3374101001-118367071-1006\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-1208811804-3374101001-118367071-1006\..\URLSearchHook: {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\Program Files\Wanadoo\SearchPageURL.dll ()
IE - HKU\S-1-5-21-1208811804-3374101001-118367071-1006\S-1-5-21-1208811804-3374101001-118367071-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



O1 HOSTS File: (790 bytes) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (ECarteBleueBrowserHelper Class) - {2E03C0FD-4C48-43A7-9A54-00240C70FF16} - C:\WINDOWS\system32\BhoECart.dll (Orbiscom Ltd. All rights reserved.)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (no name) - {ACB1E670-3217-45C4-A021-6B829A8A27CB} - No CLSID value found.
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O3 - HKU\S-1-5-21-1208811804-3374101001-118367071-1006\..\Toolbar\ShellBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O3 - HKU\S-1-5-21-1208811804-3374101001-118367071-1006\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AntivirusRegistration] C:\Program Files\CA\Etrust Antivirus\Register.exe ()
O4 - HKLM..\Run: [avast!] C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)
O4 - HKLM..\Run: [CHotkey] C:\WINDOWS\mHotkey.exe ()
O4 - HKLM..\Run: [CmUCRRun] C:\WINDOWS\system32\CmUCREye.exe ()
O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [InstantOn] C:\Program Files\CyberLink\PowerCinema Linux\ion_install.exe ()
O4 - HKLM..\Run: [ledpointer] C:\WINDOWS\CNYHKey.exe (Chicony)
O4 - HKLM..\Run: [McAfee Guardian] C:\Program Files\McAfee\McAfee Shared Components\Guardian\CMGrdian.exe (Network Associates, Inc.)
O4 - HKLM..\Run: [MedionVFD] C:\Program Files\Medion Info Display\MdionLCM.exe (Dritek System Inc.)
O4 - HKLM..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe ()
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\nvmctray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [PCMService] C:\Program Files\Home Cinema\PowerCinema\PCMService.exe (CyberLink Corp.)
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Computer, Inc.)
O4 - HKLM..\Run: [RTHDCPL] C:\WINDOWS\RTHDCPL.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [WOOWATCH] C:\Program Files\Wanadoo\Watch.exe (France Télécom R&D)
O4 - HKU\S-1-5-21-1208811804-3374101001-118367071-1006..\Run: [NBJ] C:\Program Files\Ahead\Nero BackItUp\NBJ.exe (Ahead Software AG)
O4 - HKU\S-1-5-21-1208811804-3374101001-118367071-1006..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKU\S-1-5-21-1208811804-3374101001-118367071-1006..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1208811804-3374101001-118367071-1006..\Run: [WOOKIT] C:\Program Files\Wanadoo\Shell.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19_Classes\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20_Classes\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-21-1208811804-3374101001-118367071-1006\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1208811804-3374101001-118367071-1006\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-21-1208811804-3374101001-118367071-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-1208811804-3374101001-118367071-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-1208811804-3374101001-118367071-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-1208811804-3374101001-118367071-1006_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1208811804-3374101001-118367071-1006_Classes\Software\Policies\Microsoft\Internet Explorer\Recovery present
O8 - Extra context menu item: E&xporter vers Microsoft Excel - C:\Program Files\Microsoft Office\Office10\EXCEL.EXE (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\NPJPI150_04.dll (Sun Microsystems, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\System32\CSLSP.DLL (Networks Associates Technologies, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\System32\CSLSP.DLL (Networks Associates Technologies, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\System32\CSLSP.DLL (Networks Associates Technologies, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\System32\CSLSP.DLL (Networks Associates Technologies, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\System32\CSLSP.DLL (Networks Associates Technologies, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\System32\CSLSP.DLL (Networks Associates Technologies, Inc.)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {104B0A37-AB99-4F06-8032-8BBDC3B77DDB} http://www.photoweb.fr/telechargement/P ... loader.cab (Telechargement Control)
O16 - DPF: {15B782AF-55D8-11D1-B477-006097098764} http://fpdownload.macromedia.com/get/sh ... wswaxd.cab (Macromedia Authorware Web Player Control)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://fpdownload.macromedia.com/get/sh ... tor/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} http://office.microsoft.com/officeupdat ... /opuc3.cab (Office Update Installation Engine)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://gfx2.hotmail.com/mail/w3/resources/MSNPUpld.cab (MSN Photo Upload Tool)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupda ... 9731383765 (WUWebControl Class)
O16 - DPF: {68C1822F-F5C7-4404-A73F-03C10E0E94DA} http://www4.photoweb.fr/telechargement/ ... loader.cab (telechargement-photoweb)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftup ... 1096353671 (MUWebControl Class)
O16 - DPF: {C36112BF-2FA3-4694-8603-3B510EA3B465} http://f009.mail.caramail.lycos.fr/app/ ... loader.cab (Lycos File Upload Component)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shoc ... wflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Fichiers communs\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Fichiers communs\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop Components:0 (Ma page d'accueil) - About:Home
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/10/19 20:20:43 | 00,000,050 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2009/12/10 23:44:58 | 00,537,600 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Guss\Bureau\OTL.exe
[2009/12/10 22:02:49 | 00,000,000 | -HSD | C] -- C:\RECYCLER
[2009/12/10 20:42:07 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Guss\Application Data\Malwarebytes
[2009/12/10 20:15:38 | 00,000,000 | RHSD | C] -- C:\cmdcons
[2009/12/10 20:13:30 | 00,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2009/12/10 20:13:30 | 00,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2009/12/10 20:13:30 | 00,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2009/12/10 20:13:30 | 00,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2009/12/10 20:12:55 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2009/12/10 20:11:53 | 00,000,000 | ---D | C] -- C:\Qoobox
[2009/12/09 22:20:39 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Guss\Bureau\HiJackThis
[2009/12/09 21:01:16 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/12/09 21:01:14 | 00,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/12/09 21:01:14 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/12/09 21:01:14 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009/12/09 20:57:54 | 04,844,296 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Guss\Bureau\mbam-setup1.exe
[2009/12/09 20:34:01 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Guss\Bureau\ZHPDiag
[2009/12/08 00:19:27 | 00,000,000 | ---D | C] -- C:\WINDOWS\Minidump
[2009/12/07 20:35:47 | 00,023,120 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2009/12/07 20:35:46 | 00,048,560 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2009/12/07 20:35:46 | 00,027,408 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2009/12/07 20:35:45 | 00,114,768 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2009/12/07 20:35:45 | 00,097,480 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\AvastSS.scr
[2009/12/07 20:35:45 | 00,094,160 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2009/12/07 20:35:45 | 00,093,424 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2009/12/07 20:35:45 | 00,020,560 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2009/12/07 20:35:27 | 01,280,480 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\aswBoot.exe
[2009/12/07 20:35:24 | 00,000,000 | ---D | C] -- C:\Program Files\Alwil Software
[2009/03/25 21:03:29 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Google
[2009/03/25 21:03:29 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Google
[2007/01/11 07:22:31 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\X10 Commander
[2007/01/08 19:44:35 | 00,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2007/01/08 19:44:31 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2006/05/14 19:01:16 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\CyberLink
[2005/11/28 22:19:50 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\PGP
[2005/11/04 14:02:29 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Powercinema
[2005/10/26 23:09:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\X10 Commander
[2005/10/19 12:56:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2005/10/19 12:53:50 | 00,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2009/12/10 23:45:02 | 00,537,600 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Guss\Bureau\OTL.exe
[2009/12/10 23:20:45 | 00,000,202 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2009/12/10 20:36:23 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/12/10 20:34:45 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2009/12/10 20:23:13 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/12/10 20:20:58 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/12/10 20:20:56 | 10,721,56672 | -HS- | M] () -- C:\hiberfil.sys
[2009/12/10 20:20:08 | 12,058,624 | -H-- | M] () -- C:\Documents and Settings\Guss\NTUSER.DAT
[2009/12/10 20:20:08 | 00,000,184 | -HS- | M] () -- C:\Documents and Settings\Guss\ntuser.ini
[2009/12/10 20:15:43 | 00,000,286 | RHS- | M] () -- C:\boot.ini
[2009/12/10 19:58:50 | 03,847,760 | R--- | M] () -- C:\Documents and Settings\Guss\Bureau\ComboFix1.exe
[2009/12/10 19:41:09 | 00,037,469 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2009/12/09 23:42:03 | 01,108,006 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/12/09 23:42:03 | 00,505,774 | ---- | M] () -- C:\WINDOWS\System32\perfh00C.dat
[2009/12/09 23:42:03 | 00,436,316 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/12/09 23:42:03 | 00,082,886 | ---- | M] () -- C:\WINDOWS\System32\perfc00C.dat
[2009/12/09 23:42:03 | 00,069,636 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/12/09 23:34:12 | 00,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009/12/09 23:04:26 | 00,109,568 | ---- | M] () -- C:\Documents and Settings\Guss\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/12/09 23:00:58 | 00,025,658 | ---- | M] () -- C:\Documents and Settings\Guss\Application Data\wklnhst.dat
[2009/12/09 22:54:07 | 00,261,632 | ---- | M] () -- C:\WINDOWS\PEV.exe
[2009/12/09 22:20:25 | 00,318,369 | ---- | M] () -- C:\Documents and Settings\Guss\Bureau\HiJackThis.zip
[2009/12/09 21:01:18 | 00,000,700 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\Malwarebytes' Anti-Malware.lnk
[2009/12/09 20:57:54 | 04,844,296 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Guss\Bureau\mbam-setup1.exe
[2009/12/09 20:51:52 | 00,162,407 | ---- | M] () -- C:\Documents and Settings\Guss\Bureau\hijackthis-2.0.2.75917.exe
[2009/12/09 20:32:55 | 00,000,380 | ---- | M] () -- C:\Documents and Settings\Guss\Bureau\Raccourci vers ZHPDiag.zip.lnk
[2009/12/09 20:31:48 | 00,000,028 | ---- | M] () -- C:\Documents and Settings\Guss\ConfigDiag.ini
[2009/12/09 20:30:01 | 01,117,495 | ---- | M] () -- C:\Documents and Settings\Guss\Bureau\ZHPDiag.zip
[2009/12/07 20:35:47 | 00,001,713 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\avast! Antivirus.lnk
[2009/12/07 20:35:45 | 00,003,121 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2009/12/04 23:12:59 | 00,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2009/12/03 16:14:06 | 00,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/12/03 16:13:56 | 00,019,160 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/11/25 00:54:29 | 01,280,480 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\aswBoot.exe
[2009/11/25 00:51:09 | 00,093,424 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2009/11/25 00:50:59 | 00,094,160 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2009/11/25 00:50:12 | 00,114,768 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2009/11/25 00:50:00 | 00,020,560 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2009/11/25 00:49:07 | 00,048,560 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2009/11/25 00:48:57 | 00,023,120 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2009/11/25 00:47:54 | 00,027,408 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2009/11/25 00:47:28 | 00,097,480 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\AvastSS.scr
[2009/11/15 00:42:24 | 00,001,409 | ---- | M] () -- C:\WINDOWS\QTFont.for
[2009/11/11 09:41:45 | 00,240,736 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2067/05/08 15:16:46 | 00,079,947 | ---- | C] () -- C:\WINDOWS\fw20.vxd
[2009/12/10 20:15:43 | 00,000,216 | ---- | C] () -- C:\Boot.bak
[2009/12/10 20:15:38 | 00,263,488 | ---- | C] () -- C:\cmldr
[2009/12/10 20:13:30 | 00,261,632 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2009/12/10 20:13:30 | 00,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2009/12/10 20:13:30 | 00,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2009/12/10 20:13:30 | 00,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2009/12/10 20:13:30 | 00,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2009/12/10 20:11:37 | 03,847,760 | R--- | C] () -- C:\Documents and Settings\Guss\Bureau\ComboFix1.exe
[2009/12/09 22:20:23 | 00,318,369 | ---- | C] () -- C:\Documents and Settings\Guss\Bureau\HiJackThis.zip
[2009/12/09 21:01:18 | 00,000,700 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\Malwarebytes' Anti-Malware.lnk
[2009/12/09 20:51:51 | 00,162,407 | ---- | C] () -- C:\Documents and Settings\Guss\Bureau\hijackthis-2.0.2.75917.exe
[2009/12/09 20:32:55 | 00,000,380 | ---- | C] () -- C:\Documents and Settings\Guss\Bureau\Raccourci vers ZHPDiag.zip.lnk
[2009/12/09 20:31:48 | 00,000,028 | ---- | C] () -- C:\Documents and Settings\Guss\ConfigDiag.ini
[2009/12/09 20:29:53 | 01,117,495 | ---- | C] () -- C:\Documents and Settings\Guss\Bureau\ZHPDiag.zip
[2009/12/07 20:35:47 | 00,001,713 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\avast! Antivirus.lnk
[2009/11/15 00:42:24 | 00,054,156 | -H-- | C] () -- C:\WINDOWS\QTFont.qfn
[2009/11/15 00:42:24 | 00,001,409 | ---- | C] () -- C:\WINDOWS\QTFont.for
[2008/09/16 21:21:54 | 00,001,208 | ---- | C] () -- C:\WINDOWS\Radio_Fr.ini
[2007/06/19 13:25:08 | 00,000,022 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\60a7806a-0eea-424c-a464-20f4730cd631
[2006/02/25 23:48:26 | 00,000,000 | ---- | C] () -- C:\WINDOWS\autorun.INI
[2006/02/25 23:37:12 | 00,000,125 | ---- | C] () -- C:\WINDOWS\_delis32.ini
[2006/02/21 21:39:12 | 00,006,656 | ---- | C] () -- C:\WINDOWS\System32\CNMVS5m.DLL
[2006/01/21 00:16:14 | 00,000,727 | ---- | C] () -- C:\WINDOWS\ss_slide.ini
[2005/11/29 21:50:19 | 00,000,000 | ---- | C] () -- C:\WINDOWS\muveeapp.INI
[2005/11/29 21:38:14 | 00,006,346 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2005/11/29 20:14:13 | 00,025,658 | ---- | C] () -- C:\Documents and Settings\Guss\Application Data\wklnhst.dat
[2005/11/28 21:15:44 | 00,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2005/11/28 20:52:40 | 00,109,568 | ---- | C] () -- C:\Documents and Settings\Guss\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2005/11/28 20:52:40 | 00,000,127 | ---- | C] () -- C:\Documents and Settings\Guss\Local Settings\Application Data\fusioncache.dat
[2005/11/04 12:59:28 | 00,000,056 | RHS- | C] () -- C:\WINDOWS\System32\07E9BADCB3.sys
[2005/11/03 17:05:46 | 00,001,420 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2005/10/27 00:26:35 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2005/10/27 00:11:27 | 00,000,829 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2005/10/26 23:32:21 | 00,000,202 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2005/10/26 23:07:43 | 00,198,144 | ---- | C] () -- C:\WINDOWS\System32\_psisdecd.dll
[2005/10/19 20:45:08 | 00,000,385 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005/10/19 20:19:28 | 00,005,642 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2005/10/19 20:19:28 | 00,000,008 | RHS- | C] () -- C:\WINDOWS\System32\CFE20AE075.sys
[2005/10/19 19:34:42 | 00,073,728 | ---- | C] () -- C:\WINDOWS\System32\Install2500USB.dll
[2005/10/19 19:34:42 | 00,045,056 | ---- | C] () -- C:\WINDOWS\System32\DEDriverDLL.dll
[2005/10/19 19:33:18 | 00,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2005/10/19 19:31:36 | 00,003,712 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2005/10/19 15:23:44 | 00,000,360 | ---- | C] () -- C:\WINDOWS\CNYHKey.ini
[2005/10/19 15:23:43 | 00,532,544 | ---- | C] () -- C:\WINDOWS\PIC.dll
[2005/10/19 15:23:43 | 00,049,152 | ---- | C] () -- C:\WINDOWS\CNYUSB.dll
[2005/10/19 15:23:43 | 00,011,776 | ---- | C] () -- C:\WINDOWS\HIDMNT.dll
[2005/10/19 15:23:43 | 00,005,120 | ---- | C] () -- C:\WINDOWS\HKCYDLL.dll
[2005/10/19 15:13:44 | 00,045,056 | ---- | C] () -- C:\WINDOWS\System32\CmUCRRm.Dll
[2005/10/19 15:13:44 | 00,000,066 | ---- | C] () -- C:\WINDOWS\CMICARDREADER.INI
[2005/10/18 14:01:47 | 00,003,072 | ---- | C] () -- C:\WINDOWS\System32\34CoInstaller.dll
[2005/09/22 23:21:00 | 01,662,976 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2005/09/22 23:21:00 | 01,466,368 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2005/09/22 23:21:00 | 01,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2005/09/22 23:21:00 | 00,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2005/09/22 23:21:00 | 00,043,008 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll
[2004/09/28 22:54:30 | 03,375,104 | ---- | C] () -- C:\WINDOWS\System32\qt-mt331.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 88 bytes -> C:\WINDOWS\CNYHKey.exe:SummaryInformation
<End>
didw
 
Messages: 8
Inscription: 09 Déc 2009, 13:04

Fichier Extras.txt pour log

Messagede didw » 10 Déc 2009, 23:59

Bonsoir
voici le le fichier Extras.txt dans un second message comme il a été demandé dans la proédure.
Merci donc de voir ce qui cloche car tout ce texte est vraiment du charabia pour ma part.
Dire que tout cela se fait avec des 1 et des 0...

Did

OTL Extras logfile created on: 10/12/2009 23:48:43 - Run 1
OTL by OldTimer - Version 3.1.14.0 Folder = C:\Documents and Settings\Guss\Bureau
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy

1022,42 Mb Total Physical Memory | 606,93 Mb Available Physical Memory | 59,36% Memory free
2,40 Gb Paging File | 2,10 Gb Available in Paging File | 87,38% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 116,41 Gb Total Space | 64,38 Gb Free Space | 55,30% Space Free | Partition Type: NTFS
Drive D: | 110,61 Gb Total Space | 40,09 Gb Free Space | 36,24% Space Free | Partition Type: NTFS
Drive E: | 5,85 Gb Total Space | 1,07 Gb Free Space | 18,28% Space Free | Partition Type: FAT32
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: PCDIDIOUS
Current User Name: Guss
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.chm [@ = chm.file] -- "%SYSTEMROOT%\hh.exe" %1
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
chm.file [open] -- "%SYSTEMROOT%\hh.exe" %1
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office10\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- C:\Documents and Settings\Guss\Mes documents\VLC\vlc.exe --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- C:\Documents and Settings\Guss\Mes documents\VLC\vlc.exe --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "%programfiles%\internet explorer\iexplore.exe"

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Service Partage réseau du Lecteur Windows Media
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Service Partage réseau du Lecteur Windows Media
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Service Partage réseau du Lecteur Windows Media
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Service Partage réseau du Lecteur Windows Media
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Service Partage réseau du Lecteur Windows Media
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Service Partage réseau du Lecteur Windows Media

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Service Partage réseau du Lecteur Windows Media
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Service Partage réseau du Lecteur Windows Media
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Service Partage réseau du Lecteur Windows Media
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Service Partage réseau du Lecteur Windows Media
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Service Partage réseau du Lecteur Windows Media
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Service Partage réseau du Lecteur Windows Media

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\MSN Messenger\msnmsgr.exe" = C:\Program Files\MSN Messenger\msnmsgr.exe:*:enabled:MSN Messenger -- File not found
"C:\Program Files\AOL 9.0\AOL.exe" = C:\Program Files\AOL 9.0\AOL.exe:*:enabled:AOL 9.0 -- File not found
"C:\Program Files\AOL 9.0\WAOL.exe" = C:\Program Files\AOL 9.0\WAOL.exe:*:enabled:AOL 9.0 -- File not found
"C:\Program Files\Fichiers communs\AOL\ACS\AOLACSD.exe" = C:\Program Files\Fichiers communs\AOL\ACS\AOLACSD.exe:*:enabled:AOL 9.0 (Connectivity Service) -- File not found
"C:\Program Files\Fichiers communs\AOL\ACS\AOLDIAL.exe" = C:\Program Files\Fichiers communs\AOL\ACS\AOLDIAL.exe:*:enabled:AOL 9.0 (Connectivity Service Dialer) -- File not found
"C:\WINDOWS\system32\fxsclnt.exe" = C:\WINDOWS\system32\fxsclnt.exe:*:enabled:Microsoft Fax Console -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\WINDOWS\system32\fxsclnt.exe" = C:\WINDOWS\system32\fxsclnt.exe:*:enabled:Microsoft Fax Console -- (Microsoft Corporation)
"C:\Program Files\e-Carte Bleue\LA POSTE\CVD VISA\ECB.exe" = C:\Program Files\e-Carte Bleue\LA POSTE\CVD VISA\ECB.exe:*:Enabled:ECB.exe -- (Orbiscom Ltd. All rights reserved.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{06180048-3E21-46D6-9A91-D927BA08F41D}" = Encyclopédie Microsoft Encarta 2006
"{0BD83598-C2EF-3343-847B-7D2E84599128}" = Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - FRA
"{11B0F8D4-FD80-4800-ABA8-50D28FF769AF}" = e-Carte Bleue La Banque Postale
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Outil de téléchargement Windows Live
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{261D0486-9127-4071-BA1D-FE784310752E}" = videon
"{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = PowerCinema
"{3248F0A8-6813-11D6-A77B-00B0D0150040}" = J2SE Runtime Environment 5.0 Update 4
"{350C940c-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35D24072-C275-484B-B143-C7F45A5C2E2B}" = Samsung PC Studio
"{36D6F663-DF15-45BD-B0C6-4B909308E3B6}" = Information sur votre PC
"{3868A8EE-5051-4DB0-8DF6-4F4B8A98D083}" = QuickTime
"{3E31821C-7917-367E-938E-E65FC413EA31}" = Microsoft .NET Framework 3.5 Language Pack SP1 - fra
"{43DCF766-6838-4F9A-8C91-D92DA586DFA7}" = Visionneuse Journal Windows Microsoft
"{4471FF45-62BD-11D6-B259-00C04FF4B435}" = McAfee Firewall
"{4AE3A0CB-87B0-4F51-BECD-3D1F8DFDD62F}" = SAGEM F@st 800-908
"{5490B6EF-5A48-40B7-A9E0-D3B886D17A29}" = RT2500 USB Wireless LAN Card
"{5D95AD35-368F-47D5-B63A-A082DDF00116}" = Microsoft Photo 2006 Standard Edition Retouche
"{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}" = Windows Genuine Advantage v1.3.0254.0
"{64D5E9DE-7890-4FB0-8865-8B24BE1773F7}" = LightScribe 1.4.42.1
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{691F4068-81BF-49E3-B32E-FE3E16400112}" = Microsoft Photo 2006 Standard Edition Album
"{6B1CB38D-E2E4-4a30-933D-EFDEBA76AD9C}" = Microsoft Works
"{6BFF4534-7608-41F0-85F7-31A0569D8960}" = eTrust Registration
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{72AD53CC-CCC0-3757-8480-9EE176866A7C}" = Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - FRA
"{76EFFC7C-17A6-479D-9E47-8E658C1695AE}" = Utilitaire de sauvegarde Windows
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Pro
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{83ED1E80-A1B7-4236-BCF1-AC4A88151A6B}" = Microsoft AutoRoute 2006
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{9028040C-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional avec FrontPage
"{911B040C-6000-11D3-8CFE-0050048383C9}" = Microsoft Word 2002
"{921009F2-611F-40BC-8C3C-7DBA42D8A06D}" = Mise à niveau de Works
"{9A394342-4A68-4EBA-85A6-55B559F4E700}" = Microsoft .NET Framework 1.1 French Language Pack
"{9F7FC79B-3059-4264-9450-39EB368E3225}" = Microsoft Digital Image Library 9 - Blocker
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{AC76BA86-7AD7-1036-7B44-A90000000001}" = Adobe Reader 9 - Français
"{B338EA45-9F18-4FE4-A079-89668D1F6519}" = USB Wireless Keyboard Driver
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = PowerProducer
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C4A4722E-79F9-417C-BD72-8D359A090C97}" = Samsung PC Studio
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D36DD326-7280-11D8-97C8-000129760CBE}" = PhotoNow! 1.0
"{D5A9B7C0-8751-11D8-9D75-000129760D75}" = MediaShow 3.0
"{D5F82F8F-4DE2-11D9-A373-0050BAE317E1}" = PowerCinema Linux 4.7
"{D9DAF1AF-D9B7-4397-A3B6-AFA27D329DAB}" = Complément Microsoft Word pour Microsoft Works Suite
"{EBA29752-DDD2-4B62-B2E3-9841F92A3E3A}" = Samsung PC Studio 3 USB Driver Installer
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{FCE65C4E-B0E8-4FBD-AD16-EDCBE6CD591F}" = Extension HighMAT pour l'Assistant Graver un CD de Microsoft Windows XP
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Audacity_is1" = Audacity 1.2.6
"avast!" = avast! Antivirus
"CANONBJ_Deinstall_CNMCP5m.DLL" = Canon i865
"C-Media Card Reader Driver USB2.0" = C-Media Card Reader Driver USB2.0
"C-Media USB2.0 Card Reader" = C-Media USB2.0 Card Reader
"Creatix V.92 Data Fax Modem" = Creatix V.92 Data Fax Modem
"DVD Shrink_is1" = DVD Shrink 3.2
"GestionnaireInternet.exe" = Gestionnaire Internet
"HijackThis" = HijackThis 2.0.2
"InstallShield_{3868A8EE-5051-4DB0-8DF6-4F4B8A98D083}" = QuickTime
"Macromedia Shockwave Player" = Macromedia Shockwave Player
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"MedionVFD" = Medion Info Display
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 Language Pack SP1 - fra" = Module linguistique Microsoft .NET Framework 3.5 SP1- fra
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Money2005b" = Microsoft Money
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NeroMultiInstaller!UninstallKey" = Nero Suite
"NVIDIA Drivers" = NVIDIA Drivers
"PictureItPrem_v11" = Microsoft Photo 2006 Standard Edition
"Radio_Fr" = Radio Fr Solo 2.1
"RealPlayer 6.0" = RealPlayer
"SAMSUNG CDMA Modem" = SAMSUNG CDMA Modem Driver Set
"SAMSUNG Mobile USB Modem" = SAMSUNG Mobile USB Modem Software
"SAMSUNG Mobile USB Modem 1.0" = SAMSUNG Mobile USB Modem 1.0 Software
"StreetPlugin" = Learn2 Player (Uninstall Only)
"ViewpointMediaPlayer" = Viewpoint Media Player
"VLC media player" = VLC media player 0.9.8a
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Lecteur Windows Media 11
"Windows XP Service" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR Archiveur
"WMCSetup" = Windows Media Connect
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Works2006Setup" = Sélecteur d'installation de Microsoft Works 2006
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"X10Hardware" = X10 Hardware(TM)
"XPSEPSCLP" = XML Paper Specification Shared Components Language Pack 1.0

========== Last 10 Event Log Errors ==========

[ Antivirus Events ]
Error - 07/12/2009 17:35:50 | Computer Name = PCDIDIOUS | Source = avast! | ID = 33554522
Description = Error in aswChestC: chestOpenList Error 1753.

Error - 07/12/2009 17:35:50 | Computer Name = PCDIDIOUS | Source = avast! | ID = 33554522
Description = aswChestInterface - Program error description: CChestListView::LoadFiles()
chestOpenList() failed: 2147422219.

Error - 07/12/2009 17:36:19 | Computer Name = PCDIDIOUS | Source = avast! | ID = 33554522
Description = aswChestInterface - Program error description: CChestListView::OnCreate()
!m_strErrorWnd.IsEmpty().

Error - 07/12/2009 19:16:10 | Computer Name = PCDIDIOUS | Source = avast! | ID = 33554522
Description = Error in aswChestC: chestOpenList Error 1753.

Error - 07/12/2009 19:16:10 | Computer Name = PCDIDIOUS | Source = avast! | ID = 33554522
Description = aswChestInterface - Program error description: CChestListView::LoadFiles()
chestOpenList() failed: 2147422219.

Error - 07/12/2009 19:16:17 | Computer Name = PCDIDIOUS | Source = avast! | ID = 33554522
Description = aswChestInterface - Program error description: CChestListView::OnCreate()
!m_strErrorWnd.IsEmpty().

[ Application Events ]
Error - 10/12/2009 17:02:25 | Computer Name = PCDIDIOUS | Source = F-Secure Anti-Virus | ID = 103
Description =

Error - 10/12/2009 17:02:46 | Computer Name = PCDIDIOUS | Source = F-Secure Anti-Virus | ID = 103
Description =

Error - 10/12/2009 17:02:49 | Computer Name = PCDIDIOUS | Source = F-Secure Anti-Virus | ID = 103
Description =

Error - 10/12/2009 17:02:51 | Computer Name = PCDIDIOUS | Source = F-Secure Anti-Virus | ID = 103
Description =

Error - 10/12/2009 17:02:56 | Computer Name = PCDIDIOUS | Source = F-Secure Anti-Virus | ID = 103
Description =

Error - 10/12/2009 17:03:58 | Computer Name = PCDIDIOUS | Source = F-Secure Anti-Virus | ID = 103
Description =

Error - 10/12/2009 17:14:49 | Computer Name = PCDIDIOUS | Source = F-Secure Anti-Virus | ID = 103
Description =

Error - 10/12/2009 18:41:31 | Computer Name = PCDIDIOUS | Source = F-Secure Anti-Virus | ID = 103
Description =

Error - 10/12/2009 18:41:52 | Computer Name = PCDIDIOUS | Source = F-Secure Anti-Virus | ID = 103
Description =

Error - 10/12/2009 18:42:01 | Computer Name = PCDIDIOUS | Source = BackWeb Client - 7681197 | ID = 327684
Description =

[ System Events ]
Error - 10/12/2009 15:13:51 | Computer Name = PCDIDIOUS | Source = Service Control Manager | ID = 7031
Description = Le service Service Partage réseau du Lecteur Windows Media s'est terminé
de manière inattendue. Ceci s'est produit 1 fois. L'action corrective suivante
va être effectuée dans 30000 millisecondes : Redémarrer le service.

Error - 10/12/2009 15:17:12 | Computer Name = PCDIDIOUS | Source = Service Control Manager | ID = 7034
Description = Le service F-Secure BackWeb s'est terminé de façon inattendue pour
la 1ème fois.

Error - 10/12/2009 15:17:12 | Computer Name = PCDIDIOUS | Source = Service Control Manager | ID = 7031
Description = Le service Service Partage réseau du Lecteur Windows Media s'est terminé
de manière inattendue. Ceci s'est produit 1 fois. L'action corrective suivante
va être effectuée dans 30000 millisecondes : Redémarrer le service.

Error - 10/12/2009 15:22:35 | Computer Name = PCDIDIOUS | Source = Service Control Manager | ID = 7000
Description = Le service General Purpose USB Driver (adildr.sys) n'a pas pu démarrer
en raison de l'erreur : %%2

Error - 10/12/2009 15:22:35 | Computer Name = PCDIDIOUS | Source = Service Control Manager | ID = 7023
Description = Le service Services IPSEC s'est arrêté avec l'erreur : %%10045

Error - 10/12/2009 15:22:36 | Computer Name = PCDIDIOUS | Source = Service Control Manager | ID = 7031
Description = Le service Service Partage réseau du Lecteur Windows Media s'est terminé
de manière inattendue. Ceci s'est produit 1 fois. L'action corrective suivante
va être effectuée dans 30000 millisecondes : Redémarrer le service.

Error - 10/12/2009 15:22:37 | Computer Name = PCDIDIOUS | Source = Service Control Manager | ID = 7034
Description = Le service F-Secure BackWeb s'est terminé de façon inattendue pour
la 1ème fois.

Error - 10/12/2009 15:28:27 | Computer Name = PCDIDIOUS | Source = Service Control Manager | ID = 7031
Description = Le service Service Partage réseau du Lecteur Windows Media s'est terminé
de manière inattendue. Ceci s'est produit 1 fois. L'action corrective suivante
va être effectuée dans 30000 millisecondes : Redémarrer le service.

Error - 10/12/2009 15:29:11 | Computer Name = PCDIDIOUS | Source = Service Control Manager | ID = 7031
Description = Le service Service Partage réseau du Lecteur Windows Media s'est terminé
de manière inattendue. Ceci s'est produit 1 fois. L'action corrective suivante
va être effectuée dans 30000 millisecondes : Redémarrer le service.

Error - 10/12/2009 16:58:40 | Computer Name = PCDIDIOUS | Source = Service Control Manager | ID = 7023
Description = Le service avast! Web Scanner s'est arrêté avec l'erreur : %%10050


<End>
didw
 
Messages: 8
Inscription: 09 Déc 2009, 13:04

Messagede nickW » 11 Déc 2009, 01:03

Bonsoir,

Dans quelles conditions as-tu utilisé ComboFix?
Seul ou avec un autre forum (lequel)?

Peux-tu envoyer le rapport de ComboFix?

A suivre,
nickW - Image
30/07/2012: Plus de désinfection de PC jusqu'à nouvel ordre.
Pas de demande d'analyse de log en MP (Message Privé)
Mes configs
Avatar de l’utilisateur
nickW
Modérateur
 
Messages: 21698
Inscription: 20 Mai 2004, 17:41
Localisation: Dordogne/Île de France

Messagede didw » 11 Déc 2009, 08:30

Bonjour
Voici le rapport comboFix
J'ai utilisé cette application comme demandé par Sam depuis le forum ci après
http://www.bleepingcomputer.com/forums/topic277614.html

Je me demande si je ne devrais pas me tenir qu'à un seul forum car j'ai l'impression que les différentes manip se chevauchent.
Merci encore pour votre aide précieuse...j'espère voir la fin bientôt car cela commence à m'user....

Didw

ComboFix 09-12-09.04 - Guss 10/12/2009 20:22:43.1.2 - x86
Microsoft Windows XP Édition familiale 5.1.2600.3.1252.33.1036.18.1022.598 [GMT 1:00]
Lancé depuis: c:\documents and settings\Guss\Bureau\ComboFix1.exe
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\drivers\H8SRTllrjqumoir.sys
c:\windows\system32\h8srtcfg.dat
c:\windows\system32\H8SRTgflxewsntq.dat
c:\windows\system32\H8SRTsnvwixvapr.dll
c:\windows\system32\H8SRTxnsdpqpajd.dll
c:\windows\system32\srcr.dat
c:\windows\TEMP\IadHide3.dll

.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_H8SRTd.sys
-------\Legacy_H8SRTd.sys


((((((((((((((((((((((((((((( Fichiers créés du 2009-11-10 au 2009-12-10 ))))))))))))))))))))))))))))))))))))
.

2009-12-09 20:01 . 2009-12-03 15:14 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-12-09 20:01 . 2009-12-09 20:12 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-12-09 20:01 . 2009-12-09 20:01 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-12-09 20:01 . 2009-12-03 15:13 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-12-07 19:35 . 2009-11-24 23:48 23120 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2009-12-07 19:35 . 2009-11-24 23:49 48560 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2009-12-07 19:35 . 2009-11-24 23:47 27408 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2009-12-07 19:35 . 2009-11-24 23:51 93424 ----a-w- c:\windows\system32\drivers\aswmon.sys
2009-12-07 19:35 . 2009-11-24 23:50 94160 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2009-12-07 19:35 . 2009-11-24 23:50 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2009-12-07 19:35 . 2009-11-24 23:50 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2009-12-07 19:35 . 2009-11-24 23:47 97480 ----a-w- c:\windows\system32\AvastSS.scr
2009-12-07 19:35 . 2009-11-24 23:54 1280480 ----a-w- c:\windows\system32\aswBoot.exe
2009-12-07 19:35 . 2009-12-07 22:42 -------- d-----w- c:\program files\Alwil Software

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-12-10 18:42 . 2007-11-29 21:01 -------- d-----w- c:\program files\Wanadoo
2009-12-09 22:42 . 2005-10-19 20:41 82886 ----a-w- c:\windows\system32\perfc00C.dat
2009-12-09 22:42 . 2005-10-19 20:41 505774 ----a-w- c:\windows\system32\perfh00C.dat
2009-12-09 22:00 . 2005-11-29 19:14 25658 ----a-w- c:\documents and settings\Guss\Application Data\wklnhst.dat
2009-12-07 21:33 . 2005-11-29 19:48 -------- d-----w- c:\program files\divers
2009-10-29 05:25 . 2005-10-19 20:41 671232 ----a-w- c:\windows\system32\wininet.dll
2009-10-21 05:39 . 2005-10-19 20:41 75776 ----a-w- c:\windows\system32\strmfilt.dll
2009-10-21 05:39 . 2005-10-19 20:41 25088 ----a-w- c:\windows\system32\httpapi.dll
2009-10-20 16:20 . 2004-08-03 23:00 265728 ----a-w- c:\windows\system32\drivers\http.sys
2009-10-15 18:40 . 2005-10-19 19:40 -------- d-----w- c:\program files\Microsoft Works
2009-10-13 10:33 . 2005-10-19 20:41 271360 ----a-w- c:\windows\system32\oakley.dll
2009-10-12 13:39 . 2005-10-19 20:41 79872 ----a-w- c:\windows\system32\raschap.dll
2009-10-12 13:39 . 2005-10-19 20:41 150528 ----a-w- c:\windows\system32\rastls.dll
2009-09-25 05:36 . 2005-10-19 20:41 81920 ----a-w- c:\windows\system32\ieencode.dll
2005-11-04 12:00 . 2005-11-04 11:59 56 --sh--r- c:\windows\system32\07E9BADCB3.sys
2005-10-19 19:19 . 2005-10-19 19:19 8 --sh--r- c:\windows\system32\CFE20AE075.sys
2005-11-04 12:00 . 2005-10-19 19:19 5642 --sha-w- c:\windows\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WOOKIT"="c:\progra~1\Wanadoo\Shell.exe appLaunchClientZone.shl|PARAM= cnx" [X]
"NBJ"="c:\program files\Ahead\Nero BackItUp\NBJ.exe" [2005-06-02 1957888]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-09-14 68856]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-11-03 204288]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe -atboottime" [X]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-09-22 7282688]
"nwiz"="nwiz.exe" [2005-09-22 1519616]
"NvMediaCenter"="NvMCTray.dll" [2005-09-22 86016]
"RTHDCPL"="RTHDCPL.EXE" [2005-08-18 14820864]
"CmUCRRun"="c:\windows\system32\CmUCReye.exe" [2005-10-12 241664]
"CHotkey"="mHotkey.exe" [2004-06-03 549376]
"ledpointer"="CNYHKey.exe" [2005-11-04 5577216]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-05 208952]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-05 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-05 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-05 455168]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"MedionVFD"="c:\program files\Medion Info Display\MdionLCM.exe" [2005-10-11 126976]
"PCMService"="c:\program files\Home Cinema\PowerCinema\PCMService.exe" [2005-11-01 139264]
"AntivirusRegistration"="c:\program files\CA\Etrust Antivirus\Register.exe" [2005-08-22 258048]
"InstantOn"="c:\program files\CyberLink\PowerCinema Linux\ion_install.exe" [2005-09-22 93640]
"McAfee Guardian"="c:\program files\McAfee\McAfee Shared Components\Guardian\CMGrdian.exe" [2003-01-29 147456]
"F-Secure Manager"="c:\program files\F-Secure\Common\FSM32.EXE" [2002-12-05 106571]
"WOOWATCH"="c:\progra~1\Wanadoo\Watch.exe" [2004-08-23 20480]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-11-24 81000]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\WINDOWS\\system32\\fxsclnt.exe"=
"c:\\Program Files\\e-Carte Bleue\\LA POSTE\\CVD VISA\\ECB.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [07/12/2009 20:35 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [07/12/2009 20:35 20560]
R2 F-Secure Filter;F-Secure File System Filter;c:\program files\F-Secure\Anti-Virus\win2k\FSfilter.sys [25/02/2006 23:38 47280]
R2 F-Secure Gatekeeper;F-Secure Gatekeeper;c:\program files\F-Secure\Anti-Virus\win2k\fsgk.sys [25/02/2006 23:38 37456]
R2 F-Secure Recognizer;F-Secure File System Recognizer;c:\program files\F-Secure\Anti-Virus\win2k\FSrec.sys [25/02/2006 23:38 15984]
R2 FSpm;F-Secure Policy Manager;c:\program files\F-Secure\Common\FSpm.sys [25/02/2006 23:38 65328]
R3 3xHybrid;3xHybrid service;c:\windows\system32\drivers\3xHybrid.sys [18/10/2005 14:01 826112]
R3 CMISTOR;CMIUCR.SYS CM220 Card Reader Driver;c:\windows\system32\drivers\cmiucr.SYS [19/10/2005 15:13 72320]
R3 McAfeePF;McAfee Firewall Network Filter Miniport;c:\windows\system32\drivers\fw220.sys [05/08/2002 04:00 33280]
S0 rseb;rseb; [x]
S2 BackWeb Client - 7681197;F-Secure BackWeb;c:\progra~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE [25/02/2006 23:38 16384]
S3 adiusbae;USB ADSL LAN Adapter;c:\windows\system32\DRIVERS\adiusbae.sys --> c:\windows\system32\DRIVERS\adiusbae.sys [?]

--- Autres Services/Pilotes en mémoire ---

*NewlyCreated* - ASWRDR
*NewlyCreated* - AVAST!_MAIL_SCANNER
*NewlyCreated* - AVAST!_WEB_SCANNER
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.google.fr/
uInternet Connection Wizard,ShellNext = hxxp://www.google.fr/webhp?sourceid=nav ... r&ie=UTF-8
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &Recherche AOL Toolbar - c:\program files\AOL Toolbar\toolbar.dll/SEARCH.HTML
IE: &Traduire à partir de l'anglais - c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~4\Office10\EXCEL.EXE/3000
IE: Pages liées - c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
IE: Pages similaires - c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
IE: Recherche &Google - c:\program files\google\GoogleToolbar2.dll/cmsearch.html
IE: Version de la page actuelle disponible dans le cache Google - c:\program files\google\GoogleToolbar2.dll/cmcache.html
IE: { - c:\program files\Messenger\msmsgs.exe
LSP: c:\windows\system32\CSLSP.DLL
DPF: {104B0A37-AB99-4F06-8032-8BBDC3B77DDB} - hxxp://www.photoweb.fr/telechargement/P ... loader.cab
DPF: {68C1822F-F5C7-4404-A73F-03C10E0E94DA} - hxxp://www4.photoweb.fr/telechargement/ ... loader.cab
DPF: {C36112BF-2FA3-4694-8603-3B510EA3B465} - hxxp://f009.mail.caramail.lycos.fr/app/ ... loader.cab
.
- - - - ORPHELINS SUPPRIMES - - - -

WebBrowser-{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - (no file)
ShellExecuteHooks-{20d8bda1-1958-11d6-b00f-00b0d0c6b6a5} - c:\program files\McAfee\McAfee Internet Security\GDSHEXT.DLL
AddRemove-FranceTelecomUninstall_FTBrowser - c:\progra~1\Wanadoo\Shell.exe inst\uninst_FTBrowser.shl
AddRemove-Guitar Pro 4.0 - c:\progra~1\GUITAR~2\UNWISE.EXE



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-12-10 20:34
Windows 5.1.2600 Service Pack 3 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************
.
--------------------- DLLs chargées dans les processus actifs ---------------------

- - - - - - - > 'lsass.exe'(620)
c:\windows\system32\CSLSP.DLL
.
Heure de fin: 2009-12-10 20:36:22
ComboFix-quarantined-files.txt 2009-12-10 19:36

Avant-CF: 58 983 321 600 octets libres
Après-CF: 69 065 830 400 octets libres

WindowsXP-KB310994-SP2-Home-BootDisk-FRA.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP dition familiale" /noexecute=optin /fastdetect

- - End Of File - - 0C96D5A71DABA0A89A262E5D00F8EAD2
didw
 
Messages: 8
Inscription: 09 Déc 2009, 13:04

Messagede nickW » 12 Déc 2009, 01:14

Bonsoir,

Il est en effet bien préférable de rester sur BC (Bleeping Computer), car suivre en même temps les procédures de deux forums distincts peut s'avérer dangereux ... et cela fait perdre du temps des deux cotés.

Salut,
nickW - Image
30/07/2012: Plus de désinfection de PC jusqu'à nouvel ordre.
Pas de demande d'analyse de log en MP (Message Privé)
Mes configs
Avatar de l’utilisateur
nickW
Modérateur
 
Messages: 21698
Inscription: 20 Mai 2004, 17:41
Localisation: Dordogne/Île de France

Messagede didw » 13 Déc 2009, 21:22

Bonsoir
Dois je rendre votre message comme une sanction !!
Dois je comprendre que là s'arrête votre aide ?
Si c'était le cas, noter que j'ai apprécié votre soutien jusqu'à ce jour
Did
didw
 
Messages: 8
Inscription: 09 Déc 2009, 13:04

Messagede nickW » 14 Déc 2009, 01:26

Bonsoir,

Cela signifie seulement que, pour ce problème, Buckeye_Sam est déjà en train de t'aider sur BC, qu'il utilise certains programmes, applique certaines procédures, que je n'utilise pas forcément les mêmes et que si je te demande de faire d'autres manips cela risque de fausser les résultats qu'il attend.

Je te remercie d'ailleurs d'avoir signalé que tu étais déjà pris en charge sur un autre forum.

Salut,
nickW - Image
30/07/2012: Plus de désinfection de PC jusqu'à nouvel ordre.
Pas de demande d'analyse de log en MP (Message Privé)
Mes configs
Avatar de l’utilisateur
nickW
Modérateur
 
Messages: 21698
Inscription: 20 Mai 2004, 17:41
Localisation: Dordogne/Île de France


Retourner vers Sécurité (Contamination - Décontamination)

Qui est en ligne

Utilisateurs parcourant ce forum: Aucun utilisateur enregistré et 19 invités