analyse rapport de mon portable

Sécurité et insécurité. Virus, Trojans, Spywares, Failles etc. …

Modérateur: Modérateurs et Modératrices

Règles du forum
Assiste.com a suspendu l'assistance à la décontamination après presque 15 ans sur l'ancien forum puis celui-ci. Voir :

Procédure de décontamination 1 - Anti-malware
Décontamination anti-malwares

Procédure de décontamination 2 - Anti-malware et antivirus (La Manip)
La Manip - Procédure standard de décontamination

Entretien périodique d'un PC sous Windows
Entretien périodique d'un PC sous Windows

Protection des navigateurs, de la navigation et de la vie privée
Protéger le navigateur, la navigation et la vie privée

Re: analyse rapport de mon portable

Messagede maams » 16 Avr 2012, 22:19

Voila le OTL.
en attendant la suite des instructions et si tu peux me dire comment te remercier de ton aide.

OTL logfile created on: 16/04/2012 22:50:11 - Run 2
OTL by OldTimer - Version 3.2.39.2 Folder = C:\Documents and Settings\Nadine\Bureau
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy

1014,36 Mb Total Physical Memory | 494,02 Mb Available Physical Memory | 48,70% Memory free
2,38 Gb Paging File | 1,94 Gb Available in Paging File | 81,42% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 145,32 Gb Total Space | 30,01 Gb Free Space | 20,65% Space Free | Partition Type: NTFS

Computer Name: PORT_MAMS | User Name: Nadine | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/04/14 12:02:52 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Nadine\Bureau\OTL.exe
PRC - [2012/03/07 01:36:42 | 000,021,392 | ---- | M] () -- C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
PRC - [2012/03/07 01:36:32 | 003,508,624 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files\Samsung\Kies\KiesTrayAgent.exe
PRC - [2012/03/07 01:15:17 | 004,241,512 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2012/03/07 01:15:14 | 000,044,768 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2011/12/06 18:17:50 | 000,161,664 | ---- | M] (Oracle Corporation) -- C:\Program Files\Java\jre7\bin\jqs.exe
PRC - [2011/11/07 13:29:44 | 002,761,832 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Update 5\VAIOUpdt.exe
PRC - [2011/10/27 18:10:56 | 001,086,568 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Update Common\VUAgent.exe
PRC - [2010/10/16 01:40:40 | 000,037,664 | ---- | M] (Apple Inc.) -- C:\Program Files\Fichiers communs\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010/08/26 17:53:14 | 000,793,136 | ---- | M] (VMware, Inc.) -- C:\Program Files\VMware\VMware View\Client\bin\wsnm_usbctrl.exe
PRC - [2010/08/26 17:52:46 | 000,494,128 | ---- | M] (VMware, Inc.) -- C:\Program Files\VMware\VMware View\Client\bin\wsnm.exe
PRC - [2009/10/15 10:53:54 | 000,959,808 | ---- | M] (SFR) -- C:\Program Files\SFR\Kit\9props.exe
PRC - [2009/05/26 12:30:34 | 000,552,960 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe
PRC - [2009/03/26 13:41:42 | 000,217,088 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
PRC - [2009/03/18 09:02:10 | 000,176,128 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
PRC - [2009/01/21 10:07:42 | 000,313,264 | ---- | M] (Sony Corporation) -- C:\Program Files\Fichiers communs\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
PRC - [2009/01/21 10:07:42 | 000,192,512 | ---- | M] (Sony Corporation) -- C:\Program Files\Fichiers communs\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
PRC - [2009/01/14 13:38:38 | 005,184,872 | ---- | M] (Sony Corporation) -- C:\Program Files\Fichiers communs\Sony Shared\VAIO Content Folder Watcher\VCFw.exe
PRC - [2008/12/25 06:14:08 | 001,037,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/09/18 10:59:10 | 000,104,960 | ---- | M] (ArcSoft, Inc.) -- C:\Program Files\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe
PRC - [2008/05/15 17:31:00 | 000,315,392 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\ISB Utility\ISBMgr.exe
PRC - [2007/05/28 18:57:54 | 000,275,968 | ---- | M] (Rocket Division Software) -- C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe
PRC - [2007/01/04 19:48:50 | 000,112,152 | ---- | M] (InterVideo) -- C:\Program Files\Fichiers communs\InterVideo\RegMgr\iviRegMgr.exe


========== Modules (No Company Name) ==========

MOD - [2012/04/14 10:20:18 | 001,756,160 | ---- | M] () -- C:\Program Files\Alwil Software\Avast5\defs\12041400\algo.dll
MOD - [2012/04/12 16:20:20 | 000,572,128 | ---- | M] () -- C:\Program Files\Alwil Software\Avast5\defs\12041400\Sf.bin
MOD - [2012/04/11 09:01:32 | 012,430,848 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\d96906db18e87ffe2e08f6cda7e2be0f\System.Windows.Forms.ni.dll
MOD - [2012/04/11 08:59:38 | 001,591,808 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\8d886cdc2ca5f0ff97cd1afe8773bb6e\System.Drawing.ni.dll
MOD - [2012/04/11 08:57:27 | 014,328,320 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\029d1d9e6495065aa4f38bcf2315ee8c\PresentationFramework.ni.dll
MOD - [2012/04/11 08:53:38 | 012,215,808 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PresentationCore\0a059ecfca6e421629a8298b03a7814c\PresentationCore.ni.dll
MOD - [2012/04/11 08:16:27 | 000,115,137 | ---- | M] () -- C:\Documents and Settings\Nadine\Local Settings\Temp\08f56ff6-864d-4a92-944a-57b870198cb2\CliSecureRT.dll
MOD - [2012/03/07 01:36:42 | 000,021,392 | ---- | M] () -- C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
MOD - [2012/02/17 13:31:48 | 000,998,400 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Management\a2a14380e8c9149d5b212d0100ef588a\System.Management.ni.dll
MOD - [2012/02/17 13:30:19 | 000,771,584 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\c14e58265386feb509cc61bb5e8dd296\System.Runtime.Remoting.ni.dll
MOD - [2012/02/17 12:53:08 | 005,450,752 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\77e1279cbf4eecfb0284b63316fe43fe\System.Xml.ni.dll
MOD - [2012/02/17 12:34:21 | 002,295,296 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Core\0a6d6717e76be12295711ff02c7aa1d4\System.Core.ni.dll
MOD - [2012/02/17 12:09:27 | 000,539,648 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\1552f18ca434c1dca6d082df476d089a\PresentationFramework.Luna.ni.dll
MOD - [2012/02/17 10:53:16 | 003,325,440 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\WindowsBase\174c2f776741812aed02c337bbcd1dae\WindowsBase.ni.dll
MOD - [2012/02/17 10:47:21 | 007,953,408 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\9e3803cd2a11f056291862e306a8e2b2\System.ni.dll
MOD - [2012/02/03 01:44:00 | 000,639,912 | ---- | M] () -- C:\Program Files\Samsung\Kies\External\FirmwareUpdate\CommonModule.dll
MOD - [2012/02/03 01:44:00 | 000,503,208 | ---- | M] () -- C:\Program Files\Samsung\Kies\External\FirmwareUpdate\FirmwareUpdateAgent.Common.dll
MOD - [2012/02/03 01:44:00 | 000,007,168 | ---- | M] () -- C:\Program Files\Samsung\Kies\External\FirmwareUpdate\IPCServer.dll
MOD - [2012/02/03 01:43:58 | 000,003,584 | ---- | M] () -- C:\Program Files\Samsung\Kies\External\FirmwareUpdate\ISharedIPCInterface.dll
MOD - [2011/10/13 15:10:34 | 011,490,816 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\ca87ba84221991839abbe7d4bc9c6721\mscorlib.ni.dll
MOD - [2011/09/27 08:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files\Fichiers communs\Apple\Apple Application Support\zlib1.dll
MOD - [2011/09/27 08:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files\Fichiers communs\Apple\Apple Application Support\libxml2.dll
MOD - [2009/03/18 09:02:10 | 000,010,752 | ---- | M] () -- C:\Program Files\Sony\VAIO Event Service\VESBasePS.dll
MOD - [2009/02/27 17:37:16 | 000,311,296 | ---- | M] () -- C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\pdfshell.FRA
MOD - [2008/04/30 15:22:44 | 000,172,032 | ---- | M] () -- C:\WINDOWS\system32\WLanDLL.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Unknown] -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe -- (aswUpdSv)
SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt)
SRV - [2012/04/11 08:20:52 | 000,253,600 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/03/07 01:15:14 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2011/12/06 18:17:50 | 000,161,664 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Program Files\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2011/10/27 18:10:56 | 001,086,568 | ---- | M] (Sony Corporation) [On_Demand | Running] -- C:\Program Files\Sony\VAIO Update Common\VUAgent.exe -- (VUAgent)
SRV - [2010/10/16 01:40:40 | 000,037,664 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Fichiers communs\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010/08/26 17:53:14 | 000,793,136 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Program Files\VMware\VMware View\Client\bin\wsnm_usbctrl.exe -- (wsnm_usbctrl)
SRV - [2010/08/26 17:52:46 | 000,494,128 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Program Files\VMware\VMware View\Client\bin\wsnm.exe -- (wsnm)
SRV - [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [On_Demand | Stopped] -- C:\Program Files\Fichiers communs\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2009/03/25 13:08:56 | 000,390,440 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Fichiers communs\Sony Shared\SOHLib\SOHDms.exe -- (SOHDms)
SRV - [2009/03/25 13:08:56 | 000,120,104 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Fichiers communs\Sony Shared\SOHLib\SOHCImp.exe -- (SOHCImp)
SRV - [2009/03/25 13:08:56 | 000,091,432 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Fichiers communs\Sony Shared\SOHLib\SOHPlMgr.exe -- (SOHPlMgr)
SRV - [2009/03/25 13:08:56 | 000,075,048 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Fichiers communs\Sony Shared\SOHLib\SOHDs.exe -- (SOHDs)
SRV - [2009/03/25 13:08:56 | 000,070,952 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Fichiers communs\Sony Shared\SOHLib\SOHDBSvr.exe -- (SOHDBSvr)
SRV - [2009/03/18 09:02:10 | 000,176,128 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Sony\VAIO Event Service\VESMgr.exe -- (VAIO Event Service)
SRV - [2009/01/21 10:07:44 | 000,069,632 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Fichiers communs\Sony Shared\VAIO Entertainment Platform\VzHardwareResourceManager\VzHardwareResourceManager\VzHardwareResourceManager.exe -- (VAIO Entertainment TV Device Arbitration Service)
SRV - [2009/01/21 10:07:42 | 000,313,264 | ---- | M] (Sony Corporation) [On_Demand | Running] -- C:\Program Files\Fichiers communs\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe -- (Vcsw)
SRV - [2009/01/21 10:07:42 | 000,192,512 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Fichiers communs\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe -- (VzCdbSvc)
SRV - [2009/01/14 13:38:38 | 005,184,872 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Fichiers communs\Sony Shared\VAIO Content Folder Watcher\VCFw.exe -- (VCFw)
SRV - [2008/09/18 10:59:10 | 000,104,960 | ---- | M] (ArcSoft, Inc.) [Auto | Running] -- C:\Program Files\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe -- (uCamMonitor)
SRV - [2007/05/28 18:57:54 | 000,275,968 | ---- | M] (Rocket Division Software) [Auto | Running] -- C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe -- (StarWindServiceAE)
SRV - [2007/01/04 19:48:50 | 000,112,152 | ---- | M] (InterVideo) [Auto | Stop_Pending] -- C:\Program Files\Fichiers communs\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Unknown] -- -- (aa0af2bn)
DRV - [2012/03/07 01:03:51 | 000,612,184 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2012/03/07 01:03:38 | 000,337,880 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2012/03/07 01:02:00 | 000,035,672 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2012/03/07 01:01:53 | 000,053,848 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2012/03/07 01:01:39 | 000,095,704 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2012/03/07 01:01:30 | 000,020,696 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2012/03/07 00:58:29 | 000,024,920 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2010/08/26 17:53:14 | 000,039,984 | R--- | M] (VMware, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\vmwvusb.sys -- (vmwvusb)
DRV - [2010/02/02 13:43:56 | 000,721,904 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\sptd.sys -- (sptd)
DRV - [2009/06/10 22:05:39 | 000,156,816 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwdndis.sys -- (BTWDNDIS)
DRV - [2009/06/10 22:05:39 | 000,056,992 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwhid.sys -- (btwhid)
DRV - [2009/06/10 22:05:39 | 000,047,272 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB)
DRV - [2009/06/10 22:05:39 | 000,037,160 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btport.sys -- (BTDriver)
DRV - [2009/06/10 22:05:38 | 000,991,136 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btkrnl.sys -- (BTKRNL)
DRV - [2009/06/10 22:05:37 | 000,534,312 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btaudio.sys -- (btaudio)
DRV - [2009/05/18 22:01:53 | 000,039,424 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\l1c51x86.sys -- (L1c)
DRV - [2009/05/08 03:57:24 | 005,068,288 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2009/05/08 03:56:34 | 001,389,056 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Monfilt.sys -- (Monfilt)
DRV - [2009/05/08 03:56:10 | 001,684,736 | ---- | M] (Creative) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Ambfilt.sys -- (Ambfilt)
DRV - [2009/04/10 15:46:42 | 000,091,776 | ---- | M] (Ricoh co.,Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\5U876.sys -- (5U876UVC)
DRV - [2009/03/28 05:13:44 | 001,529,600 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\athw.sys -- (AR5416)
DRV - [2009/01/14 22:04:51 | 000,048,896 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SonyNC.sys -- (SNC)
DRV - [2008/11/06 02:08:42 | 000,046,592 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\risdptsk.sys -- (risdptsk)
DRV - [2008/10/08 02:06:42 | 000,068,608 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2008/09/26 19:01:00 | 000,101,376 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2008/04/25 05:06:44 | 000,014,336 | ---- | M] (ArcSoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ArcSoftKsUFilter.sys -- (ArcSoftKsUFilter)
DRV - [2007/04/17 20:09:28 | 000,011,032 | ---- | M] (InterVideo) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\regi.sys -- (regi)
DRV - [2005/11/19 03:13:18 | 000,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PCASp50.sys -- (PCASp50)
DRV - [2002/04/12 09:43:44 | 000,016,194 | ---- | M] (AMBIT Microsystems Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\AWINDIS5.SYS -- (AWINDIS5)
DRV - [2000/12/05 16:18:02 | 000,003,952 | ---- | M] (Sony Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\DMICall.sys -- (DMICall)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Binary data over 100 bytes]
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKLM\..\SearchScopes\{07220D20-26F6-4F66-9C2F-3A00A6DB4FEE}: "URL" = http://www.bing.com/search?q={searchTerms}&form=QBLH&filt=all

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.bing.fr/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = about:blank [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\..\URLSearchHook: {CA3EB689-8F09-4026-AA10-B9534C691CE0} - C:\Program Files\searchweb\tbhelper.dll ()
IE - HKCU\..\SearchScopes,DefaultScope = {63CFF29A-2F2C-4B9A-BE2C-4B8E40401516}
IE - HKCU\..\SearchScopes\{63CFF29A-2F2C-4B9A-BE2C-4B8E40401516}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKCU\..\SearchScopes\{79E427E2-EA6A-4EF8-9F09-6E30E0E68501}: "URL" = http://www.google.com/search?hl=en&q={searchTerms}
IE - HKCU\..\SearchScopes\{98B9E088-57F9-4648-B1F6-2A7288D28F37}: "URL" = http://en.wikipedia.org/w/index.php?tit ... ch&search={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.11: C:\Program Files\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
FF - HKLM\Software\MozillaPlugins\@zylom.com/ZylomGamesPlayer: C:\Documents and Settings\All Users\Application Data\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll (Zylom)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)



========== Chrome ==========

CHR - default_search_provider: Bing (Enabled)
CHR - default_search_provider: search_url = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
CHR - default_search_provider: suggest_url =
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\18.0.1025.152\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Java Deployment Toolkit 6.0.270.7 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U27 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\18.0.1025.152\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\18.0.1025.152\pdf.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Zylom Plugin (Enabled) = C:\Documents and Settings\All Users\Application Data\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.69\npGoogleUpdate3.dll
CHR - plugin: VLC Multimedia Plug-in (Enabled) = C:\Program Files\VideoLAN\VLC\npvlc.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: YouTube = C:\Documents and Settings\Nadine\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2_0\
CHR - Extension: Recherche Google = C:\Documents and Settings\Nadine\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\
CHR - Extension: Complitly plugin for chrome = C:\Documents and Settings\Nadine\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\dlfienamagdnkekbbbocojppncdambda\1.1_0\
CHR - Extension: Gmail = C:\Documents and Settings\Nadine\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_0\

O1 HOSTS File: ([2008/12/25 06:14:16 | 000,000,790 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (vShare Plugin) - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Program Files\vShare\vshare_toolbar.dll ()
O2 - BHO: (Objet d'aide à la navigation SFR) - {0F6E720A-1A6B-40E1-A294-1D4D19F156C8} - C:\Program Files\SFR\Kit\SFRNavErrorHelper.dll (SFR)
O2 - BHO: (Complitly) - {0FB6A909-6086-458F-BD92-1F8EE10042A0} - C:\Documents and Settings\Nadine\Application Data\Complitly\Complitly.dll (SimplyGen)
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Programme d'aide de l'Assistant de connexion Windows Live) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (TBSB02609 Class) - {C0924543-15FD-4F3D-889C-0B4562A9CB45} - C:\Program Files\searchweb\tbcore3.dll ()
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (vShare Plugin) - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Program Files\vShare\vshare_toolbar.dll ()
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (searchweb) - {CDB982ED-F9D6-4E3B-B94B-96F705D35AD1} - C:\Program Files\searchweb\tbcore3.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (vShare Plugin) - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Program Files\vShare\vshare_toolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (searchweb) - {CDB982ED-F9D6-4E3B-B94B-96F705D35AD1} - C:\Program Files\searchweb\tbcore3.dll ()
O4 - HKLM..\Run: [Adobe ARM] C:\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Fichiers communs\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\AvastUI.exe (AVAST Software)
O4 - HKLM..\Run: [AzMixerSel] C:\Program Files\Realtek\Audio\Drivers\AzMixerSel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [ISBMgr.exe] C:\Program Files\Sony\ISB Utility\ISBMgr.exe (Sony Corporation)
O4 - HKLM..\Run: [KiesTrayAgent] C:\Program Files\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
O4 - HKLM..\Run: [SonyPowerCfg] C:\Program Files\Sony\VAIO Power Management\SPMgr.exe (Sony Corporation)
O4 - HKLM..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre7\bin\jusched.exe" File not found
O4 - HKLM..\Run: [Switcher.exe] C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe (Sony Corporation)
O4 - HKLM..\Run: [VAIO Update 5] C:\Program Files\Sony\VAIO Update 5\VAIOUpdt.exe (Sony Corporation)
O4 - HKCU..\Run: [AlcoholAutomount] C:\Program Files\Alcohol Soft\Alcohol 52\axcmd.exe (Alcohol Soft Development Team)
O4 - HKCU..\Run: [Connexion SFR 9props.exe] C:\Program Files\SFR\Kit\9props.exe (SFR)
O4 - HKCU..\Run: [KiesHelper] C:\Program Files\Samsung\Kies\KiesHelper.exe (Samsung)
O4 - HKCU..\Run: [KiesPDLR] C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\BTTray.lnk.Bl9c98vcvv ()
O4 - Startup: C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\HOW TO DECRYPT FILES.txt ()
O4 - Startup: C:\Documents and Settings\Nadine\Menu Démarrer\Programmes\Démarrage\HOW TO DECRYPT FILES.txt ()
O4 - Startup: C:\Documents and Settings\Nadine\Menu Démarrer\Programmes\Démarrage\OpenOffice.org 3.3.lnk.Bl9c98vcvv ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Rechercher sur le Web - C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\menuext.html File not found
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm File not found
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm File not found
O9 - Extra Button: searchweb - {CDB982ED-F9D6-4E3B-B94B-96F705D35AD1} - C:\Program Files\searchweb\tbcore3.dll ()
O9 - Extra 'Tools' menuitem : searchweb - {CDB982ED-F9D6-4E3B-B94B-96F705D35AD1} - C:\Program Files\searchweb\tbcore3.dll ()
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {084DAC27-6FA3-4F55-9005-033F2F102F5C} http://data.jeuxclassiques.com/npwwg.cab (ITPPDiagIE Class)
O16 - DPF: {3D3B42C2-11BF-4732-A304-A01384B70D68} http://picasaweb.google.com/s/v/67.18/uploader2.cab (UploadListView Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinsta ... s-i586.cab (Java Plug-in 1.7.0_01)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0017-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinsta ... s-i586.cab (Java Plug-in 1.7.0_01)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.7.0_01)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Fichiers communs\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\vsharechrome {3F3A4B8A-86FC-43A4-BB00-6D7EBE9D4484} - C:\Program Files\vShare\vshare_toolbar.dll ()
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\VESWinlogon: DllName - (VESWinlogon.dll) - C:\WINDOWS\System32\VESWinlogon.dll (Sony Corporation)
O24 - Desktop Components:0 (Ma page d'accueil) - About:Home
O24 - Desktop WallPaper:
O24 - Desktop BackupWallPaper:
O30 - LSA: Security Packages - (wsauth) - C:\WINDOWS\System32\wsauth.dll (VMware, Inc.)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/22 10:46:37 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{14219709-2781-11e0-bc42-001f3af9ba8d}\Shell - "" = AutoRun
O33 - MountPoints2\{14219709-2781-11e0-bc42-001f3af9ba8d}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{1421970d-2781-11e0-bc42-001f3af9ba8d}\Shell - "" = AutoRun
O33 - MountPoints2\{1421970d-2781-11e0-bc42-001f3af9ba8d}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{14219710-2781-11e0-bc42-001f3af9ba8d}\Shell - "" = AutoRun
O33 - MountPoints2\{14219710-2781-11e0-bc42-001f3af9ba8d}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/04/16 22:42:24 | 000,248,152 | ---- | C] (Doctor Web, Ltd.) -- C:\Documents and Settings\Nadine\Bureau\te94decrypt.exe
[2012/04/14 12:02:43 | 000,593,920 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Nadine\Bureau\OTL.exe
[2012/04/14 10:03:29 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Nadine\Recent
[2012/04/14 08:53:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis
[2012/04/14 08:53:32 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2012/04/13 21:52:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Nadine\Local Settings\Application Data\Sun
[2012/04/13 10:57:58 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012/03/21 18:51:16 | 000,000,000 | --SD | C] -- C:\Documents and Settings\All Users\Menu Démarrer\Programmes\OpenOffice.org 3.3
[2012/03/21 18:36:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Démarrer\Programmes\PDFCreator
[2012/03/21 18:36:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Nadine\Application Data\pdfforge
[2012/03/21 18:36:20 | 000,054,784 | ---- | C] (pdfforge GbR) -- C:\WINDOWS\System32\pdfcmon.dll
[2012/03/21 18:36:08 | 000,000,000 | ---D | C] -- C:\Program Files\PDFCreator
[2012/03/21 18:10:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Nadine\Bureau\OpenOffice.org 3.3 (fr) Installation Files
[2012/03/21 18:09:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\sun
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/04/16 22:50:02 | 000,001,002 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012/04/16 22:41:22 | 000,000,435 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.ics
[2012/04/16 22:41:15 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/04/16 22:39:29 | 000,001,052 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/04/16 22:39:21 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/04/16 22:39:16 | 1063,702,528 | -HS- | M] () -- C:\hiberfil.sys
[2012/04/16 22:33:36 | 000,000,434 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{32A93EBE-0D9C-4D32-907E-E2418263DB8B}.job
[2012/04/16 22:27:46 | 000,248,152 | ---- | M] (Doctor Web, Ltd.) -- C:\Documents and Settings\Nadine\Bureau\te94decrypt.exe
[2012/04/15 20:28:20 | 000,001,056 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/04/14 12:28:55 | 000,000,512 | ---- | M] () -- C:\PhysicalMBR.bin
[2012/04/14 12:02:52 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Nadine\Bureau\OTL.exe
[2012/04/14 08:54:36 | 000,001,735 | ---- | M] () -- C:\Documents and Settings\Nadine\Bureau\HijackThis.lnk
[2012/04/14 08:53:48 | 000,108,544 | ---- | M] () -- C:\Documents and Settings\Nadine\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/04/13 11:00:47 | 000,001,730 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\Adobe Reader 9.lnk.Bl9c98vcvv
[2012/04/11 08:54:15 | 000,000,785 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\Malwarebytes Anti-Malware.lnk.Bl9c98vcvv
[2012/04/11 08:51:15 | 000,512,462 | ---- | M] () -- C:\WINDOWS\System32\perfh00C.dat
[2012/04/11 08:51:15 | 000,441,906 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/04/11 08:51:15 | 000,085,998 | ---- | M] () -- C:\WINDOWS\System32\perfc00C.dat
[2012/04/11 08:51:15 | 000,071,842 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/04/10 23:33:20 | 000,000,683 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\CCleaner.lnk.Bl9c98vcvv
[2012/04/10 13:42:22 | 000,001,814 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\Google Chrome.lnk.Bl9c98vcvv
[2012/04/09 18:42:53 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2012/04/08 11:02:49 | 000,000,210 | ---- | M] () -- C:\Documents and Settings\Nadine\Bureau\TV sur Ordinateur - neufbox TV.url
[2012/04/04 15:56:40 | 000,022,344 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012/03/28 08:18:49 | 000,003,121 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2012/03/25 20:33:18 | 000,157,952 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/03/23 16:40:12 | 000,000,865 | ---- | M] () -- C:\Documents and Settings\Nadine\Menu Démarrer\Programmes\Démarrage\OpenOffice.org 3.3.lnk.Bl9c98vcvv
[2012/03/21 18:51:23 | 000,000,917 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\OpenOffice.org 3.3.lnk.Bl9c98vcvv
[2012/03/21 18:36:56 | 000,000,854 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\PDFArchitect.lnk.Bl9c98vcvv
[2012/03/21 18:36:56 | 000,000,707 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\PDFCreator.lnk.Bl9c98vcvv
[2012/03/21 18:07:55 | 152,474,936 | ---- | M] () -- C:\Documents and Settings\Nadine\Bureau\OOo_3.3.0_Win_x86_install-wJRE_fr.exe
[2012/03/21 18:01:31 | 000,004,876 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/04/14 12:28:55 | 000,000,512 | ---- | C] () -- C:\PhysicalMBR.bin
[2012/04/14 08:53:36 | 000,001,735 | ---- | C] () -- C:\Documents and Settings\Nadine\Bureau\HijackThis.lnk
[2012/04/11 08:20:53 | 000,001,002 | ---- | C] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012/03/23 16:40:09 | 000,000,865 | ---- | C] () -- C:\Documents and Settings\Nadine\Menu Démarrer\Programmes\Démarrage\OpenOffice.org 3.3.lnk.Bl9c98vcvv
[2012/03/21 18:51:23 | 000,000,917 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\OpenOffice.org 3.3.lnk.Bl9c98vcvv
[2012/03/21 18:36:56 | 000,000,854 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\PDFArchitect.lnk.Bl9c98vcvv
[2012/03/21 18:36:56 | 000,000,707 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\PDFCreator.lnk.Bl9c98vcvv
[2012/03/20 09:50:05 | 000,177,616 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2012/02/16 06:42:42 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012/01/31 02:15:44 | 000,030,568 | ---- | C] () -- C:\WINDOWS\MusiccityDownload.exe
[2012/01/31 02:15:42 | 000,974,848 | ---- | C] () -- C:\WINDOWS\System32\cis-2.4.dll
[2012/01/31 02:15:42 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\issacapi_bs-2.3.dll
[2012/01/31 02:15:42 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\issacapi_pe-2.3.dll
[2012/01/31 02:15:42 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\issacapi_se-2.3.dll
[2011/12/06 15:05:00 | 000,116,224 | ---- | C] () -- C:\WINDOWS\System32\pdfcmnnt.dll
[2011/11/06 11:44:17 | 000,004,876 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat

========== LOP Check ==========

[2010/02/04 19:46:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2011/11/26 21:57:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Babylon
[2010/02/12 18:30:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GameHouse
[2012/02/06 17:40:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters
[2012/03/17 16:50:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Samsung
[2010/01/03 18:06:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TreeCardGames
[2012/02/06 17:41:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\UAB
[2009/06/22 12:36:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Uninstall
[2010/02/01 18:28:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Zylom
[2010/10/21 15:41:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/12/30 12:21:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2012/04/13 21:54:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nadine\Application Data\123 Free Solitaire
[2012/04/13 21:54:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nadine\Application Data\Babylon
[2012/04/13 21:54:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nadine\Application Data\Complitly
[2012/04/13 21:54:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nadine\Application Data\Devicescape
[2011/08/05 14:28:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nadine\Application Data\FREEzeFrog
[2010/02/01 18:35:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nadine\Application Data\iWin
[2012/04/13 21:54:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nadine\Application Data\Livestation
[2012/04/13 21:54:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nadine\Application Data\Mchid
[2010/02/12 18:30:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nadine\Application Data\Meridian93
[2012/04/13 21:54:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nadine\Application Data\Neuronyx
[2010/01/30 12:45:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nadine\Application Data\OpenOffice.org
[2012/03/21 18:36:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nadine\Application Data\pdfforge
[2012/03/17 17:03:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nadine\Application Data\Samsung
[2012/04/13 21:54:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nadine\Application Data\Skip-Bo
[2012/04/13 21:55:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nadine\Application Data\smc
[2011/11/26 21:57:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nadine\Application Data\Toolbar4
[2010/01/03 18:06:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nadine\Application Data\TreeCardGames
[2010/12/05 16:36:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nadine\Application Data\vShare
[2012/04/13 21:55:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nadine\Application Data\Zylom
[2008/12/25 06:14:08 | 000,000,937 | ---- | M] () -- C:\WINDOWS\Tasks\HOW TO DECRYPT FILES.txt
[2012/04/16 22:33:36 | 000,000,434 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{32A93EBE-0D9C-4D32-907E-E2418263DB8B}.job

========== Purity Check ==========



< End of report >
maams
 
Messages: 13
Inscription: 14 Avr 2012, 08:34

Re: analyse rapport de mon portable

Messagede nickW » 16 Avr 2012, 22:54

Re-

Les icônes de certains fichiers sur le Bureau sont-elles roses?


As-tu bien respecté les espaces dans la commande:

te94decrypt.exe¤-k¤85
(le caractère ¤ représente un espace)

A suivre,
nickW - Image
30/07/2012: Plus de désinfection de PC jusqu'à nouvel ordre.
Pas de demande d'analyse de log en MP (Message Privé)
Mes configs
Avatar de l’utilisateur
nickW
Modérateur
 
Messages: 21698
Inscription: 20 Mai 2004, 17:41
Localisation: Dordogne/Île de France

Re: analyse rapport de mon portable

Messagede maams » 16 Avr 2012, 23:19

Bonsoir le noctambule,
non les icones sont blanches avec petits dessins, comme celle de base quand on veut changer d'icone.
Mais pas sur toutes, j'ai quelques icones correctes pour otl, sfr, te94decrypt...

J'ai refait te94... avec les espaces pour vérifier (j'avais fait attention mais pour etre sure )
et cela m'a donné à nouveau zéro!

et tu ne m'as pas dit comment te remercier.

Maams
maams
 
Messages: 13
Inscription: 14 Avr 2012, 08:34

Re: analyse rapport de mon portable

Messagede nickW » 17 Avr 2012, 00:45

Re-

Ton Bureau se présente-t-il comme l'un de ceux présentés sur ces deux sujets:

http://forum.security-x.fr/malwares-315 ... /#msg66158

http://forum.malekal.com/trojan-w32-ran ... 37317.html

A suivre,
nickW - Image
30/07/2012: Plus de désinfection de PC jusqu'à nouvel ordre.
Pas de demande d'analyse de log en MP (Message Privé)
Mes configs
Avatar de l’utilisateur
nickW
Modérateur
 
Messages: 21698
Inscription: 20 Mai 2004, 17:41
Localisation: Dordogne/Île de France

Re: analyse rapport de mon portable

Messagede maams » 17 Avr 2012, 07:38

Bonjour,
J'ai relancé malwarbytes complet pendant que je dormais.
et j'ai suprimé les deux éléments infectés (mais cla n'a rien changé)

Je joins un fichier avec une copie d'écran car cela ne correspond pas à ceux que tu m'as joint.
(Je peux lancer les prog mais en allant directement dans le répertoire pour lancer l'application, cela ne fonctionne pas avec les icones du bureau ou avec démarrer, tous les programmes....

Bonne journée.




ci-joint le log.

Malwarebytes Anti-Malware 1.61.0.1400
http://www.malwarebytes.org

Version de la base de données: v2012.04.16.04

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Nadine :: PORT_MAMS [administrateur]

17/04/2012 00:30:15
mbam-log-2012-04-17 (00-30-15).txt

Type d'examen: Examen complet
Options d'examen activées: Mémoire | Démarrage | Registre | Système de fichiers | Heuristique/Extra | Heuristique/Shuriken | PUP | PUM
Options d'examen désactivées: P2P
Elément(s) analysé(s): 254539
Temps écoulé: 1 heure(s), 41 seconde(s)

Processus mémoire détecté(s): 0
(Aucun élément nuisible détecté)

Module(s) mémoire détecté(s): 0
(Aucun élément nuisible détecté)

Clé(s) du Registre détectée(s): 0
(Aucun élément nuisible détecté)

Valeur(s) du Registre détectée(s): 0
(Aucun élément nuisible détecté)

Elément(s) de données du Registre détecté(s): 0
(Aucun élément nuisible détecté)

Dossier(s) détecté(s): 0
(Aucun élément nuisible détecté)

Fichier(s) détecté(s): 2
C:\Documents and Settings\Nadine\Local Settings\Application Data\Sun\Java\Deployment\cache\6.0\32\593dd620-5d3b9389 (Trojan.Zbot.Gen) -> Mis en quarantaine et supprimé avec succès.
C:\Program Files\Alcohol Soft\Alcohol 52\Langs\AX_RU.dll (Malware.Packer.GenX) -> Mis en quarantaine et supprimé avec succès.

(fin)
Fichiers joints
ecran.JPG
copue d'ecran
ecran.JPG (131.02 Kio) Vu 1071 fois
maams
 
Messages: 13
Inscription: 14 Avr 2012, 08:34

Re: analyse rapport de mon portable

Messagede nickW » 18 Avr 2012, 00:31

Bonsoir,

Il s'agit d'une infection, jusqu'à présent peu répandue en France, à propos de laquelle les éditeurs d'outils de nettoyage travaillent d'arrache-pied.


Sur malekal.com, voir EDIT 17 Avril – Nouvelle variante
http://www.malekal.com/2012/04/12/troja ... documents/


Je te propose ceci (à essayer dans cet ordre, et en s'arrêtant si nnnn fichiers sont décryptés):

1/ Re-télécharger l'outil de Dr.Web puis essayer de décrypter les fichiers avec

te94decrypt.exe¤-k¤91
(le caractère ¤ représente un espace)


2/ Essayer de décrypter les fichiers avec l'outil de Kaspersky
(cf malekal.com)


3/ Envoyer des fichiers à Dr.Web pour demander de l'aide au nettoyage

Méthode:

*- mettre dans une archive nommée ransom.zip :

le fichier RYiGElV1ZFlQ3US.exe (dans la quarantaine de mbam en date 16/04/2012 22:30:56)
un fichier texte HOW TO ...... (par exemple: C:\WINDOWS\Tasks\HOW TO DECRYPT FILES.txt)
un fichier crypté (par exemple: C:\Documents and Settings\All Users\Bureau\PDFCreator.lnk.Bl9c98vcvv)

*- aller sur le site http://vms.drweb.fr/sendvirus/
Via Parcourir, sélectionner l'archive ransom.zip
Dans la rubrique Catégorie, sélectionner Requête pour nettoyage
Saisir une adresse email valide
Dans la rubrique Commentaire, indiquer que te94decrypt.exe -k 85 et te94decrypt.exe -k 91 n'ont pas fonctionné.
Cliquer sur Envoyer
Attendre leur réponse.

A suivre,
nickW - Image
30/07/2012: Plus de désinfection de PC jusqu'à nouvel ordre.
Pas de demande d'analyse de log en MP (Message Privé)
Mes configs
Avatar de l’utilisateur
nickW
Modérateur
 
Messages: 21698
Inscription: 20 Mai 2004, 17:41
Localisation: Dordogne/Île de France

Re: analyse rapport de mon portable

Messagede maams » 18 Avr 2012, 20:45

Bonsoir,
Après bien des galères avec le paramètre 91 j'ai pu éradiquer le virus, je suis en train de vérifier mais apparemment ce serait bon.
Merci Beaucoup. :D
maams
 
Messages: 13
Inscription: 14 Avr 2012, 08:34

Précédente

Retourner vers Sécurité (Contamination - Décontamination)

Qui est en ligne

Utilisateurs parcourant ce forum: Aucun utilisateur enregistré et 5 invités

cron