AU SECOURS! Besoin d'une etude de rapport d'analyse

Sécurité et insécurité. Virus, Trojans, Spywares, Failles etc. …

Modérateur: Modérateurs et Modératrices

Règles du forum
Assiste.com a suspendu l'assistance à la décontamination après presque 15 ans sur l'ancien forum puis celui-ci. Voir :

Procédure de décontamination 1 - Anti-malware
Décontamination anti-malwares

Procédure de décontamination 2 - Anti-malware et antivirus (La Manip)
La Manip - Procédure standard de décontamination

Entretien périodique d'un PC sous Windows
Entretien périodique d'un PC sous Windows

Protection des navigateurs, de la navigation et de la vie privée
Protéger le navigateur, la navigation et la vie privée

AU SECOURS! Besoin d'une etude de rapport d'analyse

Messagede annabelb » 12 Mai 2012, 12:13

Bonjour,
mon ordinateur a été infecté et tous mes fichiers ont été renommés en 'locked.***.extension.***
j'ai fait des recherches sur plusieurs forums car j'avais déjà eu l'écran 'Office national de la gendarmerie' me demandant 100€ il y a un mois, qui avait été résolu grâce à Roguekiller. Là par contre ça ne rétablit rien...
je suis ensuite venue sur votre site et j'ai suivi votre procédure (très bien détaillée merci) de demande d'étude, dont voici les résultats et rapports ci-dessous.
Un grand merci par avance, car là je suis bloquée (je n'ai pas de sauvegarde de mes fichiers...) et vraiment inquiète.
Merci encore,
Annabel

Rapport de Malwarebytes' Anti-Malware:

Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Version de la base de données: v2012.05.12.04

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
B@BOU :: BABOU [administrateur]

12/05/2012 12:50:10
mbam-log-2012-05-12 (13-06-29).txt

Type d'examen: Examen rapide
Options d'examen activées: Mémoire | Démarrage | Registre | Système de fichiers | Heuristique/Extra | Heuristique/Shuriken | PUP | PUM
Options d'examen désactivées: P2P
Elément(s) analysé(s): 207715
Temps écoulé: 15 minute(s), 37 seconde(s)

Processus mémoire détecté(s): 0
(Aucun élément nuisible détecté)

Module(s) mémoire détecté(s): 0
(Aucun élément nuisible détecté)

Clé(s) du Registre détectée(s): 13
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{2AA2FBF8-9C76-4E97-A226-25C5F4AB6358} (Adware.Hotbar) -> Aucune action effectuée.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{2AA2FBF8-9C76-4E97-A226-25C5F4AB6358} (Adware.Hotbar) -> Aucune action effectuée.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{90B8B761-DF2B-48AC-BBE0-BCC03A819B3B} (Adware.Zango) -> Aucune action effectuée.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{90B8B761-DF2B-48AC-BBE0-BCC03A819B3B} (Adware.Zango) -> Aucune action effectuée.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{6FD31ED6-7C94-4BBC-8E95-F927F4D3A949} (Adware.180Solutions) -> Aucune action effectuée.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{D95C7240-0282-4C01-93F5-673BCA03DA86} (Adware.Hotbar) -> Aucune action effectuée.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D95C7240-0282-4C01-93F5-673BCA03DA86} (Adware.Hotbar) -> Aucune action effectuée.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A078F691-9C07-4AF2-BF43-35E79EECF8B7} (Adware.Softomate) -> Aucune action effectuée.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{A078F691-9C07-4AF2-BF43-35E79EECF8B7} (Adware.Softomate) -> Aucune action effectuée.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{69725738-CD68-4f36-8D02-8C43722EE5DA} (Adware.Hotbar) -> Aucune action effectuée.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{A3E67DAA-DA01-4da5-98BE-3088B554A11E} (Adware.Hotbar) -> Aucune action effectuée.
HKCU\SOFTWARE\fcn (Rogue.Residue) -> Aucune action effectuée.
HKCU\SOFTWARE\Microsoft\Handle (Malware.Trace) -> Aucune action effectuée.

Valeur(s) du Registre détectée(s): 3
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System|DisableRegedit (Hijack.Regedit) -> Données: 1 -> Aucune action effectuée.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System|DisableRegedit (Hijack.Regedit) -> Données: 1 -> Aucune action effectuée.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup|RegistryMonitor2 (Malware.Trace) -> Données: 23669656 -> Aucune action effectuée.

Elément(s) de données du Registre détecté(s): 1
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon|Userinit (Hijack.UserInit) -> Mauvais: (C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\4BFE3E52C826B6908A32.exe,) Bon: (userinit.exe) -> Aucune action effectuée.

Dossier(s) détecté(s): 1
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Hotbar (Adware.Hotbar) -> Aucune action effectuée.

Fichier(s) détecté(s): 4
C:\Documents and Settings\All Users\Local Settings\Temp\msdubmn.bat (Trojan.Downloader) -> Aucune action effectuée.
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Hotbar\Hotbar Uninstall Instructions.lnk (Adware.Hotbar) -> Aucune action effectuée.
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Hotbar\Reset Cursor.lnk (Adware.Hotbar) -> Aucune action effectuée.
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Hotbar\Weather.lnk (Adware.Hotbar) -> Aucune action effectuée.

(fin)
annabelb
 
Messages: 3
Inscription: 12 Mai 2012, 11:23

Re: AU SECOURS! Besoin d'une etude de rapport d'analyse

Messagede annabelb » 12 Mai 2012, 12:15

(suite)

Voici le rapport OTL (en deux messages)

OTL.txt

OTL logfile created on: 12/05/2012 12:10:03 - Run 1
OTL by OldTimer - Version 3.2.42.3 Folder = C:\Documents and Settings\B@BOU\Bureau
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy

1014,36 Mb Total Physical Memory | 200,55 Mb Available Physical Memory | 19,77% Memory free
2,39 Gb Paging File | 1,79 Gb Available in Paging File | 74,78% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 71,04 Gb Total Space | 7,90 Gb Free Space | 11,11% Space Free | Partition Type: NTFS
Drive D: | 72,00 Gb Total Space | 8,79 Gb Free Space | 12,21% Space Free | Partition Type: NTFS

Computer Name: BABOU | User Name: B@BOU | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/05/12 11:37:24 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\B@BOU\Bureau\OTL.exe
PRC - [2011/10/24 22:32:00 | 000,055,144 | ---- | M] (Apple Inc.) -- C:\Program Files\Fichiers communs\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2011/01/17 19:09:00 | 011,322,880 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.exe
PRC - [2011/01/17 19:09:00 | 011,314,688 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.bin
PRC - [2008/10/20 11:32:54 | 002,768,896 | ---- | M] () -- C:\Program Files\Samsung\Samsung Battery Manager\BatteryManager.exe
PRC - [2008/10/06 19:07:26 | 000,679,936 | ---- | M] (SAMSUNG Electronics) -- C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe
PRC - [2008/09/17 14:25:46 | 000,580,200 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
PRC - [2008/04/14 14:00:00 | 001,037,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/12/20 21:40:30 | 000,659,456 | ---- | M] (Samsung Electronics,.LTD) -- C:\Program Files\Samsung\Samsung EDS\EDSAgent.exe


========== Modules (No Company Name) ==========

MOD - [2011/09/27 08:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files\Fichiers communs\Apple\Apple Application Support\zlib1.dll
MOD - [2011/09/27 08:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files\Fichiers communs\Apple\Apple Application Support\libxml2.dll
MOD - [2011/04/21 12:40:44 | 000,985,088 | ---- | M] () -- C:\Program Files\OpenOffice.org 3\program\libxml2.dll
MOD - [2008/10/20 11:32:54 | 002,768,896 | ---- | M] () -- C:\Program Files\Samsung\Samsung Battery Manager\BatteryManager.exe
MOD - [2008/09/17 14:20:08 | 002,842,624 | ---- | M] () -- C:\WINDOWS\system32\btwicons.dll
MOD - [2008/04/14 14:00:00 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2006/08/12 13:48:40 | 000,049,152 | ---- | M] () -- C:\Program Files\Samsung\Easy Display Manager\HookDllPS2.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt)
SRV - [2012/04/05 11:37:38 | 000,158,856 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2011/10/24 22:32:00 | 000,055,144 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Fichiers communs\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2008/05/13 09:44:00 | 000,077,480 | ---- | M] () [Auto | Stopped] -- C:\Program Files\Samsung\Samsung Update Plus\SLUBackgroundService.exe -- (Samsung Update Plus)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - [2012/05/11 20:14:20 | 000,014,080 | ---- | M] () [Kernel | On_Demand | Unknown] -- C:\WINDOWS\system32\drivers\TrueSight.sys -- (TrueSight)
DRV - [2008/11/07 11:04:00 | 000,291,328 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\yk51x86.sys -- (yukonwxp)
DRV - [2008/10/08 08:35:10 | 001,334,432 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\athw.sys -- (AR5416)
DRV - [2008/09/23 22:23:58 | 000,238,464 | ---- | M] (Vimicro Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\VMC326.sys -- (VMC326)
DRV - [2008/08/27 01:35:00 | 004,753,920 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2008/07/29 17:59:08 | 000,879,832 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btkrnl.sys -- (BTKRNL)
DRV - [2008/07/27 01:29:54 | 000,074,688 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB)
DRV - [2008/01/14 20:01:02 | 000,030,208 | ---- | M] (Samsung Electronics,.LTD) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SamsungEDS.SYS -- (DNSeFilter)
DRV - [2005/10/27 06:18:05 | 000,004,300 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\MEMIO.SYS -- (DOSMEMIO)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}


IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\.DEFAULT\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-18\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-2612249006-1248447604-3743574829-1005\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-2612249006-1248447604-3743574829-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
IE - HKU\S-1-5-21-2612249006-1248447604-3743574829-1005\..\SearchScopes,DefaultScope = {9D5BD211-422C-4164-9298-BB4186A30F31}
IE - HKU\S-1-5-21-2612249006-1248447604-3743574829-1005\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-2612249006-1248447604-3743574829-1005\..\SearchScopes\{06F605AB-2766-4ED7-A8FD-1231F7C7827E}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-2612249006-1248447604-3743574829-1005\..\SearchScopes\{9D5BD211-422C-4164-9298-BB4186A30F31}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&mkt=fr-FR&FORM=MICWU0
IE - HKU\S-1-5-21-2612249006-1248447604-3743574829-1005\..\SearchScopes\{C4FEFC92-A550-4CC8-8EAE-AE94C8C82A72}: "URL" = http://www.google.com/search?hl=en&q={searchTerms}
IE - HKU\S-1-5-21-2612249006-1248447604-3743574829-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2612249006-1248447604-3743574829-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.0.61118.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)



O1 HOSTS File: ([2010/06/27 14:21:52 | 000,408,609 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 14129 more lines...
O2 - BHO: (Aide pour le lien d'Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Programme d'aide de l'Assistant de connexion Windows Live) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll File not found
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll File not found
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll File not found
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll File not found
O3 - HKU\S-1-5-21-2612249006-1248447604-3743574829-1005\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll File not found
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\ALCMTR.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Fichiers communs\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [BatteryManager] C:\Program Files\Samsung\Samsung Battery Manager\BatteryManager.exe ()
O4 - HKLM..\Run: [DMHotKey] C:\Program Files\Samsung\Easy Display Manager\DMLoader.exe (SAMSUNG Electronics)
O4 - HKLM..\Run: [EDS] C:\Program Files\Samsung\Samsung EDS\EDSAgent.exe (Samsung Electronics,.LTD)
O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\BTTray.lnk = C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
O4 - Startup: C:\Documents and Settings\B@BOU\Menu Démarrer\Programmes\Démarrage\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
O4 - Startup: C:\Documents and Settings\B@BOU\Menu Démarrer\Programmes\Démarrage\OpenOffice.org 3.3.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegedit = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2612249006-1248447604-3743574829-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2612249006-1248447604-3743574829-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegedit = 1
O8 - Extra context menu item: Envoyer à Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O8 - Extra context menu item: Envoyer au périphérique &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O9 - Extra Button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll File not found
O9 - Extra 'Tools' menuitem : &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll File not found
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe File not found
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/200 ... oader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} http://www.mypix.com/fr/fr/importer/new ... oader5.cab (Image Uploader Control)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/200 ... ader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {87AF076E-D86D-4E87-ADDD-F05804E1F150} https://www.virginmega.fr/DownloadManag ... ownMan.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/fl ... rashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinsta ... s-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/s ... wflash.cab (Shockwave Flash Object)
O16 - DPF: {EDFCB7CB-942C-4822-AF14-F0B687409848} http://www.mypix.com/importer/ImageUploader4.cab (Image Uploader Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2235D39C-E897-44DE-BD11-2D335E45132E}: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL File not found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL File not found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Fichiers communs\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\4BFE3E52C826B6908A32.exe) - C:\WINDOWS\system32\4BFE3E52C826B6908A32.exe ()
O24 - Desktop Components:0 (Ma page d'accueil) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\B@BOU\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\B@BOU\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{889bccfb-e071-11df-8168-001377d8eefb}\Shell - "" = AutoRun
O33 - MountPoints2\{889bccfb-e071-11df-8168-001377d8eefb}\Shell\AutoRun\command - "" = "E:\WD SmartWare.exe" autoplay=true
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

NetSvcs: 6to4 - File not found
NetSvcs: AppMgmt - %SystemRoot%\System32\appmgmts.dll File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: SSHNAS - File not found

CREATERESTOREPOINT
Unable to start System Restore Service. Error code 1056
PhysicalDisk0 MBR saved to C:\PhysicalMBR.bin

========== Files/Folders - Created Within 30 Days ==========

[2012/05/12 11:49:07 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2012/05/12 11:47:24 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2012/05/12 11:47:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Démarrer\Programmes\ERUNT
[2012/05/12 11:45:58 | 000,791,393 | ---- | C] (Lars Hederer ) -- C:\Documents and Settings\B@BOU\Bureau\erunt-setup.exe
[2012/05/12 11:42:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\B@BOU\Application Data\Malwarebytes
[2012/05/12 11:42:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Malwarebytes' Anti-Malware
[2012/05/12 11:42:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2012/05/12 11:42:19 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012/05/12 11:42:19 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/05/12 11:41:00 | 010,063,000 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\B@BOU\Bureau\mbam-setup-1.61.0.1400.exe
[2012/05/12 11:37:19 | 000,595,456 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\B@BOU\Bureau\OTL.exe
[2012/05/11 20:29:28 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss
[2012/05/11 19:51:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\B@BOU\Application Data\Fmkyypcwf
[2012/05/10 23:09:35 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012/05/02 01:00:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\B@BOU\Application Data\Skype
[2012/05/02 01:00:28 | 000,000,000 | R--D | C] -- C:\Program Files\Skype
[2012/05/02 01:00:28 | 000,000,000 | ---D | C] -- C:\Program Files\Fichiers communs\Skype
[2012/05/02 01:00:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Skype
[2012/05/02 01:00:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Skype
[2012/04/22 15:54:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\B@BOU\Bureau\RK_Quarantine
[2012/04/22 15:35:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\B@BOU\Application Data\gizza
[2012/04/22 15:35:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Local Settings
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/05/12 12:13:27 | 000,000,512 | ---- | M] () -- C:\PhysicalMBR.bin
[2012/05/12 11:47:35 | 000,000,767 | ---- | M] () -- C:\Documents and Settings\B@BOU\Menu Démarrer\Programmes\Démarrage\ERUNT AutoBackup.lnk
[2012/05/12 11:47:25 | 000,000,611 | ---- | M] () -- C:\Documents and Settings\B@BOU\Bureau\NTREGOPT.lnk
[2012/05/12 11:47:25 | 000,000,592 | ---- | M] () -- C:\Documents and Settings\B@BOU\Bureau\ERUNT.lnk
[2012/05/12 11:46:44 | 000,005,024 | ---- | M] () -- C:\Documents and Settings\B@BOU\Bureau\erunt-loc_fr.zip
[2012/05/12 11:46:00 | 000,791,393 | ---- | M] (Lars Hederer ) -- C:\Documents and Settings\B@BOU\Bureau\erunt-setup.exe
[2012/05/12 11:42:22 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\Malwarebytes Anti-Malware.lnk
[2012/05/12 11:41:00 | 010,063,000 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\B@BOU\Bureau\mbam-setup-1.61.0.1400.exe
[2012/05/12 11:37:24 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\B@BOU\Bureau\OTL.exe
[2012/05/11 20:37:35 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/05/11 20:37:32 | 1063,702,528 | -HS- | M] () -- C:\hiberfil.sys
[2012/05/11 20:14:20 | 000,014,080 | ---- | M] () -- C:\WINDOWS\System32\drivers\TrueSight.sys
[2012/05/11 20:14:18 | 001,418,240 | ---- | M] () -- C:\Documents and Settings\B@BOU\Bureau\RogueKiller.exe
[2012/05/11 19:53:34 | 000,088,692 | ---- | M] () -- C:\Documents and Settings\B@BOU\Mes documents\locked-CV Marion Gaillard.pdf.oxdt
[2012/05/11 19:53:24 | 007,837,935 | ---- | M] () -- C:\Documents and Settings\B@BOU\Mes documents\locked-Cascada - Everytime we touch Candlelight version.mp3.myyp
[2012/05/11 19:53:24 | 002,837,789 | ---- | M] () -- C:\Documents and Settings\B@BOU\Mes documents\locked-Constance Chloe Mei.JPG.jfxo
[2012/05/11 19:53:24 | 002,818,911 | ---- | M] () -- C:\Documents and Settings\B@BOU\Mes documents\locked-Constance Chloe Mei 2.JPG.lnlz
[2012/05/11 19:53:24 | 000,034,816 | ---- | M] () -- C:\Documents and Settings\B@BOU\Mes documents\locked-Budget Babou.srhl
[2012/05/11 19:53:23 | 000,585,600 | ---- | M] () -- C:\Documents and Settings\B@BOU\Mes documents\locked-babou hamac.jpg.qfqn
[2012/05/11 19:53:23 | 000,088,388 | ---- | M] () -- C:\Documents and Settings\B@BOU\Mes documents\locked-babou summer 2010 (2).jpg.otoq
[2012/05/11 19:53:23 | 000,073,972 | ---- | M] () -- C:\Documents and Settings\B@BOU\Mes documents\locked-babou summer 2010.jpg.gpla
[2012/05/11 19:53:23 | 000,073,972 | ---- | M] () -- C:\Documents and Settings\B@BOU\Mes documents\locked-babou summer 2010 (3).jpg.mfkp
[2012/05/11 19:53:22 | 002,228,534 | ---- | M] () -- C:\Documents and Settings\B@BOU\Mes documents\locked-audacity-win-1.2.6.exe.mkmy
[2012/05/11 19:52:03 | 005,760,054 | ---- | M] () -- C:\Documents and Settings\B@BOU\Bureau\locked-Vaness et Babou.bmp.lvla
[2012/05/11 19:52:03 | 000,611,232 | ---- | M] () -- C:\Documents and Settings\B@BOU\Bureau\locked-saadia halima.pdf.fypw
[2012/05/11 19:52:03 | 000,176,189 | ---- | M] () -- C:\Documents and Settings\B@BOU\Bureau\locked-tableautarifsappels.jpg.rlhz
[2012/05/11 19:52:03 | 000,016,917 | ---- | M] () -- C:\Documents and Settings\B@BOU\Bureau\locked-Vacances Eyragues.cfyy
[2012/05/11 19:52:03 | 000,014,611 | ---- | M] () -- C:\Documents and Settings\B@BOU\Bureau\locked-Vacances Eyragues semaine 2.nrnb
[2012/05/11 19:52:03 | 000,008,192 | ---- | M] () -- C:\Documents and Settings\B@BOU\Bureau\locked-UK Road Trip Budget.xqnx
[2012/05/11 19:52:01 | 000,000,256 | ---- | M] () -- C:\Documents and Settings\B@BOU\Bureau\locked-Ref opposition Marion.rtf.gvgu
[2012/05/11 19:51:52 | 000,979,613 | ---- | M] () -- C:\Documents and Settings\B@BOU\Bureau\locked-Photo de classe Nathan 2009.gif.rshi
[2012/05/11 19:51:50 | 010,728,181 | ---- | M] () -- C:\Documents and Settings\B@BOU\Bureau\locked-Nicolas Le Floch dans le Vieux Mans.mp4.ywyr
[2012/05/11 19:51:50 | 000,005,128 | ---- | M] () -- C:\Documents and Settings\B@BOU\Bureau\locked-Note de frais GS.pdf.fwml
[2012/05/11 19:51:48 | 000,510,916 | ---- | M] () -- C:\Documents and Settings\B@BOU\Bureau\locked-Memo.m4a.lzih
[2012/05/11 19:51:48 | 000,188,833 | ---- | M] () -- C:\Documents and Settings\B@BOU\Bureau\locked-Marion DéclarationFévrier2012.pdf.ggur
[2012/05/11 19:51:48 | 000,009,102 | ---- | M] () -- C:\Documents and Settings\B@BOU\Bureau\locked-music to download.bzsh
[2012/05/11 19:51:46 | 004,240,025 | ---- | M] () -- C:\Documents and Settings\B@BOU\Bureau\locked-IMG_0944 1.MOV.ualp
[2012/05/11 19:51:46 | 004,117,181 | ---- | M] () -- C:\Documents and Settings\B@BOU\Bureau\locked-IMG_0944 2.MOV.rhir
[2012/05/11 19:51:46 | 003,040,131 | ---- | M] () -- C:\Documents and Settings\B@BOU\Bureau\locked-Le Tigre - Deceptacon.mp3.otxq
[2012/05/11 19:51:46 | 001,056,186 | ---- | M] () -- C:\Documents and Settings\B@BOU\Bureau\locked-IMG_1325.jpg.sihs
[2012/05/11 19:51:46 | 000,208,896 | ---- | M] () -- C:\Documents and Settings\B@BOU\Bureau\locked-lame_enc.dll.rgal
[2012/05/11 19:51:46 | 000,078,782 | ---- | M] () -- C:\Documents and Settings\B@BOU\Bureau\locked-Greys Anatomy - 8x15 - Have You Seen Me Lately .HDTV.Mouaaarrrrffffffff.fr.srt.jqxq
[2012/05/11 19:51:45 | 004,552,027 | ---- | M] () -- C:\Documents and Settings\B@BOU\Bureau\locked-Babou - c'est la crise!!!.MOV.lrzr
[2012/05/11 19:51:45 | 002,343,924 | ---- | M] () -- C:\Documents and Settings\B@BOU\Bureau\locked-arthur.jpg.uaug
[2012/05/11 19:51:45 | 001,292,094 | ---- | M] () -- C:\Documents and Settings\B@BOU\Bureau\locked-GIRLs MAP.bmp.nxft
[2012/05/11 19:51:45 | 000,366,101 | ---- | M] () -- C:\Documents and Settings\B@BOU\Bureau\arthur2.jpg
[2012/05/11 19:51:45 | 000,170,418 | ---- | M] () -- C:\Documents and Settings\B@BOU\Bureau\locked-CONFIRMATION BILLETS.pdf.yfpk
[2012/05/11 19:51:45 | 000,163,763 | ---- | M] () -- C:\Documents and Settings\B@BOU\Bureau\locked-Comment preparer sa note de frais GS.pdf.cyyf
[2012/05/11 19:51:45 | 000,034,304 | ---- | M] () -- C:\Documents and Settings\B@BOU\Bureau\locked-Budget Babou - Tish.wmwp
[2012/05/11 19:51:45 | 000,028,063 | ---- | M] () -- C:\Documents and Settings\B@BOU\Bureau\locked-CV Marion Gaillard.pdf.egvr
[2012/05/11 19:51:45 | 000,024,780 | ---- | M] () -- C:\Documents and Settings\B@BOU\Bureau\locked-EVJF Charlotte - Comptes.dnqo
[2012/05/11 19:51:45 | 000,015,595 | ---- | M] () -- C:\Documents and Settings\B@BOU\Bureau\locked-bonne nuit mon amour.erpe
[2012/05/11 19:51:20 | 000,072,192 | -H-- | M] () -- C:\WINDOWS\System32\4BFE3E52C826B6908A32.exe
[2012/05/11 07:09:32 | 000,123,728 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/05/10 23:11:10 | 000,501,586 | ---- | M] () -- C:\WINDOWS\System32\perfh00C.dat
[2012/05/10 23:11:10 | 000,433,138 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/05/10 23:11:10 | 000,081,394 | ---- | M] () -- C:\WINDOWS\System32\perfc00C.dat
[2012/05/10 23:11:10 | 000,068,094 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/05/10 23:06:22 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012/05/03 12:31:25 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/05/02 01:06:32 | 000,001,505 | ---- | M] () -- C:\Documents and Settings\B@BOU\Application Data\Microsoft\Internet Explorer\Quick Launch\Vuze.lnk
[2012/05/02 01:06:32 | 000,001,505 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\Vuze.lnk
[2012/05/02 01:00:45 | 000,002,265 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\Skype.lnk
[2012/04/21 14:47:07 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/05/12 12:13:27 | 000,000,512 | ---- | C] () -- C:\PhysicalMBR.bin
[2012/05/12 11:47:35 | 000,000,767 | ---- | C] () -- C:\Documents and Settings\B@BOU\Menu Démarrer\Programmes\Démarrage\ERUNT AutoBackup.lnk
[2012/05/12 11:47:25 | 000,000,611 | ---- | C] () -- C:\Documents and Settings\B@BOU\Bureau\NTREGOPT.lnk
[2012/05/12 11:47:25 | 000,000,592 | ---- | C] () -- C:\Documents and Settings\B@BOU\Bureau\ERUNT.lnk
[2012/05/12 11:46:42 | 000,005,024 | ---- | C] () -- C:\Documents and Settings\B@BOU\Bureau\erunt-loc_fr.zip
[2012/05/12 11:42:22 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\Malwarebytes Anti-Malware.lnk
[2012/05/11 20:14:20 | 000,014,080 | ---- | C] () -- C:\WINDOWS\System32\drivers\TrueSight.sys
[2012/05/11 20:14:13 | 001,418,240 | ---- | C] () -- C:\Documents and Settings\B@BOU\Bureau\RogueKiller.exe
[2012/05/11 19:51:30 | 000,960,056 | ---- | C] () -- C:\WINDOWS\System32\winsh324
[2012/05/11 19:51:30 | 000,960,056 | ---- | C] () -- C:\WINDOWS\System32\winsh323
[2012/05/11 19:51:30 | 000,960,056 | ---- | C] () -- C:\WINDOWS\System32\winsh322
[2012/05/11 19:51:30 | 000,960,056 | ---- | C] () -- C:\WINDOWS\System32\winsh321
[2012/05/11 19:51:30 | 000,960,056 | ---- | C] () -- C:\WINDOWS\System32\winsh320
[2012/05/11 19:51:20 | 000,072,192 | -H-- | C] () -- C:\WINDOWS\System32\4BFE3E52C826B6908A32.exe
[2012/05/02 01:06:32 | 000,001,505 | ---- | C] () -- C:\Documents and Settings\B@BOU\Application Data\Microsoft\Internet Explorer\Quick Launch\Vuze.lnk
[2012/05/02 01:06:32 | 000,001,505 | ---- | C] () -- C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Vuze.lnk
[2012/05/02 01:06:32 | 000,001,505 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\Vuze.lnk
[2012/05/02 01:00:28 | 000,002,265 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\Skype.lnk
[2012/02/15 07:12:08 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2011/02/17 11:17:40 | 000,003,425 | ---- | C] () -- C:\WINDOWS\System32\KBDR.INI
[2011/02/17 11:17:40 | 000,002,741 | ---- | C] () -- C:\WINDOWS\System32\KBDD.INI
[2011/02/17 11:17:40 | 000,002,699 | ---- | C] () -- C:\WINDOWS\System32\KBDO.INI
[2011/02/17 11:17:40 | 000,002,699 | ---- | C] () -- C:\WINDOWS\System32\KBDC.INI
[2011/02/17 11:17:40 | 000,002,606 | ---- | C] () -- C:\WINDOWS\System32\KBDB.INI
[2011/02/17 11:17:40 | 000,002,236 | ---- | C] () -- C:\WINDOWS\System32\KBDQ.INI
[2011/02/17 11:17:40 | 000,001,956 | ---- | C] () -- C:\WINDOWS\System32\KBDE.INI
[2011/02/17 11:17:40 | 000,001,885 | ---- | C] () -- C:\WINDOWS\System32\KBDP.INI
[2011/02/17 11:17:40 | 000,001,857 | ---- | C] () -- C:\WINDOWS\System32\KBDUU.INI
[2011/02/17 11:17:40 | 000,001,835 | ---- | C] () -- C:\WINDOWS\System32\KBDG.INI
[2011/02/17 11:17:40 | 000,001,835 | ---- | C] () -- C:\WINDOWS\System32\KBDA.INI
[2011/02/17 11:17:40 | 000,001,834 | ---- | C] () -- C:\WINDOWS\System32\KBDU.INI
[2011/02/17 11:17:40 | 000,001,819 | ---- | C] () -- C:\WINDOWS\System32\KBDN.INI
[2011/02/17 11:17:40 | 000,001,699 | ---- | C] () -- C:\WINDOWS\System32\KBDT.INI
[2011/02/17 11:17:40 | 000,001,697 | ---- | C] () -- C:\WINDOWS\System32\KBDV.INI
[2011/02/17 11:17:40 | 000,001,522 | ---- | C] () -- C:\WINDOWS\System32\KBDS.INI
[2011/02/17 11:17:40 | 000,001,476 | ---- | C] () -- C:\WINDOWS\System32\KBDF.INI

========== LOP Check ==========

[2011/11/08 08:10:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2009/04/20 22:59:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Azureus
[2008/12/30 23:41:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WLAN
[2010/04/03 12:59:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/10/07 23:27:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/04/20 23:10:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2009/12/24 14:46:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}
[2012/02/17 07:45:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\B@BOU\Application Data\Amazon
[2012/03/05 11:25:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\B@BOU\Application Data\Audacity
[2012/05/09 22:31:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\B@BOU\Application Data\Azureus
[2009/05/12 16:35:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\B@BOU\Application Data\FileZilla
[2012/05/11 19:51:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\B@BOU\Application Data\Fmkyypcwf
[2011/07/06 06:59:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\B@BOU\Application Data\FreeAudioPack
[2012/04/22 15:35:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\B@BOU\Application Data\gizza
[2011/11/21 00:38:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\B@BOU\Application Data\moovida-1
[2010/07/14 11:05:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\B@BOU\Application Data\OfferBox
[2009/04/15 21:51:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\B@BOU\Application Data\OpenOffice.org

========== Purity Check ==========



========== Custom Scans ==========

< %SYSTEMDRIVE%\*.exe >

< MD5 for: AGP440.SYS >
[2008/04/14 14:00:00 | 020,102,028 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2008/04/14 14:00:00 | 020,102,028 | ---- | M] () .cab file -- C:\WINDOWS\I386\sp3.cab:AGP440.sys

< MD5 for: ATAPI.SYS >
[2008/04/14 14:00:00 | 020,102,028 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2008/04/14 14:00:00 | 020,102,028 | ---- | M] () .cab file -- C:\WINDOWS\I386\sp3.cab:atapi.sys
[2009/12/21 03:20:50 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\dllcache\atapi.sys
[2009/12/21 03:20:50 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2008/04/14 14:00:00 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\ReinstallBackups\0003\DriverFiles\i386\atapi.sys

< MD5 for: CTFMON.EXE >
[2008/04/14 14:00:00 | 000,015,360 | ---- | M] (Microsoft Corporation) MD5=59DC5BB82E4C8E0B3EADCFDBC44BA6E4 -- C:\WINDOWS\system32\ctfmon.exe
[2008/04/14 14:00:00 | 000,015,360 | ---- | M] (Microsoft Corporation) MD5=59DC5BB82E4C8E0B3EADCFDBC44BA6E4 -- C:\WINDOWS\system32\dllcache\ctfmon.exe

< MD5 for: EVENTLOG.DLL >
[2008/04/14 14:00:00 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=4EC800BDF80521B0207BD2301DFC7D14 -- C:\WINDOWS\system32\dllcache\eventlog.dll
[2008/04/14 14:00:00 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=4EC800BDF80521B0207BD2301DFC7D14 -- C:\WINDOWS\system32\eventlog.dll

< MD5 for: EXPLORER.EXE >
[2008/04/14 14:00:00 | 001,037,824 | ---- | M] (Microsoft Corporation) MD5=F2317622D29F9FF0F88AEECD5F60F0DD -- C:\WINDOWS\explorer.exe
[2008/04/14 14:00:00 | 001,037,824 | ---- | M] (Microsoft Corporation) MD5=F2317622D29F9FF0F88AEECD5F60F0DD -- C:\WINDOWS\system32\dllcache\explorer.exe

< MD5 for: NETLOGON.DLL >
[2008/04/14 14:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=04821179C3171554C1BD1F9888A113E2 -- C:\WINDOWS\system32\dllcache\netlogon.dll
[2008/04/14 14:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=04821179C3171554C1BD1F9888A113E2 -- C:\WINDOWS\system32\netlogon.dll

< MD5 for: SCECLI.DLL >
[2008/04/14 14:00:00 | 000,187,392 | ---- | M] (Microsoft Corporation) MD5=973B36634C544948C663E8269AA1B3A3 -- C:\WINDOWS\system32\dllcache\scecli.dll
[2008/04/14 14:00:00 | 000,187,392 | ---- | M] (Microsoft Corporation) MD5=973B36634C544948C663E8269AA1B3A3 -- C:\WINDOWS\system32\scecli.dll

< MD5 for: USERINIT.EXE >
[2008/04/14 14:00:00 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=E74DDB12188C2FF57A78624DBF7332FC -- C:\WINDOWS\system32\dllcache\userinit.exe
[2008/04/14 14:00:00 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=E74DDB12188C2FF57A78624DBF7332FC -- C:\WINDOWS\system32\userinit.exe

< MD5 for: WINLOGON.EXE >
[2012/04/04 15:56:38 | 000,199,240 | ---- | M] () MD5=097D0E812D7A9A3101CE46CB2BE0474D -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2008/04/14 14:00:00 | 000,512,000 | ---- | M] (Microsoft Corporation) MD5=DD73D6B9F6B4CB630CF35B438B540174 -- C:\WINDOWS\system32\dllcache\winlogon.exe
[2008/04/14 14:00:00 | 000,512,000 | ---- | M] (Microsoft Corporation) MD5=DD73D6B9F6B4CB630CF35B438B540174 -- C:\WINDOWS\system32\winlogon.exe

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< End of report >
annabelb
 
Messages: 3
Inscription: 12 Mai 2012, 11:23

Re: AU SECOURS! Besoin d'une etude de rapport d'analyse

Messagede annabelb » 12 Mai 2012, 12:17

et extras.txt:

OTL Extras logfile created on: 12/05/2012 12:10:03 - Run 1
OTL by OldTimer - Version 3.2.42.3 Folder = C:\Documents and Settings\B@BOU\Bureau
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy

1014,36 Mb Total Physical Memory | 200,55 Mb Available Physical Memory | 19,77% Memory free
2,39 Gb Paging File | 1,79 Gb Available in Paging File | 74,78% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 71,04 Gb Total Space | 7,90 Gb Free Space | 11,11% Space Free | Partition Type: NTFS
Drive D: | 72,00 Gb Total Space | 8,79 Gb Free Space | 12,21% Space Free | Partition Type: NTFS

Computer Name: BABOU | User Name: B@BOU | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

[HKEY_USERS\S-1-5-21-2612249006-1248447604-3743574829-1005\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" = C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" = C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live FolderShare

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\WINDOWS\system32\dpvsetup.exe" = C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test -- (Microsoft Corporation)
"C:\Program Files\Messenger\msmsgs.exe" = C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call
"C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe -- (Hewlett-Packard)
"C:\Documents and Settings\B@BOU\Local Settings\Temp\7zSAC.tmp\setup\HPZnui01.exe" = C:\Documents and Settings\B@BOU\Local Settings\Temp\7zSAC.tmp\setup\HPZnui01.exe:*:Enabled:hpznui01.exe
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" = C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" = C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live FolderShare
"C:\Program Files\Fluendo\Moovida\Moovida.exe" = C:\Program Files\Fluendo\Moovida\Moovida.exe:*:Enabled:Moovida
"C:\Program Files\ShareTheMusic\app\stm-agent.exe" = C:\Program Files\ShareTheMusic\app\stm-agent.exe:*:Enabled:STM Agent
"C:\Program Files\Fichiers communs\Apple\Apple Application Support\WebKit2WebProcess.exe" = C:\Program Files\Fichiers communs\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit -- (Apple Inc.)
"C:\Program Files\Vuze\Azureus.exe" = C:\Program Files\Vuze\Azureus.exe:*:Enabled:Azureus / Vuze -- (Vuze Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{05653DE1-6567-40C6-B930-39D399B64369}" = OpenOffice.org 3.3
"{09BDEEF0-5590-457D-89A9-5DB2742F9BBF}" = 32 Bit HP CIO Components Installer
"{0F7C2E47-089E-4d23-B9F7-39BE00100776}" = Toolbox
"{0FC65BD2-FB46-4E89-AEB9-C5CB53E4BC1F}_is1" = JkDefrag 3.36
"{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}" = Samsung Recovery Solution III
"{17283B95-21A8-4996-97DA-547A48DB266F}" = Easy Display Manager
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Outil de téléchargement Windows Live
"{2075CB0A-D26F-4DAA-B424-5079296B43BA}" = Windows Live FolderShare
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216014FF}" = Java(TM) 6 Update 21
"{3248F0A8-6813-11D6-A77B-00B0D0150000}" = J2SE Runtime Environment 5.0
"{32D6A58F-9659-446C-BBFC-E6F2B41F24DC}" = Samsung Magic Doctor
"{343666E2-A059-48AC-AD67-230BF74E2DB2}" = Apple Application Support
"{350C940c-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{4634B21A-CC07-4396-890C-2B8168661FEA}" = Windows Live Writer
"{46ABBC54-1872-4AA3-95E2-F2C063A63F31}" = Installation Windows Live
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{5CBB720F-08E6-4043-B83F-76C277AF6DE7}" = Samsung Wallpaper
"{5DD76286-9BE7-4894-A990-E905E91AC818}" = Windows Live Mail
"{685707A4-911C-468D-BFC4-64A50E5E3A0C}" = Samsung Update Plus
"{6F730513-8688-4C3C-90A3-6B9792CE2EF3}" = Samsung Battery Manager
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{71A51B59-E7D3-11DB-A386-005056C00008}" = Namuga 1.3M Webcam
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{770F1BEC-2871-4E70-B837-FB8525FFA3B1}" = Windows Live Messenger
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7B46F9CF-CF60-492E-816E-95EB1A9D1BB4}" = Play Camera
"{80533B67-C407-485D-8B5D-63BB8ED9D878}" = Scan
"{8153ED9A-C94A-426E-9880-5E6775C08B62}" = Apple Mobile Device Support
"{82C7B308-0BDD-49D8-8EA5-9CD3A3F9DF41}" = Windows Live Call
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{84814E6B-2581-46EC-926A-823BD1C670F6}" = WIDCOMM Bluetooth Software
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{86D3D561-D1FD-4d57-8395-20030467E0F9}" = HP Photosmart All-In-One Driver Software 10.0 Rel .2
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A7581D39-EA20-4883-A480-80C21047052B}" = Easy Network Manager
"{ABB14904-A11B-4F42-996C-80FD608A0F17}" = Samsung EDS
"{AC76BA86-7AD7-1036-7B44-A81200000003}" = Adobe Reader 8.1.2 - Français
"{ACDE260A-602B-4cfb-A650-D0DBA6FFAD85}" = NetDeviceManager
"{B131E59D-202C-43C6-84C9-68F0C37541F1}" = Galerie de photos Windows Live
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{c4549405-195f-4450-8865-6be9dc5ad136}" = PS_AIO_02_Software_Min
"{C9E14402-3631-4182-B377-6B0DFB1C0339}" = QuickTime
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{DCE8CD14-FBF5-4464-B9A4-E18E473546C7}" = Assistant de connexion Windows Live
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.9
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F4F41D14-E0DD-4FB4-AA09-A14225C769BD}" = Atheros WLAN Client
"{F6D6B258-E3CA-4AAC-965A-68D3E3140A8C}" = iTunes
"{F7D27C70-90F5-49B9-B188-0A133C0CE353}" = Windows Live Toolbar
"8461-7759-5462-8226" = Vuze
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Audacity 1.3 Beta (Unicode)_is1" = Audacity 1.3.11 (Unicode)
"AVS Update Manager_is1" = AVS Update Manager 1.0
"CCleaner" = CCleaner (remove only)
"ERUNT_is1" = ERUNT 1.1j
"FormatFactory" = FormatFactory 2.70
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"ie8" = Windows Internet Explorer 8
"InstallShield_{685707A4-911C-468D-BFC4-64A50E5E3A0C}" = Samsung Update Plus
"InstallShield_{7B46F9CF-CF60-492E-816E-95EB1A9D1BB4}" = Play Camera
"KLiteCodecPack_is1" = K-Lite Codec Pack 5.4.4 (Full)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.61.0.1400
"Marvell Miniport Driver" = Marvell Miniport Driver
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"VLC media player" = VLC media player 1.0.5
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Lecteur Windows Media 11
"WinLiveSuite_Wave3" = Installation Windows Live
"WinRAR archiver" = Logiciel d'archivage WinRAR
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-2612249006-1248447604-3743574829-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Live Search" = Notification Live Search

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 04/04/2012 01:37:29 | Computer Name = BABOU | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 26693547

Error - 04/04/2012 01:37:29 | Computer Name = BABOU | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 26693547

Error - 04/04/2012 17:47:05 | Computer Name = BABOU | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 04/04/2012 17:47:06 | Computer Name = BABOU | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 1968

Error - 04/04/2012 17:47:06 | Computer Name = BABOU | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 1968

Error - 04/04/2012 17:47:08 | Computer Name = BABOU | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 04/04/2012 17:47:08 | Computer Name = BABOU | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 4453

Error - 04/04/2012 17:47:08 | Computer Name = BABOU | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 4453

Error - 04/04/2012 17:47:10 | Computer Name = BABOU | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 04/04/2012 17:47:10 | Computer Name = BABOU | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 6484

[ System Events ]
Error - 11/05/2012 14:02:55 | Computer Name = BABOU | Source = Ntfs | ID = 262199
Description = La structure du système de fichiers sur le disque est endommagée et
inutilisable. Veuillez exécuter l'utilitaire chkdsk sur le volume D:.

Error - 11/05/2012 14:02:56 | Computer Name = BABOU | Source = SRService | ID = 104
Description = Le processus d'initialisation de la restauration du système a échoué.

Error - 11/05/2012 14:03:06 | Computer Name = BABOU | Source = Service Control Manager | ID = 7023
Description = Le service Service de restauration système s'est arrêté avec l'erreur :
%%2

Error - 11/05/2012 14:20:27 | Computer Name = BABOU | Source = SRService | ID = 104
Description = Le processus d'initialisation de la restauration du système a échoué.

Error - 11/05/2012 14:20:30 | Computer Name = BABOU | Source = Ntfs | ID = 262199
Description = La structure du système de fichiers sur le disque est endommagée et
inutilisable. Veuillez exécuter l'utilitaire chkdsk sur le volume D:.

Error - 11/05/2012 14:20:30 | Computer Name = BABOU | Source = Ntfs | ID = 262199
Description = La structure du système de fichiers sur le disque est endommagée et
inutilisable. Veuillez exécuter l'utilitaire chkdsk sur le volume D:.

Error - 11/05/2012 14:20:38 | Computer Name = BABOU | Source = Service Control Manager | ID = 7023
Description = Le service Service de restauration système s'est arrêté avec l'erreur :
%%2

Error - 11/05/2012 14:20:58 | Computer Name = BABOU | Source = Dhcp | ID = 1001
Description = Le réseau n'a attribué aucune adresse à votre ordinateur (par le serveur
DHCP)
pour la carte réseau avec l'adresse réseau 00242B9D0B3C. Il s'est produit l'erreur
suivante : %%1223. Votre ordinateur va continuer à essayer d'obtenir sa propre adresse
auprès du serveur d'adresse réseau (DHCP).

Error - 11/05/2012 14:37:43 | Computer Name = BABOU | Source = Ntfs | ID = 262199
Description = La structure du système de fichiers sur le disque est endommagée et
inutilisable. Veuillez exécuter l'utilitaire chkdsk sur le volume D:.

Error - 11/05/2012 14:37:43 | Computer Name = BABOU | Source = Ntfs | ID = 262199
Description = La structure du système de fichiers sur le disque est endommagée et
inutilisable. Veuillez exécuter l'utilitaire chkdsk sur le volume D:.


< End of report >
annabelb
 
Messages: 3
Inscription: 12 Mai 2012, 11:23

Re: AU SECOURS! Besoin d'une etude de rapport d'analyse

Messagede nickW » 13 Mai 2012, 00:17

Bonsoir,

Au vu de la non-mise à jour de nombreux logiciels sur ce PC, l'infection a pu s'installer sans problème!
Exemples:
Java(TM) 6 Update 21
Adobe Flash Player 10



Les outils de nettoyage de cette infection ont besoin d'une version non cryptée d'un des fichiers qui a été crypté (renommé en "locked-*****").

Penses-tu pouvoir en trouver une (sauvegarde sur périphérique externe par exemple)?

A suivre,
nickW - Image
30/07/2012: Plus de désinfection de PC jusqu'à nouvel ordre.
Pas de demande d'analyse de log en MP (Message Privé)
Mes configs
Avatar de l’utilisateur
nickW
Modérateur
 
Messages: 21698
Inscription: 20 Mai 2004, 17:41
Localisation: Dordogne/Île de France


Retourner vers Sécurité (Contamination - Décontamination)

Qui est en ligne

Utilisateurs parcourant ce forum: Aucun utilisateur enregistré et 7 invités