odranix
-
Compteur de contenus
15 -
Inscription
-
Dernière visite
odranix's Achievements
Junior Member (3/12)
0
Réputation sur la communauté
-
[Résolu] PC Infecté - Pas de possibilité de réinstallation d'antiv
odranix a répondu à un(e) sujet de odranix dans Analyses et éradication malwares
Merci beaucoup pour ton aide précieuse. J'attaque les différentes lectures conseillées et les mises à jour ASAP. -
[Résolu] PC Infecté - Pas de possibilité de réinstallation d'antiv
odranix a répondu à un(e) sujet de odranix dans Analyses et éradication malwares
Bonjour et merci de ton aide. ci-joint le rapport Hijack Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 2:55:11 PM, on 12/13/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16945) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe c:\Program Files\Microsoft Security Essentials\MsMpEng.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\1\FTRTSVC.exe C:\Program Files\System Control Manager\MSIService.exe C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe C:\WINDOWS\system32\PSIService.exe C:\Program Files\Cyberlink\Shared files\RichVideo.exe C:\Program Files\Serveur Media\twonkymediaserverwatchdog.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Serveur Media\TwonkyMediaServer.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\WINDOWS\RTHDCPL.EXE C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\System Control Manager\MGSysCtrl.exe C:\Program Files\CardDetector\ICON225\CardDetector.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe C:\Program Files\CardDetector\HUAWEI160\CardDetector.exe C:\WINDOWS\system32\igfxsrvc.exe C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe C:\Program Files\Microsoft Security Essentials\msseces.exe C:\Program Files\Messenger\msmsgs.exe C:\WINDOWS\system32\wbem\unsecapp.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Serveur Media\twonkymediaserverconfig.exe C:\Program Files\OpenOffice.org 3\program\soffice.exe C:\Program Files\Serveur Media\bgtrans.exe C:\Program Files\OpenOffice.org 3\program\soffice.bin C:\WINDOWS\System32\svchost.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Documents and Settings\Brossard Jean-Yves\Bureau\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://orange.fr R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://fr.search.yahoo.com/search?fr=mcafee&p=%s R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file) O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O2 - BHO: (no name) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - (no file) O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [uCam_Menu] "C:\Program Files\HomeCinema\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\HomeCinema\YouCam" update "Software\CyberLink\YouCam\1.0" O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\HomeCinema\PowerDVD\Language\Language.exe" O4 - HKLM\..\Run: [MGSysCtrl] C:\Program Files\System Control Manager\MGSysCtrl.exe O4 - HKLM\..\Run: [CardDetectorICON225] C:\Program Files\CardDetector\ICON225\CardDetector.exe O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup O4 - HKLM\..\Run: [toolbar_eula_launcher] C:\Program Files\GoogleEULA\EULALauncher.exe O4 - HKLM\..\Run: [CardDetectorHUAWEI160] C:\Program Files\CardDetector\HUAWEI160\CardDetector.exe O4 - HKLM\..\Run: [bEWINTERNET-FR-DMGP-V2SessionManager] "C:\Program Files\Orange\IEWInternet\SessionManager\SessionManager.exe" O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe O4 - HKLM\..\Run: [iSUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [MSSE] "c:\Program Files\Microsoft Security Essentials\msseces.exe" -hide O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: OpenOffice.org 3.0.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Agent Serveur Média.lnk = C:\Program Files\Serveur Media\twonkymediaserverconfig.exe O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1211958002140 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1219373900531 O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - (no file) O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL O23 - Service: Adobe Active File Monitor (AdobeActiveFileMonitor) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe O23 - Service: BGRaSvc - Unknown owner - C:\Program Files\BullGuard Software\BullGuard\support\bgrasvc.exe (file missing) O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom SA - C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\1\FTRTSVC.exe O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktopManager.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Lavasoft Ad-Aware Service - Unknown owner - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (file missing) O23 - Service: Micro Star SCM - Unknown owner - C:\Program Files\System Control Manager\MSIService.exe O23 - Service: Photoshop Elements Device Connect (PhotoshopElementsDeviceConnect) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\Cyberlink\Shared files\RichVideo.exe O23 - Service: Serveur Média - PacketVideo - C:\Program Files\Serveur Media\twonkymediaserverwatchdog.exe -- End of file - 9434 bytes -
[Résolu] PC Infecté - Pas de possibilité de réinstallation d'antiv
odranix a répondu à un(e) sujet de odranix dans Analyses et éradication malwares
Bonjour et merci J'ai bien lancé OTC mais reboot et pas de rapport et plus d'OTC sur le bureau. Par contre, j'ai fait une analyse Mabm, plus rien. et un Ccleaner sur les données applications et registres. Mais il ne restait pas grand chose non plus. J'ai par ailleurs installé microsoft security essentiel, il n'a pas l'air trop mal. Une analyse complète où il a détecté le H8SRT en quarantaine et détruit. Voilà où j'en suis. -
[Résolu] PC Infecté - Pas de possibilité de réinstallation d'antiv
odranix a répondu à un(e) sujet de odranix dans Analyses et éradication malwares
IL me semble que les choses rentrent dans l'ordre. J'en ai profité pour virer les traces de Mc Afee avec MCPRE. Que dois je désinstaller (Combofix, Avenger...) et surtout que dois je installer comme protection efficace et peu gourmande, l'expérience Mc Afee est pas top. Merci par avance. -
[Résolu] PC Infecté - Pas de possibilité de réinstallation d'antiv
odranix a répondu à un(e) sujet de odranix dans Analyses et éradication malwares
et le rapport combofix ComboFix 09-12-08.07 - Brossard Jean-Yves 12/11/2009 13:03:38.1.2 - x86 Microsoft Windows XP Édition familiale 5.1.2600.3.1252.41.1036.18.1013.585 [GMT 1:00] Lancé depuis: c:\documents and settings\Brossard Jean-Yves\Bureau\ComboFix.exe . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . c:\windows\system32\drivers\H8SRTmrfvdppbav.sys c:\windows\system32\H8SRTbwuiuigrpd.dll c:\windows\system32\h8srtcfg.dat c:\windows\system32\H8SRTweybdqvmph.dat c:\windows\system32\H8SRTwgmjthxmto.dll c:\windows\system32\srcr.dat . ((((((((((((((((((((((((((((( Fichiers créés du 2009-11-11 au 2009-12-11 )))))))))))))))))))))))))))))))))))) . 2009-12-10 17:41 . 2009-12-10 17:44 -------- d-----w- c:\program files\ZHPDiag 2009-12-09 21:51 . 2009-12-09 22:17 -------- d-----w- c:\windows\BDOSCAN8 2009-12-09 21:02 . 2009-12-09 21:31 -------- d-----w- C:\9af9efbcc1e5a3fc01454e 2009-12-09 14:55 . 2009-12-09 15:03 -------- d-----w- c:\program files\Spybot - Search & Destroy 2009-12-09 10:49 . 2009-12-09 20:28 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft 2009-12-08 21:04 . 2009-12-08 21:04 -------- d-----w- C:\_OTM 2009-12-08 20:53 . 2009-12-09 08:28 -------- d-----w- c:\program files\Fichiers communs\PC Tools 2009-12-08 20:53 . 2009-12-09 08:24 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP 2009-12-08 20:16 . 2009-07-28 14:33 55656 ----a-w- c:\windows\system32\drivers\avgntflt.sys 2009-12-08 12:58 . 2001-08-23 16:04 12288 -c--a-w- c:\windows\system32\dllcache\mouhid.sys 2009-12-08 12:58 . 2001-08-23 16:04 12288 ----a-w- c:\windows\system32\drivers\mouhid.sys 2009-12-08 12:58 . 2008-04-13 10:45 10368 -c--a-w- c:\windows\system32\dllcache\hidusb.sys 2009-12-08 12:58 . 2008-04-13 10:45 10368 ----a-w- c:\windows\system32\drivers\hidusb.sys 2009-11-17 19:08 . 2009-11-17 19:08 -------- d-----w- c:\program files\Audacity 2009-11-17 07:13 . 2005-06-06 10:29 110592 ----a-w- c:\documents and settings\Brossard Jean-Yves\Application Data\U3\temp\cleanup.exe 2009-11-17 06:52 . 2009-11-17 19:23 -------- d-----w- c:\documents and settings\Brossard Jean-Yves\Application Data\U3 . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2009-12-11 12:10 . 2009-10-04 16:13 -------- d-----w- c:\documents and settings\All Users\Application Data\Serveur Média 2009-12-11 12:10 . 2009-10-04 16:13 -------- d-----w- c:\program files\Serveur Media 2009-12-09 21:33 . 2008-05-28 13:58 85798 ----a-w- c:\windows\system32\perfc00C.dat 2009-12-09 21:33 . 2008-05-28 13:58 512442 ----a-w- c:\windows\system32\perfh00C.dat 2009-12-09 15:55 . 2009-05-14 06:22 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee 2009-12-09 15:55 . 2009-05-14 06:27 -------- d-----w- c:\program files\McAfee 2009-12-09 08:23 . 2008-05-28 06:06 -------- d--h--w- c:\program files\InstallShield Installation Information 2009-12-09 02:34 . 2009-02-09 17:42 58272 ----a-w- c:\documents and settings\Brossard Jean-Yves\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-12-06 18:09 . 2009-02-10 09:15 1 ----a-w- c:\documents and settings\Brossard Jean-Yves\Application Data\OpenOffice.org\3\user\uno_packages\cache\stamp.sys 2009-11-22 21:45 . 2008-05-28 09:18 -------- d-----w- c:\program files\Fichiers communs\Adobe 2009-11-21 15:58 . 2008-05-28 13:55 471552 ----a-w- c:\windows\AppPatch\aclayers.dll 2009-10-29 07:44 . 2008-05-28 13:57 832512 ----a-w- c:\windows\system32\wininet.dll 2009-10-29 07:44 . 2008-05-28 13:56 78336 ----a-w- c:\windows\system32\ieencode.dll 2009-10-29 07:44 . 2008-05-28 13:55 17408 ----a-w- c:\windows\system32\corpol.dll 2009-10-21 05:39 . 2008-05-28 13:57 75776 ----a-w- c:\windows\system32\strmfilt.dll 2009-10-21 05:39 . 2008-05-28 13:56 25088 ----a-w- c:\windows\system32\httpapi.dll 2009-10-20 16:20 . 2008-04-13 11:53 265728 ----a-w- c:\windows\system32\drivers\http.sys 2009-10-13 10:33 . 2008-05-28 13:57 271360 ----a-w- c:\windows\system32\oakley.dll 2009-10-12 13:39 . 2008-05-28 13:57 79872 ----a-w- c:\windows\system32\raschap.dll 2009-10-12 13:39 . 2008-05-28 13:57 150528 ----a-w- c:\windows\system32\rastls.dll . ((((((((((((((((((((((((((((((((( Points de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-13 1695232] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-12-19 135168] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-12-19 159744] "Persistence"="c:\windows\system32\igfxpers.exe" [2007-12-19 131072] "RTHDCPL"="RTHDCPL.EXE" [2008-05-07 16862208] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-01-11 1028096] "UCam_Menu"="c:\program files\HomeCinema\YouCam\MUITransfer\MUIStartMenu.exe" [2007-09-13 222504] "LanguageShortcut"="c:\program files\HomeCinema\PowerDVD\Language\Language.exe" [2007-01-08 52256] "MGSysCtrl"="c:\program files\System Control Manager\MGSysCtrl.exe" [2008-06-10 782336] "CardDetectorICON225"="c:\program files\CardDetector\ICON225\CardDetector.exe" [2007-11-13 278528] "Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-08-22 220160] "toolbar_eula_launcher"="c:\program files\GoogleEULA\EULALauncher.exe" [2007-02-09 16896] "CardDetectorHUAWEI160"="c:\program files\CardDetector\HUAWEI160\CardDetector.exe" [2008-09-25 274432] "BEWINTERNET-FR-DMGP-V2SessionManager"="c:\program files\Orange\IEWInternet\SessionManager\SessionManager.exe" [2008-09-25 131824] "HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb09.exe" [2003-12-04 176128] "ISUSPM Startup"="c:\progra~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-06-14 221184] "ISUSScheduler"="c:\program files\Fichiers communs\InstallShield\UpdateService\issch.exe" [2005-06-10 81920] "Adobe ARM"="c:\program files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] c:\documents and settings\Brossard Jean-Yves\Menu D‚marrer\Programmes\D‚marrage\ OpenOffice.org 3.0.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2008-12-15 384000] c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\ Adobe Gamma Loader.lnk - c:\program files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe [2004-10-12 113664] Agent Serveur M‚dia.lnk - c:\program files\Serveur Media\twonkymediaserverconfig.exe [2009-8-18 231056] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service] @="Service" [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "c:\\WINDOWS\\system32\\sessmgr.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\Program Files\\MSN Messenger\\msnmsgr.exe"= "c:\\WINDOWS\\system32\\fxsclnt.exe"= "c:\\Program Files\\NetMeeting\\Conf.exe"= "c:\\Program Files\\Orange\\IEWInternet\\Connectivity\\ConnectivityManager.exe"= "c:\\Program Files\\Serveur Media\\twonkymediaserverwatchdog.exe"= "c:\\Program Files\\Serveur Media\\twonkymediaserver.exe"= "c:\\Program Files\\Serveur Media\\bgtrans.exe"= R2 AdobeActiveFileMonitor;Adobe Active File Monitor;c:\program files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe [10/12/2004 4:47 AM 98304] R2 Micro Star SCM;Micro Star SCM;c:\program files\System Control Manager\MSIService.exe [6/10/2008 10:53 AM 159744] R2 PhotoshopElementsDeviceConnect;Photoshop Elements Device Connect;c:\program files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe [10/12/2004 3:40 AM 118784] R2 Serveur Média;Serveur Média;c:\program files\Serveur Media\twonkymediaserverwatchdog.exe -serviceversion 0 --> c:\program files\Serveur Media\twonkymediaserverwatchdog.exe -serviceversion 0 [?] R3 RSUSBSTOR;RTS5121.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RTS5121.sys [6/10/2008 11:26 AM 156160] R3 RT80x86;Ralink 802.11n Wireless Driver;c:\windows\system32\drivers\rt2860.sys [5/28/2008 7:29 AM 572416] S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys --> c:\windows\system32\DRIVERS\Lbd.sys [?] S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;"c:\program files\Lavasoft\Ad-Aware\AAWService.exe" --> c:\program files\Lavasoft\Ad-Aware\AAWService.exe [?] S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [12/8/2009 4:31 PM 203280] S3 BGRaSvc;BGRaSvc;"c:\program files\BullGuard Software\BullGuard\support\bgrasvc.exe" --> c:\program files\BullGuard Software\BullGuard\support\bgrasvc.exe [?] S3 GT72NDISIPXP;GT 72 IP NDIS;c:\windows\system32\drivers\Gt51Ip.sys [7/11/2008 9:34 AM 95744] S3 GT72UBUS;GT 72 U BUS;c:\windows\system32\drivers\gt72ubus.sys [7/11/2008 9:34 AM 51968] S3 hwusbfake;Huawei DataCard USB Fake;c:\windows\system32\drivers\ewusbfake.sys [2/10/2009 8:40 AM 99840] . ------- Examen supplémentaire ------- . uStart Page = hxxp://orange.fr uSearchURL,(Default) = hxxp://fr.search.yahoo.com/search?fr=mcafee&p=%s IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000 DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://www.bitdefender.fr/scan_fr/scan8/oscan8.cab FF - ProfilePath - c:\documents and settings\Brossard Jean-Yves\Application Data\Mozilla\Firefox\Profiles\rymz3t45.default\ FF - prefs.js: browser.startup.homepage - hxxp://orange.fr/ FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-12-11 13:10 Windows 5.1.2600 Service Pack 3 NTFS Recherche de processus cachés ... Recherche d'éléments en démarrage automatique cachés ... Recherche de fichiers cachés ... Scan terminé avec succès Fichiers cachés: 0 ************************************************************************** . --------------------- DLLs chargées dans les processus actifs --------------------- - - - - - - - > 'explorer.exe'(3804) c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll c:\windows\system32\eappprxy.dll . ------------------------ Autres processus actifs ------------------------ . c:\progra~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\1\FTRTSVC.exe c:\windows\system32\PSIService.exe c:\program files\Cyberlink\Shared files\RichVideo.exe c:\program files\Serveur Media\twonkymediaserverwatchdog.exe c:\program files\Serveur Media\TwonkyMediaServer.exe c:\windows\system32\wscntfy.exe c:\windows\RTHDCPL.EXE c:\windows\system32\igfxsrvc.exe c:\program files\Google\Google Desktop Search\GoogleDesktopIndex.exe c:\windows\system32\wbem\unsecapp.exe c:\program files\OpenOffice.org 3\program\soffice.exe c:\program files\Serveur Media\bgtrans.exe c:\program files\OpenOffice.org 3\program\soffice.bin . ************************************************************************** . Heure de fin: 2009-12-11 13:13:40 - La machine a redémarré ComboFix-quarantined-files.txt 2009-12-11 12:13 Avant-CF: 25,067,339,776 octets libres Après-CF: 25,159,839,744 octets libres WindowsXP-KB310994-SP2-Home-BootDisk-FRA.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP dition familiale" /noexecute=optin /fastdetect Current=2 Default=2 Failed=3 LastKnownGood=4 Sets=1,2,3,4 - - End Of File - - C2FD1B2AF89DDD9C36F6FFBDF8A9E3B1 Merci pour l'analyse. -
[Résolu] PC Infecté - Pas de possibilité de réinstallation d'antiv
odranix a répondu à un(e) sujet de odranix dans Analyses et éradication malwares
Bonjour et merci Ci-joint le rapport Avenger Logfile of The Avenger Version 2.0, © by Swandog46 http://swandog46.geekstogo.com Platform: Windows XP ******************* Script file opened successfully. Script file read successfully. Backups directory opened successfully at C:\Avenger ******************* Beginning to process script file: Rootkit scan active. Hidden driver "H8SRTd.sys" found! ImagePath: \systemroot\system32\drivers\H8SRTmrfvdppbav.sys Start Type: 4 (Disabled) Rootkit scan completed. Driver "H8SRTd.sys" disabled successfully. Driver "H8SRTd.sys" deleted successfully. Completed script processing. ******************* Finished! Terminate. -
[Résolu] PC Infecté - Pas de possibilité de réinstallation d'antiv
odranix a répondu à un(e) sujet de odranix dans Analyses et éradication malwares
PB apparement récent H8SRT, pour lequel je n'ai pas trouvé de solution d'éradication. Merci de votre aide. -
[Résolu] PC Infecté - Pas de possibilité de réinstallation d'antiv
odranix a répondu à un(e) sujet de odranix dans Analyses et éradication malwares
Ci-joint le rapport Gmer sans l'option files. en plus de Devices, Section IAT GMER 1.0.15.15273 - http://www.gmer.net Rootkit scan 2009-12-10 17:39:27 Windows 5.1.2600 Service Pack 3 Running: wovvupn6.exe; Driver: C:\DOCUME~1\BROSSA~1\LOCALS~1\Temp\ugtdipog.sys ---- System - GMER 1.0.15 ---- Code 86236230 ZwEnumerateKey Code 862363D0 ZwFlushInstructionCache Code 861F33BE IofCallDriver Code 86236266 IofCompleteRequest ---- Modules - GMER 1.0.15 ---- Module \systemroot\system32\drivers\H8SRTmrfvdppbav.sys (*** hidden *** ) A5B81000-A5B9D000 (114688 bytes) ---- Services - GMER 1.0.15 ---- Service C:\WINDOWS\system32\drivers\H8SRTmrfvdppbav.sys (*** hidden *** ) [sYSTEM] H8SRTd.sys <-- ROOTKIT !!! ---- Registry - GMER 1.0.15 ---- Reg HKLM\SYSTEM\ControlSet001\Services\H8SRTd.sys (not active ControlSet) Reg HKLM\SYSTEM\ControlSet001\Services\H8SRTd.sys@start 1 Reg HKLM\SYSTEM\ControlSet001\Services\H8SRTd.sys@type 1 Reg HKLM\SYSTEM\ControlSet001\Services\H8SRTd.sys@imagepath \systemroot\system32\drivers\H8SRTmrfvdppbav.sys Reg HKLM\SYSTEM\ControlSet001\Services\H8SRTd.sys@group file system Reg HKLM\SYSTEM\ControlSet001\Services\H8SRTd.sys\modules (not active ControlSet) Reg HKLM\SYSTEM\ControlSet001\Services\H8SRTd.sys\modules@H8SRTd \\?\globalroot\systemroot\system32\drivers\H8SRTmrfvdppbav.sys Reg HKLM\SYSTEM\ControlSet001\Services\H8SRTd.sys\modules@H8SRTc \\?\globalroot\systemroot\system32\H8SRTbwuiuigrpd.dll Reg HKLM\SYSTEM\ControlSet001\Services\H8SRTd.sys\modules@H8SRTsrcr \\?\globalroot\systemroot\system32\H8SRTweybdqvmph.dat Reg HKLM\SYSTEM\ControlSet001\Services\H8SRTd.sys\modules@h8srtserf \\?\globalroot\systemroot\system32\H8SRTwgmjthxmto.dll Reg HKLM\SYSTEM\CurrentControlSet\Services\H8SRTd.sys Reg HKLM\SYSTEM\CurrentControlSet\Services\H8SRTd.sys@start 1 Reg HKLM\SYSTEM\CurrentControlSet\Services\H8SRTd.sys@type 1 Reg HKLM\SYSTEM\CurrentControlSet\Services\H8SRTd.sys@imagepath \systemroot\system32\drivers\H8SRTmrfvdppbav.sys Reg HKLM\SYSTEM\CurrentControlSet\Services\H8SRTd.sys@group file system Reg HKLM\SYSTEM\CurrentControlSet\Services\H8SRTd.sys\modules Reg HKLM\SYSTEM\CurrentControlSet\Services\H8SRTd.sys\modules@H8SRTd \\?\globalroot\systemroot\system32\drivers\H8SRTmrfvdppbav.sys Reg HKLM\SYSTEM\CurrentControlSet\Services\H8SRTd.sys\modules@H8SRTc \\?\globalroot\systemroot\system32\H8SRTbwuiuigrpd.dll Reg HKLM\SYSTEM\CurrentControlSet\Services\H8SRTd.sys\modules@H8SRTsrcr \\?\globalroot\systemroot\system32\H8SRTweybdqvmph.dat Reg HKLM\SYSTEM\CurrentControlSet\Services\H8SRTd.sys\modules@h8srtserf \\?\globalroot\systemroot\system32\H8SRTwgmjthxmto.dll Reg HKLM\SYSTEM\ControlSet003\Services\H8SRTd.sys (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\H8SRTd.sys@start 1 Reg HKLM\SYSTEM\ControlSet003\Services\H8SRTd.sys@type 1 Reg HKLM\SYSTEM\ControlSet003\Services\H8SRTd.sys@imagepath \systemroot\system32\drivers\H8SRTmrfvdppbav.sys Reg HKLM\SYSTEM\ControlSet003\Services\H8SRTd.sys@group file system Reg HKLM\SYSTEM\ControlSet003\Services\H8SRTd.sys\modules (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\H8SRTd.sys\modules@H8SRTd \\?\globalroot\systemroot\system32\drivers\H8SRTmrfvdppbav.sys Reg HKLM\SYSTEM\ControlSet003\Services\H8SRTd.sys\modules@H8SRTc \\?\globalroot\systemroot\system32\H8SRTbwuiuigrpd.dll Reg HKLM\SYSTEM\ControlSet003\Services\H8SRTd.sys\modules@H8SRTsrcr \\?\globalroot\systemroot\system32\H8SRTweybdqvmph.dat Reg HKLM\SYSTEM\ControlSet003\Services\H8SRTd.sys\modules@h8srtserf \\?\globalroot\systemroot\system32\H8SRTwgmjthxmto.dll Reg HKLM\SYSTEM\ControlSet004\Services\H8SRTd.sys (not active ControlSet) Reg HKLM\SYSTEM\ControlSet004\Services\H8SRTd.sys@start 1 Reg HKLM\SYSTEM\ControlSet004\Services\H8SRTd.sys@type 1 Reg HKLM\SYSTEM\ControlSet004\Services\H8SRTd.sys@imagepath \systemroot\system32\drivers\H8SRTmrfvdppbav.sys Reg HKLM\SYSTEM\ControlSet004\Services\H8SRTd.sys@group file system Reg HKLM\SYSTEM\ControlSet004\Services\H8SRTd.sys\modules (not active ControlSet) Reg HKLM\SYSTEM\ControlSet004\Services\H8SRTd.sys\modules@H8SRTd \\?\globalroot\systemroot\system32\drivers\H8SRTmrfvdppbav.sys Reg HKLM\SYSTEM\ControlSet004\Services\H8SRTd.sys\modules@H8SRTc \\?\globalroot\systemroot\system32\H8SRTbwuiuigrpd.dll Reg HKLM\SYSTEM\ControlSet004\Services\H8SRTd.sys\modules@H8SRTsrcr \\?\globalroot\systemroot\system32\H8SRTweybdqvmph.dat Reg HKLM\SYSTEM\ControlSet004\Services\H8SRTd.sys\modules@h8srtserf \\?\globalroot\systemroot\system32\H8SRTwgmjthxmto.dll Reg HKLM\SOFTWARE\Classes\CLSID\{B6A930A0-A4F5-43A5-9B4E-6189A6C2B9E8}@y!s!\24!r!s!`!\30!y!\24!\24!t!\30!c!y!s!d! 19583823 ---- EOF - GMER 1.0.15 ---- -
[Résolu] PC Infecté - Pas de possibilité de réinstallation d'antiv
odranix a répondu à un(e) sujet de odranix dans Analyses et éradication malwares
Je viens de le lancer. Le scan se déroule normalement (affichage de traces) pendant quelques minutes puis plantage et reboot avec écran noir. 2 reboots après j'ai enfin pu retrouver mon espace de travail.... Merci d'avance -
[Résolu] PC Infecté - Pas de possibilité de réinstallation d'antiv
odranix a répondu à un(e) sujet de odranix dans Analyses et éradication malwares
En l'état le PC n'a pas l'air de marcher trop mal, excepté que je ne peux installer aucun antivirus, ce qui reste un vrai pb et présuppose que tout est loin d'être rêglé. Merci de votre aide. -
[Résolu] PC Infecté - Pas de possibilité de réinstallation d'antiv
odranix a répondu à un(e) sujet de odranix dans Analyses et éradication malwares
Normalement normal. Nom de Gmer à l'installation. Ci-joint le post : Fichier wovvupn6.exe reçu le 2009.12.09 17:56:26 (UTC)Antivirus Version Dernière mise à jour Résultat a-squared 4.5.0.43 2009.12.09 - AhnLab-V3 5.0.0.2 2009.12.09 - AntiVir 7.9.1.102 2009.12.09 - Antiy-AVL 2.0.3.7 2009.12.09 - Authentium 5.2.0.5 2009.12.02 - Avast 4.8.1351.0 2009.12.09 - AVG 8.5.0.426 2009.12.09 - BitDefender 7.2 2009.12.09 - CAT-QuickHeal 10.00 2009.12.09 - ClamAV 0.94.1 2009.12.09 - Comodo 3103 2009.12.01 - DrWeb 5.0.0.12182 2009.12.09 - eSafe 7.0.17.0 2009.12.09 - eTrust-Vet 35.1.7166 2009.12.09 - F-Prot 4.5.1.85 2009.12.08 - F-Secure 9.0.15370.0 2009.12.07 - Fortinet 4.0.14.0 2009.12.09 - GData 19 2009.12.09 - Ikarus T3.1.1.74.0 2009.12.09 - Jiangmin 13.0.900 2009.12.02 - K7AntiVirus 7.10.916 2009.12.09 - Kaspersky 7.0.0.125 2009.12.09 - McAfee 5827 2009.12.09 - McAfee+Artemis 5827 2009.12.09 - McAfee-GW-Edition 6.8.5 2009.12.09 - Microsoft 1.5302 2009.12.09 - NOD32 4673 2009.12.09 - Norman 6.03.02 2009.12.09 - nProtect 2009.1.8.0 2009.12.09 - Panda 10.0.2.2 2009.12.08 - PCTools 7.0.3.5 2009.12.09 - Prevx 3.0 2009.12.09 - Rising 22.25.02.09 2009.12.09 - Sophos 4.48.0 2009.12.09 - Sunbelt 3.2.1858.2 2009.12.09 - Symantec 1.4.4.12 2009.12.09 - TheHacker 6.5.0.2.088 2009.12.07 - TrendMicro 9.100.0.1001 2009.12.09 - VBA32 3.12.12.0 2009.12.08 - ViRobot 2009.12.9.2078 2009.12.09 - VirusBuster 5.0.21.0 2009.12.08 - Information additionnelle File size: 292864 bytes MD5...: f664a100002b67d08214f7293992a97d SHA1..: 357664de477799652302c8a850203d52a2d18f8c SHA256: 17065b13095a59b0e50f18b911132882de6dfa07cdd010c3fac981fc807913e8 ssdeep: 6144:1s6AgX7HevqRkJ8ib8gDPVy15dCbgrF1tA0ex:1n7HevKY8E8GVy/8bM1t<BR> PEiD..: - PEInfo: PE Structure information<BR><BR>( base data )<BR>entrypointaddress.: 0xb3d70<BR>timedatestamp.....: 0x4b1e389d (Tue Dec 08 11:29:33 2009)<BR>machinetype.......: 0x14c (I386)<BR><BR>( 3 sections )<BR>name viradd virsiz rawdsiz ntrpy md5<BR>UPX0 0x1000 0x6d000 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e<BR>UPX1 0x6e000 0x46000 0x46000 7.94 082f70951c1f0a94971e3f499e6ecc59<BR>.rsrc 0xb4000 0x2000 0x1400 3.39 18c6bc57cd55bcdda988a20bccbffd82<BR><BR>( 1 imports ) <BR>> KERNEL32.DLL: LoadLibraryA, GetProcAddress, VirtualProtect, ExitProcess<BR><BR>( 0 exports ) <BR> RDS...: NSRL Reference Data Set<BR>- pdfid.: - sigcheck:<BR>publisher....: n/a<BR>copyright....: n/a<BR>product......: n/a<BR>description..: n/a<BR>original name: n/a<BR>internal name: n/a<BR>file version.: 1, 0, 15, 15273<BR>comments.....: n/a<BR>signers......: -<BR>signing date.: -<BR>verified.....: Unsigned<BR> trid..: UPX compressed Win32 Executable (39.5%)<BR>Win32 EXE Yoda's Crypter (34.3%)<BR>Win32 Executable Generic (11.0%)<BR>Win32 Dynamic Link Library (generic) (9.8%)<BR>Generic Win/DOS Executable (2.5%) packers (Kaspersky): PE_Patch.UPX, UPX, PE_Patch packers (F-Prot): UPX -
[Résolu] PC Infecté - Pas de possibilité de réinstallation d'antiv
odranix a répondu à un(e) sujet de odranix dans Analyses et éradication malwares
Pour ce qui est de l'utilisation de GMER, j'avais déjà essayé, et là le programme se lance mais plantage complet et reboot. Pour ce qui est de OTL, ci joint les traces. OTL.TXT OTL logfile created on: 12/9/2009 6:05:34 PM - Run 1 OTL by OldTimer - Version 3.1.11.9 Folder = C:\Documents and Settings\Brossard Jean-Yves\Bureau Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 6.0.2900.5512) Locale: 00000409 | Country: États-Unis | Language: ENU | Date Format: M/d/yyyy 1013.23 Mb Total Physical Memory | 449.20 Mb Available Physical Memory | 44.33% Memory free 2.38 Gb Paging File | 2.07 Gb Available in Paging File | 86.88% Paging File free Paging file location(s): C:\pagefile.sys 1524 3048 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 64.87 Gb Total Space | 23.48 Gb Free Space | 36.19% Space Free | Partition Type: NTFS Drive D: | 9.65 Gb Total Space | 5.10 Gb Free Space | 52.89% Space Free | Partition Type: FAT32 E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: TOTOR Current User Name: xx Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: On Skip Microsoft Files: On File Age = 14 Days Output = Standard Quick Scan ========== Processes (SafeList) ========== PRC - [2009/12/09 17:58:36 | 00,536,576 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Brossard Jean-Yves\Bureau\OTL.exe PRC - [2009/12/09 14:42:08 | 00,788,880 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe PRC - [2009/12/09 14:42:05 | 01,184,912 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe PRC - [2009/08/18 19:04:56 | 00,558,736 | ---- | M] () -- C:\Program Files\Serveur Media\bgtrans.exe PRC - [2009/08/18 19:04:54 | 00,226,960 | ---- | M] (PacketVideo) -- C:\Program Files\Serveur Media\twonkymediaserverwatchdog.exe PRC - [2009/08/18 19:04:52 | 01,083,024 | ---- | M] () -- C:\Program Files\Serveur Media\twonkymediaserver.exe PRC - [2009/08/18 19:04:52 | 00,231,056 | ---- | M] (PacketVideo) -- C:\Program Files\Serveur Media\twonkymediaserverconfig.exe PRC - [2009/01/09 19:58:10 | 07,418,368 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.bin PRC - [2009/01/09 19:57:04 | 07,424,000 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.exe PRC - [2008/10/06 17:47:14 | 00,090,112 | ---- | M] (France Telecom SA) -- C:\Program Files\Fichiers communs\France Telecom\Shared Modules\AlertModule\1\AlertModule.exe PRC - [2008/09/25 08:29:20 | 00,274,432 | R--- | M] (France Telecom SA) -- C:\Program Files\CardDetector\HUAWEI160\CardDetector.exe PRC - [2008/09/25 04:58:58 | 00,069,632 | ---- | M] (France Telecom SA) -- C:\Program Files\Fichiers communs\France Telecom\Shared Modules\FTRTSVC\1\FTRTSVC.exe PRC - [2008/08/22 06:08:33 | 01,185,280 | ---- | M] (Google) -- C:\Program Files\Google\Google Desktop Search\GoogleDesktopDisplay.exe PRC - [2008/08/22 06:08:33 | 00,776,192 | ---- | M] (Google) -- C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe PRC - [2008/08/22 06:08:33 | 00,220,160 | ---- | M] (Google) -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe PRC - [2008/06/10 14:38:28 | 00,782,336 | ---- | M] (Mirco-Star International CO., LTD.) -- C:\Program Files\System Control Manager\MGSysCtrl.exe PRC - [2008/05/07 14:39:52 | 16,862,208 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\RTHDCPL.exe PRC - [2008/04/14 13:00:00 | 01,037,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe PRC - [2008/04/14 13:00:00 | 00,093,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe PRC - [2008/04/14 13:00:00 | 00,016,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\unsecapp.exe PRC - [2008/02/21 22:45:40 | 00,159,744 | ---- | M] () -- C:\Program Files\System Control Manager\MSIService.exe PRC - [2008/01/11 10:18:32 | 01,028,096 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPEnh.exe PRC - [2007/12/19 10:08:12 | 00,159,744 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\hkcmd.exe PRC - [2007/12/19 10:07:42 | 00,131,072 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\igfxpers.exe PRC - [2007/12/19 10:07:30 | 00,249,856 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\igfxsrvc.exe PRC - [2007/11/13 23:47:52 | 00,278,528 | R--- | M] (France Telecom SA) -- C:\Program Files\CardDetector\ICON225\CardDetector.exe PRC - [2007/01/08 21:39:44 | 00,171,040 | ---- | M] () -- C:\Program Files\Cyberlink\Shared files\RichVideo.exe PRC - [2006/11/02 19:40:12 | 00,174,656 | ---- | M] () -- C:\WINDOWS\system32\PSIService.exe PRC - [2005/06/10 16:44:02 | 00,081,920 | ---- | M] (InstallShield Software Corporation) -- C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe PRC - [2004/10/12 04:47:06 | 00,098,304 | ---- | M] () -- C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe PRC - [2004/10/12 03:40:38 | 00,118,784 | ---- | M] () -- C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe PRC - [2003/12/04 20:44:34 | 00,176,128 | ---- | M] (HP) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe ========== Modules (SafeList) ========== MOD - [2009/12/09 17:58:36 | 00,536,576 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Brossard Jean-Yves\Bureau\OTL.exe MOD - [2008/04/14 13:00:00 | 00,413,696 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msvcp60.dll MOD - [2008/04/14 13:00:00 | 00,019,968 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\linkinfo.dll MOD - [2007/10/31 16:26:02 | 00,053,248 | ---- | M] () -- C:\Program Files\System Control Manager\MGKBHook.dll ========== Win32 Services (SafeList) ========== SRV - File not found -- -- (MpfService) SRV - File not found -- -- (McSysmon) SRV - File not found -- -- (McShield) SRV - File not found -- -- (McNASvc) SRV - File not found -- -- (BGRaSvc) SRV - [2009/12/09 14:42:05 | 01,184,912 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service) SRV - [2009/08/18 19:04:54 | 00,226,960 | ---- | M] (PacketVideo) -- C:\Program Files\Serveur Media\twonkymediaserverwatchdog.exe -- (Serveur Média) SRV - [2009/01/23 10:46:14 | 00,203,280 | ---- | M] () -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe -- (McAfee SiteAdvisor Service) SRV - [2008/09/25 04:58:58 | 00,069,632 | ---- | M] (France Telecom SA) -- C:\Program Files\Fichiers communs\France Telecom\Shared Modules\FTRTSVC\1\FTRTSVC.exe -- (FTRTSVC) SRV - [2008/08/22 06:08:33 | 00,069,120 | ---- | M] (Google) -- C:\Program Files\Google\Google Desktop Search\GoogleDesktopManager.exe -- (GoogleDesktopManager) SRV - [2008/08/22 06:08:27 | 00,138,168 | ---- | M] (Google) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc) SRV - [2008/02/21 22:45:40 | 00,159,744 | ---- | M] () -- C:\Program Files\System Control Manager\MSIService.exe -- (Micro Star SCM) SRV - [2007/01/19 11:54:14 | 00,097,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\MSN Messenger\usnsvc.exe -- (usnjsvc) SRV - [2007/01/08 21:39:44 | 00,171,040 | ---- | M] () -- C:\Program Files\Cyberlink\Shared files\RichVideo.exe -- (RichVideo) Cyberlink RichVideo Service(CRVS) SRV - [2006/11/02 19:40:12 | 00,174,656 | ---- | M] () -- C:\WINDOWS\system32\PSIService.exe -- (ProtexisLicensing) SRV - [2004/10/12 04:47:06 | 00,098,304 | ---- | M] () -- C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor) SRV - [2004/10/12 03:40:38 | 00,118,784 | ---- | M] () -- C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe -- (PhotoshopElementsDeviceConnect) SRV - [2003/05/14 12:45:04 | 00,065,795 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://orange.fr IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.) IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "http://orange.fr/" FF - HKLM\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor [2009/12/09 16:47:47 | 00,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.0.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/02/22 18:48:04 | 00,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.0.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/11/22 22:45:25 | 00,000,000 | ---D | M] [2009/02/22 18:48:06 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Brossard Jean-Yves\Application Data\Mozilla\Extensions [2009/02/22 18:48:06 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Brossard Jean-Yves\Application Data\Mozilla\Firefox\Profiles\rymz3t45.default\extensions [2009/02/22 18:47:41 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions [2006/09/10 12:35:08 | 00,001,516 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-france.xml [2008/09/28 08:10:26 | 00,000,757 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-france.xml [2006/09/10 12:35:08 | 00,000,748 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\MediaDICO-fr.xml [2008/03/29 14:59:44 | 00,001,426 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-fr.xml [2006/09/12 19:49:04 | 00,000,652 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-france.xml O1 HOSTS File: (790 bytes) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.) O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.) O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll () O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc) O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll () O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.) O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.) O3 - HKCU\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.) O3 - HKCU\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.) O4 - HKLM..\Run: [Adobe ARM] C:\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.) O4 - HKLM..\Run: [bEWINTERNET-FR-DMGP-V2SessionManager] C:\Program Files\Orange\IEWInternet\SessionManager\SessionManager.exe (France Telecom SA) O4 - HKLM..\Run: [CardDetectorHUAWEI160] C:\Program Files\CardDetector\HUAWEI160\CardDetector.exe (France Telecom SA) O4 - HKLM..\Run: [CardDetectorICON225] C:\Program Files\CardDetector\ICON225\CardDetector.exe (France Telecom SA) O4 - HKLM..\Run: [Google Desktop Search] C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google) O4 - HKLM..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe (Intel Corporation) O4 - HKLM..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe (HP) O4 - HKLM..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe (Intel Corporation) O4 - HKLM..\Run: [iSUSPM Startup] C:\Program Files\Fichiers communs\InstallShield\UpdateService\ISUSPM.exe (InstallShield Software Corporation) O4 - HKLM..\Run: [iSUSScheduler] C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation) O4 - HKLM..\Run: [LanguageShortcut] C:\Program Files\HomeCinema\PowerDVD\Language\Language.exe () O4 - HKLM..\Run: [MGSysCtrl] C:\Program Files\System Control Manager\MGSysCtrl.exe (Mirco-Star International CO., LTD.) O4 - HKLM..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe (Intel Corporation) O4 - HKLM..\Run: [RTHDCPL] C:\WINDOWS\RTHDCPL.exe (Realtek Semiconductor Corp.) O4 - HKLM..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.) O4 - HKLM..\Run: [toolbar_eula_launcher] C:\Program Files\GoogleEULA\EULALauncher.exe ( ) O4 - HKLM..\Run: [uCam_Menu] C:\Program Files\HomeCinema\YouCam\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - Startup: C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.) O4 - Startup: C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Agent Serveur Média.lnk = C:\Program Files\Serveur Media\twonkymediaserverconfig.exe (PacketVideo) O4 - Startup: C:\Documents and Settings\Brossard Jean-Yves\Menu Démarrer\Programmes\Démarrage\OpenOffice.org 3.0.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Recovery present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O9 - Extra 'Tools' menuitem : Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll (Sun Microsystems, Inc.) O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone. O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/windowsupd...b?1211958002140 (WUWebControl Class) O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microsoftu...b?1219373900531 (MUWebControl Class) O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab (HP Download Manager) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_07) O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_05) O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_07) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_07) O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Fichiers communs\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll (Microsoft Corporation) O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll () O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation) O24 - Desktop Components:0 (Ma page d'accueil) - About:Home O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2008/05/28 06:19:34 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O32 - AutoRun File - [2008/05/27 13:12:48 | 00,000,693 | RH-- | M] () - D:\autoexec.bat -- [ FAT32 ] O33 - MountPoints2\{057352a6-4f24-11dd-8190-0015af9f0495}\Shell - "" = AutoRun O33 - MountPoints2\{057352a6-4f24-11dd-8190-0015af9f0495}\Shell\AutoRun\command - "" = F:\AutoRunCardDetector.exe -- File not found O33 - MountPoints2\{6562119e-f740-11dd-880a-0022431640c6}\Shell - "" = AutoRun O33 - MountPoints2\{6562119e-f740-11dd-880a-0022431640c6}\Shell\AutoRun\command - "" = E:\AutoRunCardDetector.exe -- File not found O33 - MountPoints2\{90799c46-0e3e-11de-885a-0022431640c6}\Shell\Shell00\Command - "" = E:\Start.exe -- File not found O33 - MountPoints2\{c3e7854a-2ca6-11dd-a36e-0015afb79adb}\Shell - "" = AutoRun O33 - MountPoints2\{c3e7854a-2ca6-11dd-a36e-0015afb79adb}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- File not found O34 - HKLM BootExecute: (autocheck autochk *) - File not found O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe () O35 - comfile [open] -- "%1" %* O35 - exefile [open] -- "%1" %* ========== Files/Folders - Created Within 14 Days ========== [2009/12/09 17:58:31 | 00,536,576 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Brossard Jean-Yves\Bureau\OTL.exe [2009/12/09 17:26:02 | 04,844,296 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Brossard Jean-Yves\Bureau\mbam-setup.exe [2009/12/09 16:31:51 | 00,000,000 | RH-D | C] -- C:\Documents and Settings\Brossard Jean-Yves\Recent [2009/12/09 16:18:30 | 00,000,000 | ---D | C] -- C:\WINDOWS\Minidump [2009/12/09 15:55:08 | 00,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy [2009/12/09 11:50:25 | 00,064,288 | ---- | C] (Lavasoft AB) -- C:\WINDOWS\System32\drivers\Lbd.sys [2009/12/09 11:49:46 | 00,000,000 | ---D | C] -- C:\Program Files\Lavasoft [2009/12/09 11:49:46 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Lavasoft [2009/12/09 09:39:25 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Brossard Jean-Yves\Mes documents\Securité [2009/12/08 22:20:34 | 00,425,472 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Brossard Jean-Yves\Bureau\OTM.exe [2009/12/08 22:04:30 | 00,000,000 | ---D | C] -- C:\_OTM [2009/12/08 21:53:28 | 00,000,000 | ---D | C] -- C:\Program Files\Fichiers communs\PC Tools [2009/12/08 21:53:14 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP [2009/12/08 21:16:59 | 00,055,656 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys [2009/12/08 20:41:48 | 00,000,000 | ---D | C] -- C:\WINDOWS\pss [2009/12/08 19:55:55 | 00,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6} [2009/02/11 21:29:44 | 00,002,048 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log [2009/02/11 17:52:04 | 00,000,184 | ---- | C] () -- C:\Documents and Settings\Brossard Jean-Yves\Application Data\Default.PLS [2009/02/09 18:42:15 | 04,296,698 | -H-- | C] () -- C:\Documents and Settings\Brossard Jean-Yves\Local Settings\Application Data\IconCache.db [2009/02/09 18:42:15 | 00,058,272 | ---- | C] () -- C:\Documents and Settings\Brossard Jean-Yves\Local Settings\Application Data\GDIPFONTCACHEV1.DAT [2009/02/09 18:42:15 | 00,023,552 | ---- | C] () -- C:\Documents and Settings\Brossard Jean-Yves\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009/02/09 18:42:15 | 00,000,141 | ---- | C] () -- C:\Documents and Settings\Brossard Jean-Yves\Local Settings\Application Data\fusioncache.dat [2009/02/09 18:42:15 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\Brossard Jean-Yves\Application Data\desktop.ini [2008/05/28 08:12:04 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\desktop.ini [2006/06/29 13:58:52 | 00,030,808 | ---- | C] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont [2006/06/29 13:53:56 | 00,026,489 | ---- | C] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont [2006/04/18 14:39:28 | 00,029,779 | ---- | C] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont [2006/04/18 14:39:28 | 00,026,040 | ---- | C] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont ========== Files - Modified Within 14 Days ========== [2009/12/09 17:58:36 | 00,536,576 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Brossard Jean-Yves\Bureau\OTL.exe [2009/12/09 17:57:42 | 00,000,492 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job [2009/12/09 17:56:01 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT [2009/12/09 17:55:57 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2009/12/09 17:55:54 | 10,625,26976 | -HS- | M] () -- C:\hiberfil.sys [2009/12/09 17:53:45 | 00,292,864 | ---- | M] () -- C:\Documents and Settings\Brossard Jean-Yves\Bureau\wovvupn6.exe [2009/12/09 17:41:41 | 03,847,337 | ---- | M] () -- C:\Documents and Settings\Brossard Jean-Yves\Bureau\ComboFix.exe [2009/12/09 17:26:02 | 04,844,296 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Brossard Jean-Yves\Bureau\mbam-setup.exe [2009/12/09 17:26:02 | 00,000,160 | ---- | M] () -- C:\WINDOWS\System32\srcr.dat [2009/12/09 16:54:42 | 03,670,016 | -H-- | M] () -- C:\Documents and Settings\Brossard Jean-Yves\NTUSER.DAT [2009/12/09 16:54:42 | 00,000,184 | -HS- | M] () -- C:\Documents and Settings\Brossard Jean-Yves\ntuser.ini [2009/12/09 16:54:37 | 04,296,698 | -H-- | M] () -- C:\Documents and Settings\Brossard Jean-Yves\Local Settings\Application Data\IconCache.db [2009/12/09 16:40:03 | 00,000,539 | ---- | M] () -- C:\WINDOWS\win.ini [2009/12/09 16:31:35 | 00,007,502 | ---- | M] () -- C:\Documents and Settings\Brossard Jean-Yves\Mes documents\cc_20091209_163132.reg [2009/12/09 15:23:37 | 00,002,386 | ---- | M] () -- C:\Documents and Settings\Brossard Jean-Yves\Mes documents\cc_20091209_152335.reg [2009/12/09 15:07:48 | 00,000,230 | ---- | M] () -- C:\WINDOWS\System32\spupdsvc.inf [2009/12/09 12:26:57 | 00,000,176 | ---- | M] () -- C:\Documents and Settings\Brossard Jean-Yves\Mes documents\cc_20091209_122652.reg [2009/12/09 11:49:58 | 00,000,883 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\Ad-Aware.lnk [2009/12/09 11:32:54 | 00,007,054 | ---- | M] () -- C:\Documents and Settings\Brossard Jean-Yves\Mes documents\cc_20091209_113249.reg [2009/12/09 09:34:24 | 00,019,502 | ---- | M] () -- C:\Documents and Settings\Brossard Jean-Yves\Mes documents\cc_20091209_093419.reg [2009/12/09 08:53:33 | 00,000,802 | ---- | M] () -- C:\Documents and Settings\Brossard Jean-Yves\Mes documents\cc_20091209_085329.reg [2009/12/09 08:51:30 | 00,129,346 | ---- | M] () -- C:\Documents and Settings\Brossard Jean-Yves\Mes documents\cc_20091209_085047.reg [2009/12/09 08:30:12 | 00,238,352 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2009/12/09 03:34:59 | 00,058,272 | ---- | M] () -- C:\Documents and Settings\Brossard Jean-Yves\Local Settings\Application Data\GDIPFONTCACHEV1.DAT [2009/12/08 23:15:51 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini [2009/12/08 23:15:51 | 00,000,216 | RHS- | M] () -- C:\boot.ini [2009/12/08 22:20:36 | 00,425,472 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Brossard Jean-Yves\Bureau\OTM.exe [2009/12/08 14:09:18 | 00,008,212 | ---- | M] () -- C:\WINDOWS\mfebcdata [2009/12/02 18:04:09 | 00,564,224 | ---- | M] () -- C:\Documents and Settings\Brossard Jean-Yves\Mes documents\Deck original.xls [2009/11/27 21:23:29 | 00,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl ========== Files Created - No Company Name ========== [2009/12/09 17:53:43 | 00,292,864 | ---- | C] () -- C:\Documents and Settings\Brossard Jean-Yves\Bureau\wovvupn6.exe [2009/12/09 17:41:41 | 03,847,337 | ---- | C] () -- C:\Documents and Settings\Brossard Jean-Yves\Bureau\ComboFix.exe [2009/12/09 16:31:34 | 00,007,502 | ---- | C] () -- C:\Documents and Settings\Brossard Jean-Yves\Mes documents\cc_20091209_163132.reg [2009/12/09 16:04:54 | 10,625,26976 | -HS- | C] () -- C:\hiberfil.sys [2009/12/09 15:23:36 | 00,002,386 | ---- | C] () -- C:\Documents and Settings\Brossard Jean-Yves\Mes documents\cc_20091209_152335.reg [2009/12/09 15:07:48 | 00,000,230 | ---- | C] () -- C:\WINDOWS\System32\spupdsvc.inf [2009/12/09 12:26:54 | 00,000,176 | ---- | C] () -- C:\Documents and Settings\Brossard Jean-Yves\Mes documents\cc_20091209_122652.reg [2009/12/09 12:19:39 | 00,015,688 | ---- | C] () -- C:\WINDOWS\System32\lsdelete.exe [2009/12/09 11:52:54 | 00,000,492 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job [2009/12/09 11:49:58 | 00,000,883 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\Ad-Aware.lnk [2009/12/09 11:32:51 | 00,007,054 | ---- | C] () -- C:\Documents and Settings\Brossard Jean-Yves\Mes documents\cc_20091209_113249.reg [2009/12/09 09:34:22 | 00,019,502 | ---- | C] () -- C:\Documents and Settings\Brossard Jean-Yves\Mes documents\cc_20091209_093419.reg [2009/12/09 08:53:31 | 00,000,802 | ---- | C] () -- C:\Documents and Settings\Brossard Jean-Yves\Mes documents\cc_20091209_085329.reg [2009/12/09 08:50:53 | 00,129,346 | ---- | C] () -- C:\Documents and Settings\Brossard Jean-Yves\Mes documents\cc_20091209_085047.reg [2009/12/08 14:09:18 | 00,008,212 | ---- | C] () -- C:\WINDOWS\mfebcdata [2009/12/08 13:00:58 | 00,000,160 | ---- | C] () -- C:\WINDOWS\System32\srcr.dat [2008/11/06 17:37:32 | 03,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll [2008/11/06 17:34:00 | 00,000,416 | ---- | C] () -- C:\WINDOWS\System32\dpl100.dll.manifest [2008/11/06 17:33:02 | 00,012,288 | ---- | C] () -- C:\WINDOWS\System32\DivXWMPExtType.dll [2008/06/10 11:26:31 | 06,184,960 | ---- | C] () -- C:\WINDOWS\System32\RTS5121icon.dll [2008/05/28 10:11:17 | 00,003,712 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini [2008/05/28 09:55:37 | 00,000,988 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini [2008/05/28 07:03:52 | 00,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4906.dll [2008/05/28 06:23:47 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini ========== LOP Check ========== [2008/07/11 08:54:12 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Borland [2009/12/09 18:00:42 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Serveur Média [2009/12/09 09:24:53 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP [2008/06/11 08:09:31 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ulead Systems [2009/12/09 11:50:01 | 00,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6} [2009/03/11 14:19:01 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Brossard Jean-Yves\Application Data\LaCie [2009/02/10 10:14:42 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Brossard Jean-Yves\Application Data\OpenOffice.org [2009/12/09 17:57:42 | 00,000,492 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job ========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*.exe > < MD5 for: ATAPI.SYS > [2008/04/14 13:00:00 | 00,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys < MD5 for: EVENTLOG.DLL > [2008/04/14 13:00:00 | 00,056,320 | ---- | M] (Microsoft Corporation) MD5=4EC800BDF80521B0207BD2301DFC7D14 -- C:\WINDOWS\system32\dllcache\eventlog.dll [2008/04/14 13:00:00 | 00,056,320 | ---- | M] (Microsoft Corporation) MD5=4EC800BDF80521B0207BD2301DFC7D14 -- C:\WINDOWS\system32\eventlog.dll < MD5 for: IASTOR.SYS > [2007/09/29 22:03:12 | 00,308,248 | ---- | M] (Intel Corporation) MD5=E5A0034847537EAEE3C00349D5C34C5F -- C:\WINDOWS\I386\IASTOR.SYS [2007/09/29 22:03:12 | 00,308,248 | ---- | M] (Intel Corporation) MD5=E5A0034847537EAEE3C00349D5C34C5F -- C:\WINDOWS\OEMDRV\iaStor.sys [2007/09/29 22:03:12 | 00,308,248 | ---- | M] (Intel Corporation) MD5=E5A0034847537EAEE3C00349D5C34C5F -- C:\WINDOWS\system32\drivers\iaStor.sys < MD5 for: NETLOGON.DLL > [2008/04/14 13:00:00 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=04821179C3171554C1BD1F9888A113E2 -- C:\WINDOWS\system32\dllcache\netlogon.dll [2008/04/14 13:00:00 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=04821179C3171554C1BD1F9888A113E2 -- C:\WINDOWS\system32\netlogon.dll < MD5 for: SCECLI.DLL > [2008/04/14 13:00:00 | 00,187,392 | ---- | M] (Microsoft Corporation) MD5=973B36634C544948C663E8269AA1B3A3 -- C:\WINDOWS\system32\dllcache\scecli.dll [2008/04/14 13:00:00 | 00,187,392 | ---- | M] (Microsoft Corporation) MD5=973B36634C544948C663E8269AA1B3A3 -- C:\WINDOWS\system32\scecli.dll ========== Alternate Data Streams ========== @Alternate Data Stream - 103 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2 < End of report > Extras.Txt TL Extras logfile created on: 12/9/2009 6:05:34 PM - Run 1 OTL by OldTimer - Version 3.1.11.9 Folder = C:\Documents and Settings\Brossard Jean-Yves\Bureau Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 6.0.2900.5512) Locale: 00000409 | Country: États-Unis | Language: ENU | Date Format: M/d/yyyy 1013.23 Mb Total Physical Memory | 449.20 Mb Available Physical Memory | 44.33% Memory free 2.38 Gb Paging File | 2.07 Gb Available in Paging File | 86.88% Paging File free Paging file location(s): C:\pagefile.sys 1524 3048 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 64.87 Gb Total Space | 23.48 Gb Free Space | 36.19% Space Free | Partition Type: NTFS Drive D: | 9.65 Gb Total Space | 5.10 Gb Free Space | 52.89% Space Free | Partition Type: FAT32 E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: TOTOR Current User Name: xx Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: On Skip Microsoft Files: On File Age = 14 Days Output = Standard Quick Scan ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = htmlfile] -- Reg Error: Key error. File not found ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* htmlfile [edit] -- Reg Error: Key error. htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation) htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation) https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation) scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "FirstRunDisabled" = 1 "AntiVirusDisableNotify" = 0 "FirewallDisableNotify" = 0 "UpdatesDisableNotify" = 0 "AntiVirusOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List] "1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007 "2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 "DoNotAllowExceptions" = 0 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] "1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007 "2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008 ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] "C:\WINDOWS\system32\fxsclnt.exe" = C:\WINDOWS\system32\fxsclnt.exe:*:enabled:Microsoft Fax -- (Microsoft Corporation) "C:\Program Files\NetMeeting\Conf.exe" = C:\Program Files\NetMeeting\Conf.exe:*:enabled:NetMeeting -- (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "C:\WINDOWS\system32\fxsclnt.exe" = C:\WINDOWS\system32\fxsclnt.exe:*:enabled:Microsoft Fax -- (Microsoft Corporation) "C:\Program Files\NetMeeting\Conf.exe" = C:\Program Files\NetMeeting\Conf.exe:*:enabled:NetMeeting -- (Microsoft Corporation) "C:\Program Files\Orange\IEWInternet\Connectivity\ConnectivityManager.exe" = C:\Program Files\Orange\IEWInternet\Connectivity\ConnectivityManager.exe:*:enabled:CSS -- (France Telecom SA) "C:\Program Files\Serveur Media\twonkymediaserverwatchdog.exe" = C:\Program Files\Serveur Media\twonkymediaserverwatchdog.exe:*:Enabled:Serveur Média -- (PacketVideo) "C:\Program Files\Serveur Media\twonkymediaserver.exe" = C:\Program Files\Serveur Media\twonkymediaserver.exe:*:Enabled:TwonkyMediaServer -- () "C:\Program Files\Serveur Media\bgtrans.exe" = C:\Program Files\Serveur Media\bgtrans.exe:*:Enabled:${BGTRANS_NAME} -- () ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer "{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java 6 Update 5 "{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java 6 Update 7 "{350C940c-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP "{3B160861-7250-451E-B5EE-8B92BF30A710}" = Microsoft Works "{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker "{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD "{6860B340-530D-46B3-91F8-1AE1F70F7C33}" = OpenOffice.org 3.0 "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{76EFFC7C-17A6-479D-9E47-8E658C1695AE}" = Utilitaire de sauvegarde Windows "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec "{851C67EF-068A-4060-9EF5-2E3DDCD68382}" = Adobe Photoshop Elements 3.0 "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{90120000-0020-040C-0000-0000000FF1CE}" = Module de compatibilité pour Microsoft Office System 2007 "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9A394342-4A68-4EBA-85A6-55B559F4E700}" = Microsoft .NET Framework 1.1 French Language Pack "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2 "{AC76BA86-7AD7-1036-7B44-A92000000001}" = Adobe Reader 9.2 - Français "{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9 "{BEWINTERNET-FR-DMGP-V2}.UninstallSuite" = Désinstallation de Internet Everywhere "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2 "{C9BED750-1211-4480-B1A5-718A3BE15525}" = REALTEK GbE & FE Ethernet PCI-E NIC Driver "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1 "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{D10CB652-9332-4242-B7A9-2D61570144F7}" = USB 2.0 Card Reader "{D946675D-1D6C-4dc8-9E0D-B4B8EAA30EAA}" = Photosmart 140,240,7200,7600,7700,7900 Series "{DBEA1034-5882-4A88-8033-81C4EF0CFA29}" = Google Toolbar for Internet Explorer "{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware "{ED9C5D25-55DF-48D8-9328-2AC0D75DE5D8}" = System Control Manager "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F196AC50-7C95-42E1-9947-BDAB18BF3C8C}" = Microsoft .NET Framework 2.0 Language Pack - FRA "{F3D92514-CD5D-4E96-BE88-8258EB9BF85A}" = Azurewave Wireless LAN "{F6326B60-1B1D-4ABF-BFCD-7B7404F44411}" = Windows Live Messenger "Ad-Aware" = Ad-Aware "Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX "Adobe Shockwave Player" = Adobe Shockwave Player 11 "Audacity_is1" = Audacity 1.2.6 "CardDetectorHUAWEI160" = Card Detector for Huawei E160 "CardDetectorICON225" = Card Detector for Option Icon 225 "Google Desktop" = Google Desktop "HDMI" = Intel® Graphics Media Accelerator Driver "HijackThis" = HijackThis 2.0.2 "IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs "InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1 "Microsoft .NET Framework 2.0 Language Pack - FRA" = Module de prise en charge linguistique de Microsoft .NET Framework 2.0 - FRA "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Mozilla Firefox (3.0.6)" = Mozilla Firefox (3.0.6) "MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP "NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs "SynTPDeinstKey" = Synaptics Pointing Device Driver "TwonkyMediaServeur Média" = Serveur Média "Windows Media Format Runtime" = Windows Media Format 11 runtime "Windows Media Player" = Lecteur Windows Media 11 "WMFDist11" = Windows Media Format 11 runtime "wmp11" = Windows Media Player 11 "Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0 "Yahoo! Companion" = Yahoo! Toolbar ========== Last 10 Event Log Errors ========== [ Application Events ] Error - 12/9/2009 9:52:34 AM | Computer Name = TOTOR | Source = Application Error | ID = 1000 Description = Application défaillante iexplore.exe, version 7.0.6000.16915, module défaillant unknown, version 0.0.0.0, adresse de défaillance 0x00c9027f. Error - 12/9/2009 10:01:45 AM | Computer Name = TOTOR | Source = Application Error | ID = 1000 Description = Application défaillante iexplore.exe, version 7.0.6000.16915, module défaillant unknown, version 0.0.0.0, adresse de défaillance 0x038dde52. Error - 12/9/2009 10:11:56 AM | Computer Name = TOTOR | Source = Application Error | ID = 1000 Description = Application défaillante iexplore.exe, version 6.0.2900.5512, module défaillant unknown, version 0.0.0.0, adresse de défaillance 0x00f5037f. Error - 12/9/2009 10:16:33 AM | Computer Name = TOTOR | Source = Application Error | ID = 1000 Description = Application défaillante iexplore.exe, version 6.0.2900.5512, module défaillant yt.dll, version 2008.7.28.1, adresse de défaillance 0x00056d54. Error - 12/9/2009 10:21:06 AM | Computer Name = TOTOR | Source = Application Error | ID = 1000 Description = Application défaillante iexplore.exe, version 6.0.2900.5512, module défaillant yt.dll, version 2008.7.28.1, adresse de défaillance 0x00056d54. Error - 12/9/2009 10:24:59 AM | Computer Name = TOTOR | Source = Application Error | ID = 1000 Description = Application défaillante iexplore.exe, version 6.0.2900.5512, module défaillant yt.dll, version 2008.7.28.1, adresse de défaillance 0x00056d54. Error - 12/9/2009 10:30:40 AM | Computer Name = TOTOR | Source = Application Error | ID = 1000 Description = Application défaillante iexplore.exe, version 6.0.2900.5512, module défaillant kernel32.dll, version 5.1.2600.5781, adresse de défaillance 0x00012afb. Error - 12/9/2009 10:33:43 AM | Computer Name = TOTOR | Source = Application Error | ID = 1000 Description = Application défaillante iexplore.exe, version 6.0.2900.5512, module défaillant kernel32.dll, version 5.1.2600.5781, adresse de défaillance 0x00012afb. Error - 12/9/2009 10:36:41 AM | Computer Name = TOTOR | Source = Application Error | ID = 1000 Description = Application défaillante iexplore.exe, version 6.0.2900.5512, module défaillant kernel32.dll, version 5.1.2600.5781, adresse de défaillance 0x00012afb. Error - 12/9/2009 10:38:18 AM | Computer Name = TOTOR | Source = Application Error | ID = 1000 Description = Application défaillante iexplore.exe, version 6.0.2900.5512, module défaillant unknown, version 0.0.0.0, adresse de défaillance 0x00f5037f. [ System Events ] Error - 12/9/2009 11:56:13 AM | Computer Name = TOTOR | Source = Service Control Manager | ID = 7000 Description = Le service McAfee SiteAdvisor Service n'a pas pu démarrer en raison de l'erreur : %%1053 Error - 12/9/2009 11:56:13 AM | Computer Name = TOTOR | Source = Service Control Manager | ID = 7000 Description = Le service McAfee Network Agent n'a pas pu démarrer en raison de l'erreur : %%3 Error - 12/9/2009 11:56:13 AM | Computer Name = TOTOR | Source = Service Control Manager | ID = 7000 Description = Le service McAfee Real-time Scanner n'a pas pu démarrer en raison de l'erreur : %%3 Error - 12/9/2009 11:56:13 AM | Computer Name = TOTOR | Source = Service Control Manager | ID = 7000 Description = Le service McAfee Personal Firewall Service n'a pas pu démarrer en raison de l'erreur : %%3 Error - 12/9/2009 12:56:20 PM | Computer Name = TOTOR | Source = System Error | ID = 1003 Description = Code erreur 100000be, paramètre 1 f739104c, paramètre 2 06e9f161, paramètre 3 9dfeeb38, paramètre 4 0000000b. Error - 12/9/2009 12:56:20 PM | Computer Name = TOTOR | Source = Service Control Manager | ID = 7009 Description = Délai (30000 millisecondes) d'attente pour une connexion du service McAfee SiteAdvisor Service. Error - 12/9/2009 12:56:20 PM | Computer Name = TOTOR | Source = Service Control Manager | ID = 7000 Description = Le service McAfee SiteAdvisor Service n'a pas pu démarrer en raison de l'erreur : %%1053 Error - 12/9/2009 12:56:20 PM | Computer Name = TOTOR | Source = Service Control Manager | ID = 7000 Description = Le service McAfee Network Agent n'a pas pu démarrer en raison de l'erreur : %%3 Error - 12/9/2009 12:56:20 PM | Computer Name = TOTOR | Source = Service Control Manager | ID = 7000 Description = Le service McAfee Real-time Scanner n'a pas pu démarrer en raison de l'erreur : %%3 Error - 12/9/2009 12:56:20 PM | Computer Name = TOTOR | Source = Service Control Manager | ID = 7000 Description = Le service McAfee Personal Firewall Service n'a pas pu démarrer en raison de l'erreur : %%3 < End of report > -
[Résolu] PC Infecté - Pas de possibilité de réinstallation d'antiv
odranix a répondu à un(e) sujet de odranix dans Analyses et éradication malwares
Même problème avec ComboFix. Ca se corse... -
[Résolu] PC Infecté - Pas de possibilité de réinstallation d'antiv
odranix a répondu à un(e) sujet de odranix dans Analyses et éradication malwares
Pas moyen de lancer le fichier mbam-setup installé sur le bureau. ?? J'avais déjà essayé sans succès... -
[Résolu] Bonjour à tous et merci par avance de votre aide, cela fait juste 2 jours que je galère avec mon Medion E1210 initialement sous Mac Afee. Suite à une "attaque" et au plantage de celui-ci, j'essaie en vain de retrouver une situation propre. J'ai entre autre un process iexplore non voulu récalcitrant et ne peux installer correctement (plantage au lancement après installation longue) ni malware, ni mac afee.... Gmer plante lamentablement et j'en passe. Ci-joint le rapport HiJackThis Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 5:14:23 PM, on 12/9/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\1\FTRTSVC.exe C:\Program Files\System Control Manager\MSIService.exe C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\WINDOWS\RTHDCPL.EXE C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\WINDOWS\system32\PSIService.exe C:\Program Files\System Control Manager\MGSysCtrl.exe C:\WINDOWS\system32\igfxsrvc.exe C:\Program Files\CardDetector\ICON225\CardDetector.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe C:\Program Files\CardDetector\HUAWEI160\CardDetector.exe C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe C:\Program Files\Cyberlink\Shared files\RichVideo.exe C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Serveur Media\twonkymediaserverwatchdog.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktopDisplay.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Serveur Media\twonkymediaserverconfig.exe C:\Program Files\Serveur Media\TwonkyMediaServer.exe C:\Program Files\OpenOffice.org 3\program\soffice.exe C:\Program Files\Serveur Media\bgtrans.exe C:\Program Files\OpenOffice.org 3\program\soffice.bin C:\WINDOWS\system32\wbem\unsecapp.exe C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe C:\Program Files\Adobe\Reader 9.0\Reader\AcroRd32Info.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Documents and Settings\Brossard Jean-Yves\Mes documents\Securité\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://orange.fr R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://fr.search.yahoo.com/search?fr=mcafee&p=%s R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [uCam_Menu] "C:\Program Files\HomeCinema\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\HomeCinema\YouCam" update "Software\CyberLink\YouCam\1.0" O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\HomeCinema\PowerDVD\Language\Language.exe" O4 - HKLM\..\Run: [MGSysCtrl] C:\Program Files\System Control Manager\MGSysCtrl.exe O4 - HKLM\..\Run: [CardDetectorICON225] C:\Program Files\CardDetector\ICON225\CardDetector.exe O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup O4 - HKLM\..\Run: [toolbar_eula_launcher] C:\Program Files\GoogleEULA\EULALauncher.exe O4 - HKLM\..\Run: [CardDetectorHUAWEI160] C:\Program Files\CardDetector\HUAWEI160\CardDetector.exe O4 - HKLM\..\Run: [bEWINTERNET-FR-DMGP-V2SessionManager] "C:\Program Files\Orange\IEWInternet\SessionManager\SessionManager.exe" O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe O4 - HKLM\..\Run: [iSUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: OpenOffice.org 3.0.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Agent Serveur Média.lnk = C:\Program Files\Serveur Media\twonkymediaserverconfig.exe O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1211958002140 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1219373900531 O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL O23 - Service: Adobe Active File Monitor (AdobeActiveFileMonitor) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe O23 - Service: BGRaSvc - Unknown owner - C:\Program Files\BullGuard Software\BullGuard\support\bgrasvc.exe (file missing) O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom SA - C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\1\FTRTSVC.exe O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktopManager.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe O23 - Service: McAfee Network Agent (McNASvc) - Unknown owner - c:\PROGRA~1\FICHIE~1\mcafee\mna\mcnasvc.exe (file missing) O23 - Service: McAfee Real-time Scanner (McShield) - Unknown owner - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe (file missing) O23 - Service: McAfee SystemGuards (McSysmon) - Unknown owner - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe (file missing) O23 - Service: Micro Star SCM - Unknown owner - C:\Program Files\System Control Manager\MSIService.exe O23 - Service: McAfee Personal Firewall Service (MpfService) - Unknown owner - C:\Program Files\McAfee\MPF\MPFSrv.exe (file missing) O23 - Service: Photoshop Elements Device Connect (PhotoshopElementsDeviceConnect) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\Cyberlink\Shared files\RichVideo.exe O23 - Service: Serveur Média - PacketVideo - C:\Program Files\Serveur Media\twonkymediaserverwatchdog.exe -- End of file - 10095 bytes Merci par avance