Problème sûrement lié à un Virus !

ipl_001 · le 17 janvier 2011

Bonjour Cake, lance_yien,

Le sujet initial est inaccessible à cause du rapport ComboFix d'une taille de 368 Ko qui a perturbé IPB, le gestionnaire du forum.

Cake, je suppose que tu as ce rapport.

Le fichier a été communiqué à lance_yien.

Je vais essayer de reconstituer le sujet ci-dessous.

Problème sûrement lié à un Virus !
12 réponses

Mille excuses !

ipl_001 · le 17 janvier 2011

Re,

Essai de récupération des posts "Problème sûrement lié à un Virus !"

Je suis désolé de ne pas remettre les belles mises en forme (gras, couleurs, etc.) qu'il y avait !

Problème sûrement lié à un Virus !
Cake 13 janvier 2011 - 22:20

Bonsoir à tous, j'vous présente le plus vite possible mon problème.

Je possède un disque dur externe sur lequel je stocke musiques/séries/films, lors d'un transfert de mon pc vers le DD externe mon frère jouant à un jeu en même temps, cela a provoqué une chauffe du pc et son blocage complet. Depuis le pc a tendance à avoir des gros coup de rame que ce soit lorsque je navigue parmi mes dossiers, sur internet ou sur des jeux. De plus lorsque je connecte mon DD externe à chaque fois un fichier "autorun.inf" est détecté par mon antivirus(Avira).

J'ai effectué un scan complet du système par mon antivirus (résultat positif pour 3 fichiers que j'ai supprimé), une défragmentation de /:C, j'ai supprimé des logiciels et programmes inutilisés, vérifié la température de mes composants...etc. Mais rien n'y fait toujours autant de lenteur. J'envisage d'effectuer un formatage de mon pc, je sais pas si ça sera efficace.

Je suis allé voir les tuto présentés en post-it sur le forum pour "comprendre pourquoi mon pc rame" apparemment rien ne cloche...

Bref serait-ce un virus ? J'ai besoin de vous !

Je n'ai pas pu récupérer les posts de Cake "Dans le sujet : Problème sûrement lié à un Virus !" postérieurs au 13 janvier 2011 - 22:20 et antérieurs à Hier, 18:56

ipl_001 · le 17 janvier 2011

Re,

Par contre petit souci je n'arrive pas à séparer les 3 messages, à chaque fois que je veux poster une réponse différente, celle ci vient s'ajouter à la suite de la précédente...

Je te donne les explications sur ta remarque :

Le forum Zebulon.fr est muni d'une fonction contre le flooding (enchaînement de posts) et il y a une temporisation qui fait qu'au dessous d'un certain délai, un message est fusionné avec le précédent (si même membre).

Dans le sujet : Problème sûrement lié à un Virus !
Cake Hier, 18:56

Hop, j'ai pu tout faire en suivant les indications. Par contre petit souci je n'arrive pas à séparer les 3 messages, à chaque fois que je veux poster une réponse différente, celle ci vient s'ajouter à la suite de la précédente...

Je sépare en gras les 2 rapports, j'ai pas réussi malgré plusieurs réeditions, désolé !

TDSSKiller n'a rien trouvé :

Voilà le fichier OTL.txt :

-------------

OTL logfile created on: 16/01/2011 18:37:58 - Run 1

OTL by OldTimer - Version 3.2.20.2 Folder = C:\Documents and Settings\Maxime\Mes documents\Téléchargements

Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy

1 023,00 Mb Total Physical Memory | 528,00 Mb Available Physical Memory | 52,00% Memory free

2,00 Gb Paging File | 2,00 Gb Available in Paging File | 73,00% Paging File free

Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 233,75 Gb Total Space | 182,70 Gb Free Space | 78,16% Space Free | Partition Type: NTFS

Drive E: | 931,40 Gb Total Space | 687,64 Gb Free Space | 73,83% Space Free | Partition Type: FAT32

Computer Name: FAYOLLE-469C62F | User Name: Maxime | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/01/16 18:29:33 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Maxime\Mes documents\Téléchargements\OTL.exe

PRC - [2010/12/16 16:12:58 | 000,267,944 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe

PRC - [2010/10/22 16:47:26 | 000,524,288 | ---- | M] (Spigot, Inc.) -- C:\Program Files\Fichiers communs\Spigot\Search Settings\SearchSettings.exe

PRC - [2010/10/22 16:38:46 | 000,386,560 | ---- | M] (Spigot, Inc.) -- C:\Program Files\Application Updater\ApplicationUpdater.exe

PRC - [2010/08/17 13:39:03 | 000,135,336 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe

PRC - [2010/08/17 13:38:55 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe

PRC - [2010/08/13 11:58:56 | 000,144,672 | ---- | M] (Apple Inc.) -- C:\Program Files\Fichiers communs\Apple\Mobile Device Support\AppleMobileDeviceService.exe

PRC - [2010/05/14 10:44:46 | 000,248,552 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe

PRC - [2010/01/14 22:11:14 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe

PRC - [2008/04/14 03:34:03 | 001,037,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe

PRC - [2004/11/02 20:24:46 | 000,032,768 | ---- | M] (Cyberlink Corp.) -- C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe

========== Modules (SafeList) ==========

MOD - [2011/01/16 18:29:33 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Maxime\Mes documents\Téléchargements\OTL.exe

MOD - [2010/08/23 17:12:39 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll

========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)

SRV - [2010/12/16 16:12:58 | 000,267,944 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)

SRV - [2010/10/22 16:38:46 | 000,386,560 | ---- | M] (Spigot, Inc.) [Auto | Running] -- C:\Program Files\Application Updater\ApplicationUpdater.exe -- (Application Updater)

SRV - [2010/08/17 13:39:03 | 000,135,336 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)

SRV - [2010/08/13 11:58:56 | 000,144,672 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Fichiers communs\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)

SRV - [2006/05/12 14:04:08 | 000,439,248 | ---- | M] (RealVNC Ltd.) [Auto | Stopped] -- C:\Program Files\RealVNC\VNC4\WinVNC4.exe -- (WinVNC4)

SRV - [2004/10/22 13:42:44 | 000,049,152 | ---- | M] (Alpha Networks Inc.) [Auto | Stopped] -- C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe -- (ANIWZCSdService)

SRV - [2004/10/22 03:24:18 | 000,073,728 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT)

========== Driver Services (SafeList) ==========

DRV - [2010/12/16 16:13:01 | 000,135,096 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)

DRV - [2010/12/16 16:13:00 | 000,061,960 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)

DRV - [2010/06/17 15:28:02 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)

DRV - [2010/06/17 15:27:52 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)

DRV - [2009/11/28 16:54:46 | 004,524,544 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)

DRV - [2009/06/10 17:01:35 | 000,025,280 | ---- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hamachi.sys -- (hamachi)

DRV - [2008/04/13 19:45:12 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio) Pilote USB audio (WDM)

DRV - [2008/04/13 17:36:05 | 000,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)

DRV - [2007/05/09 20:51:34 | 000,041,888 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LVUSBSta.sys -- (LVUSBSta)

DRV - [2007/05/09 20:47:00 | 001,276,832 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LV302V32.SYS -- (PID_PEPI) Logitech QuickCam IM(PID_PEPI)

DRV - [2006/09/05 21:06:28 | 000,018,704 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\se59nd5.sys -- (se59nd5) Sony Ericsson Device 089 USB Ethernet Emulation SEMC59 (NDIS)

DRV - [2006/09/05 19:09:26 | 000,086,432 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\se59obex.sys -- (se59obex)

DRV - [2006/09/05 19:08:40 | 000,088,624 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\se59mgmt.sys -- (se59mgmt) Sony Ericsson Device 089 USB WMC Device Management Drivers (WDM)

DRV - [2006/09/05 19:07:52 | 000,097,088 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\se59mdm.sys -- (se59mdm)

DRV - [2006/09/05 19:07:48 | 000,009,360 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\se59mdfl.sys -- (se59mdfl)

DRV - [2006/09/05 19:07:00 | 000,061,536 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\se59bus.sys -- (se59bus) Sony Ericsson Device 089 driver (WDM)

DRV - [2006/09/05 19:06:22 | 000,090,800 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\se59unic.sys -- (se59unic) Sony Ericsson Device 089 USB Ethernet Emulation SEMC59 (WDM)

DRV - [2005/11/03 15:40:07 | 000,063,488 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\sfvfs02.sys -- (sfvfs02) StarForce Protection VFS Driver (version 2.x)

DRV - [2005/09/01 06:52:50 | 000,176,640 | R--- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\e1e5132.sys -- (e1express) Intel®

DRV - [2005/08/10 13:44:04 | 000,050,688 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\sfdrv01.sys -- (sfdrv01) StarForce Protection Environment Driver (version 1.x)

DRV - [2005/05/16 14:20:39 | 000,006,656 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\sfhlp02.sys -- (sfhlp02) StarForce Protection Helper Driver (version 2.x)

DRV - [2005/05/04 10:18:26 | 002,951,680 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)

DRV - [2005/03/04 06:34:40 | 000,025,424 | R--- | M] (Integrated Technology Express, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\iteatapi.sys -- (iteatapi)

DRV - [2004/08/24 21:42:00 | 000,319,104 | R--- | M] (Ralink Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\rt61.sys -- (RT61)

DRV - [2004/08/13 03:56:20 | 000,005,810 | R--- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ASACPI.sys -- (MTsensor)

DRV - [2004/07/27 11:20:46 | 000,028,205 | ---- | M] (Alpha Networks Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\ANIO.sys -- (ANIO)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = Google Toolbar

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = cherche.us

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = Recherche Web

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = MSN : Hotmail, Messenger, Bing, Actualité et Sport

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = MSN : Hotmail, Messenger, Bing, Actualité et Sport

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = fr

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = FA 92 C9 8A 2A 4B CA 01 [binary data]

IE - HKCU\..\URLSearchHook: {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - Reg Error: Key error. File not found

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultthis.engineName: "Elf 1 Customized Web Search"

FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2856415&SearchSource=3&q={searchTerms}"

FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=302398"

FF - prefs.js..browser.startup.homepage: "http://www.google.fr"

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21

FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23

FF - prefs.js..keyword.URL: "http://google.cherche.us/Result.php?client=pub-0420647136319153&cof=GIMP%3A009900%3BT%3A000000%3BALC%3A551a8b%3BGFNT%3AB7B7B7%3BLC%3A2200cc%3BBGC%3AFFFFFF%3BVLC%3A551a8b%3BGALT%3A008B45%3BFORID%3A11%3BDIV%3A%23FFFFF0%3B&ie=ISO-8859-1&q="

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/12/10 15:17:55 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/12/10 15:17:55 | 000,000,000 | ---D | M]

[2009/02/19 17:48:52 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Maxime\Application Data\Mozilla\Extensions

[2009/02/19 17:48:52 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Maxime\Application Data\Mozilla\Extensions\mozswing@mozswing.org

[2011/01/16 12:24:59 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Maxime\Application Data\Mozilla\Firefox\Profiles\aei5zivu.default\extensions

[2010/04/28 10:14:51 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Maxime\Application Data\Mozilla\Firefox\Profiles\aei5zivu.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}

[2010/11/18 16:42:31 | 000,000,000 | ---D | M] (Battlefield Heroes Updater) -- C:\Documents and Settings\Maxime\Application Data\Mozilla\Firefox\Profiles\aei5zivu.default\extensions\battlefieldheroespatcher@ea.com

[2009/10/18 17:59:41 | 000,001,587 | ---- | M] () -- C:\Documents and Settings\Maxime\Application Data\Mozilla\Firefox\Profiles\aei5zivu.default\searchplugins\cherche.xml

[2010/12/01 17:22:54 | 000,000,913 | ---- | M] () -- C:\Documents and Settings\Maxime\Application Data\Mozilla\Firefox\Profiles\aei5zivu.default\searchplugins\conduit.xml

[2011/01/16 12:24:59 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions

[2010/07/14 10:55:55 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

[2010/08/10 13:21:24 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}

[2011/01/10 13:54:01 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}

[2008/12/30 16:21:26 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF

[2010/11/12 18:53:06 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll

[2010/10/27 06:39:58 | 000,001,516 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-france.xml

[2010/10/27 06:39:58 | 000,001,822 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\cnrtl-tlfi-fr.xml

[2010/10/27 06:39:58 | 000,000,757 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-france.xml

[2010/10/27 06:39:58 | 000,001,426 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-fr.xml

[2010/10/27 06:39:58 | 000,000,956 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-france.xml

O1 HOSTS File: ([2006/03/02 13:00:00 | 000,000,790 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O2 - BHO: (Aide pour le lien d'Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)

O2 - BHO: (Programme d'aide de l'Assistant de connexion Windows Live) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)

O2 - BHO: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\IE\4.1\pdfforgeToolbarIE.dll (Spigot, Inc.)

O3 - HKLM\..\Toolbar: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\IE\4.1\pdfforgeToolbarIE.dll (Spigot, Inc.)

O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.

O4 - HKLM..\Run: [] File not found

O4 - HKLM..\Run: [Adobe ARM] C:\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)

O4 - HKLM..\Run: [KernelFaultCheck] File not found

O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)

O4 - HKLM..\Run: [RemoteControl] C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe (Cyberlink Corp.)

O4 - HKLM..\Run: [searchSettings] C:\Program Files\Fichiers communs\Spigot\Search Settings\SearchSettings.exe (Spigot, Inc.)

O4 - HKLM..\Run: [sunJavaUpdateSched] C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)

O4 - HKCU..\Run: [Pando Media Booster] C:\Program Files\Pando Networks\Media Booster\PMB.exe ()

O4 - Startup: C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O9 - Extra Button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

O15 - HKCU\..Trusted Domains: chat-land.org ([]* in Trusted sites)

O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)

O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.aka...vex-2.2.5.0.cab (DLM Control)

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.micros...b?1167497917046 (WUWebControl Class)

O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx...owserPlugin.cab (Reg Error: Key error.)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)

O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab (Reg Error: Key error.)

O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)

O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.ma...ash/swflash.cab (Shockwave Flash Object)

O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\msdaipp.dll (Microsoft Corporation)

O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\msdaipp.dll (Microsoft Corporation)

O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\msdaipp.dll (Microsoft Corporation)

O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\msdaipp.dll (Microsoft Corporation)

O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\msdaipp.dll (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\msdaipp.dll (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\msdaipp.dll (Microsoft Corporation)

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Fichiers communs\Skype\Skype4COM.dll (Skype Technologies)

O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)

O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)

O24 - Desktop Components:0 (Ma page d'accueil) - About:Home

O24 - Desktop WallPaper: C:\Documents and Settings\Maxime\Local Settings\Application Data\Microsoft\Wallpaper1.bmp

O24 - Desktop BackupWallPaper: C:\Documents and Settings\Maxime\Local Settings\Application Data\Microsoft\Wallpaper1.bmp

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2006/12/30 15:49:38 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O33 - MountPoints2\{4cba2057-bd1c-11df-b319-0015f2bbb20f}\Shell\AutoRun\command - "" = i8ikdjwt.exe

O33 - MountPoints2\{4cba2057-bd1c-11df-b319-0015f2bbb20f}\Shell\open\Command - "" = i8ikdjwt.exe

O33 - MountPoints2\{ab00bad6-f407-11de-b097-00179ab22f2c}\Shell - "" = AutoRun

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = ComFile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found

NetSvcs: AppMgmt - File not found

NetSvcs: Ias - File not found

NetSvcs: Iprip - File not found

NetSvcs: Irmon - File not found

NetSvcs: NWCWorkstation - File not found

NetSvcs: Nwsapagent - File not found

NetSvcs: WmdmPmSp - File not found

Drivers32: msacm.ac3acm - C:\WINDOWS\System32\ac3acm.acm (fccHandler)

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)

Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)

Drivers32: msacm.lameacm - C:\WINDOWS\System32\lameACM.acm (http://www.mp3dev.org/)

Drivers32: msacm.lhacm - C:\WINDOWS\System32\lhacm.acm (Microsoft Corporation)

Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)

Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)

Drivers32: MSVideo - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)

Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)

Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)

Drivers32: vidc.DIVX - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)

Drivers32: VIDC.FFDS - C:\WINDOWS\System32\ff_vfw.dll ()

Drivers32: VIDC.I420 - C:\WINDOWS\System32\lvcodec2.dll (Logitech Inc.)

Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()

Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()

Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)

Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)

Drivers32: VIDC.XVID - C:\WINDOWS\System32\xvidvfw.dll ()

Drivers32: vidc.yv12 - C:\WINDOWS\System32\yv12vfw.dll (www.helixcommunity.org)

CREATERESTOREPOINT

Restore point Set: OTL Restore Point (16902109354000384)

========== Files/Folders - Created Within 30 Days ==========

[2011/01/12 15:38:30 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Maxime\Recent

[2011/01/12 15:10:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Everest

[2011/01/12 14:49:28 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Maxime\Menu Démarrer\Programmes\Outils d'administration

[2011/01/10 15:13:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Steam

[2011/01/10 15:12:54 | 000,000,000 | ---D | C] -- C:\Program Files\Steam

[2011/01/10 13:53:58 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe

[2011/01/10 13:53:58 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe

[2011/01/10 13:53:58 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe

[2011/01/07 14:29:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Skype

[2011/01/07 14:29:55 | 000,000,000 | ---D | C] -- C:\Program Files\Fichiers communs\Skype

[2011/01/01 20:56:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Adobe Acrobat

[2011/01/01 20:56:48 | 000,000,000 | ---D | C] -- C:\Acrobat3

[2011/01/01 20:53:04 | 000,302,592 | ---- | C] (InstallShield Corporation, Inc.) -- C:\WINDOWS\unin040c.exe

[2011/01/01 20:50:44 | 000,000,000 | ---D | C] -- C:\Program Files\3DO

[2010/12/29 19:35:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Maxime\Mes documents\TmForever

[1998/08/24 08:31:44 | 000,018,944 | ---- | C] ( ) -- C:\WINDOWS\System32\IMPLODE.DLL

[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

[1 C:\Documents and Settings\Maxime\*.tmp files -> C:\Documents and Settings\Maxime\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/01/16 18:36:51 | 000,957,318 | ---- | M] () -- C:\Documents and Settings\Maxime\Mes documents\Sans titre.jpg

[2011/01/16 15:44:47 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2011/01/16 15:44:39 | 000,000,310 | ---- | M] () -- C:\WINDOWS\tasks\RegistryBooster.job

[2011/01/16 12:53:08 | 000,002,177 | ---- | M] () -- C:\Documents and Settings\Maxime\Application Data\Microsoft\Internet Explorer\Quick Launch\Steam.lnk

[2011/01/16 10:11:53 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2011/01/15 23:05:38 | 000,928,678 | ---- | M] () -- C:\Documents and Settings\Maxime\Mes documents\scan-results.bmp

[2011/01/15 17:38:09 | 000,098,304 | ---- | M] () -- C:\Documents and Settings\Maxime\Mes documents\Bonjour Cake.doc

[2011/01/15 11:11:48 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini

[2011/01/14 19:33:33 | 000,002,194 | ---- | M] () -- C:\WINDOWS\ACROREAD.INI

[2011/01/14 12:11:27 | 000,000,008 | ---- | M] () -- C:\Documents and Settings\Maxime\Application Data\DofusAppId0_2

[2011/01/14 12:10:47 | 000,000,197 | ---- | M] () -- C:\Documents and Settings\Maxime\Application Data\D2Info0

[2011/01/12 16:53:11 | 000,000,008 | ---- | M] () -- C:\Documents and Settings\Maxime\Application Data\DofusAppId0_1

[2011/01/12 16:26:55 | 000,227,840 | ---- | M] () -- C:\Documents and Settings\Maxime\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2010/12/29 12:19:33 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat

[2010/12/26 20:18:08 | 000,015,088 | -H-- | M] () -- C:\WINDOWS\System32\mlfcache.dat

[2010/12/26 12:34:26 | 000,000,046 | ---- | M] () -- C:\WINDOWS\System32\bl2.ini

[2010/12/24 14:47:11 | 000,139,080 | ---- | M] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys

[2010/12/24 14:46:45 | 000,270,240 | ---- | M] () -- C:\WINDOWS\System32\PnkBstrB.xtr

[2010/12/23 22:47:16 | 000,270,240 | ---- | M] () -- C:\WINDOWS\System32\PnkBstrB.ex0

[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

[1 C:\Documents and Settings\Maxime\*.tmp files -> C:\Documents and Settings\Maxime\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/01/16 18:36:50 | 000,957,318 | ---- | C] () -- C:\Documents and Settings\Maxime\Mes documents\Sans titre.jpg

[2011/01/15 23:05:38 | 000,928,678 | ---- | C] () -- C:\Documents and Settings\Maxime\Mes documents\scan-results.bmp

[2011/01/15 17:38:08 | 000,098,304 | ---- | C] () -- C:\Documents and Settings\Maxime\Mes documents\Bonjour Cake.doc

[2011/01/10 15:16:25 | 000,002,177 | ---- | C] () -- C:\Documents and Settings\Maxime\Application Data\Microsoft\Internet Explorer\Quick Launch\Steam.lnk

[2011/01/01 20:56:49 | 000,002,194 | ---- | C] () -- C:\WINDOWS\ACROREAD.INI

[2010/12/29 12:19:33 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat

[2010/11/18 20:51:24 | 000,138,056 | ---- | C] () -- C:\Documents and Settings\Maxime\Application Data\PnkBstrK.sys

[2010/09/20 17:41:47 | 000,116,224 | ---- | C] () -- C:\WINDOWS\System32\pdfcmnnt.dll

[2010/09/08 15:31:57 | 000,000,008 | ---- | C] () -- C:\Documents and Settings\Maxime\Application Data\DofusAppId1_1

[2010/09/08 10:09:44 | 000,000,205 | ---- | C] () -- C:\Documents and Settings\Maxime\Application Data\D2Info1

[2010/09/08 10:09:44 | 000,000,008 | ---- | C] () -- C:\Documents and Settings\Maxime\Application Data\DofusAppId1_2

[2010/08/01 14:01:40 | 000,165,376 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll

[2010/08/01 14:01:39 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini

[2010/08/01 14:01:37 | 000,790,528 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll

[2010/08/01 14:01:37 | 000,134,144 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll

[2010/08/01 14:01:36 | 000,108,032 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll

[2010/06/03 12:55:35 | 000,000,046 | ---- | C] () -- C:\WINDOWS\System32\bl2.ini

[2009/12/15 20:28:32 | 000,000,197 | ---- | C] () -- C:\Documents and Settings\Maxime\Application Data\D2Info3

[2009/12/15 20:28:32 | 000,000,008 | ---- | C] () -- C:\Documents and Settings\Maxime\Application Data\DofusAppId3_5

[2009/12/04 21:47:09 | 000,000,008 | ---- | C] () -- C:\Documents and Settings\Maxime\Application Data\DofusAppId0_5

[2009/12/04 20:13:18 | 000,000,008 | ---- | C] () -- C:\Documents and Settings\Maxime\Application Data\DofusAppId0_4

[2009/12/04 20:06:25 | 000,000,008 | ---- | C] () -- C:\Documents and Settings\Maxime\Application Data\DofusAppId0_3

[2009/12/03 18:36:57 | 000,000,008 | ---- | C] () -- C:\Documents and Settings\Maxime\Application Data\DofusAppId0_2

[2009/12/03 18:35:42 | 000,000,197 | ---- | C] () -- C:\Documents and Settings\Maxime\Application Data\D2Info0

[2009/12/03 18:35:42 | 000,000,008 | ---- | C] () -- C:\Documents and Settings\Maxime\Application Data\DofusAppId0_1

[2009/08/03 12:13:17 | 000,139,080 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys

[2009/02/07 15:50:40 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\iyvu9_32.dll

[2008/12/03 16:23:12 | 000,000,709 | ---- | C] () -- C:\WINDOWS\elysee.ini

[2008/11/15 11:22:54 | 000,000,129 | ---- | C] () -- C:\Documents and Settings\Maxime\Local Settings\Application Data\fusioncache.dat

[2008/10/09 15:48:14 | 000,354,816 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll

[2008/02/07 18:54:25 | 000,001,755 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache

[2008/02/07 18:22:34 | 000,399,360 | ---- | C] () -- C:\WINDOWS\System32\Smab.dll

[2008/02/07 18:22:33 | 000,027,648 | ---- | C] () -- C:\WINDOWS\System32\AVSredirect.dll

[2007/11/29 23:30:28 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll

[2007/05/09 19:35:54 | 000,057,126 | ---- | C] () -- C:\WINDOWS\System32\lvcoinst.ini

[2007/02/13 10:06:07 | 000,227,840 | ---- | C] () -- C:\Documents and Settings\Maxime\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2007/01/08 00:21:35 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini

[2007/01/07 20:03:15 | 000,000,379 | ---- | C] () -- C:\WINDOWS\ODBC.INI

[2007/01/06 18:56:05 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\JJAKEn.dll

[2007/01/06 18:44:20 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\WLANUTL.dll

[2007/01/02 10:20:56 | 000,040,960 | ---- | C] () -- C:\Program Files\Uninstall_CDS.exe

[2006/12/30 17:36:56 | 000,156,672 | ---- | C] () -- C:\WINDOWS\System32\RTLCPAPI.dll

[2006/12/30 16:33:34 | 000,004,205 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI

[2006/12/30 16:13:05 | 000,019,470 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini

[2006/12/30 16:13:05 | 000,005,810 | R--- | C] () -- C:\WINDOWS\System32\drivers\ASACPI.sys

[2006/12/30 16:13:02 | 000,005,824 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS

[1999/03/11 20:07:22 | 000,299,008 | ---- | C] () -- C:\WINDOWS\System32\CRUTL14.DLL

[1999/01/22 20:46:58 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.* >

[2006/12/30 15:49:38 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT

[2006/12/30 15:43:55 | 000,000,216 | ---- | M] () -- C:\Boot.bak

[2010/11/03 14:42:56 | 000,000,286 | RHS- | M] () -- C:\boot.ini

[2006/03/02 13:00:00 | 000,004,952 | RHS- | M] () -- C:\Bootfont.bin

[2004/08/03 23:00:08 | 000,263,488 | ---- | M] () -- C:\cmldr

[2009/12/27 15:33:00 | 000,018,281 | ---- | M] () -- C:\ComboFix.txt

[2006/12/30 15:49:38 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS

[2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1028.txt

[2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1031.txt

[2007/11/07 08:00:40 | 000,010,134 | ---- | M] () -- C:\eula.1033.txt

[2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1036.txt

[2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1040.txt

[2007/11/07 08:00:40 | 000,000,118 | ---- | M] () -- C:\eula.1041.txt

[2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1042.txt

[2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.2052.txt

[2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.3082.txt

[2007/11/07 08:00:40 | 000,001,110 | ---- | M] () -- C:\globdata.ini

[2007/11/07 08:03:18 | 000,562,688 | ---- | M] (Microsoft Corporation) -- C:\install.exe

[2007/11/07 08:00:40 | 000,000,843 | ---- | M] () -- C:\install.ini

[2007/11/07 08:03:18 | 000,076,304 | ---- | M] (Microsoft Corporation) -- C:\install.res.1028.dll

[2007/11/07 08:03:18 | 000,096,272 | ---- | M] (Microsoft Corporation) -- C:\install.res.1031.dll

[2007/11/07 08:03:18 | 000,091,152 | ---- | M] (Microsoft Corporation) -- C:\install.res.1033.dll

[2007/11/07 08:03:18 | 000,097,296 | ---- | M] (Microsoft Corporation) -- C:\install.res.1036.dll

[2007/11/07 08:03:18 | 000,095,248 | ---- | M] (Microsoft Corporation) -- C:\install.res.1040.dll

[2007/11/07 08:03:18 | 000,081,424 | ---- | M] (Microsoft Corporation) -- C:\install.res.1041.dll

[2007/11/07 08:03:18 | 000,079,888 | ---- | M] (Microsoft Corporation) -- C:\install.res.1042.dll

[2007/11/07 08:03:18 | 000,075,792 | ---- | M] (Microsoft Corporation) -- C:\install.res.2052.dll

[2007/11/07 08:03:18 | 000,096,272 | ---- | M] (Microsoft Corporation) -- C:\install.res.3082.dll

[2006/12/30 15:49:38 | 000,000,000 | RHS- | M] () -- C:\IO.SYS

[2011/01/15 17:40:29 | 000,000,127 | ---- | M] () -- C:\mbam-error.txt

[2006/12/30 15:49:38 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS

[2006/03/02 13:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM

[2008/10/05 15:07:57 | 000,252,240 | RHS- | M] () -- C:\ntldr

[2011/01/16 10:11:42 | 1598,029,824 | -HS- | M] () -- C:\pagefile.sys

[2007/01/06 18:44:42 | 000,000,090 | ---- | M] () -- C:\Setup.log

[2011/01/16 18:32:58 | 000,001,986 | ---- | M] () -- C:\TDSSKiller.2.4.13.0_16.01.2011_18.31.14_log.txt

[2011/01/16 18:36:55 | 000,038,660 | ---- | M] () -- C:\TDSSKiller.2.4.13.0_16.01.2011_18.34.17_log.txt

[2007/11/07 08:00:40 | 000,005,686 | ---- | M] () -- C:\vcredist.bmp

[2007/11/07 08:09:22 | 001,442,522 | ---- | M] () -- C:\VC_RED.cab

[2007/11/07 08:12:28 | 000,232,960 | ---- | M] () -- C:\VC_RED.MSI

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >

[2008/04/14 03:33:21 | 001,267,200 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\comsvcs.dll

[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\System32\config\*.sav >

[2006/12/30 16:29:39 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav

[2006/12/30 16:29:38 | 000,638,976 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav

[2006/12/30 16:29:38 | 000,430,080 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %systemroot%\system32\drivers\*.sys /90 >

[2010/12/16 16:13:00 | 000,061,960 | ---- | M] (Avira GmbH) -- C:\WINDOWS\system32\drivers\avgntflt.sys

[2010/12/16 16:13:01 | 000,135,096 | ---- | M] (Avira GmbH) -- C:\WINDOWS\system32\drivers\avipbb.sys

[2010/11/02 16:17:02 | 000,040,960 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\ndproxy.sys

[2010/12/24 14:47:11 | 000,139,080 | ---- | M] () -- C:\WINDOWS\system32\drivers\PnkBstrK.sys

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2011-01-12 19:50:22

< dir /a:h C:\ /c >

No captured output from command...

< dir /a:h E:\ /c >

No captured output from command...

< End of report >

Et voici le fichier Extras.txt

--------------

OTL Extras logfile created on: 16/01/2011 18:37:58 - Run 1

OTL by OldTimer - Version 3.2.20.2 Folder = C:\Documents and Settings\Maxime\Mes documents\Téléchargements

Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy

1 023,00 Mb Total Physical Memory | 528,00 Mb Available Physical Memory | 52,00% Memory free

2,00 Gb Paging File | 2,00 Gb Available in Paging File | 73,00% Paging File free

Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 233,75 Gb Total Space | 182,70 Gb Free Space | 78,16% Space Free | Partition Type: NTFS

Drive E: | 931,40 Gb Total Space | 687,64 Gb Free Space | 73,83% Space Free | Partition Type: FAT32

Computer Name: FAYOLLE-469C62F | User Name: Maxime | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

exefile [open] -- "%1" %*

htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office\msohtmed.exe" %1 (Microsoft Corporation)

htmlfile [print] -- "C:\Program Files\Microsoft Office\Office\msohtmed.exe" /p %1 (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"FirstRunDisabled" = 1

"AntiVirusDisableNotify" = 0

"FirewallDisableNotify" = 0

"UpdatesDisableNotify" = 0

"AntiVirusOverride" = 1

"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]

"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]

"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]

"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]

"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004

"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005

"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001

"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

"57267:TCP" = 57267:TCP:*:Enabled:Pando Media Booster

"57267:UDP" = 57267:UDP:*:Enabled:Pando Media Booster

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = 0

"DoNotAllowExceptions" = 0

"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004

"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005

"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001

"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

"3724:TCP" = 3724:TCP:*:Enabled:Blizzard Downloader

"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007

"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008

"57267:TCP" = 57267:TCP:*:Enabled:Pando Media Booster

"57267:UDP" = 57267:UDP:*:Enabled:Pando Media Booster

"8394:TCP" = 8394:TCP:*:Enabled:League of Legends Launcher

"8394:UDP" = 8394:UDP:*:Enabled:League of Legends Launcher

"6939:TCP" = 6939:TCP:*:Enabled:League of Legends Launcher

"6939:UDP" = 6939:UDP:*:Enabled:League of Legends Launcher

"6900:TCP" = 6900:TCP:*:Enabled:League of Legends Launcher

"6900:UDP" = 6900:UDP:*:Enabled:League of Legends Launcher

"6919:TCP" = 6919:TCP:*:Enabled:League of Legends Launcher

"6919:UDP" = 6919:UDP:*:Enabled:League of Legends Launcher

"6911:TCP" = 6911:TCP:*:Enabled:League of Legends Launcher

"6911:UDP" = 6911:UDP:*:Enabled:League of Legends Launcher

"3306:TCP" = 3306:TCP:*:Enabled:MySQL Server

"6977:TCP" = 6977:TCP:*:Enabled:League of Legends Launcher

"6977:UDP" = 6977:UDP:*:Enabled:League of Legends Launcher

"8395:TCP" = 8395:TCP:*:Enabled:League of Legends Launcher

"8395:UDP" = 8395:UDP:*:Enabled:League of Legends Launcher

"6909:TCP" = 6909:TCP:*:Enabled:League of Legends Launcher

"6909:UDP" = 6909:UDP:*:Enabled:League of Legends Launcher

"6925:TCP" = 6925:TCP:*:Enabled:League of Legends Launcher

"6925:UDP" = 6925:UDP:*:Enabled:League of Legends Launcher

"3306:UDP" = 3306:UDP:*:Enabled:Mysql

"6886:TCP" = 6886:TCP:*:Enabled:League of Legends Launcher

"6886:UDP" = 6886:UDP:*:Enabled:League of Legends Launcher

"6963:TCP" = 6963:TCP:*:Enabled:League of Legends Launcher

"6963:UDP" = 6963:UDP:*:Enabled:League of Legends Launcher

"8396:TCP" = 8396:TCP:*:Enabled:League of Legends Launcher

"8396:UDP" = 8396:UDP:*:Enabled:League of Legends Launcher

"6989:TCP" = 6989:TCP:*:Enabled:League of Legends Launcher

"6989:UDP" = 6989:UDP:*:Enabled:League of Legends Launcher

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

"C:\Program Files\MSN Messenger\livecall.exe" = C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)

"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" = C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live FolderShare -- (Microsoft Corporation)

"C:\Program Files\Pando Networks\Media Booster\PMB.exe" = C:\Program Files\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster -- ()

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

"C:\WINDOWS\system32\dpnsvr.exe" = C:\WINDOWS\system32\dpnsvr.exe:*:Enabled:Microsoft DirectPlay8 Server -- (Microsoft Corporation)

"C:\games\RedFaction\rf.exe" = C:\games\RedFaction\rf.exe:*:Enabled:Red Faction

"C:\Documents and Settings\FAYOLLE\Bureau\Jeux\Romustrike\romustrike.exe" = C:\Documents and Settings\FAYOLLE\Bureau\Jeux\Romustrike\romustrike.exe:*:Enabled:romustrike -- ()

"C:\WINDOWS\system32\java.exe" = C:\WINDOWS\system32\java.exe:*:Enabled:Java™ Platform SE binary -- (Sun Microsystems, Inc.)

"C:\Program Files\TrackMania Nations ESWC\TmNationsESWC.exe" = C:\Program Files\TrackMania Nations ESWC\TmNationsESWC.exe:*:Enabled:TmNationsESWC

"C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files\Kaspersky Internet Security 7.0.1.325\French\setup.exe" = C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files\Kaspersky Internet Security 7.0.1.325\French\setup.exe:*:Enabled:Programme d'installation de Kaspersky Internet Security 7.0 -- (Kaspersky Lab)

"C:\WINDOWS\system32\dpvsetup.exe" = C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test -- (Microsoft Corporation)

"C:\Documents and Settings\Maxime\Bureau\Mes documents\Téléchut\Emule\emule.exe" = C:\Documents and Settings\Maxime\Bureau\Mes documents\Téléchut\Emule\emule.exe:*:Enabled:eMule

"C:\Program Files\Steam\SteamApps\fayollus\half-life 2 deathmatch\hl2.exe" = C:\Program Files\Steam\SteamApps\fayollus\half-life 2 deathmatch\hl2.exe:*:Enabled:hl2

"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" = C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live FolderShare -- (Microsoft Corporation)

"C:\Program Files\Java\jre6\bin\java.exe" = C:\Program Files\Java\jre6\bin\java.exe:*:Enabled:Java™ Platform SE binary -- (Sun Microsystems, Inc.)

"C:\Documents and Settings\Maxime\Mes documents\Téléchut\Emule\emule.exe" = C:\Documents and Settings\Maxime\Mes documents\Téléchut\Emule\emule.exe:*:Enabled:eMule -- (http://www.emule-project.net)

"C:\Program Files\Steam\SteamApps\fayollus\condition zero\hl.exe" = C:\Program Files\Steam\SteamApps\fayollus\condition zero\hl.exe:*:Enabled:Counter-Strike: Condition Zero

"C:\Program Files\TmNationsForever\TmForever.exe" = C:\Program Files\TmNationsForever\TmForever.exe:*:Enabled:TmForever

"C:\Program Files\Pando Networks\Media Booster\PMB.exe" = C:\Program Files\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster -- ()

"C:\Program Files\League of Legends\Air\LolClient.exe" = C:\Program Files\League of Legends\Air\LolClient.exe:*:Enabled:League of Legends Lobby -- (Adobe Systems Inc.)

"C:\Program Files\League of Legends\Game\League of Legends.exe" = C:\Program Files\League of Legends\Game\League of Legends.exe:*:Enabled:League of Legends Game Client -- ()

"C:\Program Files\Steam\SteamApps\fayollus\day of defeat source\hl2.exe" = C:\Program Files\Steam\SteamApps\fayollus\day of defeat source\hl2.exe:*:Enabled:Day of Defeat: Source

"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)

"C:\Program Files\RealVNC\VNC4\winvnc4.exe" = C:\Program Files\RealVNC\VNC4\winvnc4.exe:*:Enabled:VNC Server Free Edition for Win32 -- (RealVNC Ltd.)

"C:\Program Files\Steam\SteamApps\fayollus\counter-strike source\hl2.exe" = C:\Program Files\Steam\SteamApps\fayollus\counter-strike source\hl2.exe:*:Enabled:Counter-Strike: Source

"C:\Program Files\Steam\Steam.exe" = C:\Program Files\Steam\Steam.exe:*:Enabled:Steam -- (Valve Corporation)

"C:\Program Files\Steam\SteamApps\fayollus\counter-strike\hl.exe" = C:\Program Files\Steam\SteamApps\fayollus\counter-strike\hl.exe:*:Enabled:Counter-Strike -- (Valve)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{0000040C-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Premium

"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator

"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148

"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam

"{0738B08B-7AA6-4014-A1B4-DAB4317EFF4D}" = Convers3

"{0EA44599-1E9D-4517-A088-9588A9FAB211}" = AirPlus G

"{13A5E896-B3BC-4144-AD3C-0A90D5010E77}" = MySQL Server 5.1

"{15F4085A-BC98-4590-AFFD-03BBBE49524E}" = Garmin Communicator Plugin

"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate

"{1D13221B-42DE-4B3C-A43F-0F6AF3CF3DA2}" = Client Windows Rights Management avec Service Pack 2

"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = Multimedia Launcher

"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Outil de téléchargement Windows Live

"{2075CB0A-D26F-4DAA-B424-5079296B43BA}" = Windows Live FolderShare

"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT

"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java™ 6 Update 23

"{2CE5A2E7-3437-4CE7-BCF4-85ED6EEFF9E4}" = iTunes

"{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java™ SE Runtime Environment 6 Update 1

"{350C940c-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP

"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform

"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker

"{4634B21A-CC07-4396-890C-2B8168661FEA}" = Windows Live Writer

"{46ABBC54-1872-4AA3-95E2-F2C063A63F31}" = Installation Windows Live

"{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{4C590030-7469-453E-8589-D15DA9D03F52}" = ANIWZCS2 Service

"{5DD76286-9BE7-4894-A990-E905E91AC818}" = Windows Live Mail

"{65F9E1F3-A2C1-4AA9-9F33-A3AEB0255F0E}" = Garmin USB Drivers

"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD

"{7421E270-0140-4F62-AE39-ECB9F1C81B35}" = SAGEM Wi-Fi 11g USB adapter (Driver)

"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762

"{770F1BEC-2871-4E70-B837-FB8525FFA3B1}" = Windows Live Messenger

"{7B5CE976-C7A9-4E38-A7F3-6C8EF025DD8E}" = ANIO Service

"{82C7B308-0BDD-49D8-8EA5-9CD3A3F9DF41}" = Windows Live Call

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Graphics Media Accelerator Driver

"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting

"{9580813D-94B1-4C28-9426-A441E2BB29A5}" = Counter-Strike: Source

"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster

"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

"{9A394342-4A68-4EBA-85A6-55B559F4E700}" = Microsoft .NET Framework 1.1 French Language Pack

"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI

"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2

"{A7BA5663-08FD-41B1-8008-DD3C3752C2E5}" = Garmin City Navigator Europe NT 2010.20 Update

"{AA1AAAAA-FCDE-CCC1-2011-002018B881A4}" = FCPE BAL 2011

"{AA1B3AAA-FCDE-CCC1-2011-002018B881A4}" = FCPE BAL 2011 Mise à jour 11.00.09

"{AA1C3AAA-FCDE-CCC1-2011-002018B881A4}" = FCPE BAL 2011 Mise à jour 11.03.00

"{AA1C4AAA-FCDE-CCC1-2011-002018B881A4}" = FCPE BAL 2011 Mise à jour 11.03.01

"{AC76BA86-7AD7-1036-7B44-A82000000003}" = Adobe Reader 8.2.5 - Français

"{B131E59D-202C-43C6-84C9-68F0C37541F1}" = Galerie de photos Windows Live

"{B1BFDF6B-3C03-46fe-B5D7-BABB0063D8E0}" = pdfforge Toolbar v4.1

"{B97CF5C3-0487-11D8-A36E-0050BAE317E1}" = DVD Solution

"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2

"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update

"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1

"{CCA1EEA3-555E-4D05-AC46-4B49C6C5D887}" = Apple Mobile Device Support

"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1

"{DAEAFD68-BB4A-4507-A241-C8804D2EA66D}" = Apple Application Support

"{DBFFA3C5-1169-4235-85C3-1CDDB92F82FE}" = Quake Live Mozilla Plugin

"{DCE8CD14-FBF5-4464-B9A4-E18E473546C7}" = Assistant de connexion Windows Live

"{E2AA331E-E10E-438C-B1C0-24B2FFD3D9C4}" = SAGEM Wi-Fi 11g USB adapter (Driver)

"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update

"{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.1

"{E7004147-2CCA-431C-AA05-2AB166B9785D}" = QuickTime

"{EC905264-BCFE-423B-9C42-C3A106266790}" = SP2 de compatibilité descendante du client Windows Rights Management

"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]

"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard

"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver

"{F196AC50-7C95-42E1-9947-BDAB18BF3C8C}" = Microsoft .NET Framework 2.0 Language Pack - FRA

"{FF1C31AE-0CDC-40CE-AB85-406F8B70D643}" = Bonjour

"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022

"49CF605F02C7954F4E139D18828DE298CD59217C" = Windows Driver Package - Garmin (grmnusb) GARMIN Devices (06/03/2009 2.3.0.0)

"7-Zip" = 7-Zip 4.57

"Adobe Acrobat Reader 3.01" = Adobe Acrobat Reader 3.01

"Adobe AIR" = Adobe AIR

"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX

"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin

"Adobe Shockwave Player" = Adobe Shockwave Player

"Alive 3GP Video Converter_is1" = Alive 3GP Video Converter (version 1.8.2.

"ALUpdate_is1" = ALTools Update

"ATI Display Driver" = ATI Display Driver

"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus

"AviSynth" = AviSynth 2.5

"Dofus 1.28.0" = Dofus 1.28.0

"EVEREST Ultimate Edition_is1" = EVEREST Ultimate Edition v5.50

"Game Booster_is1" = Game Booster

"GeoGebra" = GeoGebra

"HijackThis" = HijackThis 2.0.2

"InstallShield_{0EA44599-1E9D-4517-A088-9588A9FAB211}" = AirPlus G

"KLiteCodecPack_is1" = K-Lite Codec Pack 6.2.0 (Full)

"League of Legends_is1" = League of Legends

"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware

"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1

"Microsoft .NET Framework 2.0 Language Pack - FRA" = Module de prise en charge linguistique de Microsoft .NET Framework 2.0 - FRA

"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1

"Mozilla Firefox (3.6.13)" = Mozilla Firefox (3.6.13)

"Natural Selection_is1" = Natural Selection 3.2

"Nero - Burning Rom!UninstallKey" = Nero OEM

"Ogg Codecs" = Ogg Codecs 0.81.15562

"PROSet" = Intel® PRO Network Connections Drivers

"PunkBusterSvc" = PunkBuster Services

"RealVNC_is1" = VNC Free Edition 4.1.2

"Steam App 10" = Counter-Strike

"Steam App 40800" = Super Meat Boy

"VLC media player" = VideoLAN VLC media player 0.8.6b

"Windows Media Format Runtime" = Windows Media Format 11 runtime

"Windows Media Player" = Lecteur Windows Media 11

"WinLiveSuite_Wave3" = Installation Windows Live

"YouTube Downloader App" = YouTube Downloader App 1.03

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"TeamSpeak 3 Client" = TeamSpeak 3 Client

========== Last 10 Event Log Errors ==========

[ Application Events ]

Error - 10/01/2011 17:54:20 | Computer Name = FAYOLLE-469C62F | Source = Application Hang | ID = 1002

Description = Application bloquée SuperMeatBoy.exe, version 0.0.0.0, module bloqué

hungapp, version 0.0.0.0, adresse de blocage 0x00000000.

Error - 12/01/2011 11:22:37 | Computer Name = FAYOLLE-469C62F | Source = Application Hang | ID = 1002

Description = Application bloquée firefox.exe, version 1.9.2.3989, module bloqué

hungapp, version 0.0.0.0, adresse de blocage 0x00000000.

Error - 14/01/2011 07:20:48 | Computer Name = FAYOLLE-469C62F | Source = Application Hang | ID = 1002

Description = Application bloquée SuperMeatBoy.exe, version 0.0.0.0, module bloqué

hungapp, version 0.0.0.0, adresse de blocage 0x00000000.

Error - 14/01/2011 09:44:51 | Computer Name = FAYOLLE-469C62F | Source = Bonjour Service | ID = 100

Description = 240: ERROR: read_msg errno 10054 (Une connexion existante a dû être

fermée par l'hôte distant.)

Error - 16/01/2011 05:21:26 | Computer Name = FAYOLLE-469C62F | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: Continuously busy for more than a second

Error - 16/01/2011 05:21:26 | Computer Name = FAYOLLE-469C62F | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: m->NextScheduledEvent 4000

Error - 16/01/2011 05:21:26 | Computer Name = FAYOLLE-469C62F | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: m->NextScheduledSPRetry 4000

Error - 16/01/2011 06:41:22 | Computer Name = FAYOLLE-469C62F | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: Continuously busy for more than a second

Error - 16/01/2011 06:41:22 | Computer Name = FAYOLLE-469C62F | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: m->NextScheduledEvent 4799516

Error - 16/01/2011 06:41:22 | Computer Name = FAYOLLE-469C62F | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: m->NextScheduledSPRetry 4799516

[ System Events ]

Error - 10/01/2011 17:23:27 | Computer Name = FAYOLLE-469C62F | Source = atapi | ID = 262153

Description = Le périphérique \Device\Ide\IdePort3 n'a pas répondu dans le délai

imparti.

Error - 10/01/2011 17:23:41 | Computer Name = FAYOLLE-469C62F | Source = atapi | ID = 262153

Description = Le périphérique \Device\Ide\IdePort3 n'a pas répondu dans le délai

imparti.

Error - 10/01/2011 17:23:56 | Computer Name = FAYOLLE-469C62F | Source = atapi | ID = 262153

Description = Le périphérique \Device\Ide\IdePort3 n'a pas répondu dans le délai

imparti.

Error - 10/01/2011 17:30:24 | Computer Name = FAYOLLE-469C62F | Source = Service Control Manager | ID = 7009

Description = Délai (30000 millisecondes) d'attente pour une connexion du service

Service COM de gravage de CD IMAPI.

Error - 10/01/2011 17:30:24 | Computer Name = FAYOLLE-469C62F | Source = Service Control Manager | ID = 7000

Description = Le service Service COM de gravage de CD IMAPI n'a pas pu démarrer

en raison de l'erreur : %%1053

Error - 12/01/2011 09:49:24 | Computer Name = FAYOLLE-469C62F | Source = atapi | ID = 262153

Description = Le périphérique \Device\Ide\IdePort3 n'a pas répondu dans le délai

imparti.

Error - 12/01/2011 09:49:24 | Computer Name = FAYOLLE-469C62F | Source = atapi | ID = 262153

Description = Le périphérique \Device\Ide\IdePort3 n'a pas répondu dans le délai

imparti.

Error - 12/01/2011 09:49:41 | Computer Name = FAYOLLE-469C62F | Source = atapi | ID = 262153

Description = Le périphérique \Device\Ide\IdePort3 n'a pas répondu dans le délai

imparti.

Error - 12/01/2011 09:49:52 | Computer Name = FAYOLLE-469C62F | Source = atapi | ID = 262153

Description = Le périphérique \Device\Ide\IdePort3 n'a pas répondu dans le délai

imparti.

Error - 13/01/2011 05:57:37 | Computer Name = FAYOLLE-469C62F | Source = Service Control Manager | ID = 7011

Description = Délai (30000 millisecondes) d'attente pour une réponse du service

AntiVirSchedulerService à une transaction.

< End of report >

ipl_001 · le 17 janvier 2011

Re,

Dans le sujet : Problème sûrement lié à un Virus ! -sujet bloq
lance_yien Aujourd'hui, 07:16

Cake, le 16 janvier 2011 - 18:56 , dit :

Hop, j'ai pu tout faire en suivant les indications. Par contre petit souci je n'arrive pas à séparer les 3 messages, à chaque fois que je veux poster une réponse différente, celle ci vient s'ajouter à la suite de la précédente...

Je sépare en gras les 2 rapports, j'ai pas réussi malgré plusieurs réeditions, désolé !

Désolé je ne saurai pas te dire le pourquoi de la chose et si ce type de problème est déjà arrivé sur le Forum.

Citation

TDSSKiller n'a rien trouvé

Il génère quand même un rapport (comme indiqué dans les instructions) qui contient des informations qui peuvent nous intéresser. Copie/ colle son contenu stp!

J'analyse tes rapport et te donnerai la suite des instructions après avoir vu TDSSKiller.

Dans le sujet : Problème sûrement lié à un Virus !
Cake Aujourd'hui, 09:22

Exact ! Désolé, j'avais mal vu, voici le rapport :

---------------

2011/01/17 09:20:06.0693 TDSS rootkit removing tool 2.4.13.0 Jan 12 2011 09:51:11

2011/01/17 09:20:06.0693 ================================================================================

2011/01/17 09:20:06.0693 SystemInfo:

2011/01/17 09:20:06.0693

2011/01/17 09:20:06.0693 OS Version: 5.1.2600 ServicePack: 3.0

2011/01/17 09:20:06.0693 Product type: Workstation

2011/01/17 09:20:06.0693 ComputerName: FAYOLLE-469C62F

2011/01/17 09:20:06.0693 UserName: Maxime

2011/01/17 09:20:06.0693 Windows directory: C:\WINDOWS

2011/01/17 09:20:06.0693 System windows directory: C:\WINDOWS

2011/01/17 09:20:06.0693 Processor architecture: Intel x86

2011/01/17 09:20:06.0693 Number of processors: 2

2011/01/17 09:20:06.0693 Page size: 0x1000

2011/01/17 09:20:06.0693 Boot type: Normal boot

2011/01/17 09:20:06.0693 ================================================================================

2011/01/17 09:20:07.0068 Initialize success

2011/01/17 09:20:10.0287 ================================================================================

2011/01/17 09:20:10.0287 Scan started

2011/01/17 09:20:10.0287 Mode: Manual;

2011/01/17 09:20:10.0287 ================================================================================

2011/01/17 09:20:12.0818 ACPI (e5e6dbfc41ea8aad005cb9a57a96b43b) C:\WINDOWS\system32\DRIVERS\ACPI.sys

2011/01/17 09:20:13.0083 ACPIEC (e4abc1212b70bb03d35e60681c447210) C:\WINDOWS\system32\drivers\ACPIEC.sys

2011/01/17 09:20:13.0614 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys

2011/01/17 09:20:14.0145 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys

2011/01/17 09:20:16.0083 ANIO (4a5c7eaefa4c43d139c402c6da5bfd2c) C:\WINDOWS\system32\ANIO.SYS

2011/01/17 09:20:17.0051 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys

2011/01/17 09:20:17.0317 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys

2011/01/17 09:20:19.0176 ati2mtag (876f538ffb9fbc769dfd7df9d62e6065) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys

2011/01/17 09:20:19.0504 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys

2011/01/17 09:20:19.0754 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys

2011/01/17 09:20:19.0957 avgio (0b497c79824f8e1bf22fa6aacd3de3a0) C:\Program Files\Avira\AntiVir Desktop\avgio.sys

2011/01/17 09:20:20.0598 avgntflt (47b879406246ffdced59e18d331a0e7d) C:\WINDOWS\system32\DRIVERS\avgntflt.sys

2011/01/17 09:20:21.0176 avipbb (c306f96b5eac2d58774780ec4af5467b) C:\WINDOWS\system32\DRIVERS\avipbb.sys

2011/01/17 09:20:21.0723 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys

2011/01/17 09:20:22.0660 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys

2011/01/17 09:20:23.0191 CCDECODE (fdc06e2ada8c468ebb161624e03976cf) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys

2011/01/17 09:20:24.0348 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys

2011/01/17 09:20:25.0082 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys

2011/01/17 09:20:25.0847 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys

2011/01/17 09:20:28.0378 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys

2011/01/17 09:20:28.0863 dmboot (f5deadd42335fb33edca74ecb2f36cba) C:\WINDOWS\system32\drivers\dmboot.sys

2011/01/17 09:20:29.0191 dmio (5a7c47c9b3f9fb92a66410a7509f0c71) C:\WINDOWS\system32\drivers\dmio.sys

2011/01/17 09:20:29.0441 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys

2011/01/17 09:20:29.0691 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys

2011/01/17 09:20:30.0175 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys

2011/01/17 09:20:30.0503 e1express (4590c6fe0b9fee3ef6592df041c6cde7) C:\WINDOWS\system32\DRIVERS\e1e5132.sys

2011/01/17 09:20:30.0831 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys

2011/01/17 09:20:31.0066 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys

2011/01/17 09:20:31.0300 Fips (31f923eb2170fc172c81abda0045d18c) C:\WINDOWS\system32\drivers\Fips.sys

2011/01/17 09:20:31.0519 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys

2011/01/17 09:20:31.0815 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys

2011/01/17 09:20:32.0034 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys

2011/01/17 09:20:32.0284 Ftdisk (a86859b77b908c18c2657f284aa29fe3) C:\WINDOWS\system32\DRIVERS\ftdisk.sys

2011/01/17 09:20:32.0534 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys

2011/01/17 09:20:32.0847 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys

2011/01/17 09:20:33.0097 grmnusb (6003bc70f1a8307262bd3c941bda0b7e) C:\WINDOWS\system32\drivers\grmnusb.sys

2011/01/17 09:20:33.0362 hamachi (7929a161f9951d173ca9900fe7067391) C:\WINDOWS\system32\DRIVERS\hamachi.sys

2011/01/17 09:20:33.0643 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys

2011/01/17 09:20:33.0909 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys

2011/01/17 09:20:34.0456 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys

2011/01/17 09:20:35.0143 i8042prt (a09bdc4ed10e3b2e0ec27bb94af32516) C:\WINDOWS\system32\DRIVERS\i8042prt.sys

2011/01/17 09:20:35.0628 ialm (0294a30b302ca71a2c26e582dda93486) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys

2011/01/17 09:20:35.0971 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys

2011/01/17 09:20:37.0330 IntcAzAudAddService (b3ed6daa38bdffa48e453d7d6007ce1b) C:\WINDOWS\system32\drivers\RtkHDAud.sys

2011/01/17 09:20:37.0862 intelppm (ad340800c35a42d4de1641a37feea34c) C:\WINDOWS\system32\DRIVERS\intelppm.sys

2011/01/17 09:20:38.0158 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys

2011/01/17 09:20:38.0408 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys

2011/01/17 09:20:38.0674 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys

2011/01/17 09:20:38.0987 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys

2011/01/17 09:20:39.0268 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys

2011/01/17 09:20:39.0533 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys

2011/01/17 09:20:39.0799 isapnp (355836975a67b6554bca60328cd6cb74) C:\WINDOWS\system32\DRIVERS\isapnp.sys

2011/01/17 09:20:40.0049 iteatapi (1fb76eb4caa25d493b20781f7cdd6818) C:\WINDOWS\system32\DRIVERS\iteatapi.sys

2011/01/17 09:20:40.0315 Kbdclass (16813155807c6881f4bfbf6657424659) C:\WINDOWS\system32\DRIVERS\kbdclass.sys

2011/01/17 09:20:40.0564 kbdhid (94c59cb884ba010c063687c3a50dce8e) C:\WINDOWS\system32\DRIVERS\kbdhid.sys

2011/01/17 09:20:40.0861 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys

2011/01/17 09:20:41.0174 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys

2011/01/17 09:20:41.0642 LVUSBSta (9e9306063ecd8aa91b3fb76678d3cee2) C:\WINDOWS\system32\DRIVERS\LVUSBSta.sys

2011/01/17 09:20:41.0908 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys

2011/01/17 09:20:42.0158 Modem (510ade9327fe84c10254e1902697e25f) C:\WINDOWS\system32\drivers\Modem.sys

2011/01/17 09:20:42.0424 Mouclass (027c01bd7ef3349aaebc883d8a799efb) C:\WINDOWS\system32\DRIVERS\mouclass.sys

2011/01/17 09:20:42.0674 mouhid (124d6846040c79b9c997f78ef4b2a4e5) C:\WINDOWS\system32\DRIVERS\mouhid.sys

2011/01/17 09:20:42.0939 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys

2011/01/17 09:20:43.0439 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys

2011/01/17 09:20:43.0861 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys

2011/01/17 09:20:44.0205 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys

2011/01/17 09:20:44.0502 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys

2011/01/17 09:20:44.0783 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys

2011/01/17 09:20:45.0033 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys

2011/01/17 09:20:45.0267 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys

2011/01/17 09:20:45.0501 MSTEE (d5059366b361f0e1124753447af08aa2) C:\WINDOWS\system32\drivers\MSTEE.sys

2011/01/17 09:20:45.0751 MTsensor (d48659bb24c48345d926ecb45c1ebdf5) C:\WINDOWS\system32\DRIVERS\ASACPI.sys

2011/01/17 09:20:46.0033 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys

2011/01/17 09:20:46.0329 NABTSFEC (ac31b352ce5e92704056d409834beb74) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys

2011/01/17 09:20:46.0689 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys

2011/01/17 09:20:47.0033 NdisIP (abd7629cf2796250f315c1dd0b6cf7a0) C:\WINDOWS\system32\DRIVERS\NdisIP.sys

2011/01/17 09:20:47.0267 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys

2011/01/17 09:20:47.0501 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys

2011/01/17 09:20:47.0814 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys

2011/01/17 09:20:48.0126 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys

2011/01/17 09:20:48.0361 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys

2011/01/17 09:20:48.0642 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys

2011/01/17 09:20:49.0032 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys

2011/01/17 09:20:49.0439 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys

2011/01/17 09:20:49.0845 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys

2011/01/17 09:20:50.0126 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys

2011/01/17 09:20:50.0392 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys

2011/01/17 09:20:50.0673 Parport (8fd0bdbea875d06ccf6c945ca9abaf75) C:\WINDOWS\system32\DRIVERS\parport.sys

2011/01/17 09:20:50.0970 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys

2011/01/17 09:20:51.0188 ParVdm (9575c5630db8fb804649a6959737154c) C:\WINDOWS\system32\drivers\ParVdm.sys

2011/01/17 09:20:51.0626 PCI (043410877bda580c528f45165f7125bc) C:\WINDOWS\system32\DRIVERS\pci.sys

2011/01/17 09:20:52.0094 PCIIde (f4bfde7209c14a07aaa61e4d6ae69eac) C:\WINDOWS\system32\DRIVERS\pciide.sys

2011/01/17 09:20:52.0376 Pcmcia (f0406cbc60bdb0394a0e17ffb04cdd3d) C:\WINDOWS\system32\drivers\Pcmcia.sys

2011/01/17 09:20:54.0454 PID_PEPI (0da6c5e0c8da6cebe52daacfe7ae9de6) C:\WINDOWS\system32\DRIVERS\LV302V32.SYS

2011/01/17 09:20:55.0172 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys

2011/01/17 09:20:55.0422 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys

2011/01/17 09:20:55.0672 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys

2011/01/17 09:20:55.0938 PxHelp20 (d86b4a68565e444d76457f14172c875a) C:\WINDOWS\system32\Drivers\PxHelp20.sys

2011/01/17 09:20:57.0235 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys

2011/01/17 09:20:57.0469 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys

2011/01/17 09:20:57.0719 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys

2011/01/17 09:20:58.0000 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys

2011/01/17 09:20:58.0313 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys

2011/01/17 09:20:58.0641 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys

2011/01/17 09:20:58.0937 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys

2011/01/17 09:20:59.0281 redbook (d8eb2a7904db6c916eb5361878ddcbae) C:\WINDOWS\system32\DRIVERS\redbook.sys

2011/01/17 09:20:59.0641 RT61 (620c5a44f34df1bce2a63a66534f0df7) C:\WINDOWS\system32\DRIVERS\RT61.sys

2011/01/17 09:21:00.0047 se59bus (7c38fc284136981ebe002252fa0900d3) C:\WINDOWS\system32\DRIVERS\se59bus.sys

2011/01/17 09:21:00.0312 se59mdfl (3ced539f4373ccf8d3fe71ae51053d5d) C:\WINDOWS\system32\DRIVERS\se59mdfl.sys

2011/01/17 09:21:00.0578 se59mdm (c6a6aa039d14f2ea1998e5f922014067) C:\WINDOWS\system32\DRIVERS\se59mdm.sys

2011/01/17 09:21:00.0844 se59mgmt (7eecfa334292b1cd8de4990b63e02360) C:\WINDOWS\system32\DRIVERS\se59mgmt.sys

2011/01/17 09:21:01.0125 se59nd5 (555895a241611c59ce057c42bc8b6e85) C:\WINDOWS\system32\DRIVERS\se59nd5.sys

2011/01/17 09:21:01.0422 se59obex (729dfa6451b7356834bfa6faec9e3092) C:\WINDOWS\system32\DRIVERS\se59obex.sys

2011/01/17 09:21:01.0703 se59unic (5f453e3e797dbeefe35869dc0239effa) C:\WINDOWS\system32\DRIVERS\se59unic.sys

2011/01/17 09:21:02.0015 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys

2011/01/17 09:21:02.0296 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys

2011/01/17 09:21:02.0546 Serial (93d313c31f7ad9ea2b75f26075413c7c) C:\WINDOWS\system32\DRIVERS\serial.sys

2011/01/17 09:21:02.0843 sfdrv01 (4c0d673281178cb496011a2e28571fc8) C:\WINDOWS\system32\drivers\sfdrv01.sys

2011/01/17 09:21:03.0078 sfhlp02 (15be2b5e4dc5b8623cf167720682abc9) C:\WINDOWS\system32\drivers\sfhlp02.sys

2011/01/17 09:21:03.0312 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys

2011/01/17 09:21:03.0593 sfvfs02 (d5a7e09d2c6a702809e49190d52adc9f) C:\WINDOWS\system32\drivers\sfvfs02.sys

2011/01/17 09:21:04.0078 SLIP (1ffc44d6787ec1ea9a2b1440a90fa5c1) C:\WINDOWS\system32\DRIVERS\SLIP.sys

2011/01/17 09:21:04.0562 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys

2011/01/17 09:21:04.0812 sr (39626e6dc1fb39434ec40c42722b660a) C:\WINDOWS\system32\DRIVERS\sr.sys

2011/01/17 09:21:05.0187 Srv (0f6aefad3641a657e18081f52d0c15af) C:\WINDOWS\system32\DRIVERS\srv.sys

2011/01/17 09:21:05.0531 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\WINDOWS\system32\DRIVERS\ssmdrv.sys

2011/01/17 09:21:05.0796 StillCam (3f669c9fc6411bdbc0155544aa876e46) C:\WINDOWS\system32\DRIVERS\serscan.sys

2011/01/17 09:21:06.0062 streamip (a9f9fd0212e572b84edb9eb661f6bc04) C:\WINDOWS\system32\DRIVERS\StreamIP.sys

2011/01/17 09:21:06.0343 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys

2011/01/17 09:21:06.0609 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys

2011/01/17 09:21:07.0796 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys

2011/01/17 09:21:08.0218 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys

2011/01/17 09:21:08.0530 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys

2011/01/17 09:21:08.0811 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys

2011/01/17 09:21:09.0093 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys

2011/01/17 09:21:09.0577 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys

2011/01/17 09:21:10.0218 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys

2011/01/17 09:21:10.0639 USBAAPL (4b8a9c16b6d9258ed99c512aecb8c555) C:\WINDOWS\system32\Drivers\usbaapl.sys

2011/01/17 09:21:10.0921 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys

2011/01/17 09:21:11.0217 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys

2011/01/17 09:21:11.0499 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys

2011/01/17 09:21:11.0749 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys

2011/01/17 09:21:12.0030 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys

2011/01/17 09:21:12.0311 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

2011/01/17 09:21:12.0577 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys

2011/01/17 09:21:12.0811 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys

2011/01/17 09:21:13.0295 VolSnap (46de1126684369bace4849e4fc8c43ca) C:\WINDOWS\system32\drivers\VolSnap.sys

2011/01/17 09:21:13.0545 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys

2011/01/17 09:21:14.0170 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys

2011/01/17 09:21:14.0561 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys

2011/01/17 09:21:14.0873 WSTCODEC (233cdd1c06942115802eb7ce6669e099) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS

2011/01/17 09:21:15.0170 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys

2011/01/17 09:21:15.0483 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys

2011/01/17 09:21:15.0779 ================================================================================

2011/01/17 09:21:15.0779 Scan finished

2011/01/17 09:21:15.0779 ================================================================================

ipl_001 · le 17 janvier 2011

Re,

Dans le sujet : Problème sûrement lié à un Virus ! -sujet bloq
lance_yien Aujourd'hui, 11:30

Cake, le 17 janvier 2011 - 09:22 , dit :

Exact ! Désolé, j'avais mal vu...

Pas grave, tu n'es pas le seul à avoir mal vu:

En analysant tes rapports de OTL j'ai vu qu'il y a des choses que Malwarebytes' Anti-Malware a dû supprimer. J'y suis retourné et trouvé que tu ne l'avais pas mis à jour comme demandé dans les instructions.

Revois mon post précédent pour analyser ta machine avec la dernière version de MBAM et colle son rapport.

Autre chose OTL n'était pas lancé depuis le Bureau comme demandé (Note importante de mon 1er message), déplace-le stp!

Je ne tiens pas (et toi non plus, je pense) à ce que tu aies de grave problèmes liés à ça). Tous les utilitaire sauf indication contraire doivent être lancés depuis le Bureau.

--

Ensuite...

Citation

1 023,00 Mb Total Physical Memory | 528,00 Mb Available Physical Memory | 52,00% Memory free

A mon avis ça serait une bonne idée de mettre plus de mémoire (2GB ou +)

Imprimer ces instructions ou les enregistrer dans un fichier texte sur le Bureau pour les consulter facilement à tout moment et télécharger, sur le Bureau ComboFix© (par sUBs) depuis ici ou ici

Fermer tout, désactive antivirus/ pare-feu/ antispyware et cliquer ComboFix.exe. Suivre les instructions.

Accepter l'Agrément de la licence et l'installation de la Console de Récupération (proposée sous XP si pas installée).

NE PAS TOUCHER la machine avant la fin (même si les choses semblent ne pas avancer).

Quand c'est fini, un rapport (ComboFix.txt) s'affiche. Il est sauvegardé, automatiquement, à la racine de la partition système (généralement C:\)

Poster son contenu.

Rapports demandés:

•MBAM

•ComboFix.txt

a++

Dans le sujet : Problème sûrement lié à un Virus !
Cake Aujourd'hui, 12:53

Et bah... ça valait le coup de faire la mise à jour, j'avais pas fait attention à cette indication lors de la première manipulation, désolé !

Ah et une question, je dois supprimer les éléments placés en quarantaine par MBAM ?

Voici le rapport MBAM (lancé depuis le bureau cette fois ci) :

--------------

Malwarebytes' Anti-Malware 1.50.1.1100

www.malwarebytes.org

Version de la base de données: 5537

Windows 5.1.2600 Service Pack 3

Internet Explorer 8.0.6001.18702

17/01/2011 12:52:03

mbam-log-2011-01-17 (12-52-03).txt

Type d'examen: Examen rapide

Elément(s) analysé(s): 202268

Temps écoulé: 13 minute(s), 0 seconde(s)

Processus mémoire infecté(s): 2

Module(s) mémoire infecté(s): 0

Clé(s) du Registre infectée(s): 7

Valeur(s) du Registre infectée(s): 6

Elément(s) de données du Registre infecté(s): 1

Dossier(s) infecté(s): 0

Fichier(s) infecté(s): 3

Processus mémoire infecté(s):

c:\program files\application updater\applicationupdater.exe (PUP.Dealio) -> 428 -> Unloaded process successfully.

c:\program files\fichiers communs\Spigot\search settings\searchsettings.exe (PUP.Dealio) -> 2480 -> Unloaded process successfully.

Module(s) mémoire infecté(s):

(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Application Updater (PUP.Dealio) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{B922D405-6D13-4A2B-AE89-08A030DA4402} (PUP.Dealio) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B922D405-6D13-4A2B-AE89-08A030DA4402} (PUP.Dealio) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{B922D405-6D13-4A2B-AE89-08A030DA4402} (PUP.Dealio) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{B922D405-6D13-4A2B-AE89-08A030DA4402} (PUP.Dealio) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{E312764E-7706-43F1-8DAB-FCDD2B1E416D} (PUP.Dealio) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{E312764E-7706-43F1-8DAB-FCDD2B1E416D} (PUP.Dealio) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\PROGRAM FILES\APPLICATION UPDATER\APPLICATIONUPDATER.EXE (PUP.Dealio) -> Value: APPLICATIONUPDATER.EXE -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{B922D405-6D13-4A2B-AE89-08A030DA4402} (PUP.Dealio) -> Value: {B922D405-6D13-4A2B-AE89-08A030DA4402} -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\{E312764E-7706-43F1-8DAB-FCDD2B1E416D} (PUP.Dealio) -> Value: {E312764E-7706-43F1-8DAB-FCDD2B1E416D} -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\{E312764E-7706-43F1-8DAB-FCDD2B1E416D} (PUP.Dealio) -> Value: {E312764E-7706-43F1-8DAB-FCDD2B1E416D} -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\SearchSettings (PUP.Dealio) -> Value: SearchSettings -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\PROGRAM FILES\FICHIERS COMMUNS\SPIGOT\SEARCH SETTINGS\SEARCHSETTINGS.EXE (PUP.Dealio) -> Value: SEARCHSETTINGS.EXE -> Quarantined and deleted successfully.

Elément(s) de données du Registre infecté(s):

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchURL\SearchAssistant (Hijack.SearchPage) -> Bad: (http://www.cherche.us) Good: (http://www.google.com/) -> Quarantined and deleted successfully.

Dossier(s) infecté(s):

(Aucun élément nuisible détecté)

Fichier(s) infecté(s):

c:\program files\application updater\applicationupdater.exe (PUP.Dealio) -> Quarantined and deleted successfully.

c:\program files\pdfforge toolbar\IE\4.1\pdfforgetoolbarie.dll (PUP.Dealio) -> Quarantined and deleted successfully.

c:\program files\fichiers communs\Spigot\search settings\searchsettings.exe (PUP.Dealio) -> Quarantined and deleted successfully.

ipl_001 · le 17 janvier 2011

Re,

Le rapport ComboFix corespond au post

Dans le sujet : Problème sûrement lié à un Virus !
Cake Aujourd'hui, 13:42

Je suppose que tous les 2; vous avez le rapport ComboFix... je l'ai passé à lance_yien.

Vous pouvez continuer ci-dessous...

Je vais insérer les posts de lance_yien...

J'en profite pour féliciter lance_yien pour la qualité de ses interventions : la qualité du contenu et la qualité de la mise en forme, clarté, etc. de ses messages !

Cake · le 17 janvier 2011

Merci pour tout ipl_001 ! J'avais peur d'avoir fait tout ça pour rien, parce que mine de rien ça prend du temps !

Et en effet, Lance_yien est très minutieux et explique parfaitement, la preuve, moi qui suis peu doué en informatique arrive à m'en sortir ! L'année dernière j'avais eu un virus de type malware qui m'empêchait quasi toute utilisation du pc, j'ai trouvé ce site et c'est grâce à un des admins que j'ai pu m'en sortir aux moyens de longues manipulations expliquées avec soin ! Donc merci à vous de passer une partie de votre temps à nous aider !

Donc je laisse lance_yien analyser le rapport, si il l'a bien reçu !

Edit : ah et j'en profite pour une nouvelle fois poser ma question au cas où lance ne l'ai pas vu : dois-je supprimer définitivement les fichiers infectés placés en quarantaine par MBAM ?

Modifié le 17 janvier 2011 par Cake

lance_yien · le 17 janvier 2011

Bravo ipl_001 et merci pour les appréciations et tout le reste. Pas de souci pour CF.

@ Cake: Oui tu peux vider le dossier des quarantaine de MBAM même s'il n'y a aucun risque avec son contenu. Heureusement qe OTL était là, n'est-ce pas?

--

Un petit rappel au cas où tu n'as pas eu cette information:

1 023,00 Mb Total Physical Memory | 528,00 Mb Available Physical Memory | 52,00% Memory free

Tu as besoin de mettre plus de mémoir (2GB ou+).

--

On revérifie avec OTL:

Fermer tout et double-cliquer sur OTL.exe. Sans rien changer, cliquer sur le bouton bleu Analyse et laisser faire.

Poster le contenu du rapport qui s'ouvre à la fin du scan.

a++

Modifié le 17 janvier 2011 par lance_yien

Cake · le 17 janvier 2011

Je dois ajouter de la mémoire ? Mais comment ? Je suis pas très bien calé en informatique, je sais pas du tout ce qui fait varier la "physical memory". En clair que dois-je acheter ?

En ce qui concerne le scan, j'avais pas besoin de remplir la partie personnalisation cette fois ci ? Et quand tu dis tout fermer, je dois bien désactiver pare-feu/anti-spyware/antivirus et ne pas brancher mon disque dur externe.

Si c'est bien comme ça qu'il faut procéder voici le rapport OTL (lancé depuis le bureau cette fois ci) :

--------------

OTL logfile created on: 17/01/2011 19:22:09 - Run 2

OTL by OldTimer - Version 3.2.20.2 Folder = C:\Documents and Settings\Maxime\Bureau

Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy

1 023,00 Mb Total Physical Memory | 722,00 Mb Available Physical Memory | 71,00% Memory free

2,00 Gb Paging File | 2,00 Gb Available in Paging File | 75,00% Paging File free

Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 233,75 Gb Total Space | 188,39 Gb Free Space | 80,59% Space Free | Partition Type: NTFS

Computer Name: FAYOLLE-469C62F | User Name: Maxime | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/01/16 18:29:33 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Maxime\Bureau\OTL.exe

PRC - [2010/12/16 16:12:58 | 000,267,944 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe

PRC - [2010/08/17 13:39:03 | 000,135,336 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe

PRC - [2010/08/17 13:38:55 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe

PRC - [2010/08/13 11:58:56 | 000,144,672 | ---- | M] (Apple Inc.) -- C:\Program Files\Fichiers communs\Apple\Mobile Device Support\AppleMobileDeviceService.exe

PRC - [2010/05/14 10:44:46 | 000,248,552 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe

PRC - [2010/01/14 22:11:14 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe

PRC - [2008/04/14 03:34:03 | 001,037,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe

PRC - [2004/11/02 20:24:46 | 000,032,768 | ---- | M] (Cyberlink Corp.) -- C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe

========== Modules (SafeList) ==========

MOD - [2011/01/16 18:29:33 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Maxime\Bureau\OTL.exe

MOD - [2010/08/23 17:12:39 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll

========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)

SRV - [2010/12/16 16:12:58 | 000,267,944 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)

SRV - [2010/08/17 13:39:03 | 000,135,336 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)

SRV - [2010/08/13 11:58:56 | 000,144,672 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Fichiers communs\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)

SRV - [2006/05/12 14:04:08 | 000,439,248 | ---- | M] (RealVNC Ltd.) [Auto | Stopped] -- C:\Program Files\RealVNC\VNC4\WinVNC4.exe -- (WinVNC4)

SRV - [2004/10/22 13:42:44 | 000,049,152 | ---- | M] (Alpha Networks Inc.) [Auto | Stopped] -- C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe -- (ANIWZCSdService)

SRV - [2004/10/22 03:24:18 | 000,073,728 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Running] -- -- (catchme)

DRV - [2011/01/17 10:37:48 | 005,555,712 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)

DRV - [2010/12/16 16:13:01 | 000,135,096 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)

DRV - [2010/12/16 16:13:00 | 000,061,960 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)

DRV - [2010/06/17 15:28:02 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)

DRV - [2010/06/17 15:27:52 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)

DRV - [2009/06/10 17:01:35 | 000,025,280 | ---- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hamachi.sys -- (hamachi)

DRV - [2008/04/13 19:45:12 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio) Pilote USB audio (WDM)

DRV - [2008/04/13 17:36:05 | 000,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)

DRV - [2007/05/09 20:51:34 | 000,041,888 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LVUSBSta.sys -- (LVUSBSta)

DRV - [2007/05/09 20:47:00 | 001,276,832 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LV302V32.SYS -- (PID_PEPI) Logitech QuickCam IM(PID_PEPI)

DRV - [2006/09/05 21:06:28 | 000,018,704 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\se59nd5.sys -- (se59nd5) Sony Ericsson Device 089 USB Ethernet Emulation SEMC59 (NDIS)

DRV - [2006/09/05 19:09:26 | 000,086,432 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\se59obex.sys -- (se59obex)

DRV - [2006/09/05 19:08:40 | 000,088,624 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\se59mgmt.sys -- (se59mgmt) Sony Ericsson Device 089 USB WMC Device Management Drivers (WDM)

DRV - [2006/09/05 19:07:52 | 000,097,088 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\se59mdm.sys -- (se59mdm)

DRV - [2006/09/05 19:07:48 | 000,009,360 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\se59mdfl.sys -- (se59mdfl)

DRV - [2006/09/05 19:07:00 | 000,061,536 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\se59bus.sys -- (se59bus) Sony Ericsson Device 089 driver (WDM)

DRV - [2006/09/05 19:06:22 | 000,090,800 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\se59unic.sys -- (se59unic) Sony Ericsson Device 089 USB Ethernet Emulation SEMC59 (WDM)

DRV - [2005/11/03 15:40:07 | 000,063,488 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\sfvfs02.sys -- (sfvfs02) StarForce Protection VFS Driver (version 2.x)

DRV - [2005/09/01 06:52:50 | 000,176,640 | R--- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\e1e5132.sys -- (e1express) Intel®

DRV - [2005/08/10 13:44:04 | 000,050,688 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\sfdrv01.sys -- (sfdrv01) StarForce Protection Environment Driver (version 1.x)

DRV - [2005/05/16 14:20:39 | 000,006,656 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\sfhlp02.sys -- (sfhlp02) StarForce Protection Helper Driver (version 2.x)

DRV - [2005/05/04 10:18:26 | 002,951,680 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)

DRV - [2005/03/04 06:34:40 | 000,025,424 | R--- | M] (Integrated Technology Express, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\iteatapi.sys -- (iteatapi)

DRV - [2004/08/24 21:42:00 | 000,319,104 | R--- | M] (Ralink Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\rt61.sys -- (RT61)

DRV - [2004/08/13 03:56:20 | 000,005,810 | R--- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ASACPI.sys -- (MTsensor)

DRV - [2004/07/27 11:20:46 | 000,028,205 | ---- | M] (Alpha Networks Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\ANIO.sys -- (ANIO)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = Google Toolbar

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = cherche.us

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = Recherche Web

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = MSN : Hotmail, Messenger, Bing, Actualité et Sport

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = fr

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = FA 92 C9 8A 2A 4B CA 01 [binary data]

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultthis.engineName: "Elf 1 Customized Web Search"

FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2856415&SearchSource=3&q={searchTerms}"

FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=302398"

FF - prefs.js..browser.startup.homepage: "http://www.google.fr"

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21

FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23

FF - prefs.js..keyword.URL: "http://google.cherche.us/Result.php?client=pub-0420647136319153&cof=GIMP%3A009900%3BT%3A000000%3BALC%3A551a8b%3BGFNT%3AB7B7B7%3BLC%3A2200cc%3BBGC%3AFFFFFF%3BVLC%3A551a8b%3BGALT%3A008B45%3BFORID%3A11%3BDIV%3A%23FFFFF0%3B&ie=ISO-8859-1&q="

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/12/10 15:17:55 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/12/10 15:17:55 | 000,000,000 | ---D | M]

[2009/02/19 17:48:52 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Maxime\Application Data\Mozilla\Extensions

[2009/02/19 17:48:52 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Maxime\Application Data\Mozilla\Extensions\mozswing@mozswing.org

[2011/01/17 13:48:08 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Maxime\Application Data\Mozilla\Firefox\Profiles\aei5zivu.default\extensions

[2010/04/28 10:14:51 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Maxime\Application Data\Mozilla\Firefox\Profiles\aei5zivu.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}

[2010/11/18 16:42:31 | 000,000,000 | ---D | M] (Battlefield Heroes Updater) -- C:\Documents and Settings\Maxime\Application Data\Mozilla\Firefox\Profiles\aei5zivu.default\extensions\battlefieldheroespatcher@ea.com

[2009/10/18 17:59:41 | 000,001,587 | ---- | M] () -- C:\Documents and Settings\Maxime\Application Data\Mozilla\Firefox\Profiles\aei5zivu.default\searchplugins\cherche.xml

[2010/12/01 17:22:54 | 000,000,913 | ---- | M] () -- C:\Documents and Settings\Maxime\Application Data\Mozilla\Firefox\Profiles\aei5zivu.default\searchplugins\conduit.xml

[2011/01/17 13:48:08 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions

[2010/07/14 10:55:55 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

[2010/08/10 13:21:24 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}

[2011/01/10 13:54:01 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}

[2008/12/30 16:21:26 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF

[2010/11/12 18:53:06 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll

[2010/10/27 06:39:58 | 000,001,516 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-france.xml

[2010/10/27 06:39:58 | 000,001,822 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\cnrtl-tlfi-fr.xml

[2010/10/27 06:39:58 | 000,000,757 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-france.xml

[2010/10/27 06:39:58 | 000,001,426 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-fr.xml

[2010/10/27 06:39:58 | 000,000,956 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-france.xml

O1 HOSTS File: ([2011/01/17 13:27:42 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O2 - BHO: (Aide pour le lien d'Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)

O2 - BHO: (Programme d'aide de l'Assistant de connexion Windows Live) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)

O4 - HKLM..\Run: [Adobe ARM] C:\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)

O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)

O4 - HKLM..\Run: [RemoteControl] C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe (Cyberlink Corp.)

O4 - HKLM..\Run: [sunJavaUpdateSched] C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)

O4 - HKCU..\Run: [Pando Media Booster] C:\Program Files\Pando Networks\Media Booster\PMB.exe ()

O4 - Startup: C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O9 - Extra Button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

O15 - HKCU\..Trusted Domains: chat-land.org ([]* in Trusted sites)

O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)

O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.0.cab (DLM Control)

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1167497917046 (WUWebControl Class)

O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx.com/player/DivXBrowserPlugin.cab (Reg Error: Key error.)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)

O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)

O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab (Reg Error: Key error.)

O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)

O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\msdaipp.dll (Microsoft Corporation)

O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\msdaipp.dll (Microsoft Corporation)

O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\msdaipp.dll (Microsoft Corporation)

O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\msdaipp.dll (Microsoft Corporation)

O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\msdaipp.dll (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\msdaipp.dll (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\msdaipp.dll (Microsoft Corporation)

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Fichiers communs\Skype\Skype4COM.dll (Skype Technologies)

O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)

O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)

O24 - Desktop Components:0 (Ma page d'accueil) - About:Home

O24 - Desktop WallPaper: C:\Documents and Settings\Maxime\Local Settings\Application Data\Microsoft\Wallpaper1.bmp

O24 - Desktop BackupWallPaper: C:\Documents and Settings\Maxime\Local Settings\Application Data\Microsoft\Wallpaper1.bmp

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2006/12/30 15:49:38 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = ComFile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/01/17 13:14:24 | 000,000,000 | RHSD | C] -- C:\cmdcons

[2011/01/17 12:30:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Malwarebytes' Anti-Malware

[2011/01/17 12:30:00 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys

[2011/01/17 12:29:57 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

[2011/01/17 12:28:44 | 000,000,000 | ---D | C] -- C:\Config.Msi

[2011/01/17 10:51:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Maxime\Local Settings\Application Data\ATI

[2011/01/17 10:51:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Maxime\Application Data\ATI

[2011/01/17 10:42:07 | 000,143,360 | ---- | C] (Advanced Micro Devices, Inc.) -- C:\WINDOWS\System32\atiapfxx.exe

[2011/01/17 10:41:51 | 000,000,000 | ---D | C] -- C:\Program Files\ATI

[2011/01/16 18:29:28 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Maxime\Bureau\OTL.exe

[2011/01/12 15:38:30 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Maxime\Recent

[2011/01/12 15:10:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Everest

[2011/01/12 14:49:28 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Maxime\Menu Démarrer\Programmes\Outils d'administration

[2011/01/10 15:13:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Steam

[2011/01/10 15:12:54 | 000,000,000 | ---D | C] -- C:\Program Files\Steam

[2011/01/10 13:53:58 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe

[2011/01/10 13:53:58 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe

[2011/01/10 13:53:58 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe

[2011/01/07 14:29:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Skype

[2011/01/07 14:29:55 | 000,000,000 | ---D | C] -- C:\Program Files\Fichiers communs\Skype

[2011/01/01 20:56:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Adobe Acrobat

[2011/01/01 20:56:48 | 000,000,000 | ---D | C] -- C:\Acrobat3

[2011/01/01 20:53:04 | 000,302,592 | ---- | C] (InstallShield Corporation, Inc.) -- C:\WINDOWS\unin040c.exe

[2011/01/01 20:50:44 | 000,000,000 | ---D | C] -- C:\Program Files\3DO

[2010/12/29 19:35:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Maxime\Mes documents\TmForever

[1998/08/24 08:31:44 | 000,018,944 | ---- | C] ( ) -- C:\WINDOWS\System32\IMPLODE.DLL

[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

[1 C:\Documents and Settings\Maxime\*.tmp files -> C:\Documents and Settings\Maxime\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/01/17 18:08:21 | 000,000,008 | ---- | M] () -- C:\Documents and Settings\Maxime\Application Data\DofusAppId0_1

[2011/01/17 17:59:37 | 000,002,177 | ---- | M] () -- C:\Documents and Settings\Maxime\Application Data\Microsoft\Internet Explorer\Quick Launch\Steam.lnk

[2011/01/17 17:40:07 | 000,000,008 | ---- | M] () -- C:\Documents and Settings\Maxime\Application Data\DofusAppId0_2

[2011/01/17 16:42:21 | 000,000,197 | ---- | M] () -- C:\Documents and Settings\Maxime\Application Data\D2Info0

[2011/01/17 13:27:42 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts

[2011/01/17 13:14:33 | 000,000,332 | RHS- | M] () -- C:\boot.ini

[2011/01/17 13:03:12 | 004,156,550 | R--- | M] () -- C:\Documents and Settings\Maxime\Bureau\ComboFix.exe

[2011/01/17 13:00:11 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2011/01/17 12:57:25 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2011/01/17 12:30:03 | 000,000,912 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\Malwarebytes' Anti-Malware.lnk

[2011/01/17 10:39:45 | 002,669,696 | ---- | M] (Advanced Micro Devices, Inc. ) -- C:\WINDOWS\System32\ativvaxx.dll

[2011/01/17 10:39:37 | 000,053,248 | ---- | M] (Advanced Micro Devices Inc.) -- C:\WINDOWS\System32\aticalcl.dll

[2011/01/17 10:39:07 | 000,765,952 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\System32\ati2cqag.dll

[2011/01/17 10:39:05 | 000,017,408 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\System32\atitvo32.dll

[2011/01/17 10:39:02 | 000,887,724 | ---- | M] () -- C:\WINDOWS\System32\ativva6x.dat

[2011/01/17 10:39:01 | 000,155,648 | ---- | M] (ATI Technologies, Inc.) -- C:\WINDOWS\System32\Oemdspif.dll

[2011/01/17 10:38:54 | 000,471,040 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\WINDOWS\System32\atiok3x2.dll

[2011/01/17 10:38:53 | 000,212,992 | ---- | M] (ATI Technologies, Inc.) -- C:\WINDOWS\System32\atipdlxx.dll

[2011/01/17 10:38:52 | 000,057,344 | ---- | M] (Advanced Micro Devices Inc.) -- C:\WINDOWS\System32\aticalrt.dll

[2011/01/17 10:38:51 | 016,748,544 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\WINDOWS\System32\atioglxx.dll

[2011/01/17 10:38:51 | 003,984,864 | ---- | M] (ATI Technologies Inc. ) -- C:\WINDOWS\System32\ati3duag.dll

[2011/01/17 10:38:51 | 000,224,001 | ---- | M] () -- C:\WINDOWS\System32\atiicdxx.dat

[2011/01/17 10:38:51 | 000,045,056 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\WINDOWS\System32\ATIODCLI.exe

[2011/01/17 10:38:21 | 000,143,360 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\WINDOWS\System32\atiapfxx.exe

[2011/01/17 10:38:21 | 000,022,305 | ---- | M] () -- C:\WINDOWS\atiogl.xml

[2011/01/17 10:38:20 | 000,026,112 | ---- | M] (ATI Technologies, Inc.) -- C:\WINDOWS\System32\Ati2mdxx.exe

[2011/01/17 10:38:16 | 004,489,216 | ---- | M] (Advanced Micro Devices Inc.) -- C:\WINDOWS\System32\aticaldd.dll

[2011/01/17 10:38:14 | 000,043,520 | ---- | M] (ATI Technologies, Inc.) -- C:\WINDOWS\System32\ati2edxx.dll

[2011/01/17 10:38:08 | 000,311,296 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\System32\atiiiexx.dll

[2011/01/17 10:37:57 | 000,118,784 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\WINDOWS\System32\atibtmon.exe

[2011/01/17 10:37:49 | 000,294,912 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\WINDOWS\System32\ATIODE.exe

[2011/01/17 10:37:48 | 005,555,712 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati2mtag.sys

[2011/01/17 10:37:48 | 005,555,712 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\ati2mtag.sys

[2011/01/17 10:37:38 | 000,159,744 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\System32\ati2evxx.dll

[2011/01/17 10:36:45 | 000,196,608 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\WINDOWS\System32\atiadlxx.dll

[2011/01/17 10:36:38 | 000,651,264 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\System32\atikvmag.dll

[2011/01/17 10:36:36 | 000,024,064 | ---- | M] (ATI Technologies, Inc.) -- C:\WINDOWS\System32\ativcoxx.dll

[2011/01/17 10:36:29 | 000,462,848 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\WINDOWS\System32\ATIDEMGX.dll

[2011/01/17 10:36:27 | 000,000,003 | ---- | M] () -- C:\WINDOWS\System32\ativva5x.dat

[2011/01/17 10:36:23 | 000,121,776 | ---- | M] () -- C:\WINDOWS\System32\atiapfxx.blb

[2011/01/17 10:36:22 | 000,064,512 | ---- | M] (Advanced Micro Devices, Inc. ) -- C:\WINDOWS\System32\atimpc32.dll

[2011/01/17 10:36:22 | 000,064,512 | ---- | M] (Advanced Micro Devices, Inc. ) -- C:\WINDOWS\System32\amdpcom32.dll

[2011/01/17 10:36:16 | 000,302,080 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\System32\ati2dvag.dll

[2011/01/17 10:36:10 | 000,053,248 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati2erec.dll

[2011/01/17 10:36:08 | 000,053,248 | ---- | M] ( ATI Technologies Inc.) -- C:\WINDOWS\System32\ATIDDC.DLL

[2011/01/17 10:36:07 | 000,539,392 | ---- | M] () -- C:\WINDOWS\System32\ativvaxx.cap

[2011/01/16 22:51:00 | 000,000,008 | ---- | M] () -- C:\Documents and Settings\Maxime\Application Data\DofusAppId0_3

[2011/01/16 18:36:51 | 000,957,318 | ---- | M] () -- C:\Documents and Settings\Maxime\Mes documents\Sans titre.jpg

[2011/01/16 18:29:33 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Maxime\Bureau\OTL.exe

[2011/01/15 23:05:38 | 000,928,678 | ---- | M] () -- C:\Documents and Settings\Maxime\Mes documents\scan-results.bmp

[2011/01/15 17:38:09 | 000,098,304 | ---- | M] () -- C:\Documents and Settings\Maxime\Mes documents\Bonjour Cake.doc

[2011/01/15 11:11:48 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini

[2011/01/14 19:33:33 | 000,002,194 | ---- | M] () -- C:\WINDOWS\ACROREAD.INI

[2011/01/12 16:26:55 | 000,227,840 | ---- | M] () -- C:\Documents and Settings\Maxime\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2010/12/29 12:19:33 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat

[2010/12/26 20:18:08 | 000,015,088 | -H-- | M] () -- C:\WINDOWS\System32\mlfcache.dat

[2010/12/26 12:34:26 | 000,000,046 | ---- | M] () -- C:\WINDOWS\System32\bl2.ini

[2010/12/24 14:47:11 | 000,139,080 | ---- | M] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys

[2010/12/24 14:46:45 | 000,270,240 | ---- | M] () -- C:\WINDOWS\System32\PnkBstrB.xtr

[2010/12/23 22:47:16 | 000,270,240 | ---- | M] () -- C:\WINDOWS\System32\PnkBstrB.ex0

[2010/12/20 18:09:00 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys

[2010/12/20 18:08:40 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

[1 C:\Documents and Settings\Maxime\*.tmp files -> C:\Documents and Settings\Maxime\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/01/17 13:02:46 | 004,156,550 | R--- | C] () -- C:\Documents and Settings\Maxime\Bureau\ComboFix.exe

[2011/01/17 12:30:03 | 000,000,912 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\Malwarebytes' Anti-Malware.lnk

[2011/01/17 10:42:08 | 000,121,776 | ---- | C] () -- C:\WINDOWS\System32\atiapfxx.blb

[2011/01/16 18:36:50 | 000,957,318 | ---- | C] () -- C:\Documents and Settings\Maxime\Mes documents\Sans titre.jpg

[2011/01/15 23:05:38 | 000,928,678 | ---- | C] () -- C:\Documents and Settings\Maxime\Mes documents\scan-results.bmp

[2011/01/15 17:38:08 | 000,098,304 | ---- | C] () -- C:\Documents and Settings\Maxime\Mes documents\Bonjour Cake.doc

[2011/01/10 15:16:25 | 000,002,177 | ---- | C] () -- C:\Documents and Settings\Maxime\Application Data\Microsoft\Internet Explorer\Quick Launch\Steam.lnk

[2011/01/01 20:56:49 | 000,002,194 | ---- | C] () -- C:\WINDOWS\ACROREAD.INI

[2010/12/29 12:19:33 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat

[2010/11/18 20:51:24 | 000,138,056 | ---- | C] () -- C:\Documents and Settings\Maxime\Application Data\PnkBstrK.sys

[2010/09/20 17:41:47 | 000,116,224 | ---- | C] () -- C:\WINDOWS\System32\pdfcmnnt.dll

[2010/09/08 15:31:57 | 000,000,008 | ---- | C] () -- C:\Documents and Settings\Maxime\Application Data\DofusAppId1_1

[2010/09/08 10:09:44 | 000,000,205 | ---- | C] () -- C:\Documents and Settings\Maxime\Application Data\D2Info1

[2010/09/08 10:09:44 | 000,000,008 | ---- | C] () -- C:\Documents and Settings\Maxime\Application Data\DofusAppId1_2

[2010/08/01 14:01:40 | 000,165,376 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll

[2010/08/01 14:01:39 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini

[2010/08/01 14:01:37 | 000,790,528 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll

[2010/08/01 14:01:37 | 000,134,144 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll

[2010/08/01 14:01:36 | 000,108,032 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll

[2010/06/03 12:55:35 | 000,000,046 | ---- | C] () -- C:\WINDOWS\System32\bl2.ini

[2009/12/15 20:28:32 | 000,000,197 | ---- | C] () -- C:\Documents and Settings\Maxime\Application Data\D2Info3

[2009/12/15 20:28:32 | 000,000,008 | ---- | C] () -- C:\Documents and Settings\Maxime\Application Data\DofusAppId3_5

[2009/12/04 21:47:09 | 000,000,008 | ---- | C] () -- C:\Documents and Settings\Maxime\Application Data\DofusAppId0_5

[2009/12/04 20:13:18 | 000,000,008 | ---- | C] () -- C:\Documents and Settings\Maxime\Application Data\DofusAppId0_4

[2009/12/04 20:06:25 | 000,000,008 | ---- | C] () -- C:\Documents and Settings\Maxime\Application Data\DofusAppId0_3

[2009/12/03 18:36:57 | 000,000,008 | ---- | C] () -- C:\Documents and Settings\Maxime\Application Data\DofusAppId0_2

[2009/12/03 18:35:42 | 000,000,197 | ---- | C] () -- C:\Documents and Settings\Maxime\Application Data\D2Info0

[2009/12/03 18:35:42 | 000,000,008 | ---- | C] () -- C:\Documents and Settings\Maxime\Application Data\DofusAppId0_1

[2009/08/03 12:13:17 | 000,139,080 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys

[2009/02/07 15:50:40 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\iyvu9_32.dll

[2008/12/03 16:23:12 | 000,000,709 | ---- | C] () -- C:\WINDOWS\elysee.ini

[2008/11/15 11:22:54 | 000,000,129 | ---- | C] () -- C:\Documents and Settings\Maxime\Local Settings\Application Data\fusioncache.dat

[2008/10/09 15:48:14 | 000,354,816 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll

[2008/02/07 18:54:25 | 000,001,755 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache

[2008/02/07 18:22:34 | 000,399,360 | ---- | C] () -- C:\WINDOWS\System32\Smab.dll

[2008/02/07 18:22:33 | 000,027,648 | ---- | C] () -- C:\WINDOWS\System32\AVSredirect.dll

[2007/11/29 23:30:28 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll

[2007/05/09 19:35:54 | 000,057,126 | ---- | C] () -- C:\WINDOWS\System32\lvcoinst.ini

[2007/02/13 10:06:07 | 000,227,840 | ---- | C] () -- C:\Documents and Settings\Maxime\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2007/01/08 00:21:35 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini

[2007/01/07 20:03:15 | 000,000,379 | ---- | C] () -- C:\WINDOWS\ODBC.INI

[2007/01/06 18:56:05 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\JJAKEn.dll

[2007/01/06 18:44:20 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\WLANUTL.dll

[2007/01/02 10:20:56 | 000,040,960 | ---- | C] () -- C:\Program Files\Uninstall_CDS.exe

[2006/12/30 17:36:56 | 000,156,672 | ---- | C] () -- C:\WINDOWS\System32\RTLCPAPI.dll

[2006/12/30 16:33:34 | 000,004,205 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI

[2006/12/30 16:13:05 | 000,019,470 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini

[2006/12/30 16:13:05 | 000,005,810 | R--- | C] () -- C:\WINDOWS\System32\drivers\ASACPI.sys

[2006/12/30 16:13:02 | 000,005,824 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS

[1999/03/11 20:07:22 | 000,299,008 | ---- | C] () -- C:\WINDOWS\System32\CRUTL14.DLL

[1999/01/22 20:46:58 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL

< End of report >

Modifié le 17 janvier 2011 par Cake

lance_yien · le 18 janvier 2011

Bonjour,

En clair, actuellement tu as une barrette mémoire de 1 GB et si tu veux améliorer le temps d'accès à tes applications etc... il te fautrajouter une 2ème barrette de 1GB ou ou remplacer l'existante par une autre de 2GB. A savoir que c'est une recommandation et que tu n"est pas obligé de le faire. D'autre part si tu veux le faire et que tu ne t'y connais pas adresse-toi à un connaisseur ou un pro.

--

Lancer OTL et copier la liste suivante (commençant par :OTL) et la coller dans l'espace sous "Personnalisation" (les : au début et le ] à la fin sont très important, merci de vérifier).

:OTL

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = cherche.us

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = Recherche Web

FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2856415&SearchSource=3&q={searchTerms}"

FF - prefs.js..keyword.URL: "http://google.cherche.us/Result.php?client=pub-0420647136319153&cof=GIMP%3A009900%3BT%3A000000%3BALC%3A551a8b%3BGFNT%3AB7B7B7%3BLC%3A2200cc%3BBGC%3AFFFFFF%3BVLC%3A551a8b%3BGALT%3A008B45%3BFORID%3A11%3BDIV%3A%23FFFFF0%3B&ie=ISO-8859-1&q="

[2009/10/18 17:59:41 | 000,001,587 | ---- | M] () -- C:\Documents and Settings\Maxime\Application Data\Mozilla\Firefox\Profiles\aei5zivu.default\searchplugins\cherche.xml

[2010/12/01 17:22:54 | 000,000,913 | ---- | M] () -- C:\Documents and Settings\Maxime\Application Data\Mozilla\Firefox\Profiles\aei5zivu.default\searchplugins\conduit.xml

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O15 - HKCU\..Trusted Domains: chat-land.org ([]* in Trusted sites)

[2011/01/01 20:53:04 | 000,302,592 | ---- | C] (InstallShield Corporation, Inc.) -- C:\WINDOWS\unin040c.exe

:Services

:Reg

:Files

:Commands

[EMPTYTEMP]

[EMPTYFLASH]

[RESETHOSTS]

Cliquer sur le bouton rouge Correction et laisser faire.

Si un ou plusieurs fichiers ne peuvent pas être supprimés normalement, le programme demandera de redémarrer la machine pour finir le processus, cliquer sur Oui.

A la fin un rapport s'ouvre dans le bloc-note. Copier son contenu et le coller dans une nouvelle réponse. Fermer le rapport et OTL.

>>> ESET Online Scanner: Désactiver antivirus/ parefeu et antispyware, brancher et allumer les disques amovibles (disques externes, clé USB...)

Utiliser Internet Explorer pour aller ICI.

Cliquer sur le bouton vert ESET Online Scanner, cocher la case "YES, I accept the Terms of Use" et cliquer sur Start.
Accepter l'installation de l'ActiveX.
Cocher "Scan archives" et cliquer Start.
Eset téléchargera la base de données et commencera le scan. Le laisser finir son scan.
Ensuite, cliquer sur "List of found threats"
Cliquer sur "Export to text file..." et sauvegarder les résultats sur le Bureau en le nommant "scan-results" pour les copier/coller ici.
Cliquer sur et cocher la case Uninstall application on close pour supprimer ESET Online Scanner de la machine.

Cliquer sur et poster le rapport.

Rapports demandés:

OTL
scan-results

As-tu encore des soucis visibles avec ta machine?

Connexion

Pas encore inscrit ?

Problème sûrement lié à un Virus !

Messages recommandés

ipl_001

ipl_001

ipl_001

ipl_001

ipl_001

ipl_001

Cake

lance_yien

Cake

lance_yien

Rejoindre la conversation

En ligne récemment 0 membre est en ligne

Zebulon

Outils en ligne

Naviguer