[Résolu] Virus Gomeo

scarves · le 22 avril 2011

pc reboot voila

All processes killed

========== OTL ==========

No active process named Amy.exe was found!

No active process named Amx.exe was found!

No active process named Amw.exe was found!

Error: Unable to stop service pvctzzze!

Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\pvctzzze deleted successfully.

C:\WINDOWS\system32\jqzevvyv.dll moved successfully.

Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{08C06D61-F1F3-4799-86F8-BE1A89362C85} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{08C06D61-F1F3-4799-86F8-BE1A89362C85}\ deleted successfully.

Prefs.js: "Search" removed from browser.search.defaultenginename

Prefs.js: "http://flvtubesearch.co/websearch.php?src=tops&search="'>http://flvtubesearch.co/websearch.php?src=tops&search=" removed from browser.search.defaulturl

Prefs.js: "Search" removed from browser.search.selectedEngine

Prefs.js: "http://flvtubesearch.co/" removed from browser.startup.homepage

Prefs.js: "http://flvtubesearch.co/websearch.php?src=tops&search=" removed from keyword.URL

Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.

Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F0921779-632A-3B6E-68C5-AE3DBE8219CB}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F0921779-632A-3B6E-68C5-AE3DBE8219CB}\ deleted successfully.

File C:\WINDOWS\system32\jqzevvyv.dll not found.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{6932D140-ABC4-4073-A44C-D4A541665E35} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6932D140-ABC4-4073-A44C-D4A541665E35}\ deleted successfully.

C:\Program Files\ImageShackToolbar\ImageShackToolbar.dll moved successfully.

Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{32099AAC-C132-4136-9E9A-4E364A424E17} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17}\ not found.

Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Adobe ARM deleted successfully.

C:\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe moved successfully.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Zboard deleted successfully.

C:\Program Files\Ideazon\ZEngine\Zboard.exe moved successfully.

Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\BitTorrent deleted successfully.

C:\Program Files\BitTorrent\BitTorrent.exe moved successfully.

Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Mega Manager deleted successfully.

C:\Program Files\Megaupload\Mega Manager\MegaManager.exe moved successfully.

Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Megakey deleted successfully.

Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\MegakeyUpdater deleted successfully.

Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\RGSC deleted successfully.

Starting removal of ActiveX control {6932D140-ABC4-4073-A44C-D4A541665E35}

C:\WINDOWS\Downloaded Program Files\ImageShackToolbar.inf moved successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{6932D140-ABC4-4073-A44C-D4A541665E35}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6932D140-ABC4-4073-A44C-D4A541665E35}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6932D140-ABC4-4073-A44C-D4A541665E35}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6932D140-ABC4-4073-A44C-D4A541665E35}\ not found.

Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.

Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.

Starting removal of ActiveX control {CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}\ not found.

Starting removal of ActiveX control {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\ deleted successfully.

Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\ not found.

Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.

File Animation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab not found.

Starting removal of ActiveX control DirectAnimation Java Classes

Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\DirectAnimation Java Classes\DownloadInformation\\INF .

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\DirectAnimation Java Classes\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\DirectAnimation Java Classes\ not found.

File oft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab not found.

Starting removal of ActiveX control Microsoft XML Parser for Java

Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\Microsoft XML Parser for Java\DownloadInformation\\INF .

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\Microsoft XML Parser for Java\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\Microsoft XML Parser for Java\ not found.

C:\WINDOWS\system32\sshnas21.dll moved successfully.

========== SERVICES/DRIVERS ==========

========== REGISTRY ==========

========== FILES ==========

C:\Call_Of_Duty_Modern_Warfare_2_CrackRAZOR.rar moved successfully.

File move failed. C:\Documents and Settings\pitta\Mes documents\Téléchargements\Webfetti.exe scheduled to be moved on reboot.

File move failed. C:\WINDOWS\system32\jqzevvyv.dll scheduled to be moved on reboot.

C:\Program Files\ImageShackToolbar\upload folder moved successfully.

C:\Program Files\ImageShackToolbar folder moved successfully.

File\Folder C:\WINDOWS\System32\sshnas21.dll not found.

C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job moved successfully.

C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job moved successfully.

C:\WINDOWS\tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job moved successfully.

C:\WINDOWS\tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job moved successfully.

C:\WINDOWS\tasks\{BBAEAEAF-1275-40e2-BD6C-BC8F88BD114A}.job moved successfully.

File\Folder C:\*.sqm not found.

========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 33170 bytes

User: LocalService

->Temp folder emptied: 82400 bytes

->Temporary Internet Files folder emptied: 648213 bytes

->Flash cache emptied: 813 bytes

User: NetworkService

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 93178794 bytes

->Flash cache emptied: 11532 bytes

User: pitta

->Temp folder emptied: 6716915720 bytes

->Temporary Internet Files folder emptied: 114879564 bytes

->Java cache emptied: 10126 bytes

->FireFox cache emptied: 110261278 bytes

->Google Chrome cache emptied: 6050507 bytes

->Flash cache emptied: 264794 bytes

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 1139202 bytes

%systemroot%\System32 .tmp files removed: 2933248 bytes

%systemroot%\System32\dllcache .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 35995499 bytes

%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 13005534 bytes

%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 55941 bytes

RecycleBin emptied: 212 bytes

Total Files Cleaned = 6 767,00 mb

[EMPTYFLASH]

User: All Users

User: Default User

User: LocalService

->Flash cache emptied: 0 bytes

User: NetworkService

->Flash cache emptied: 0 bytes

User: pitta

->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0,00 mb

HOSTS file reset successfully

OTL by OldTimer - Version 3.2.22.3 log created on 04222011_202037

Files\Folders moved on Reboot...

File\Folder C:\Documents and Settings\pitta\Mes documents\Téléchargements\Webfetti.exe not found!

C:\WINDOWS\system32\jqzevvyv.dll moved successfully.

Registry entries deleted on Reboot...

edit je rajoute le lien physicalmbr

http://virusscan.jotti.org/fr/scanresult/682e8062849aef836ac1e81a8962c08f2f946318

Modifié le 22 avril 2011 par scarves

lance_yien · le 23 avril 2011

Bonjour,

Cette ligne dans ton rapport indique que ton disque dur va bientôt déborder

Drive C: | 232,88 Gb Total Space | 4,10 Gb Free Space | 1,76% Space Free | Partition Type: NTFS

Il te faut un minimum de "15% Space Free" d'espace libre et pour cela il faut absolument faire du ménage avant d'aller plus loin. D'ailleurs c'est étonnant que ta machine n'a pas planté avant et ce qui explique tes problèmes à faire l'analyse avec ESET.

Je te sugère de:

Cliquer sur "Poste de travail" puis sur "C:" et supprimer ou déplacer vers d'autres médias (DDexterne, clé USB...) tous ces fichiers/ dossiers audio, vidéo et ou compressés qui se trouvent directement dans la racine de ton disque dur comme:
-- C:\[Ayako-Nishishi]_Softenni_-_02_[720p][A48E8D59].mkv
-- C:\[Kyuubi]_Fairy_Tail_75_[720p][A05BD897].mp4
etc...
Supprimer tout ce qui est cracks et keygen car source de virus virulents et autre rootkits capable de détruire complètement une machine pour certain sans compter la perte de document personnels et vol d'identifiants et mots de passe. Il y a tout ce qu'on veut en logiciel gratuit et légitimes sur le Net, il suffit de chercher.
Désinstaller tout programme de partage réseau ( P2P) car utilisé par les pirates pour faire installer leur rogues et autres malware. Sans compter que ces réseaux utilisent ta bande passante pour améliorer la leur, ce qui peut ralentir et perturber considérablement ton système.
Vider ton dossier de téléchargement (à faire régulièrement): C:\Documents and Settings\pitta\Mes documents\Téléchargements

A lire attentivement attentivement: Le danger des P2P

Une fois que ce ménage est fait et que tu as au moins 15% d'espace libre dans ton disque (clic-droit dessus => Propriétés),

>>> Relancer OTL et sans rien changer ni ajouter, cliquer sur le bouton bleu Analyse et laisser faire.

Copier/ Coller le contenu du rapport généré.

Rapports demandés:

OTL.txt

La prochaine étape, nous utiliserons un autre utilitaire pour contrôler la désinfection à condition d'avoir suffisamment de place dans le DD pour éviter tout problème.

scarves · le 23 avril 2011

plop voila j'ai fait un peu de place

scan otl

OTL logfile created on: 23/04/2011 10:59:38 - Run 2

OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\pitta\Bureau

Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy

3,00 Gb Total Physical Memory | 3,00 Gb Available Physical Memory | 78,00% Memory free

5,00 Gb Paging File | 5,00 Gb Available in Paging File | 86,00% Paging File free

Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 232,88 Gb Total Space | 34,69 Gb Free Space | 14,90% Space Free | Partition Type: NTFS

Drive J: | 189,92 Gb Total Space | 0,89 Gb Free Space | 0,47% Space Free | Partition Type: NTFS

Computer Name: SCARVESSE | User Name: pitta | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/04/22 21:18:05 | 004,772,720 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\BitTorrent\BitTorrent.exe

PRC - [2011/04/22 18:39:45 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\pitta\Bureau\OTL.exe

PRC - [2011/03/18 19:58:47 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe

PRC - [2010/11/20 18:55:36 | 001,704,960 | ---- | M] (Curse) -- C:\Documents and Settings\pitta\Local Settings\Apps\2.0\96P0O3PZ.BOZ\4LNT281M.WD6\curs..tion_eee711038731a406_0004.0000_efb506202a7c3b08\CurseClient.exe

PRC - [2010/06/26 02:15:32 | 001,311,312 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Logitech\SetPointP\SetPoint.exe

PRC - [2010/06/22 21:09:20 | 000,112,208 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Fichiers communs\LogiShrd\KHAL3\KHALMNPR.exe

PRC - [2010/03/25 15:39:22 | 000,490,280 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Update\NASvc.exe

PRC - [2010/03/15 11:58:30 | 000,172,544 | ---- | M] (Panasonic Corporation) -- C:\Program Files\Fichiers communs\Panasonic\PHOTOfunSTUDIO AutoStart\AutoStartupService.exe

PRC - [2010/01/08 00:26:54 | 002,478,080 | ---- | M] (SEC) -- C:\Program Files\MagicTune Premium\MagicTune.exe

PRC - [2009/07/21 14:33:58 | 000,185,089 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe

PRC - [2009/05/13 16:47:40 | 000,108,289 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe

PRC - [2009/03/02 13:08:11 | 000,209,153 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe

PRC - [2008/04/14 04:34:03 | 001,037,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe

PRC - [2007/08/23 15:05:00 | 000,045,056 | ---- | M] () -- C:\Program Files\MagicTune Premium\MagicTuneEngine.exe

PRC - [2007/06/15 13:57:42 | 000,145,504 | ---- | M] (B.H.A Corporation) -- C:\WINDOWS\system32\bgsvcgen.exe

PRC - [2005/03/09 21:50:18 | 000,018,944 | ---- | M] (http://libusb-win32.sourceforge.net'>http://libusb-win32.sourceforge.net) -- C:\WINDOWS\system32\libusbd-nt.exe

========== Modules (SafeList) ==========

MOD - [2011/04/22 18:39:45 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\pitta\Bureau\OTL.exe

MOD - [2010/08/23 18:12:39 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll

========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (pvctzzze)

SRV - [2010/05/06 11:29:12 | 000,293,456 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Fichiers communs\LogiShrd\Bluetooth\LBTServ.exe -- (LBTServ)

SRV - [2010/03/25 15:39:22 | 000,490,280 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files\Nero\Update\NASvc.exe -- (NAUpdate)

SRV - [2009/07/21 14:33:58 | 000,185,089 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)

SRV - [2009/05/13 16:47:40 | 000,108,289 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)

SRV - [2008/08/17 10:40:50 | 000,217,088 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\PS3 Media Server\win32\service\wrapper.exe -- (PS3 Media Server)

SRV - [2007/08/23 15:05:00 | 000,045,056 | ---- | M] () [Auto | Running] -- C:\Program Files\MagicTune Premium\MagicTuneEngine.exe -- (MagicTuneEngine)

SRV - [2007/06/15 13:57:42 | 000,145,504 | ---- | M] (B.H.A Corporation) [Auto | Running] -- C:\WINDOWS\System32\bgsvcgen.exe -- (bgsvcgen)

SRV - [2005/03/09 21:50:18 | 000,018,944 | ---- | M] (http://libusb-win32.sourceforge.net) [Auto | Running] -- C:\WINDOWS\system32\libusbd-nt.exe -- (libusbd)

========== Driver Services (SafeList) ==========

DRV - [2010/11/26 06:17:40 | 005,555,712 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)

DRV - [2010/11/23 13:40:40 | 000,091,216 | ---- | M] (High Criteria inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\TotRec8.sys -- (TotRec8)

DRV - [2010/11/04 22:24:55 | 000,691,696 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)

DRV - [2010/07/09 14:18:54 | 000,020,328 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\cpuz134_x32.sys -- (cpuz134)

DRV - [2010/04/28 08:44:02 | 000,054,760 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\fssfltr_tdi.sys -- (fssfltr)

DRV - [2010/03/18 11:02:32 | 000,028,624 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LUsbFilt.sys -- (LUsbFilt)

DRV - [2010/03/18 11:02:08 | 000,037,328 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LMouFilt.Sys -- (LMouFilt)

DRV - [2010/03/18 11:01:52 | 000,038,864 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LHidFilt.Sys -- (LHidFilt)

DRV - [2010/03/18 11:01:12 | 000,010,448 | ---- | M] (Logitech, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\LBeepKE.sys -- (LBeepKE)

DRV - [2009/11/25 12:19:02 | 000,056,816 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)

DRV - [2009/11/19 01:24:26 | 000,095,232 | R--- | M] (ATI Research Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AtiHdmi.sys -- (AtiHdmiService)

DRV - [2009/08/18 11:32:00 | 005,884,416 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)

DRV - [2009/08/05 08:16:44 | 000,039,424 | R--- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\l1e51x86.sys -- (L1e)

DRV - [2009/08/04 11:28:18 | 000,011,296 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AsIO.sys -- (AsIO)

DRV - [2009/06/04 13:53:04 | 000,014,080 | ---- | M] (Samsung Electronics, Inc. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\MTiCtwl.sys -- (MagicTune)

DRV - [2009/05/11 10:11:52 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)

DRV - [2009/03/30 10:32:47 | 000,096,104 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)

DRV - [2009/02/13 12:34:33 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)

DRV - [2008/08/05 14:10:12 | 001,684,736 | ---- | M] (Creative) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Ambfilt.sys -- (Ambfilt)

DRV - [2008/04/13 20:56:06 | 000,088,320 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkipx.sys -- (NwlnkIpx)

DRV - [2007/07/23 11:56:58 | 000,042,624 | ---- | M] (Ideazon Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Alpham1.sys -- (Alpham1)

DRV - [2007/03/20 13:49:52 | 000,018,432 | ---- | M] (Ideazon Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Alpham2.sys -- (Alpham2)

DRV - [2006/12/24 06:15:18 | 000,027,904 | ---- | M] (Compuware Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\xPADFL02.sys -- (XPADFL02)

DRV - [2006/03/12 13:11:18 | 000,037,248 | ---- | M] (Ideazon Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Alpham.sys -- (Alpham)

DRV - [2006/03/01 19:53:54 | 000,032,128 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\pcandis5.sys -- (PCANDIS5)

DRV - [2006/01/04 09:41:48 | 001,389,056 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Monfilt.sys -- (Monfilt)

DRV - [2005/03/09 21:50:16 | 000,033,792 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\libusb0.sys -- (libusb0)

DRV - [2004/08/13 04:56:20 | 000,005,810 | R--- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ASACPI.sys -- (MTsensor)

DRV - [2004/03/26 11:55:12 | 000,091,241 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\P1131Vid.sys -- (P1131VID) Creative WebCam NX Pro (WDM)

DRV - [2003/09/23 11:38:34 | 000,034,688 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\pcampr5.sys -- (PCAMPR5)

DRV - [2001/08/28 14:00:00 | 000,063,232 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnknb.sys -- (NwlnkNb)

DRV - [2001/08/28 14:00:00 | 000,055,936 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkspx.sys -- (NwlnkSpx)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Google

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = MSN : Hotmail, Messenger, Bing, Actualité et Sport

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = fr

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0E BB A3 DC AF 93 CB 01 [binary data]

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: ""

FF - prefs.js..browser.search.defaulturl: ""

FF - prefs.js..browser.search.selectedEngine: ""

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22

FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23

FF - prefs.js..network.proxy.type: 0

FF - HKLM\software\mozilla\Firefox\Extensions\\{3112ca9c-de6d-4884-a869-9855de68056c}: C:\Documents and Settings\All Users\Application Data\Google\Toolbar for Firefox\{3112ca9c-de6d-4884-a869-9855de68056c} [2011/04/19 10:37:13 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 4.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/04/19 10:38:06 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 4.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/04/19 10:38:04 | 000,000,000 | ---D | M]

[2010/12/01 20:26:15 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\pitta\Application Data\Mozilla\Extensions

[2011/04/19 10:39:06 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\pitta\Application Data\Mozilla\Firefox\Profiles\gvwd237t.default\extensions

[2010/12/01 20:28:49 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\pitta\Application Data\Mozilla\Firefox\Profiles\gvwd237t.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}

[2011/04/19 10:39:06 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Documents and Settings\pitta\Application Data\Mozilla\Firefox\Profiles\gvwd237t.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}

[2011/02/01 02:10:17 | 000,000,260 | ---- | M] () -- C:\Documents and Settings\pitta\Application Data\Mozilla\Firefox\Profiles\gvwd237t.default\searchplugins\Search.xml

[2011/04/19 10:38:06 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions

[2010/12/30 05:32:33 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}

[2011/01/03 02:50:49 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}

File not found (No name found) --

[2010/12/30 05:32:09 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF

[2011/03/18 19:58:47 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browsercomps.dll

[2010/11/12 19:53:06 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll

[2010/01/01 10:00:00 | 000,001,516 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-france.xml

[2010/01/01 10:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\bing.xml

[2010/01/01 10:00:00 | 000,001,822 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\cnrtl-tlfi-fr.xml

[2010/01/01 10:00:00 | 000,001,154 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-france.xml

[2010/01/01 10:00:00 | 000,001,426 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-fr.xml

[2010/01/01 10:00:00 | 000,000,956 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-france.xml

Hosts file not found

O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)

O2 - BHO: (Programme d'aide de l'Assistant de connexion Windows Live) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)

O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.6209.1142\swg.dll (Google Inc.)

O2 - BHO: (IeMonitorBho Class) - {bf00e119-21a3-4fd1-b178-3b8537e75c92} - C:\Program Files\Megaupload\Mega Manager\MegaIEMn.dll (Megaupload Limited)

O2 - BHO: () - {F0921779-632A-3B6E-68C5-AE3DBE8219CB} - File not found

O4 - HKLM..\Run: [Adobe ARM] C:\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)

O4 - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)

O4 - HKCU..\Run: [bitTorrent] C:\Program Files\BitTorrent\BitTorrent.exe (BitTorrent, Inc.)

O4 - Startup: C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\PHOTOfunSTUDIO 5.1 HD Edition.lnk = C:\Program Files\Fichiers communs\Panasonic\PHOTOfunSTUDIO AutoStart\AutoStartupService.exe (Panasonic Corporation)

O4 - Startup: C:\Documents and Settings\pitta\Menu Démarrer\Programmes\Démarrage\CurseClientStartup.ccip ()

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Documents and Settings\pitta\Application Data\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()

O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll (Google Inc.)

O8 - Extra context menu item: Liens de téléchargement avec Mega Manager... - C:\Program Files\Megaupload\Mega Manager\mm_file.htm ()

O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 212.27.40.240 212.27.40.241

O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\msdaipp.dll (Microsoft Corporation)

O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\msdaipp.dll (Microsoft Corporation)

O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\msdaipp.dll (Microsoft Corporation)

O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\msdaipp.dll (Microsoft Corporation)

O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\msdaipp.dll (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\msdaipp.dll (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\msdaipp.dll (Microsoft Corporation)

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Fichiers communs\Skype\Skype4COM.dll (Skype Technologies)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)

O20 - Winlogon\Notify\LBTWlgn: DllName - c:\program files\fichiers communs\logishrd\bluetooth\LBTWlgn.dll - c:\Program Files\Fichiers communs\LogiShrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)

O20 - Winlogon\Notify\WgaLogon: DllName - WgaLogon.dll - File not found

O24 - Desktop Components:0 (Ma page d'accueil) - About:Home

O24 - Desktop WallPaper: C:\Documents and Settings\pitta\Local Settings\Application Data\Microsoft\Wallpaper1.bmp

O24 - Desktop BackupWallPaper: C:\Documents and Settings\pitta\Local Settings\Application Data\Microsoft\Wallpaper1.bmp

O30 - LSA: Authentication Packages - (nwprovau) - C:\WINDOWS\System32\nwprovau.dll (Microsoft Corporation)

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2010/03/30 11:41:21 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/04/22 20:20:37 | 000,000,000 | ---D | C] -- C:\_OTL

[2011/04/22 18:39:43 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\pitta\Bureau\OTL.exe

[2011/04/22 15:01:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Macromedia

[2011/04/22 15:01:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe

[2011/04/22 11:24:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Malwarebytes' Anti-Malware

[2011/04/22 11:23:44 | 007,734,208 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\pitta\Bureau\malwarebytes-anti-malware_malwarebytes_anti-malware_1.50.1_francais_215092.exe

[2011/04/22 02:14:33 | 000,000,000 | -HSD | C] -- C:\WINDOWS\CSC

[2011/04/22 02:13:13 | 000,000,000 | R--D | C] -- C:\Documents and Settings\pitta\Recent

[2011/04/21 09:48:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Identities

[2011/04/17 17:06:17 | 000,000,000 | ---D | C] -- C:\WINDOWS\ie8

[2011/04/14 12:08:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Adobe

[2011/04/11 09:27:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia

[2011/04/11 09:27:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe

[2011/03/31 11:08:24 | 000,000,000 | ---D | C] -- C:\Adèle - 21

========== Files - Modified Within 30 Days ==========

[2011/04/23 10:40:10 | 000,163,840 | ---- | M] () -- C:\Documents and Settings\pitta\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2011/04/23 10:25:22 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2011/04/22 22:46:10 | 000,011,511 | ---- | M] () -- C:\[gg]_Puella_Magi_Madoka_Magica_-_12_[1A2F25C0].mkv.2.torrent

[2011/04/22 22:41:14 | 589,652,560 | ---- | M] () -- C:\[gg]_Puella_Magi_Madoka_Magica_-_12_[1A2F25C0].mkv

[2011/04/22 21:57:47 | 000,011,511 | ---- | M] () -- C:\[gg]_Puella_Magi_Madoka_Magica_-_12_[1A2F25C0].mkv.1.torrent

[2011/04/22 21:54:29 | 674,671,911 | ---- | M] () -- C:\[gg]_Puella_Magi_Madoka_Magica_-_11_[44209DA8].mkv

[2011/04/22 21:44:46 | 366,621,842 | ---- | M] () -- C:\[Tsuki]_Naruto_Shippuuden_-_208_[1280x720][FDBB33F8].mkv

[2011/04/22 21:22:30 | 000,014,256 | ---- | M] () -- C:\[Tsuki]_Naruto_Shippuuden_-_208_[1280x720][FDBB33F8].mkv.1.torrent

[2011/04/22 21:21:04 | 000,013,131 | ---- | M] () -- C:\[gg]_Puella_Magi_Madoka_Magica_-_11_[44209DA8].mkv.1.torrent

[2011/04/22 21:18:05 | 000,000,668 | ---- | M] () -- C:\Documents and Settings\pitta\Application Data\Microsoft\Internet Explorer\Quick Launch\BitTorrent.lnk

[2011/04/22 21:18:05 | 000,000,650 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\BitTorrent.lnk

[2011/04/22 19:48:28 | 000,000,050 | ---- | M] () -- C:\WINDOWS\MegaManager.INI

[2011/04/22 19:35:50 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat

[2011/04/22 18:39:45 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\pitta\Bureau\OTL.exe

[2011/04/22 14:12:22 | 000,511,836 | ---- | M] () -- C:\WINDOWS\System32\perfh00C.dat

[2011/04/22 14:12:22 | 000,442,530 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat

[2011/04/22 14:12:22 | 000,085,840 | ---- | M] () -- C:\WINDOWS\System32\perfc00C.dat

[2011/04/22 14:12:22 | 000,072,274 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat

[2011/04/22 11:41:27 | 000,879,081 | ---- | M] () -- C:\Documents and Settings\pitta\Bureau\SecurityCheck.exe

[2011/04/22 11:23:44 | 007,734,208 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\pitta\Bureau\malwarebytes-anti-malware_malwarebytes_anti-malware_1.50.1_francais_215092.exe

[2011/04/22 11:14:00 | 001,006,778 | ---- | M] () -- C:\Documents and Settings\pitta\Bureau\rkill.exe

[2011/04/22 02:04:47 | 000,000,336 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\18079540

[2011/04/19 10:20:28 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2011/04/17 17:33:55 | 000,000,920 | ---- | M] () -- C:\Documents and Settings\pitta\Bureau\DVDVideoSoft Free Studio.lnk

[2011/04/17 17:33:44 | 000,001,051 | ---- | M] () -- C:\Documents and Settings\pitta\Bureau\Free YouTube to MP3 Converter.lnk

[2011/04/17 17:09:11 | 000,000,815 | ---- | M] () -- C:\Documents and Settings\pitta\Application Data\Microsoft\Internet Explorer\Quick Launch\Démarrer Internet Explorer.lnk

[2011/04/15 16:16:51 | 139,128,832 | ---- | M] () -- C:\[EveTaku] A-Channel - 02 (848x480 xvid mp3).avi

[2011/04/15 12:31:08 | 000,054,016 | ---- | M] () -- C:\WINDOWS\System32\drivers\blln.sys

[2011/04/15 12:03:36 | 545,443,444 | ---- | M] () -- C:\[gg]_Dororon_Enma-kun_Meramera_-_02_[40804FBA].mkv

[2011/04/15 10:35:07 | 366,701,029 | ---- | M] () -- C:\[Tsuki]_Naruto_Shippuuden_-_207_[1280x720][89925B72].mkv

[2011/04/13 14:14:06 | 334,313,114 | ---- | M] () -- C:\[AE-Kaen]_Toriko_-_02_[720p][960809F4].mkv

[2011/04/13 12:26:03 | 238,893,056 | ---- | M] () -- C:\[aarinfantasy]_Otona_ni_natte_mo_Ep1_[0E1A4D52].avi

[2011/04/12 13:02:53 | 331,367,186 | ---- | M] () -- C:\[underwater-Commie] Nichijou - 02 (720p) [87E53446].mkv

[2011/04/11 15:13:18 | 000,054,016 | ---- | M] () -- C:\WINDOWS\System32\drivers\obfn.sys

[2011/04/11 13:26:18 | 000,000,742 | ---- | M] () -- C:\Documents and Settings\pitta\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk

[2011/04/11 13:26:18 | 000,000,724 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\Mozilla Firefox.lnk

[2011/04/10 19:39:30 | 000,000,600 | ---- | M] () -- C:\Documents and Settings\pitta\Local Settings\Application Data\PUTTY.RND

[2011/04/09 09:29:43 | 475,026,792 | ---- | M] () -- C:\[gg]_Dororon_Enma-kun_Meramera_-_01_[08BB76C5].mkv

[2011/04/08 16:38:42 | 366,949,219 | ---- | M] () -- C:\[Tsuki]_Naruto_Shippuuden_-_206_[1280x720][48C6FF40].mkv

[2011/04/03 04:59:41 | 164,359,545 | ---- | M] () -- C:\[subDesu] Nana to Kaoru OVA 01 (853x480) [b0792FB6].mkv

[2011/04/02 00:43:27 | 361,053,507 | ---- | M] () -- C:\[Ayako]_Infinite_Stratos_-_IS_-_12_[H264][720p][660B00BB].mkv

[2011/04/01 04:44:37 | 366,834,653 | ---- | M] () -- C:\[Tsuki]_Naruto_Shippuuden_-_205_[1280x720][38976FF6].mkv

[2011/03/30 17:42:43 | 318,029,970 | ---- | M] () -- C:\[Ruri]Dragon Crisis 09 [720p][H264][ABFC5F29].mkv

[2011/03/30 17:28:51 | 333,373,262 | ---- | M] () -- C:\[underwater-Commie] Dragon Crisis! - 10 (720p) [24ECE819].mkv

[2011/03/30 17:14:56 | 360,504,963 | ---- | M] () -- C:\[gg]_Kimi_ni_Todoke_2nd_Season_-_11_[8A953257].mkv

[2011/03/30 17:12:38 | 340,340,233 | ---- | M] () -- C:\[gg]_Kimi_ni_Todoke_2nd_Season_-_12_[CBA94872].mkv

[2011/03/30 17:08:41 | 318,164,686 | ---- | M] () -- C:\[WhyNot] Dragon Crisis - 11 [C98F4886].mkv

[2011/03/30 16:49:40 | 329,252,693 | ---- | M] () -- C:\[underwater-Commie] Dragon Crisis! - 12 (720p) [603DD593].mkv

[2011/03/25 15:55:53 | 549,611,836 | ---- | M] () -- C:\[uTW]_Fractale_-_04_[h264-720p][bE4B9022].mkv

[2011/03/25 15:52:07 | 368,552,515 | ---- | M] () -- C:\[Ayako]_Yumekui_Merry_-_11_[720p][H264][550A7FCB].mkv

[2011/03/25 15:43:56 | 368,565,932 | ---- | M] () -- C:\[Ayako]_Yumekui_Merry_-_10_[720p][H264][0E0C5DC3].mkv

[2011/03/25 12:51:05 | 314,457,560 | ---- | M] () -- C:\[Tsuki]_Naruto_Shippuuden_-_204_[1280x720][075431C3].mkv

[2011/03/24 18:30:37 | 314,298,831 | ---- | M] () -- C:\[Tsuki]_Bleach_-_314_[1280x720][b741695C].mkv

========== Files Created - No Company Name ==========

[2011/04/22 22:46:12 | 000,011,511 | ---- | C] () -- C:\[gg]_Puella_Magi_Madoka_Magica_-_12_[1A2F25C0].mkv.2.torrent

[2011/04/22 21:58:18 | 589,652,560 | ---- | C] () -- C:\[gg]_Puella_Magi_Madoka_Magica_-_12_[1A2F25C0].mkv

[2011/04/22 21:57:48 | 000,011,511 | ---- | C] () -- C:\[gg]_Puella_Magi_Madoka_Magica_-_12_[1A2F25C0].mkv.1.torrent

[2011/04/22 21:23:01 | 366,621,842 | ---- | C] () -- C:\[Tsuki]_Naruto_Shippuuden_-_208_[1280x720][FDBB33F8].mkv

[2011/04/22 21:22:31 | 000,014,256 | ---- | C] () -- C:\[Tsuki]_Naruto_Shippuuden_-_208_[1280x720][FDBB33F8].mkv.1.torrent

[2011/04/22 21:21:21 | 674,671,911 | ---- | C] () -- C:\[gg]_Puella_Magi_Madoka_Magica_-_11_[44209DA8].mkv

[2011/04/22 21:21:06 | 000,013,131 | ---- | C] () -- C:\[gg]_Puella_Magi_Madoka_Magica_-_11_[44209DA8].mkv.1.torrent

[2011/04/22 11:41:23 | 000,879,081 | ---- | C] () -- C:\Documents and Settings\pitta\Bureau\SecurityCheck.exe

[2011/04/22 11:13:57 | 001,006,778 | ---- | C] () -- C:\Documents and Settings\pitta\Bureau\rkill.exe

[2011/04/22 02:04:47 | 000,000,336 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\18079540

[2011/04/17 17:33:44 | 000,001,051 | ---- | C] () -- C:\Documents and Settings\pitta\Bureau\Free YouTube to MP3 Converter.lnk

[2011/04/15 16:11:55 | 139,128,832 | ---- | C] () -- C:\[EveTaku] A-Channel - 02 (848x480 xvid mp3).avi

[2011/04/15 12:31:08 | 000,054,016 | ---- | C] () -- C:\WINDOWS\System32\drivers\blln.sys

[2011/04/15 10:49:18 | 545,443,444 | ---- | C] () -- C:\[gg]_Dororon_Enma-kun_Meramera_-_02_[40804FBA].mkv

[2011/04/15 10:14:55 | 366,701,029 | ---- | C] () -- C:\[Tsuki]_Naruto_Shippuuden_-_207_[1280x720][89925B72].mkv

[2011/04/13 13:58:42 | 334,313,114 | ---- | C] () -- C:\[AE-Kaen]_Toriko_-_02_[720p][960809F4].mkv

[2011/04/13 12:16:05 | 238,893,056 | ---- | C] () -- C:\[aarinfantasy]_Otona_ni_natte_mo_Ep1_[0E1A4D52].avi

[2011/04/12 12:52:01 | 331,367,186 | ---- | C] () -- C:\[underwater-Commie] Nichijou - 02 (720p) [87E53446].mkv

[2011/04/11 15:13:18 | 000,054,016 | ---- | C] () -- C:\WINDOWS\System32\drivers\obfn.sys

[2011/04/11 13:26:18 | 000,000,730 | ---- | C] () -- C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Mozilla Firefox.lnk

[2011/04/11 09:31:05 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat

[2011/04/10 19:39:30 | 000,000,600 | ---- | C] () -- C:\Documents and Settings\pitta\Local Settings\Application Data\PUTTY.RND

[2011/04/09 09:12:18 | 475,026,792 | ---- | C] () -- C:\[gg]_Dororon_Enma-kun_Meramera_-_01_[08BB76C5].mkv

[2011/04/08 16:10:56 | 366,949,219 | ---- | C] () -- C:\[Tsuki]_Naruto_Shippuuden_-_206_[1280x720][48C6FF40].mkv

[2011/04/03 04:53:27 | 164,359,545 | ---- | C] () -- C:\[subDesu] Nana to Kaoru OVA 01 (853x480) [b0792FB6].mkv

[2011/04/02 00:29:13 | 361,053,507 | ---- | C] () -- C:\[Ayako]_Infinite_Stratos_-_IS_-_12_[H264][720p][660B00BB].mkv

[2011/04/01 03:56:30 | 366,834,653 | ---- | C] () -- C:\[Tsuki]_Naruto_Shippuuden_-_205_[1280x720][38976FF6].mkv

[2011/03/30 16:51:09 | 333,373,262 | ---- | C] () -- C:\[underwater-Commie] Dragon Crisis! - 10 (720p) [24ECE819].mkv

[2011/03/30 14:33:13 | 318,029,970 | ---- | C] () -- C:\[Ruri]Dragon Crisis 09 [720p][H264][ABFC5F29].mkv

[2011/03/30 14:32:35 | 340,340,233 | ---- | C] () -- C:\[gg]_Kimi_ni_Todoke_2nd_Season_-_12_[CBA94872].mkv

[2011/03/30 14:32:07 | 318,164,686 | ---- | C] () -- C:\[WhyNot] Dragon Crisis - 11 [C98F4886].mkv

[2011/03/30 14:32:00 | 329,252,693 | ---- | C] () -- C:\[underwater-Commie] Dragon Crisis! - 12 (720p) [603DD593].mkv

[2011/03/30 14:31:38 | 360,504,963 | ---- | C] () -- C:\[gg]_Kimi_ni_Todoke_2nd_Season_-_11_[8A953257].mkv

[2011/03/25 15:15:01 | 549,611,836 | ---- | C] () -- C:\[uTW]_Fractale_-_04_[h264-720p][bE4B9022].mkv

[2011/03/25 15:14:11 | 368,552,515 | ---- | C] () -- C:\[Ayako]_Yumekui_Merry_-_11_[720p][H264][550A7FCB].mkv

[2011/03/25 15:13:35 | 368,565,932 | ---- | C] () -- C:\[Ayako]_Yumekui_Merry_-_10_[720p][H264][0E0C5DC3].mkv

[2011/03/25 12:26:02 | 314,457,560 | ---- | C] () -- C:\[Tsuki]_Naruto_Shippuuden_-_204_[1280x720][075431C3].mkv

[2011/03/24 18:15:31 | 314,298,831 | ---- | C] () -- C:\[Tsuki]_Bleach_-_314_[1280x720][b741695C].mkv

[2011/02/14 15:25:55 | 000,111,932 | ---- | C] () -- C:\WINDOWS\System32\EPPICPrinterDB.dat

[2011/02/14 15:25:55 | 000,031,053 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern131.dat

[2011/02/14 15:25:55 | 000,027,417 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern121.dat

[2011/02/14 15:25:55 | 000,026,154 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern1.dat

[2011/02/14 15:25:55 | 000,024,903 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern3.dat

[2011/02/14 15:25:55 | 000,021,390 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern5.dat

[2011/02/14 15:25:55 | 000,020,148 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern2.dat

[2011/02/14 15:25:55 | 000,011,811 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern4.dat

[2011/02/14 15:25:55 | 000,004,943 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern6.dat

[2011/02/14 15:25:55 | 000,001,146 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_DU.dat

[2011/02/14 15:25:55 | 000,001,139 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_PT.dat

[2011/02/14 15:25:55 | 000,001,139 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_BP.dat

[2011/02/14 15:25:55 | 000,001,136 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_ES.dat

[2011/02/14 15:25:55 | 000,001,129 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_FR.dat

[2011/02/14 15:25:55 | 000,001,129 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_CF.dat

[2011/02/14 15:25:55 | 000,001,120 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_IT.dat

[2011/02/14 15:25:55 | 000,001,107 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_GE.dat

[2011/02/14 15:25:55 | 000,001,104 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_EN.dat

[2011/02/14 15:25:55 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini

[2010/12/19 00:40:42 | 000,033,792 | ---- | C] () -- C:\WINDOWS\System32\drivers\libusb0.sys

[2010/12/01 20:26:00 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat

[2010/11/30 11:58:00 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\custmon32.dll

[2010/11/16 20:45:36 | 000,000,056 | ---- | C] () -- C:\WINDOWS\System32\ezsidmv.dat

[2010/11/14 02:09:54 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini

[2010/11/05 10:54:28 | 000,642,376 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat

[2010/11/04 22:22:18 | 000,000,050 | ---- | C] () -- C:\WINDOWS\MegaManager.INI

[2010/07/28 21:59:46 | 000,000,262 | ---- | C] () -- C:\WINDOWS\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini

[2010/07/09 10:26:39 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\AsIO.dll

[2010/07/09 10:26:39 | 000,011,296 | ---- | C] () -- C:\WINDOWS\System32\drivers\AsIO.sys

[2010/07/09 10:03:17 | 000,163,840 | ---- | C] () -- C:\Documents and Settings\pitta\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2010/07/09 09:56:03 | 000,028,974 | ---- | C] () -- C:\WINDOWS\Ascd_log.ini

[2010/07/09 09:52:42 | 000,000,128 | ---- | C] () -- C:\Documents and Settings\pitta\Local Settings\Application Data\fusioncache.dat

[2010/07/09 08:04:49 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\CNMVS64.DLL

[2010/04/25 03:33:48 | 000,085,504 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll

[2010/03/30 12:34:43 | 000,004,207 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI

[2010/03/30 12:33:47 | 000,100,640 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT

[2010/03/30 12:11:45 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ativpsrm.bin

[2010/03/30 12:11:42 | 000,887,724 | ---- | C] () -- C:\WINDOWS\System32\ativva6x.dat

[2010/03/30 12:11:42 | 000,224,001 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat

[2010/03/30 12:11:42 | 000,000,003 | ---- | C] () -- C:\WINDOWS\System32\ativva5x.dat

[2010/03/30 12:03:22 | 000,005,810 | R--- | C] () -- C:\WINDOWS\System32\drivers\ASACPI.sys

[2010/03/30 12:03:18 | 000,001,769 | ---- | C] () -- C:\WINDOWS\Language_trs.ini

[2010/03/30 12:03:15 | 000,021,654 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini

[2010/03/30 12:03:15 | 000,010,296 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS

[2010/03/30 11:42:44 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat

[2010/03/30 11:39:17 | 000,021,892 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat

[2008/10/22 06:29:06 | 000,173,550 | ---- | C] () -- C:\WINDOWS\System32\xlive.dll.cat

[2005/07/17 15:56:06 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\frapsvid.dll

[2004/08/02 14:20:40 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat

[2002/08/29 12:18:54 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin

[2001/08/28 14:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat

[2001/08/28 14:00:00 | 000,511,836 | ---- | C] () -- C:\WINDOWS\System32\perfh00C.dat

[2001/08/28 14:00:00 | 000,442,530 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat

[2001/08/28 14:00:00 | 000,322,810 | ---- | C] () -- C:\WINDOWS\System32\perfi00C.dat

[2001/08/28 14:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat

[2001/08/28 14:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat

[2001/08/28 14:00:00 | 000,151,296 | ---- | C] () -- C:\WINDOWS\System32\zbdfrikm.dat

[2001/08/28 14:00:00 | 000,135,936 | ---- | C] () -- C:\WINDOWS\System32\tndhaudj.dat

[2001/08/28 14:00:00 | 000,085,840 | ---- | C] () -- C:\WINDOWS\System32\perfc00C.dat

[2001/08/28 14:00:00 | 000,072,274 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat

[2001/08/28 14:00:00 | 000,058,112 | ---- | C] () -- C:\WINDOWS\System32\kkptvebk.dat

[2001/08/28 14:00:00 | 000,050,432 | ---- | C] () -- C:\WINDOWS\System32\qyfesnko.dat

[2001/08/28 14:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin

[2001/08/28 14:00:00 | 000,039,680 | ---- | C] () -- C:\WINDOWS\System32\rescbjad.dat

[2001/08/28 14:00:00 | 000,034,560 | ---- | C] () -- C:\WINDOWS\System32\fogxuquh.dat

[2001/08/28 14:00:00 | 000,034,108 | ---- | C] () -- C:\WINDOWS\System32\perfd00C.dat

[2001/08/28 14:00:00 | 000,031,488 | ---- | C] () -- C:\WINDOWS\System32\bfcehnhp.dat

[2001/08/28 14:00:00 | 000,030,464 | ---- | C] () -- C:\WINDOWS\System32\kyvhhcoo.dat

[2001/08/28 14:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat

[2001/08/28 14:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat

[2001/08/23 13:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin

[2001/08/23 13:00:00 | 000,004,463 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat

========== Alternate Data Streams ==========

@Alternate Data Stream - 717 bytes -> C:\Documents and Settings\All Users\Bureau\Call of Duty: Modern Warfare 2.lnk

< End of report >

lance_yien · le 23 avril 2011

C'est beaucoup mieux :super:

Imprimer ces instructions ou les enregistrer dans un fichier texte sur le Bureau pour les consulter facilement à tout moment et télécharger, sur le Bureau ComboFix© (par sUBs) depuis ici ou ici

Fermer toutes les applications et fenêtres ouvertes, désactiver antivirus/ pare-feu/ antispyware et double-cliquer ComboFix.exe. Suivre les instructions.

Accepter l'Agrément de la licence et l'installation de la Console de Récupération (proposée sous XP si pas installée).

NE PAS TOUCHER la machine avant la fin (même si les choses semblent ne pas avancer).

Quand c'est fini, un rapport (ComboFix.txt) s'affiche. Il est sauvegardé, automatiquement, à la racine de la partition système (généralement C:\)

Poster son contenu.

scarves · le 23 avril 2011

:bigglasses:

rohh rapide merci en tout cas pour ta disponibilité et la rapidité des reponses :love: donc voici le log le pc à reboot quelques fois voilou

ComboFix 11-04-22.03 - pitta 23/04/2011 12:34:02.1.2 - x86

Microsoft Windows XP Professionnel 5.1.2600.3.1252.33.1036.18.3583.3142 [GMT 2:00]

Lancé depuis: c:\documents and settings\pitta\Bureau\ComboFix.exe

AV: AntiVir Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}

.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\documents and settings\pitta\Application Data\Adobe\plugs

c:\documents and settings\pitta\Application Data\Adobe\shed

c:\documents and settings\pitta\Application Data\OfferBox

c:\documents and settings\pitta\Application Data\OfferBox\config.xml

C:\readme.txt

.

((((((((((((((((((((((((((((( Fichiers créés du 2011-03-23 au 2011-04-23 ))))))))))))))))))))))))))))))))))))

.

2011-04-22 18:20 . 2011-04-22 18:20 -------- d-----w- C:\_OTL

2011-04-22 14:15 . 2011-04-22 14:15 -------- d-sh--w- c:\documents and settings\NetworkService\PrivacIE

2011-04-19 08:39 . 2011-04-19 08:39 -------- d-----w- c:\windows\system32\wbem\Repository

2011-04-17 15:06 . 2011-04-19 08:38 -------- dc----w- c:\windows\ie8

2011-04-15 10:31 . 2011-04-15 10:31 54016 ----a-w- c:\windows\system32\drivers\blln.sys

2011-04-14 10:08 . 2011-04-14 10:13 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe

2011-04-11 13:13 . 2011-04-11 13:13 54016 ----a-w- c:\windows\system32\drivers\obfn.sys

2011-04-11 11:26 . 2011-03-18 17:58 142296 ----a-w- c:\program files\Mozilla Firefox\components\browsercomps.dll

2011-04-11 11:26 . 2011-03-18 17:58 781272 ----a-w- c:\program files\Mozilla Firefox\mozsqlite3.dll

2011-04-11 11:26 . 2011-03-18 17:58 728024 ----a-w- c:\program files\Mozilla Firefox\libGLESv2.dll

2011-04-11 11:26 . 2011-03-18 17:58 1975768 ----a-w- c:\program files\Mozilla Firefox\D3DCompiler_42.dll

2011-04-11 11:26 . 2011-03-18 17:58 1893336 ----a-w- c:\program files\Mozilla Firefox\d3dx9_42.dll

2011-04-11 11:26 . 2011-03-18 17:58 1874904 ----a-w- c:\program files\Mozilla Firefox\mozjs.dll

2011-04-11 11:26 . 2011-03-18 17:58 15832 ----a-w- c:\program files\Mozilla Firefox\mozalloc.dll

2011-04-11 11:26 . 2011-03-18 17:58 142296 ----a-w- c:\program files\Mozilla Firefox\libEGL.dll

2011-04-11 07:28 . 2011-04-22 14:15 -------- d-----r- c:\documents and settings\NetworkService\Favoris

2011-03-31 09:08 . 2011-03-31 09:10 -------- d-----w- C:\Adèle - 21

.

(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-02-20 14:08 . 2011-02-20 14:07 4198724 ----a-w- C:\FileZilla_3.3.4.1_win32-setup.exe

2011-02-20 13:58 . 2011-02-20 13:58 623418 ----a-w- C:\BlackBoxFTP.by.ps3gunz.zip

2011-02-17 12:26 . 2011-02-17 12:13 391079393 ----a-w- C:\Archive_zazeur.zip

2011-02-09 13:54 . 2002-08-29 09:44 270848 ----a-w- c:\windows\system32\sbe.dll

2011-02-09 13:54 . 2002-08-29 09:44 186880 ----a-w- c:\windows\system32\encdec.dll

2011-02-02 07:59 . 2010-03-30 09:38 2067456 ----a-w- c:\windows\system32\mstscax.dll

2011-01-29 17:22 . 2011-01-29 17:22 24646 ----a-w- C:\03655c6d75fa56605a0d9a2422ca18f633e36a01.zip

2011-01-27 11:57 . 2010-03-30 09:38 677888 ----a-w- c:\windows\system32\mstsc.exe

2011-03-18 17:58 . 2011-04-11 11:26 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))

.

*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-07-09 39408]

"BitTorrent"="c:\program files\BitTorrent\BitTorrent.exe" [2011-04-22 4772720]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]

"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2010-06-26 1311312]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760]

"Adobe ARM"="c:\program files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]

.

c:\documents and settings\pitta\Menu D‚marrer\Programmes\D‚marrage\

CurseClientStartup.ccip [2011-2-1 0]

.

c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\

PHOTOfunSTUDIO 5.1 HD Edition.lnk - c:\program files\Fichiers communs\Panasonic\PHOTOfunSTUDIO AutoStart\AutoStartupService.exe [2011-2-14 172544]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableLinkedConnections"= 1 (0x1)

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]

2010-05-06 09:29 64592 ----a-w- c:\program files\Fichiers communs\LogiShrd\Bluetooth\LBTWLgn.dll

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^GammaTray.lnk]

path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\GammaTray.lnk

backup=c:\windows\pss\GammaTray.lnkCommon Startup

.

[HKLM\~\startupfolder\C:^Documents and Settings^pitta^Menu Démarrer^Programmes^Démarrage^CurseClientStartup.ccip]

path=c:\documents and settings\pitta\Menu Démarrer\Programmes\Démarrage\CurseClientStartup.ccip

backup=c:\windows\pss\CurseClientStartup.ccipStartup

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]

2010-09-20 21:07 932288 ----a-r- c:\program files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

2011-01-31 08:44 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATICustomerCare]

2010-05-04 15:05 311296 ----a-r- c:\program files\ATI\ATICustomerCare\ATICustomerCare.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent]

2011-04-22 19:18 4772720 ----a-w- c:\program files\BitTorrent\BitTorrent.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]

2008-04-14 02:33 15360 ----a-w- c:\windows\system32\ctfmon.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]

2010-04-01 09:16 357696 ----a-w- c:\program files\DAEMON Tools Lite\DTLite.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ManyCam]

2010-10-15 05:25 1721640 ----a-w- c:\program files\ManyCam\Bin\ManyCam.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]

2008-06-02 20:44 1660952 ----a-w- c:\program files\Messenger\Msmsgs.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]

2010-04-16 21:12 3872080 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBAgent]

2010-03-26 09:52 1234216 ----a-w- c:\program files\Nero\Nero 10\Nero BackItUp\NBAgent.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]

2009-08-14 06:08 18702336 ----a-w- c:\windows\RTHDCPL.EXE

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]

2010-10-11 15:49 14940040 ----a-r- c:\program files\Skype\Phone\Skype.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]

2010-11-25 20:32 98304 ----a-w- c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

2010-05-14 10:44 248552 ----a-w- c:\program files\Fichiers communs\Java\Java Update\jusched.exe

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\World of Warcraft\\WoW-3.2.0-frFR-downloader.exe"=

"c:\\Program Files\\World of Warcraft\\Launcher.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\MagicTune Premium\\MagicTune.exe"=

"c:\\Program Files\\Ventrilo\\Ventrilo.exe"=

"c:\\Program Files\\BitTorrent\\BitTorrent.exe"=

"c:\\Program Files\\Messenger\\Msmsgs.exe"=

"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=

"c:\\Program Files\\Call of DutyModern Warfare 2\\iw4mp.exe"=

"c:\\Program Files\\Electronic Arts\\Need for Speed Hot Pursuit\\Launcher.exe"=

"c:\\Program Files\\Electronic Arts\\Need for Speed Hot Pursuit\\NFS11.exe"=

"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=

"c:\\Program Files\\mIRC\\mirc.exe"=

"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=

"c:\\Program Files\\FileZilla FTP Client\\filezilla.exe"=

"c:\\Documents and Settings\\pitta\\Local Settings\\Apps\\2.0\\96P0O3PZ.BOZ\\4LNT281M.WD6\\curs..tion_eee711038731a406_0004.0000_efb506202a7c3b08\\CurseClient.exe"=

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724

.

R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [04/11/2010 22:24 691696]

R2 AntiVirSchedulerService;Avira AntiVir Planificateur;c:\program files\Avira\AntiVir Desktop\sched.exe [09/07/2010 10:35 108289]

R2 cpuz134;cpuz134;c:\windows\system32\drivers\cpuz134_x32.sys [19/11/2010 08:10 20328]

R2 LBeepKE;Logitech Beep Suppression Driver;c:\windows\system32\drivers\LBeepKE.sys [24/07/2010 15:53 10448]

R2 libusbd;LibUsb-Win32 - Daemon, Version 0.1.10.1;system32\libusbd-nt.exe --> system32\libusbd-nt.exe [?]

R2 NAUpdate;@c:\program files\Nero\Update\NASvc.exe,-200;c:\program files\Nero\Update\NASvc.exe [25/03/2010 15:39 490280]

R3 libusb0;LibUsb-Win32 - Kernel Driver, Version 0.1.10.1;c:\windows\system32\drivers\libusb0.sys [19/12/2010 00:40 33792]

R3 TotRec8;Total Recorder WDM audio filter driver;c:\windows\system32\drivers\TotRec8.sys [01/02/2011 02:21 91216]

S2 AMService;AMService;c:\windows\TEMP\mtiy\setup.exe run --> c:\windows\TEMP\mtiy\setup.exe run [?]

S2 gupdate;Service Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [09/07/2010 10:18 136176]

S2 pvctzzze;PCANDIS5 NDIS Protocol Helper;c:\windows\System32\svchost.exe -k netsvcs [28/08/2001 14:00 14336]

S3 Alpham;Ideazon Merc Composite Keyboard Driver;c:\windows\system32\drivers\Alpham.sys [12/03/2006 13:11 37248]

S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [30/03/2010 12:06 1684736]

S3 PS3 Media Server;PS3 Media Server;c:\program files\PS3 Media Server\win32\service\wrapper.exe [17/08/2008 10:40 217088]

S3 XPADFL02;XPAD Filter Service 02;c:\windows\system32\drivers\xPADFL02.sys [19/12/2010 00:41 27904]

.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs

pvctzzze

.

------- Examen supplémentaire -------

.

uStart Page = hxxp://www.google.com/

IE: Free YouTube to Mp3 Converter - c:\documents and settings\pitta\Application Data\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm

IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html

IE: Liens de téléchargement avec Mega Manager... - c:\program files\Megaupload\Mega Manager\mm_file.htm

IE: Post Image to Blog - c:\program files\ImageShackToolbar\ImageShackToolbar.dll/5003

IE: Tag This Image - c:\program files\ImageShackToolbar\ImageShackToolbar.dll/5002

IE: Transload Image to ImageShack - c:\program files\ImageShackToolbar\ImageShackToolbar.dll/5004

IE: Upload All Images to ImageShack - c:\program files\ImageShackToolbar\ImageShackToolbar.dll/5000

IE: Upload Image to ImageShack - c:\program files\ImageShackToolbar\ImageShackToolbar.dll/5001

FF - ProfilePath - c:\documents and settings\pitta\Application Data\Mozilla\Firefox\Profiles\gvwd237t.default\

FF - prefs.js: browser.search.defaulturl -

FF - prefs.js: browser.search.selectedEngine -

FF - prefs.js: network.proxy.type - 0

.

- - - - ORPHELINS SUPPRIMES - - - -

.

BHO-{F0921779-632A-3B6E-68C5-AE3DBE8219CB} - c:\windows\system32\jqzevvyv.dll

HKU-Default-Run-Metropolis - c:\windows\system32\sshnas21.dll

MSConfigStartUp-RGSC - c:\program files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover

Rootkit scan 2011-04-23 12:42

Windows 5.1.2600 Service Pack 3 NTFS

.

Recherche de processus cachés ...

.

Recherche d'éléments en démarrage automatique cachés ...

.

Recherche de fichiers cachés ...

.

Scan terminé avec succès

Fichiers cachés: 0

.

**************************************************************************

.

--------------------- CLES DE REGISTRE BLOQUEES ---------------------

.

[HKEY_USERS\S-1-5-21-2000478354-1085031214-725345543-1003\Software\SecuROM\License information*]

"datasecu"=hex:b8,ce,c2,17,ca,d9,70,1a,da,f2,c7,09,f9,48,07,c4,4e,a9,1b,90,ef,

95,42,e6,b1,13,58,98,d5,30,e2,35,af,85,05,ec,13,36,82,ab,14,02,78,77,2d,b9,\

"rkeysecu"=hex:ec,33,6a,53,d9,b1,5f,65,0e,15,6b,da,2a,91,c8,8f

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10p_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10p_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

--------------------- DLLs chargées dans les processus actifs ---------------------

.

- - - - - - - > 'winlogon.exe'(744)

c:\windows\system32\Ati2evxx.dll

c:\windows\system32\atiadlxx.dll

c:\program files\fichiers communs\logishrd\bluetooth\LBTWlgn.dll

.

- - - - - - - > 'explorer.exe'(2268)

c:\windows\system32\msi.dll

c:\windows\system32\ieframe.dll

c:\windows\system32\eappprxy.dll

c:\windows\system32\webcheck.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

------------------------ Autres processus actifs ------------------------

.

c:\windows\system32\Ati2evxx.exe

c:\program files\Avira\AntiVir Desktop\avguard.exe

c:\windows\system32\bgsvcgen.exe

c:\program files\Java\jre6\bin\jqs.exe

c:\windows\system32\libusbd-nt.exe

c:\program files\MagicTune Premium\MagicTuneEngine.exe

c:\program files\Fichiers communs\LogiShrd\KHAL3\KHALMNPR.EXE

c:\windows\Microsoft.NET\Framework\v2.0.50727\dfsvc.exe

c:\windows\System32\wbem\wmiapsrv.exe

c:\program files\MagicTune Premium\MagicTune.exe

c:\windows\system32\wscntfy.exe

.

**************************************************************************

.

Heure de fin: 2011-04-23 12:46:34 - La machine a redémarré

ComboFix-quarantined-files.txt 2011-04-23 10:46

.

Avant-CF: 36 189 519 872 octets libres

Après-CF: 36 126 539 776 octets libres

.

WindowsXP-KB310994-SP2-Pro-BootDisk-FRA.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

UnsupportedDebug="do not select this" /debug

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professionnel" /fastdetect /NoExecute=OptIn

.

Current=5 Default=5 Failed=4 LastKnownGood=6 Sets=1,2,3,4,5,6

- - End Of File - - A0BF933BBD5B7A415A76D03AC40DC5C5

lance_yien · le 23 avril 2011

ComboFix a bien trouvé et supprimé des choses.

Lavant-dernière étape:

Lancer OTL et copier la liste suivante (commençant par :OTL) et la coller dans l'espace sous "Personnalisation" (les : au début et le ] à la fin sont très important, merci de vérifier).

:OTL

PRC - [2011/04/22 21:18:05 | 004,772,720 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\BitTorrent\BitTorrent.exe

SRV - File not found [Auto | Stopped] -- -- (pvctzzze)

O2 - BHO: () - {F0921779-632A-3B6E-68C5-AE3DBE8219CB} - File not found

O4 - HKLM..\Run: [Adobe ARM] C:\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)

O4 - HKCU..\Run: [bitTorrent] C:\Program Files\BitTorrent\BitTorrent.exe (BitTorrent, Inc.)

[2011/04/22 02:04:47 | 000,000,336 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\18079540

[2011/04/11 15:13:18 | 000,054,016 | ---- | M] () -- C:\WINDOWS\System32\drivers\obfn.sys

@Alternate Data Stream - 717 bytes -> C:\Documents and Settings\All Users\Bureau\Call of Duty: Modern Warfare 2.lnk

:Services

AMService

pvctzzze

:Reg

:Files

C:\Documents and Settings\All Users\Application Data\18079540

C:\Documents and Settings\pitta\Application Data\Microsoft\Internet Explorer\Quick Launch\BitTorrent.lnk

C:\Program Files\BitTorrent

C:\WINDOWS\System32\drivers\obfn.sys

c:\windows\TEMP\mtiy\setup.exe

:Commands

[REBOOT]

Cliquer sur le bouton rouge Correction et laisser faire.

Si un ou plusieurs fichiers ne peuvent pas être supprimés normalement, le programme demandera de redémarrer la machine pour finir le processus, cliquer sur Oui.

A la fin un rapport s'ouvre dans le bloc-note. Copier son contenu et le coller dans une nouvelle réponse. Fermer le rapport et OTL.

>>> Mises à jour: Toute ancienne version d'un programme quel qu'il soit peut comporter des vulnérabilités susceptibles d'être exploitées pour infecter un PC:

Java: Utiliser, IMPÉRATIVEMENT, Internet Explorer pour téléchargez (sur le Bureau) la dernière version qui correspond à votre Système d'exploitation (pour toi c'est 32bits): Téléchargements Java pour tous les systèmes d'exploitation.

Avant l'installation il est important de commencer par supprimer TOUTES les anciennes versions dans votre machine parce qu'elles peuvent contenir des vulnérabilités de sécurité:
Cliquer sur "Démarrer" => "Panneau de Configuration" => "Ajout/ Suppr des Programmes".
Chercher, dans la liste les lignes concernant Java (J2SE Runtime Environment.... ) et repérables avec cette icône .
Sélectionner une ligne à la fois et cliquer sur Modifier/ Supprimer.
Quand il n'y en a plus fermez tout et installez la nouvelle version en cliquant sur le fichier que vous avez téléchargé.
Ta version de Adobe Acrobat Reader n'est pas à jour. La désinstaller, télécharger et installer la dernière version ici (Décocher la case Inclure dans votre téléchargement).

Rapports demandés:

OTL.txt

scarves · le 23 avril 2011

hum alors quand je fais la demarche OTL ça reboot tout ça mais ya pas de rapport :chpas: sinon j'ai mis à jour le reste

lance_yien · le 23 avril 2011

hum alors quand je fais la demarche OTL ça reboot tout ça mais ya pas de rapport sinon j'ai mis à jour le reste

Pas grave, tu as bien bossé, va!

>>> Supprimer les utilitaires:

- Pour supprimer ComboFix, cliquer sur Démarrer => Exécuter et saisir (ou copier/ coller) ComboFix /Uninstall (espace entre "ComboFix" et "/Uninstall"). Cliquer sur OK.

Ce qui a pour effet de supprimer ComboFix ainsi que les dossiers/ fichiers qu'il a installé et ré-initialiser les points de restauration.

- Lancer OTL et cliquer sur Purge outils. Laisser faire et redémarrer le PC.

- Pour supprimer les autres utilitaires et leur rapports, cliquer-droit dessus => "Supprimer".

>>> Ré-initialiser les Points de Restauration parce qu'elles peuvent contenir des traces d'infection:

Cliquer-droit sur "Poste de travail" => "Propriétés" => "Restauration Système". Cocher la case "désactiver..." et cliquer sur "appliquer".

Quand c'est prêt, décocher cette même case => "OK" et redémarrer le PC.

Un nouveau point de restauration sera créé.

>>> StartUpLite Il y a toujours des programmes qui se lancent INUTILEMENT en même temps que Windows.

Télécharger, sur le Bureau, MBAM' StartUpLite depuis ici.

Fermer toutes les applications en cours et autres fenêtres ouvertes et cliquer-droit sur StartUpLite.exe => "Exécuter en tant qu'administrateur" pour lancer le programme.

Il affichera toutes les entrées inutiles en démarrage automatique

Sélectionner TOUTES les entrées affichées et cliquer sur Continue.

S'il affiche "No unnecessary startups found!", c'est qu'il n'y a rien à faire.

>>> Protéger/ Sécuriser:

Vérifier le Pare-feu: Un pare-feu est le 1er rempart contre les intrusions.
- Ceux de Vista/ Windows 7 peuvent suffire, juste contrôler et activer si nécessaire depuis le "Centre de sécurité".
- Celui inclus dans Windows XP ne contrôle pas le flux sortant d'Internet d'où l'importance d'en installer un autre.
Vérifier et choisir, si nécessaire, un parmi ceux-ci (gratuits): Online Armor Firewall, Sunbelt Personal Firewall, Outpost Firewall FREE.
Contrôler et configurer les mises à jour Windows:
- Cliquer ICI et installer toutes les Mises à jour critiques après avoir accepté l'installation de l'activex (si proposé).
- OU, cliquer sur "Démarrer" => "Tous les programmes" => "Windows update".
- ET, optez (si ce n'est pas encore fait) pour une MAJ Automatique à une heure où vous êtes sûr que votre PC n'est pas éteint.
Installer PSI de Secunia pour des MAJ logiciels
Installer Mes drivers pour des MAJ pilotes (cliquer sur Lancer la détection
Utiliser PC Pitstop pour Optimiser votre PC (en anglais)
Sauvegarder le Registre avec Erunt
Pour des raisons évidentes, garder les copies de sauvegarde sur un support autre que le disque système.
Immunisez votre machine avec Spyware Blaster, compatible avec Toutes les versions de Windows 32bit et 64bit. Tuto.
Vaccinez votre machine et vos médias amovibles (clés USB...) avec MKV contre les "vers" (Autorun worms). Juste brancher tous les médias amovibles, lancer le programme et cliquer sur le bouton Vaccination (l'action est réversible en cliquant sur "Supprimer la vaccination".
Opter pour Firefox ou Opera pour la navigation de tous les jours et réserver Internet Explorer pour les Mises à jour et les cas bien spécifiques.
Nettoyer et dé-fragmenter, régulièrement, les Partitions/ Disques.

>>> Ajouter Résolu: Merci d'éditer ton 1er post pour ajouter [Résolu] à la fin du titre après avoir cliqué sur le bouton "Modifier".

Bonne chance!

scarves · le 23 avril 2011

plop

bon j'ai fait presque toutes les grandes etapes indiquées en rouge si j'ai un nouveau soucis je devrais creer un new post ? je mets resolu en attendant comme indiqué

Sinon en tout cas je te remercie pour ton aide et ta disponibilité :super: j'aurais trop galéré sinon ^^

lance_yien · le 23 avril 2011

... si j'ai un nouveau soucis je devrais creer un new post ?

Si un nouveau souci, oui. Si des questions concernant les étapes qu'on a vues, pose-les ici

Au plaisir :hello2:

Connexion

Pas encore inscrit ?

[Résolu] Virus Gomeo

Messages recommandés

scarves

lance_yien

scarves

lance_yien

scarves

lance_yien

scarves

lance_yien

scarves

lance_yien

Rejoindre la conversation

En ligne récemment 0 membre est en ligne

Zebulon

Outils en ligne

Naviguer