Aller au contenu

  • Pas encore inscrit ?

    Pourquoi ne pas vous inscrire ? C'est simple, rapide et gratuit.
    Pour en savoir plus, lisez Les avantages de l'inscription... et la Charte de Zébulon.
    De plus, les messages que vous postez en tant qu'invité restent invisibles tant qu'un modérateur ne les a pas validés. Inscrivez-vous, ce sera un gain de temps pour tout le monde, vous, les helpeurs et les modérateurs ! :wink:

[Résolu] Trojan « Police et gendarmerie nationale »

Daimonji

Par Daimonji
dans Analyses et éradication malwares

 Partager

Messages recommandés

Daimonji Member

Daimonji

Posté(e)
Posté(e) (modifié)

Bonjour,

 

Mon cousin a été infecté sur sa machine (Windows XP SP3) par le troyen 'Police & Gendarmerie Nationale', au démarrage cette fenêtre reste en permanence et bloque tout le reste.

 

J'ai été sur le forum de Malekal et ai trouvé des tutoriels mais aucun ne suffit. Je pense qu'il s'agit d'une nouvelle variante. Il m'est impossible d'accéder au mode sans échec, cela redémarre directement.

 

Par contre, j'ai quand même réussi grâce à OTLPE Live CD à contrer et rétablir un accès au système en modifiant une entrée dans la base de registre.

J'ai utilisé la procédure décrite sur ce site, la modification de la clef Shell : Trojan Fake Police / Virus Gendarmerie Nationale : violation de la loi française | malekal's site

Ainsi, Windows XP démarre avec iexplore.exe plutôt que explorer.exe. Ensuite je peux faire un Ctrl+Alt+Suppr et reprendre la main sur le système.

 

J'ai fait un nettoyage avec la dernière version de MBAM, pas suffisant : après restauration de la clef, cela ne change rien.

 

J'ai lancé un scan HiJackThis, OTL, RogueKiller, dont voici les résultats :

RogueKiller

RogueKiller V7.1.0 [15/02/2012] par Tigzy
mail: tigzyRK<at>gmail<dot>com
Remontees: [url=http://www.sur-la-toile.com/discussion-193725-1-BRogueKillerD-Remontees.html][RogueKiller] Remontées (1/46)[/url]
Blog: [url=http://tigzyrk.blogspot.com]tigzy-RK[/url]

Systeme d'exploitation: Windows XP (5.1.2600 Service Pack 3) 32 bits version
Demarrage : Mode normal
Utilisateur: jpc [Droits d'admin]
Mode: Recherche -- Date: 26/02/2012 14:46:18

¤¤¤ Processus malicieux: 0 ¤¤¤

¤¤¤ Entrees de registre: 1 ¤¤¤
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Fichiers / Dossiers particuliers: ¤¤¤

¤¤¤ Driver: [CHARGE] ¤¤¤

¤¤¤ Infection :  ¤¤¤

¤¤¤ Fichier HOSTS: ¤¤¤
127.0.0.1       localhost


¤¤¤ MBR Verif: ¤¤¤

+++++ PhysicalDrive0: Maxtor 6Y080P0 +++++
--- User ---
[MBR] a90037b1ac83c9a12f5c2a15f6341336
[bSP] e941599663db3ad65f77199feae7bf94 : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 78152 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive1: JetFlash Transcend 8GB USB Device +++++
--- User ---
[MBR] 44fb843f8b40b3599cd4acba4bc94ee3
[bSP] 5e688568501bfa863563159b61a17483 : MBR Code unknown
Partition table:
0 - [ACTIVE] FAT32 (0x0b) [VISIBLE] Offset (sectors): 2048 | Size: 7649 Mo
User = LL1 ... OK!
Error reading LL2 MBR!

Termine : << RKreport[1].txt >>
RKreport[1].txt

HJT

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:37:12, on 26/02/2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.17108)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Fichiers communs\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
C:\Program Files\Fichiers communs\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\taskmgr.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = [url=http://g.msn.fr/0SEFRFR/SAOS02]Bing[/url]
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [url=http://www.sfr.fr/kit/adsl/]Portail SFR: Actualités, Sport, Info, TV, Jeux et musique[/url]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [url=http://go.microsoft.com/fwlink/?LinkId=69157]MSN Hotmail.fr, Messenger, Actualité, Sport, People, Femmes - MSN France[/url]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [url=http://go.microsoft.com/fwlink/?LinkId=54896]Bing[/url]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [url=http://go.microsoft.com/fwlink/?LinkId=69157]MSN Hotmail.fr, Messenger, Actualité, Sport, People, Femmes - MSN France[/url]
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
F2 - REG:system.ini: Shell=iexplore.exe
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O2 - BHO: Aide à la navigation SFR - {0F6E720A-1A6B-40E1-A294-1D4D19F156C8} - C:\Program Files\SFR\Kit\SFRNavErrorHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O3 - Toolbar: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe"
O4 - HKLM\..\Run: [intelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [ArcSoft Connection Service] C:\Program Files\Fichiers communs\ArcSoft\Connection Service\Bin\ACDaemon.exe
O4 - HKLM\..\Run: [EEventManager] "C:\Program Files\Epson Software\Event Manager\EEventManager.exe"
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [EPSON SX218 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIGDE.EXE /FU "C:\WINDOWS\TEMP\E_S125.tmp" /EF "HKCU"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: hp psc 2000 Series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
O4 - Global Startup: hpoddt01.exe.lnk = ?
O8 - Extra context menu item: Download with GetRight - C:\Program Files\GetRight\GRdownload.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\GetRight\GRbrowse.htm
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - [url=http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab][url=http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab][url=http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab][url=http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab][url=http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab][url=http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab]http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab[/url][/url][/url][/url][/url][/url]
O23 - Service: ABBYY FineReader 9.0 Sprint Licensing Service (ABBYY.Licensing.FineReader.Sprint.9.0) - ABBYY - C:\Program Files\Fichiers communs\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files\Fichiers communs\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: Service Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Service Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LMIGuardianSvc - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe
O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

--
End of file - 8057 bytes

OTL

OTL logfile created on: 2/26/2012 4:18:00 PM - Run 
OTLPE by OldTimer - Version 3.1.48.0     Folder = X:\Programs\OTLPE
Microsoft Windows XP Service Pack 3 (Version = 5.1.2600) - Type = SYSTEM
Internet Explorer (Version = 7.0.5730.13)
Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy

511.00 Mb Total Physical Memory | 315.00 Mb Available Physical Memory | 62.00% Memory free
459.00 Mb Paging File | 340.00 Mb Available in Paging File | 74.00% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 76.32 Gb Total Space | 34.50 Gb Free Space | 45.20% Space Free | Partition Type: NTFS
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet003

[color=#E56717]========== Win32 Services (SafeList) ==========[/color]

SRV - [2012/02/06 13:07:58 | 000,136,584 | ---- | M] (LogMeIn, Inc.) [Auto] -- C:\Program Files\LogMeIn\x86\RaMaint.exe -- (LMIMaint)
SRV - [2012/02/06 13:07:49 | 000,374,152 | ---- | M] (LogMeIn, Inc.) [Auto] -- C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe -- (LMIGuardianSvc)
SRV - [2011/03/23 03:25:40 | 000,311,744 | ---- | M] (CybelSoft) [On_Demand] -- C:\Program Files\ma-config.com\maconfservice.exe -- (maconfservice)
SRV - [2010/12/08 05:26:01 | 000,390,528 | ---- | M] (LogMeIn, Inc.) [Auto] -- C:\Program Files\LogMeIn\x86\LogMeIn.exe -- (LogMeIn)
SRV - [2010/03/18 04:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto] -- C:\Program Files\Fichiers communs\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2009/08/05 13:26:21 | 000,185,089 | ---- | M] (Avira GmbH) [Auto] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2009/06/09 09:24:33 | 000,108,289 | ---- | M] (Avira GmbH) [Auto] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2009/05/14 10:07:14 | 000,759,048 | ---- | M] (ABBYY) [Auto] -- C:\Program Files\Fichiers communs\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe -- (ABBYY.Licensing.FineReader.Sprint.9.0)
SRV - [2005/06/23 09:27:31 | 000,054,784 | ---- | M] (Macrovision) [Auto] -- C:\WINDOWS\system32\drivers\CDAC11BA.EXE -- (C-DillaCdaC11BA)
SRV - [2003/07/28 13:28:22 | 000,089,136 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2003/06/19 16:25:00 | 000,322,120 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE -- (MDM)
SRV - [2003/03/08 23:31:02 | 000,065,795 | R--- | M] (HP) [On_Demand] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)


[color=#E56717]========== Driver Services (SafeList) ==========[/color]

DRV - File not found [Kernel | On_Demand] --  -- (WDICA)
DRV - File not found [Kernel | On_Demand] --  -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand] --  -- (PDRELI)
DRV - File not found [Kernel | On_Demand] --  -- (PDFRAME)
DRV - File not found [Kernel | On_Demand] --  -- (PDCOMP)
DRV - File not found [Kernel | System] --  -- (PCIDump)
DRV - File not found [Kernel | On_Demand] --  -- (NTACCESS)
DRV - File not found [Kernel | System] --  -- (lbrtfdc)
DRV - File not found [Kernel | System] --  -- (i2omgmt)
DRV - File not found [Kernel | On_Demand] --  -- (GMSIPCI)
DRV - File not found [Kernel | On_Demand] --  -- (ctdvda2k)
DRV - File not found [Kernel | System] --  -- (Changer)
DRV - File not found [Kernel | Boot] --  -- (aslkgck)
DRV - [2012/02/06 13:07:50 | 000,083,360 | ---- | M] (LogMeIn, Inc.) [File_System | Disabled] -- C:\WINDOWS\System32\LMIRfsClientNP.dll -- (LMIRfsClientNP)
DRV - [2010/08/30 04:19:54 | 000,014,336 | ---- | M] (CybelSoft) [Kernel | On_Demand] -- C:\Program Files\ma-config.com\Drivers\driverhardwarev2.sys -- (driverhardwarev2)
DRV - [2009/12/08 14:58:16 | 000,056,816 | ---- | M] (Avira GmbH) [File_System | Auto] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2009/06/09 09:24:33 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009/04/28 06:40:17 | 000,096,104 | ---- | M] (Avira GmbH) [Kernel | System] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2009/03/25 07:29:52 | 000,130,432 | ---- | M] (Realtek Semiconductor Corporation                           ) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\Rtnicxp.sys -- (RTL8023xp)
DRV - [2009/02/13 16:38:19 | 000,064,160 | ---- | M] (Lavasoft AB) [File_System | Boot] -- C:\WINDOWS\system32\drivers\Lbd.sys -- (Lbd)
DRV - [2009/02/13 05:35:05 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2008/07/24 12:46:12 | 000,012,856 | ---- | M] (LogMeIn, Inc.) [Kernel | Auto] -- C:\Program Files\LogMeIn\x86\rainfo.sys -- (LMIInfo)
DRV - [2008/07/24 12:46:10 | 000,047,640 | ---- | M] (LogMeIn, Inc.) [File_System | Auto] -- C:\WINDOWS\system32\drivers\LMIRfsDriver.sys -- (LMIRfsDriver)
DRV - [2008/04/13 04:45:30 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2006/11/10 08:05:00 | 000,018,688 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\afc.sys -- (Afc)
DRV - [2006/05/23 08:05:36 | 000,039,936 | ---- | M] (MICRO-STAR INT'L CO., LTD.) [Kernel | On_Demand] -- C:\Program Files\MSI\Core Center\RushTop.sys -- (RushTopDevice)
DRV - [2005/06/23 09:27:29 | 000,012,464 | ---- | M] (Macrovision Europe Ltd) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\CdaC15BA.SYS -- (CdaC15BA)
DRV - [2004/11/07 10:58:47 | 000,082,380 | ---- | M] (Oak Technology Inc.) [Kernel | System] -- C:\WINDOWS\System32\drivers\AFS2K.SYS -- (AFS2K)
DRV - [2003/12/30 22:58:46 | 000,069,504 | R--- | M] (Realtek Semiconductor Corporation                           ) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\Rtlnic51.sys -- (RTL8023)
DRV - [2003/10/14 20:53:20 | 000,186,100 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\CTAC32K.SYS -- (ctac32k)
DRV - [2003/09/18 20:47:22 | 000,496,800 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ctaud2k.sys -- (ctaud2k) Creative Audio Driver (WDM)
DRV - [2003/08/28 03:24:36 | 000,145,504 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\EMUPIA2K.SYS -- (emupia)
DRV - [2003/08/28 03:24:24 | 000,136,448 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\CTSFM2K.SYS -- (ctsfm2k)
DRV - [2003/08/28 03:24:08 | 000,006,144 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\CTPRXY2K.SYS -- (ctprxy2k)
DRV - [2003/08/28 03:24:06 | 000,113,840 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ctoss2k.sys -- (ossrv)
DRV - [2003/08/28 03:22:20 | 000,135,696 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\HAP16V2K.SYS -- (hap16v2k)
DRV - [2003/08/28 03:22:04 | 000,823,456 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ha10kx2k.sys -- (ha10kx2k)
DRV - [2001/08/17 15:19:20 | 000,003,712 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ctljystk.sys -- (ctljystk)


[color=#E56717]========== Standard Registry (SafeList) ==========[/color]


[color=#E56717]========== Internet Explorer ==========[/color]

IE - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = [url=http://www.google.com/ie][url=http://www.google.com/ie][url=http://www.google.com/ie][url=http://www.google.com/ie][url=http://www.google.com/ie][url=http://www.google.com/ie]http://www.google.com/ie[/url][/url][/url][/url][/url][/url]


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\Administrateur_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\jpc_ON_C\Software\Microsoft\Internet Explorer\Main,Search Page = [url=http://home.microsoft.com/access/allinone.asp]MSN Hotmail.fr, Messenger, Actualité, Sport, People, Femmes - MSN France[/url]
IE - HKU\jpc_ON_C\Software\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKU\jpc_ON_C\Software\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = [url=http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8]{searchTerms} - Recherche Google[/url]
IE - HKU\jpc_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = [url=http://www.sfr.fr/kit/adsl/]Portail SFR: Actualités, Sport, Info, TV, Jeux et musique[/url]
IE - HKU\jpc_ON_C\Software\Microsoft\Internet Explorer\Search,SearchAssistant = [url=http://www.google.com/ie][url=http://www.google.com/ie][url=http://www.google.com/ie][url=http://www.google.com/ie][url=http://www.google.com/ie][url=http://www.google.com/ie]http://www.google.com/ie[/url][/url][/url][/url][/url][/url]
IE - HKU\jpc_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0





FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@ma-config.com/HardwareDetection: C:\Program Files\ma-config.com\nphardwaredetection.dll (Cybelsoft)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.10:  File not found
FF - HKLM\Software\MozillaPlugins\@zylom.com/ZylomGamesPlayer: C:\Documents and Settings\All Users\Application Data\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll (Zylom)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/02/17 10:02:27 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/04/02 06:38:33 | 000,000,000 | ---D | M]

[2011/11/10 06:26:32 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/02/17 10:02:27 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/02/02 14:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2006/09/26 06:03:14 | 000,098,304 | ---- | M] (Zylom) -- C:\Program Files\mozilla firefox\plugins\npzylomgamesplayer.dll
[2011/10/08 05:53:35 | 000,001,516 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-france.xml
[2011/10/08 05:53:35 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/10/08 05:53:35 | 000,001,822 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\cnrtl-tlfi-fr.xml
[2011/10/08 05:53:35 | 000,001,154 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-france.xml
[2010/02/23 12:12:44 | 000,000,748 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\MediaDICO-fr.xml
[2011/10/08 05:53:35 | 000,001,426 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-fr.xml
[2011/10/08 05:53:35 | 000,000,956 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-france.xml

O1 HOSTS File: ([2001/08/28 11:00:00 | 000,000,790 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (Yahoo! Companion BHO) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll (Yahoo! Inc.)
O2 - BHO: (Objet d'aide à la navigation SFR) - {0F6E720A-1A6B-40E1-A294-1D4D19F156C8} - C:\Program Files\SFR\Kit\SFRNavErrorHelper.dll (SFR)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
O3 - HKLM\..\Toolbar: (Yahoo! Companion) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll (Yahoo! Inc.)
O3 - HKU\jpc_ON_C\..\Toolbar\WebBrowser: (Yahoo! Companion) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files\Fichiers communs\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [CTHelper] C:\WINDOWS\System32\CTHELPER.EXE (Creative Technology Ltd)
O4 - HKLM..\Run: [EEventManager] C:\Program Files\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [Jet Detection] C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe ()
O4 - HKLM..\Run: [KernelFaultCheck]  File not found
O4 - HKLM..\Run: [LogMeIn GUI] C:\Program Files\LogMeIn\x86\LogMeInSystray.exe (LogMeIn, Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [sunJavaUpdateSched] C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - HKU\jpc_ON_C..\Run: [EPSON SX218 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIGDE.EXE (SEIKO EPSON CORPORATION)
O4 - Startup: C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\hp psc 2000 Series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe (Hewlett-Packard Co.)
O4 - Startup: C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\hpoddt01.exe.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe (Hewlett-Packard)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Administrateur_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\jpc_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\LocalService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\LogMeInRemoteUser_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\NetworkService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} [url=http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab][url=http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab][url=http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab][url=http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab][url=http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab][url=http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab]http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab[/url][/url][/url][/url][/url][/url] (Shockwave ActiveX Control)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} [url=http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab][url=http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab][url=http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab][url=http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab][url=http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab][url=http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab]http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab[/url][/url][/url][/url][/url][/url] (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} [url=http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab][url=http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab][url=http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab][url=http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab][url=http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab][url=http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab]http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab[/url][/url][/url][/url][/url][/url] (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} [url=http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab][url=http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab][url=http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab][url=http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab][url=http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab][url=http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab]http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab[/url][/url][/url][/url][/url][/url] (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [url=http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab][url=http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab][url=http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab][url=http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab][url=http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab][url=http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab]http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab[/url][/url][/url][/url][/url][/url] (Java Plug-in 1.6.0_24)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} [url=http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab][url=http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab][url=http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab][url=http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab][url=http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab][url=http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab]http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab[/url][/url][/url][/url][/url][/url] (Shockwave Flash Object)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Fichiers communs\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Fichiers communs\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Fichiers communs\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (iexplore.exe) -  File not found
O20 - Winlogon\Notify\LMIinit: DllName - LMIinit.dll - C:\WINDOWS\System32\LMIinit.dll (LogMeIn, Inc.)
O30 - LSA: Authentication Packages - (C:\WINDOWS\system32\tuvUNeed) -  File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/09/04 08:37:28 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2006/03/24 06:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]

[2012/02/26 09:38:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jpc\Menu Démarrer\Programmes\HiJackThis
[2012/02/26 09:38:35 | 000,000,000 | ---D | C] -- C:\Program Files\HiJackThis_2.0.4
[2012/02/26 09:36:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis
[2012/02/26 09:36:52 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2012/02/26 08:48:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jpc\Mes documents\_20120225_Intervention_
[2012/02/26 08:46:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jpc\Bureau\RK_Quarantine
[2012/02/26 08:43:46 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\NtmsData
[2012/02/26 08:23:42 | 000,021,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hidserv.dll
[2012/02/26 08:23:32 | 000,014,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdhid.sys
[2012/02/25 11:52:26 | 001,037,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
[2012/02/13 14:11:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\XPSViewer
[2012/02/13 14:11:49 | 000,000,000 | ---D | C] -- C:\Program Files\MSBuild
[2012/02/13 14:11:46 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\en-US
[2012/02/13 14:11:37 | 000,000,000 | ---D | C] -- C:\Program Files\Reference Assemblies
[2012/02/13 14:10:47 | 000,597,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\printfilterpipelinesvc.exe
[2012/02/13 14:10:47 | 000,117,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\prntvpt.dll
[2012/02/13 14:10:47 | 000,089,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\filterpipelineprintproc.dll
[2012/02/13 14:10:46 | 001,676,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xpssvcs.dll
[2012/02/13 14:10:46 | 001,676,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\xpssvcs.dll
[2012/02/13 14:10:46 | 000,575,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\xpsshhdr.dll
[2012/02/13 14:10:46 | 000,000,000 | ---D | C] -- C:\68c0086ac2c577a923
[2012/02/12 11:44:21 | 000,000,000 | R-SD | C] -- C:\WINDOWS\assembly
[2012/02/12 11:42:24 | 000,000,000 | ---D | C] -- C:\WINDOWS\Microsoft.NET
[2004/09/04 09:41:09 | 000,065,536 | ---- | C] ( ) -- C:\WINDOWS\System32\a3d.dll
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]

[2012/02/26 09:47:28 | 000,024,144 | ---- | M] () -- C:\WINDOWS\System32\BMXCtrlState-{00000002-00000000-00000001-00001102-00000002-100A1102}.rfx
[2012/02/26 09:47:28 | 000,024,144 | ---- | M] () -- C:\WINDOWS\System32\BMXBkpCtrlState-{00000002-00000000-00000001-00001102-00000002-100A1102}.rfx
[2012/02/26 09:47:28 | 000,016,376 | ---- | M] () -- C:\WINDOWS\System32\BMXStateBkp-{00000002-00000000-00000001-00001102-00000002-100A1102}.rfx
[2012/02/26 09:47:28 | 000,016,376 | ---- | M] () -- C:\WINDOWS\System32\BMXState-{00000002-00000000-00000001-00001102-00000002-100A1102}.rfx
[2012/02/26 09:47:28 | 000,001,080 | ---- | M] () -- C:\WINDOWS\System32\settingsbkup.sfm
[2012/02/26 09:47:28 | 000,001,080 | ---- | M] () -- C:\WINDOWS\System32\settings.sfm
[2012/02/26 09:47:28 | 000,000,288 | ---- | M] () -- C:\WINDOWS\System32\DVCStateBkp-{00000002-00000000-00000001-00001102-00000002-100A1102}.dat
[2012/02/26 09:47:28 | 000,000,288 | ---- | M] () -- C:\WINDOWS\System32\DVCState-{00000002-00000000-00000001-00001102-00000002-100A1102}.dat
[2012/02/26 09:47:26 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/02/26 09:42:13 | 000,001,050 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/02/26 09:38:36 | 000,002,014 | ---- | M] () -- C:\Documents and Settings\jpc\Bureau\HiJackThis.lnk
[2012/02/26 09:36:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis
[2012/02/26 09:18:59 | 000,000,308 | ---- | M] () -- C:\WINDOWS\tasks\GlaryInitialize.job
[2012/02/26 09:18:57 | 000,001,046 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/02/26 08:51:12 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\Malwarebytes Anti-Malware.lnk
[2012/02/26 08:51:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Malwarebytes' Anti-Malware
[2012/02/26 03:01:51 | 003,375,239 | ---- | M] () -- C:\WINDOWS\{00000002-00000000-00000001-00001102-00000002-100A1102}.CDF
[2012/02/26 03:01:51 | 003,375,239 | ---- | M] () -- C:\WINDOWS\{00000002-00000000-00000001-00001102-00000002-100A1102}.BAK
[2012/02/25 11:52:26 | 001,037,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
[2012/02/25 11:38:33 | 000,397,406 | ---- | M] () -- C:\WINDOWS\explorer.exe.tar.bz2
[2012/02/24 16:38:00 | 000,000,512 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2012/02/23 14:57:56 | 000,000,155 | ---- | M] () -- C:\WINDOWS\winamp.ini
[2012/02/23 10:32:56 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/02/17 04:06:42 | 000,244,720 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/02/16 15:00:10 | 000,497,138 | ---- | M] () -- C:\WINDOWS\System32\perfh00C.dat
[2012/02/16 15:00:10 | 000,429,110 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/02/16 15:00:10 | 000,078,876 | ---- | M] () -- C:\WINDOWS\System32\perfc00C.dat
[2012/02/16 15:00:10 | 000,066,060 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/02/16 14:50:52 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012/02/16 13:46:46 | 000,001,813 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\Google Chrome.lnk
[2012/02/14 12:00:06 | 000,216,768 | ---- | M] () -- C:\Documents and Settings\jpc\Mes documents\Point à point - Points à relier de Star Wars.mdi
[2012/02/14 11:52:50 | 000,196,432 | ---- | M] () -- C:\Documents and Settings\jpc\Mes documents\Point à point - points à relier de Gardfield.mdi
[2012/02/14 11:36:39 | 000,138,732 | ---- | M] () -- C:\Documents and Settings\jpc\Mes documents\Point à point - Points à relier de cerf volant0001.mdi
[2012/02/14 11:36:04 | 000,138,802 | ---- | M] () -- C:\Documents and Settings\jpc\Mes documents\Point à point - Points à relier de cerf volant.mdi
[2012/02/13 13:55:17 | 000,017,920 | ---- | M] () -- C:\Documents and Settings\jpc\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/02/12 08:15:14 | 000,082,618 | ---- | M] () -- C:\Documents and Settings\jpc\Mes documents\SFR Mail - Impression d'un message0012.mdi
[2012/02/12 04:44:36 | 000,012,326 | ---- | M] () -- C:\Documents and Settings\jpc\Mes documents\SFR Mail - Impression d'un message0011.mdi
[2012/02/11 11:29:19 | 000,074,524 | ---- | M] () -- C:\Documents and Settings\jpc\Mes documents\Le bonnet tricoté en laine - Magic-Maison.mdi
[2012/02/08 13:48:49 | 000,082,360 | ---- | M] () -- C:\Documents and Settings\jpc\Mes documents\SFR Mail - Impression d'un message0010.mdi
[2012/02/08 13:48:41 | 000,082,698 | ---- | M] () -- C:\Documents and Settings\jpc\Mes documents\SFR Mail - Impression d'un message0009.mdi
[2012/02/08 13:41:16 | 000,082,334 | ---- | M] () -- C:\Documents and Settings\jpc\Mes documents\SFR Mail - Impression d'un message0008.mdi
[2012/02/08 13:40:28 | 000,082,334 | ---- | M] () -- C:\Documents and Settings\jpc\Mes documents\SFR Mail - Impression d'un message0007.mdi
[2012/02/08 13:40:13 | 000,082,660 | ---- | M] () -- C:\Documents and Settings\jpc\Mes documents\SFR Mail - Impression d'un message0006.mdi
[2012/02/06 13:58:52 | 000,000,719 | ---- | M] () -- C:\Documents and Settings\All Users\Menu Démarrer\Programmes\LogMeIn.lnk
[2012/02/06 13:07:50 | 000,083,360 | ---- | M] (LogMeIn, Inc.) -- C:\WINDOWS\System32\LMIRfsClientNP.dll
[2012/02/06 13:07:49 | 000,087,424 | ---- | M] (LogMeIn, Inc.) -- C:\WINDOWS\System32\LMIinit.dll
[2012/02/06 13:07:49 | 000,030,592 | ---- | M] (LogMeIn, Inc.) -- C:\WINDOWS\System32\LMIport.dll
[2012/02/01 06:08:24 | 000,578,046 | ---- | M] () -- C:\Documents and Settings\jpc\Mes documents\Recette de quiche aux poireaux.mdi
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

[color=#E56717]========== Files Created - No Company Name ==========[/color]

[2012/02/26 09:36:53 | 000,002,014 | ---- | C] () -- C:\Documents and Settings\jpc\Bureau\HiJackThis.lnk
[2012/02/26 08:51:12 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\Malwarebytes Anti-Malware.lnk
[2012/02/25 11:38:26 | 000,397,406 | ---- | C] () -- C:\WINDOWS\explorer.exe.tar.bz2
[2012/02/16 05:10:10 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012/02/16 05:10:10 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\dllcache\iacenc.dll
[2012/02/14 12:00:06 | 000,216,768 | ---- | C] () -- C:\Documents and Settings\jpc\Mes documents\Point à point - Points à relier de Star Wars.mdi
[2012/02/14 11:52:48 | 000,196,432 | ---- | C] () -- C:\Documents and Settings\jpc\Mes documents\Point à point - points à relier de Gardfield.mdi
[2012/02/14 11:36:39 | 000,138,732 | ---- | C] () -- C:\Documents and Settings\jpc\Mes documents\Point à point - Points à relier de cerf volant0001.mdi
[2012/02/14 11:36:03 | 000,138,802 | ---- | C] () -- C:\Documents and Settings\jpc\Mes documents\Point à point - Points à relier de cerf volant.mdi
[2012/02/12 08:15:13 | 000,082,618 | ---- | C] () -- C:\Documents and Settings\jpc\Mes documents\SFR Mail - Impression d'un message0012.mdi
[2012/02/12 04:44:35 | 000,012,326 | ---- | C] () -- C:\Documents and Settings\jpc\Mes documents\SFR Mail - Impression d'un message0011.mdi
[2012/02/11 11:29:17 | 000,074,524 | ---- | C] () -- C:\Documents and Settings\jpc\Mes documents\Le bonnet tricoté en laine - Magic-Maison.mdi
[2012/02/08 13:48:49 | 000,082,360 | ---- | C] () -- C:\Documents and Settings\jpc\Mes documents\SFR Mail - Impression d'un message0010.mdi
[2012/02/08 13:48:38 | 000,082,698 | ---- | C] () -- C:\Documents and Settings\jpc\Mes documents\SFR Mail - Impression d'un message0009.mdi
[2012/02/08 13:41:27 | 000,082,334 | ---- | C] () -- C:\Documents and Settings\jpc\Mes documents\SFR Mail - Impression d'un message0008.mdi
[2012/02/08 13:40:26 | 000,082,334 | ---- | C] () -- C:\Documents and Settings\jpc\Mes documents\SFR Mail - Impression d'un message0007.mdi
[2012/02/08 13:40:12 | 000,082,660 | ---- | C] () -- C:\Documents and Settings\jpc\Mes documents\SFR Mail - Impression d'un message0006.mdi
[2012/02/01 06:08:17 | 000,578,046 | ---- | C] () -- C:\Documents and Settings\jpc\Mes documents\Recette de quiche aux poireaux.mdi
[2011/09/16 15:43:37 | 000,000,000 | ---- | C] () -- C:\WINDOWS\EEventManager.INI
[2011/04/02 08:14:10 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\RtNicProp32.dll
[2010/10/17 11:11:18 | 000,000,045 | ---- | C] () -- C:\Documents and Settings\jpc\.edu.xtec.properties
[2009/02/13 16:01:39 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2009/01/11 14:04:53 | 001,298,592 | -HS- | C] () -- C:\WINDOWS\System32\mkksqvsy.ini
[2009/01/10 07:18:03 | 001,298,592 | -HS- | C] () -- C:\WINDOWS\System32\nmvcvreu.ini
[2009/01/08 11:09:26 | 001,298,588 | -HS- | C] () -- C:\WINDOWS\System32\yiwdxcjy.ini
[2008/11/26 11:08:25 | 000,000,059 | ---- | C] () -- C:\WINDOWS\System32\netwbix32.dll
[2008/10/27 12:17:31 | 001,051,828 | -HS- | C] () -- C:\WINDOWS\System32\nicxfjkh.ini
[2007/05/09 09:08:19 | 000,000,118 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2006/06/10 12:52:56 | 000,217,088 | ---- | C] () -- C:\WINDOWS\NVGfxOgl.dll
[2006/06/10 12:49:51 | 000,006,702 | ---- | C] () -- C:\WINDOWS\System32\drivers\FlashSys.sys
[2006/04/22 07:51:07 | 000,000,012 | ---- | C] () -- C:\Documents and Settings\jpc\intlname.ols
[2005/11/30 11:08:59 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2005/07/30 10:19:58 | 000,000,027 | ---- | C] () -- C:\WINDOWS\mscpt.dat
[2005/03/11 11:02:57 | 000,446,464 | ---- | C] () -- C:\WINDOWS\System32\Tx32.dll
[2005/03/11 11:02:57 | 000,000,151 | ---- | C] () -- C:\WINDOWS\System32\ic32.ini
[2005/02/19 12:56:57 | 000,000,016 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2004/11/07 10:46:35 | 000,020,458 | ---- | C] () -- C:\WINDOWS\hpoins01.dat
[2004/11/07 10:46:35 | 000,016,622 | ---- | C] () -- C:\WINDOWS\hpomdl01.dat
[2004/11/06 11:19:18 | 000,000,035 | ---- | C] () -- C:\WINDOWS\TZSOFT.INI
[2004/10/10 05:08:59 | 000,000,560 | ---- | C] () -- C:\Program Files\Global.sw
[2004/09/19 04:13:39 | 000,000,000 | ---- | C] () -- C:\WINDOWS\distlib.ini
[2004/09/18 03:35:48 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\srkey.exe
[2004/09/18 03:27:36 | 000,004,096 | ---- | C] () -- C:\WINDOWS\d3dx.dat
[2004/09/17 10:17:48 | 000,000,162 | ---- | C] () -- C:\WINDOWS\MYSTM.INI
[2004/09/17 10:07:11 | 000,000,060 | ---- | C] () -- C:\WINDOWS\NAVIGMA.INI
[2004/09/09 13:04:51 | 000,000,027 | ---- | C] () -- C:\WINDOWS\popcinfo.dat
[2004/09/04 11:32:31 | 000,017,920 | ---- | C] () -- C:\Documents and Settings\jpc\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2004/09/04 11:02:15 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\pxhpinst.exe
[2004/09/04 11:02:08 | 000,000,155 | ---- | C] () -- C:\WINDOWS\winamp.ini
[2004/09/04 10:21:05 | 000,004,205 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004/09/04 10:19:57 | 000,244,720 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2004/09/04 10:17:19 | 000,000,288 | ---- | C] () -- C:\WINDOWS\System32\DVCStateBkp-{00000002-00000000-00000001-00001102-00000002-100A1102}.dat
[2004/09/04 10:17:19 | 000,000,288 | ---- | C] () -- C:\WINDOWS\System32\DVCState-{00000002-00000000-00000001-00001102-00000002-100A1102}.dat
[2004/09/04 09:54:44 | 000,000,385 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2004/09/04 09:42:21 | 000,000,128 | ---- | C] () -- C:\WINDOWS\SBWIN.INI
[2004/09/04 09:42:19 | 000,000,231 | ---- | C] () -- C:\WINDOWS\AC3API.INI
[2004/09/04 09:42:18 | 001,048,576 | ---- | C] () -- C:\WINDOWS\System32\SFMAN.DAT
[2004/09/04 09:41:27 | 000,035,972 | ---- | C] () -- C:\WINDOWS\System32\Emu10kx.ini
[2004/09/04 09:41:27 | 000,000,029 | ---- | C] () -- C:\WINDOWS\System32\ctzapxx.ini
[2004/09/04 09:41:20 | 000,251,970 | ---- | C] () -- C:\WINDOWS\System32\ctstatic.dat
[2004/09/04 09:41:20 | 000,189,704 | ---- | C] () -- C:\WINDOWS\System32\ctdlang.dat
[2004/09/04 09:41:20 | 000,142,968 | ---- | C] () -- C:\WINDOWS\System32\CTBAS2W.DAT
[2004/09/04 09:41:20 | 000,115,322 | ---- | C] () -- C:\WINDOWS\System32\ctbasicw.dat
[2004/09/04 09:41:20 | 000,053,674 | ---- | C] () -- C:\WINDOWS\System32\ctdaught.dat
[2004/09/04 09:41:18 | 000,184,320 | ---- | C] () -- C:\WINDOWS\PSCONV.EXE
[2004/09/04 09:41:18 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\REGPLIB.EXE
[2004/09/04 09:41:17 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\KILLAPPS.EXE
[2004/09/04 09:41:17 | 000,005,515 | ---- | C] () -- C:\WINDOWS\System32\ENSDEF.INI
[2004/09/04 09:41:17 | 000,000,192 | ---- | C] () -- C:\WINDOWS\System32\KILL.INI
[2004/09/04 08:40:22 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2004/09/04 08:33:50 | 000,021,892 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2004/08/03 20:08:26 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/08/02 09:20:40 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2003/04/01 03:58:02 | 000,005,260 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2003/03/30 07:02:45 | 000,684,032 | ---- | C] () -- C:\WINDOWS\System32\xvid.dll
[2003/03/08 23:31:04 | 000,561,152 | ---- | C] () -- C:\WINDOWS\System32\hpotscl.dll
[2001/08/28 11:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2001/08/28 11:00:00 | 000,497,138 | ---- | C] () -- C:\WINDOWS\System32\perfh00C.dat
[2001/08/28 11:00:00 | 000,429,110 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2001/08/28 11:00:00 | 000,322,810 | ---- | C] () -- C:\WINDOWS\System32\perfi00C.dat
[2001/08/28 11:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2001/08/28 11:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2001/08/28 11:00:00 | 000,078,876 | ---- | C] () -- C:\WINDOWS\System32\perfc00C.dat
[2001/08/28 11:00:00 | 000,066,060 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2001/08/28 11:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2001/08/28 11:00:00 | 000,034,108 | ---- | C] () -- C:\WINDOWS\System32\perfd00C.dat
[2001/08/28 11:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2001/08/28 11:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2001/08/23 13:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2001/08/23 13:00:00 | 000,004,463 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2001/01/22 15:02:21 | 000,282,112 | ---- | C] () -- C:\WINDOWS\System32\cncs232.dll

[color=#E56717]========== LOP Check ==========[/color]

[2005/08/22 08:53:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jpc\Application Data\Anuman Interactive
[2011/09/23 05:50:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jpc\Application Data\Epson
[2009/03/23 15:12:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jpc\Application Data\FileZilla
[2009/01/28 10:10:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jpc\Application Data\flightgear.org
[2009/01/29 07:26:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jpc\Application Data\fltk.org
[2011/04/02 07:37:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jpc\Application Data\GlarySoft
[2005/08/22 08:50:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jpc\Application Data\InterTrust
[2011/08/07 08:59:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jpc\Application Data\Zoner
[2009/08/01 14:03:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jpc\Application Data\Zylom
[2005/07/10 04:39:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BOONTY
[2011/09/16 10:38:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EPSON
[2012/02/26 03:01:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LogMeIn
[2011/04/02 08:05:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ma-config.com
[2009/02/13 16:16:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2011/09/16 10:54:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\UDL
[2009/08/01 14:03:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Zylom
[2012/02/24 16:38:00 | 000,000,512 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job
[2005/03/16 10:59:42 | 000,000,338 | ---- | M] () -- C:\WINDOWS\Tasks\FRU Task #Hewlett-Packard#hp psc 2170 series#1099843140.job
[2012/02/26 09:18:59 | 000,000,308 | ---- | M] () -- C:\WINDOWS\Tasks\GlaryInitialize.job

[color=#E56717]========== Purity Check ==========[/color]


< End of report >

 

Avez-vous une piste ?

 

Merci à ceux qui pourront m'aider.

Daimonji

Modifié par Daimonji

Apollo Devil Member !

Apollo

Posté(e)
Posté(e)

Bonsoir,

 

Si tu as déjà exploré les pistes chez malekal, il n'y a plus tellement de soluces possibles. Cette saleté évolue sans cesse. :evil:

 

Néanmoins, deux possibilités: dans la première, tu saisis le numéro d'appel (de la capture) dans le champ de la page Kaspersky puis tu cliques sur le bouton Get the code et une ou deux suggestions de désinfection sera (ont) proposée(s): Remove banner from Desktop, unlock Windows Cela devrait te proposer TDSSKiller et Kaspersky Virus Removal Tool ou Rescue Disk.

 

Autre solution: The Kaspersky WindowsUnlocker utility to fight ransom malware

 

C'est une merde très difficile à liquider. Cela provient d'applications jamais à jour; comme quoi les mises à jour sont ultra-importantes. (système, java, flash player, etc.)

 

Bon courage ;)

 

@++

Daimonji Member

Daimonji

Posté(e)
  • Auteur
Posté(e)

Cela m'étonne car le système est pourtant plutôt à jour : mises à jour de Windows XP installées automatiquement, scan régulier avec MBAM, ...

 

Je vais voir les autres pistes que tu proposes.

 

Merci,

Daimonji

Apollo Devil Member !

Apollo

Posté(e)
Posté(e)

Salut,

 

Content pour toi mais fais très attention aux sites de téléchargements de films ou de streaming, souvent piégeux...

 

@++

  • Modérateurs
Dylav Devil Member !

Dylav

Posté(e)
  • Modérateurs
Posté(e)

Bonjour Daimonji,

 

Si tu considères que la question est réglée, n'oublie pas de le signaler en taguant du mot [Résolu] le titre de ton sujet. Pour ce faire, je te suggère de consulter ce tutoriel de Thorgal

 

@+ ;)

Dylav

Rejoindre la conversation

Vous pouvez publier maintenant et vous inscrire plus tard. Si vous avez un compte, connectez-vous maintenant pour publier avec votre compte.
Remarque : votre message nécessitera l’approbation d’un modérateur avant de pouvoir être visible.

Invité
Répondre à ce sujet…

×   Collé en tant que texte enrichi.   Coller en tant que texte brut à la place

  Seulement 75 émoticônes maximum sont autorisées.

×   Votre lien a été automatiquement intégré.   Afficher plutôt comme un lien

×   Votre contenu précédent a été rétabli.   Vider l’éditeur

×   Vous ne pouvez pas directement coller des images. Envoyez-les depuis votre ordinateur ou insérez-les depuis une URL.

×
 Partager
Aller sur la liste des sujets

  • En ligne récemment   0 membre est en ligne

    • Aucun utilisateur enregistré regarde cette page.
×
×
  • Créer...