Sujet Précédent Sujet Suivant

Virus hadopi impossible à eradiquer

Résolu/Fermé
etilae Messages postés 11 Date d'inscription lundi 8 avril 2013 Statut Membre Dernière intervention 17 mai 2013 - 8 avril 2013 à 17:37
Malekal_morte- Messages postés 180304 Date d'inscription mercredi 17 mai 2006 Statut Modérateur, Contributeur sécurité Dernière intervention 15 décembre 2020 - 9 avril 2013 à 12:33
Bonjour,

j'ai un virus hadopi qui bloque tout. J'ai réouvert mon ordi en mode sans echec, telecharger Roquekiller. Supprimé les fichiers. Mais la page Hdopi persiste. J'ai fait un scan ca donne ca comme rapport :

Qui peut m'aider Merci d'avance

OTL logfile created on: 08/04/2013 16:23:37 - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Administrateur\Bureau
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy

2,99 Gb Total Physical Memory | 2,66 Gb Available Physical Memory | 89,09% Memory free
4,84 Gb Paging File | 4,73 Gb Available in Paging File | 97,84% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 288,47 Gb Total Space | 118,16 Gb Free Space | 40,96% Space Free | Partition Type: NTFS
Drive E: | 9,61 Gb Total Space | 5,72 Gb Free Space | 59,53% Space Free | Partition Type: FAT32

Computer Name: MIMIE | User Name: Administrateur | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

[color=#E56717]========== Processes (SafeList) ==========[/color]

PRC - [2013/04/08 16:16:18 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrateur\Bureau\OTL.exe
PRC - [2008/04/14 14:00:00 | 001,037,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


[color=#E56717]========== Modules (No Company Name) ==========[/color]

MOD - [2012/12/18 16:28:24 | 000,301,056 | ---- | M] () -- C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\PDFShell.FRA


[color=#E56717]========== Services (SafeList) ==========[/color]

SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt)
SRV - [2013/04/05 12:57:04 | 002,569,168 | ---- | M] () [Auto | Stopped] -- C:\Documents and Settings\All Users\Application Data\BrowserProtect\2.6.1125.80\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe -- (BrowserProtect)
SRV - [2013/03/13 21:49:23 | 000,253,656 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/02/05 17:48:00 | 000,235,216 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\3.0.318\McCHSvc.exe -- (McComponentHostService)
SRV - [2013/01/08 13:53:48 | 000,161,536 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/12/21 17:27:46 | 000,057,008 | ---- | M] (Apple Inc.) [Auto | Stopped] -- C:\Program Files\Fichiers communs\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2011/11/28 20:01:23 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Stopped] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2009/06/07 01:05:51 | 000,603,904 | ---- | M] (TuneUp Software) [Auto | Stopped] -- C:\WINDOWS\system32\TUProgSt.exe -- (TuneUp.ProgramStatisticsSvc)
SRV - [2009/06/07 01:05:48 | 000,362,240 | ---- | M] (TuneUp Software) [On_Demand | Stopped] -- C:\WINDOWS\system32\TuneUpDefragService.exe -- (TuneUp.Defrag)
SRV - [2008/11/12 16:44:18 | 000,027,904 | ---- | M] (TuneUp Software) [Auto | Stopped] -- C:\WINDOWS\system32\uxtuneup.dll -- (UxTuneUp)
SRV - [2007/12/11 20:19:44 | 000,065,536 | ---- | M] (France Telecom SA) [Auto | Stopped] -- C:\Program Files\Fichiers communs\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe -- (FTRTSVC)
SRV - [2007/08/09 09:27:52 | 000,073,728 | ---- | M] (HP) [Auto | Stopped] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)
SRV - [2005/11/14 01:06:04 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe -- (IDriverT)
SRV - [2003/06/20 09:25:00 | 000,322,120 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe -- (MDM)


[color=#E56717]========== Driver Services (SafeList) ==========[/color]

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | Boot | Stopped] -- System32\DRIVERS\viamraid.sys -- (viamraid)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\DRIVERS\fetnd5.sys -- (FETNDIS)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\ComboFix\catchme.sys -- (catchme)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\ALCXWDM.SYS -- (ALCXWDM)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\DRIVERS\adiusbaw.sys -- (adiusbaw)
DRV - File not found [Kernel | Auto | Stopped] -- System32\Drivers\adildr.sys -- (ADILOADER)
DRV - [2011/11/28 19:53:53 | 000,435,032 | ---- | M] (AVAST Software) [File_System | System | Stopped] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2011/11/28 19:53:35 | 000,314,456 | ---- | M] (AVAST Software) [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2011/11/28 19:52:19 | 000,034,392 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2011/11/28 19:52:16 | 000,052,952 | ---- | M] (AVAST Software) [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2011/11/28 19:52:02 | 000,111,320 | ---- | M] (AVAST Software) [File_System | Auto | Stopped] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2011/11/28 19:51:50 | 000,020,568 | ---- | M] (AVAST Software) [File_System | Auto | Stopped] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2011/11/28 19:48:49 | 000,030,808 | ---- | M] (AVAST Software) [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2011/05/10 08:06:14 | 000,018,432 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\netaapl.sys -- (Netaapl)
DRV - [2009/08/22 12:01:15 | 000,000,000 | ---- | M] () [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\8c14b725.sys -- (8c14b725)
DRV - [2009/08/19 08:51:00 | 000,000,000 | ---- | M] () [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\bd696c69.sys -- (bd696c69)
DRV - [2008/05/19 05:46:04 | 000,108,032 | R--- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
DRV - [2008/02/14 08:12:02 | 001,389,056 | R--- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\monfilt.sys -- (monfilt)
DRV - [2008/02/14 05:36:34 | 000,222,976 | R--- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\viahduaa.sys -- (VIAHdAudAddService)
DRV - [2007/04/03 12:57:54 | 000,099,080 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s116unic.sys -- (s116unic)
DRV - [2007/04/03 12:57:52 | 000,098,696 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s116obex.sys -- (s116obex)
DRV - [2007/04/03 12:57:52 | 000,023,176 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s116nd5.sys -- (s116nd5)
DRV - [2007/04/03 12:57:50 | 000,100,488 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s116mgmt.sys -- (s116mgmt)
DRV - [2007/04/03 12:57:48 | 000,108,680 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s116mdm.sys -- (s116mdm)
DRV - [2007/04/03 12:57:48 | 000,015,112 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s116mdfl.sys -- (s116mdfl)
DRV - [2007/04/03 12:57:42 | 000,083,336 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s116bus.sys -- (s116bus)
DRV - [2006/11/10 10:47:18 | 000,090,800 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\se2Bunic.sys -- (se2Bunic)
DRV - [2006/11/10 10:47:10 | 000,086,560 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SE2Bobex.sys -- (SE2Bobex)
DRV - [2006/11/10 10:47:08 | 000,018,704 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\se2Bnd5.sys -- (se2Bnd5)
DRV - [2006/11/10 10:47:06 | 000,088,688 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SE2Bmgmt.sys -- (SE2Bmgmt)
DRV - [2006/11/10 10:47:00 | 000,097,184 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SE2Bmdm.sys -- (SE2Bmdm)
DRV - [2006/11/10 10:46:58 | 000,009,360 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SE2Bmdfl.sys -- (SE2Bmdfl)
DRV - [2006/11/10 10:46:52 | 000,061,600 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SE2Bbus.sys -- (SE2Bbus)
DRV - [2006/07/20 10:43:16 | 000,007,168 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\HardwareDetection\driverhardwarev2.sys -- (driverhardwarev2)
DRV - [2006/03/01 18:53:54 | 000,032,128 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\pcandis5.sys -- (PCANDIS5)
DRV - [2004/08/13 12:56:20 | 000,005,810 | R--- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ASACPI.sys -- (MTsensor)
DRV - [2004/07/29 14:14:22 | 000,091,577 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\P0620Vid.sys -- (PD0620VID)
DRV - [2003/09/23 10:38:34 | 000,034,688 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\pcampr5.sys -- (PCAMPR5)
DRV - [2002/05/06 12:01:08 | 000,017,005 | ---- | M] (Adaptec) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\ASPI32.SYS -- (Aspi32)
DRV - [2002/01/31 17:39:02 | 000,026,752 | R--- | M] (OrangeWare Corporation) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\ousbehci.sys -- (ousbehci)
DRV - [2001/11/05 11:56:00 | 000,032,960 | ---- | M] (ALCATech GmbH) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mmrtkrnl.sys -- (MMRTKRNL)
DRV - [2001/05/28 15:30:00 | 000,008,864 | ---- | M] () [Kernel | Auto | Stopped] -- C:\WINDOWS\System32\drivers\MARXDEV3.SYS -- (MarxDev3)
DRV - [2001/05/28 15:30:00 | 000,008,864 | ---- | M] () [Kernel | Auto | Stopped] -- C:\WINDOWS\System32\drivers\MARXDEV2.SYS -- (MarxDev2)
DRV - [2001/05/28 15:30:00 | 000,008,864 | ---- | M] () [Kernel | Auto | Stopped] -- C:\WINDOWS\System32\drivers\MARXDEV1.SYS -- (MarxDev1)


[color=#E56717]========== Standard Registry (SafeList) ==========[/color]


[color=#E56717]========== Internet Explorer ==========[/color]

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = https://fr.news.yahoo.com/ [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://home.sweetim.com/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/toolbar/ie8/sidebar.html
IE - HKLM\..\SearchScopes,DefaultScope = {AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = https://www.bing.com/?scope=web&mkt=fr-FR{searchTerms}&src={referrer:source?}
IE - HKLM\..\SearchScopes\{0AD736FB-9A25-4AD3-A0DB-FEDBCF89C5FF}: "URL" = http://fr.search.yahoo.com/search/dir?ei=UTF-8&fr=yie7c&p={searchTerms}
IE - HKLM\..\SearchScopes\{511B5584-24F3-4787-A72A-807B11665E26}: "URL" = http://fr.search.yahoo.com/search/news?ei=UTF-8&fr=yie7c&p={searchTerms}
IE - HKLM\..\SearchScopes\{53644363-F247-4CD2-8FBA-EA353DC59311}: "URL" = http://shopping.yahoo.fr/ctl/do/search?catId=100164013&siteSearchQuery={searchTerms}
IE - HKLM\..\SearchScopes\{81A9DE2F-3ABE-4749-BAC3-DF8D59478608}: "URL" = https://fr.search.yahoo.com/web?fr=yie7c{searchTerms}
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://www1.search-results.com/web?l=dis&q=&o=APN10645&apn_dtid=%5EBND406%5EYY%5EFR&shad=s_0043&gct=ds&apn_ptnrs=%5EAG6&d=406-362&lang=en&atb=sysid%3D406%3Aappid%3D362%3Auid%3D57cd5fe1cac77a1e%3Asrc%3Dieb%3Ao%3DAPN10645%3Atg%3D&p2=%5EAG6%5EBND406%5EYY%5EFR{searchTerms}
IE - HKLM\..\SearchScopes\{C43483BE-72D6-4A65-A326-9FCB1B7C6B88}: "URL" = https://fr.video.search.yahoo.com/video{searchTerms}
IE - HKLM\..\SearchScopes\{CC8D530F-B2BC-404B-A961-B54DB0A78D26}: "URL" = https://fr.images.search.yahoo.com/images{searchTerms}
IE - HKLM\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = https://search.sweetim.com/search.asp?src=6&crg=3.1010000&st=18&q={searchTerms}&barid={4AF0AC27-500F-11E1-9226-002215C5B68A}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,bProtector Start Page = http://search.babylon.com/?affID=120307&tt=070413_ctrl&babsrc=HP_ss&mntrId=5016002215C5B68A
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.delta-search.com/?affID=119816&babsrc=HP_ss&mntrId=5016002215C5B68A
IE - HKCU\..\SearchScopes,bProtectorDefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = https://www.bing.com/?scope=web&mkt=fr-FR{searchTerms}&src=IE-SearchBox&Form=IE8SRC
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://www.delta-search.com/?q={searchTerms}&affID=119816&babsrc=SP_ss&mntrId=5016002215C5B68A
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


[color=#E56717]========== FireFox ==========[/color]

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_6_602_180.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Content Upload Plugin,version=1.0.0: C:\Program Files\DivX\DivX Content Uploader\npUpload.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/McAfeeMssPlugin: C:\Program Files\McAfee Security Scan\3.0.318\npMcAfeeMss.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.46: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.3.46: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.46: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\widestream6@spointer.com: C:\Program Files\Widestream6\spointer\extensions\widestream6@spointer.com [2012/02/05 17:38:46 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.7\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/03/05 18:43:38 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.7\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013/03/05 18:43:37 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\lrcspal@xinghao.net: C:\Program Files\XingHaoLyrics\FF\ [2013/04/07 22:08:02 | 000,000,000 | ---D | M]

[2012/05/06 22:44:37 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2013/01/23 09:29:58 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2011/11/11 22:36:34 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
[2011/10/03 06:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2010/07/16 17:19:24 | 000,001,516 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-france.xml
[2013/04/07 22:09:07 | 000,006,468 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml
[2010/07/16 17:19:24 | 000,001,822 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\cnrtl-tlfi-fr.xml
[2010/07/16 17:19:24 | 000,000,757 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-france.xml
[2009/11/19 10:04:24 | 000,003,700 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\fast.png
[2009/11/19 10:04:25 | 000,001,963 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\fast.xml
[2012/05/06 22:44:16 | 000,002,519 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\Search_Results.xml
[2010/07/16 17:19:24 | 000,001,426 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-fr.xml
[2010/07/16 17:19:24 | 000,000,956 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-france.xml

O1 HOSTS File: ([2012/05/29 19:00:37 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (MSS+ Identifier) - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll (McAfee, Inc.)
O2 - BHO: (Shareaza Web Download Hook) - {0EEDB912-C5FA-486F-8334-57288578C627} - C:\Program Files\Shareaza\RazaWebHook32.dll (Shareaza Development Team)
O2 - BHO: (Complitly) - {0FB6A909-6086-458F-BD92-1F8EE10042A0} - C:\Documents and Settings\Etilae\Application Data\Complitly\Complitly.dll (SimplyGen)
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Babylon toolbar helper) - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files\BabylonToolbar\BabylonToolbar\1.8.11.10\bh\BabylonToolbar.dll (Babylon BHO)
O2 - BHO: (ST_France Toolbar) - {4daac69c-cba7-45e2-9bc8-1044483d3352} - C:\Program Files\Softonic_France\prxtbSof2.dll (Conduit Ltd.)
O2 - BHO: (LyricsPal) - {A3DAEB01-4C15-4AC6-A689-6406FD954EE0} - C:\Program Files\XingHaoLyrics\lrcspal.dll (XingHao Software)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (delta Helper Object) - {C1AF5FA5-852C-4C90-812E-A7F75E011D87} - C:\Program Files\Delta\delta\1.8.10.0\bh\delta.dll (Delta-search.com)
O2 - BHO: (SweetIM Toolbar Helper) - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O2 - BHO: (PricePeep) - {FD6D90C0-E6EE-4BC6-B9F7-9ED319698007} - C:\Program Files\PricePeep\pricepeep.dll (PricePeep)
O3 - HKLM\..\Toolbar: (ST_France Toolbar) - {4daac69c-cba7-45e2-9bc8-1044483d3352} - C:\Program Files\Softonic_France\prxtbSof2.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Delta Toolbar) - {82E1477C-B154-48D3-9891-33D83C26BCD3} - C:\Program Files\Delta\delta\1.8.10.0\deltaTlbr.dll (Delta-search.com)
O3 - HKLM\..\Toolbar: (Babylon Toolbar) - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files\BabylonToolbar\BabylonToolbar\1.8.11.10\BabylonToolbarTlbr.dll (Babylon Ltd.)
O3 - HKLM\..\Toolbar: (SweetIM Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O4 - HKLM..\Run: [Adobe ARM] C:\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe Photo Downloader] C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Fichiers communs\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [DATAMNGR] C:\Program Files\Searchqu Toolbar\Datamngr\datamngrUI.exe (Bandoo Media, inc)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [SweetIM] C:\Program Files\SweetIM\Messenger\SweetIM.exe (SweetIM Technologies Ltd.)
O4 - HKCU..\Run: [Optimizer Pro] C:\Program Files\Optimizer Pro\OptProLauncher.exe (PC Utilities Pro)
O4 - Startup: C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\McAfee Security Scan Plus.lnk = C:\Program Files\McAfee Security Scan\3.0.318\SSScheduler.exe (McAfee, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe (PokerStars)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {09CC593B-E8A9-4491-927D-A3E33534DDD4} http://mm.tf1.fr/superdistribution/installer2.cab (InstallerObj Class)
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB (Reg Error: Key error.)
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} http://office.microsoft.com/officeupdate/content/opuc3.cab (Office Update Installation Engine)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1297699608734 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1297696535578 (MUWebControl Class)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} http://h30155.www3.hp.com/ediags/hpfix/aio/en/check/qdiagh.cab?326 (QDiagHUpdateObj Class)
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} http://download.mcafee.com/molbin/iss-loc/mcfscan/3,0,0,5942/mcfscan.cab (McFreeScan Class)
O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6ABD9B43-5F97-4C46-9EA1-4870034349F2}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E503829B-4D07-41E5-B973-27E804DF9339}: DhcpNameServer = 192.168.1.1 192.168.1.1
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\livecall - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Fichiers communs\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim - No CLSID value found
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Fichiers communs\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Fichiers communs\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/08/14 18:23:03 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\D\Shell - "" = AutoRun
O33 - MountPoints2\D\Shell\AutoRun\command - "" = D:\setup.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]

[2013/04/08 16:16:06 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrateur\Bureau\OTL.exe
[2013/04/08 08:48:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrateur\Application Data\WinRAR
[2013/04/08 08:22:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrateur\Application Data\Sun
[2013/04/07 23:05:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrateur\Bureau\RK_Quarantine
[2013/04/07 23:03:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrateur\Local Settings\Application Data\Temp
[2013/04/07 23:03:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrateur\Local Settings\Application Data\Adobe
[2013/04/07 22:22:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrateur\Application Data\Malwarebytes
[2013/04/07 22:22:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrateur\Local Settings\Application Data\Google
[2013/04/07 22:22:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrateur\Application Data\Google
[2013/04/07 22:10:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrateur\Application Data\Optimizer Pro
[2013/04/07 22:10:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2013/04/07 22:10:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Optimizer Pro
[2013/04/07 22:10:16 | 000,000,000 | ---D | C] -- C:\Program Files\Optimizer Pro
[2013/04/07 22:10:01 | 000,000,000 | ---D | C] -- C:\Program Files\PricePeep
[2013/04/07 22:09:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrateur\Application Data\BabSolution
[2013/04/07 22:09:39 | 000,000,000 | ---D | C] -- C:\Program Files\Delta
[2013/04/07 22:08:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrateur\Menu Démarrer\Programmes\BrowserProtect
[2013/04/07 22:08:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\BrowserProtect
[2013/04/07 22:08:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrateur\Local Settings\Application Data\Bundled software uninstaller
[2013/04/07 22:08:03 | 000,000,000 | ---D | C] -- C:\Program Files\7-Zip
[2013/04/07 22:08:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Démarrer\Programmes\7-Zip
[2013/04/07 22:08:02 | 000,000,000 | ---D | C] -- C:\Program Files\XingHaoLyrics
[2013/04/07 22:07:39 | 000,000,000 | ---D | C] -- C:\Program Files\BabylonToolbar
[2013/04/07 22:07:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2013/04/07 22:07:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2013/04/07 22:07:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrateur\Application Data\Babylon
[2013/04/07 22:06:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrateur\Application Data\Macromedia
[2013/04/07 22:04:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrateur\Application Data\Adobe
[2013/04/07 22:04:26 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Administrateur\PrivacIE
[2013/04/07 22:04:11 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Administrateur\IETldCache
[2013/04/07 20:57:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\501B7F3ED059BE110000501B2F27C232
[2013/03/30 08:56:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Google Earth
[2013/03/21 20:54:10 | 000,012,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usb8023x.sys
[7 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]

[2013/04/08 16:16:18 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrateur\Bureau\OTL.exe
[2013/04/08 16:12:15 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013/04/08 16:07:46 | 000,001,984 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2013/04/08 16:07:22 | 000,000,510 | ---- | M] () -- C:\WINDOWS\tasks\Maintenance en 1 clic.job
[2013/04/08 16:07:18 | 000,001,052 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2013/04/08 16:07:18 | 000,000,400 | ---- | M] () -- C:\WINDOWS\tasks\LyricsPal Update.job
[2013/04/08 09:12:27 | 000,000,434 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{21E3915B-394B-45E9-BE60-D97D8FC67A14}.job
[2013/04/08 08:54:13 | 000,143,176 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2013/04/07 23:13:23 | 000,000,804 | ---- | M] () -- C:\Documents and Settings\Administrateur\Bureau\Continue 77Zip installation.lnk
[2013/04/07 23:08:58 | 000,511,562 | ---- | M] () -- C:\WINDOWS\System32\perfh00C.dat
[2013/04/07 23:08:58 | 000,442,010 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2013/04/07 23:08:58 | 000,085,356 | ---- | M] () -- C:\WINDOWS\System32\perfc00C.dat
[2013/04/07 23:08:58 | 000,071,754 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2013/04/07 22:10:18 | 000,000,737 | ---- | M] () -- C:\Documents and Settings\Administrateur\Bureau\Optimizer Pro.lnk
[2013/04/07 22:06:46 | 000,162,160 | ---- | M] () -- C:\Documents and Settings\Administrateur\Bureau\7ZipSetup.exe
[2013/04/07 21:53:00 | 000,001,056 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2013/04/07 20:21:00 | 000,001,002 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2013/04/06 17:53:04 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2013/04/06 17:47:43 | 000,021,846 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2013/03/30 08:56:09 | 000,001,915 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\Google Earth.lnk
[2013/03/26 18:31:00 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2013/03/14 08:59:46 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2013/03/13 21:49:22 | 000,693,976 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2013/03/13 21:49:22 | 000,073,432 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[7 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

[color=#E56717]========== Files Created - No Company Name ==========[/color]

[2013/04/07 23:13:23 | 000,000,804 | ---- | C] () -- C:\Documents and Settings\Administrateur\Bureau\Continue 77Zip installation.lnk
[2013/04/07 22:10:18 | 000,000,737 | ---- | C] () -- C:\Documents and Settings\Administrateur\Bureau\Optimizer Pro.lnk
[2013/04/07 22:08:02 | 000,000,400 | ---- | C] () -- C:\WINDOWS\tasks\LyricsPal Update.job
[2013/04/07 22:06:41 | 000,162,160 | ---- | C] () -- C:\Documents and Settings\Administrateur\Bureau\7ZipSetup.exe
[2013/04/07 01:25:39 | 000,163,488 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2013/03/30 08:56:09 | 000,001,915 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\Google Earth.lnk
[2012/05/29 19:17:22 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012/05/29 16:41:38 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2012/05/29 16:41:38 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2012/05/29 16:41:38 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2012/05/29 16:41:38 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2012/05/29 16:41:38 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2012/05/13 17:51:10 | 000,000,097 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\Microsoft.SqlServer.Compact.351.32.bc
[2012/03/23 22:50:38 | 000,004,910 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\qjaxlkio.dss
[2012/02/02 17:40:55 | 000,053,560 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2012/01/12 23:18:47 | 000,650,752 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2012/01/12 23:18:47 | 000,243,200 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2012/01/12 23:18:47 | 000,079,360 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll

[color=#E56717]========== ZeroAccess Check ==========[/color]

[2006/08/18 18:56:38 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2008/04/14 14:00:00 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009/02/09 12:53:55 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2008/04/14 14:00:00 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

< End of report >

3 réponses

Réponse 1 / 3
Malekal_morte- Messages postés 180304 Date d'inscription mercredi 17 mai 2006 Statut Modérateur, Contributeur sécurité Dernière intervention 15 décembre 2020 24 627
8 avril 2013 à 17:47
Salut,

[*] Télécharger sur le bureau https://www.luanagames.com/index.fr.html (by tigzy)
[*] Quitter tous les programmes
[*] Lancer RogueKiller.exe.
[*] Attendre que le Prescan ait fini ...
[*] Lance un scan afin de débloquer le bouton Suppression à droite.
[*] Clic sur Suppression.
Poste le rapport ici.

!!! Je répète bien faire Suppression à droite et poster le rapport. !!!

0
Réponse 2 / 3
etilae Messages postés 11 Date d'inscription lundi 8 avril 2013 Statut Membre Dernière intervention 17 mai 2013
8 avril 2013 à 23:02
Tout d'abord MERCI !
Voici donc le rapport RogueKiller V8.5.4 [Mar 18 2013] par Tigzy
mail : tigzyRK<at>gmail<dot>com
Remontees : https://www.luanagames.com/index.fr.html
Site Web : https://www.luanagames.com/index.fr.html
Blog : http://tigzyrk.blogspot.com/

Systeme d'exploitation : Windows XP (5.1.2600 Service Pack 3) 32 bits version
Demarrage : Mode sans echec avec prise en charge reseau
Utilisateur : Administrateur [Droits d'admin]
Mode : Suppression -- Date : 08/04/2013 23:01:47
| ARK || FAK || MBR |

¤¤¤ Processus malicieux : 0 ¤¤¤

¤¤¤ Entrees de registre : 0 ¤¤¤

¤¤¤ Fichiers / Dossiers particuliers: ¤¤¤

¤¤¤ Driver : [NON CHARGE] ¤¤¤

¤¤¤ Fichier HOSTS: ¤¤¤
--> C:\WINDOWS\system32\drivers\etc\hosts

127.0.0.1 localhost


¤¤¤ MBR Verif: ¤¤¤

+++++ PhysicalDrive0: +++++
--- User ---
[MBR] dec86aa1b7228aba20ee0ed45aebeef4
[BSP] 95530f7f0afb8aec6b599a822f9f29ea : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 295390 Mo
1 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 604959705 | Size: 9852 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Termine : << RKreport[9]_D_08042013_230147.txt >>
RKreport[1]_S_07042013_230619.txt ; RKreport[2]_D_07042013_230650.txt ; RKreport[3]_S_07042013_231723.txt ; RKreport[4]_D_07042013_231753.txt ; RKreport[5]_D_07042013_231819.txt ;
RKreport[6]_S_07042013_231843.txt ; RKreport[7]_S_08042013_084635.txt ; RKreport[8]_S_08042013_230108.txt ; RKreport[9]_D_08042013_230147.txt
0
etilae Messages postés 11 Date d'inscription lundi 8 avril 2013 Statut Membre Dernière intervention 17 mai 2013
8 avril 2013 à 23:04
ci dessus le dernier rapport ci dessous le premier rapport que j'ai eu :
RogueKiller V8.5.4 [Mar 18 2013] par Tigzy
mail : tigzyRK<at>gmail<dot>com
Remontees : https://www.luanagames.com/index.fr.html
Site Web : https://www.luanagames.com/index.fr.html
Blog : http://tigzyrk.blogspot.com/

Systeme d'exploitation : Windows XP (5.1.2600 Service Pack 3) 32 bits version
Demarrage : Mode sans echec avec prise en charge reseau
Utilisateur : Administrateur [Droits d'admin]
Mode : Recherche -- Date : 07/04/2013 23:06:19
| ARK || FAK || MBR |

¤¤¤ Processus malicieux : 2 ¤¤¤
[DLL] explorer.exe -- C:\WINDOWS\explorer.exe : c:\docume~1\alluse~1\applic~1\browse~1\261125~1.80\{c16c1~1\browse~1.dll [x] -> DECHARGÉE
[SVCHOST] svchost.exe -- C:\WINDOWS\system32\svchost.exe [x] -> TUÉ [TermProc]

¤¤¤ Entrees de registre : 7 ¤¤¤
[Services][HJNAME] HKLM\[...]\ControlSet003\Services\BITS (%fystemRoot%\System32\svchost.exe -k netsvcs) [x] -> TROUVÉ
[Services][HJNAME] HKLM\[...]\ControlSet003\Services\wuauserv (%fystemroot%\system32\svchost.exe -k netsvcs) [x] -> TROUVÉ
[HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> TROUVÉ
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> TROUVÉ
[HJ INPROC][ZeroAccess] HKCR\[...]\InprocServer32 : (C:\RECYCLER\S-1-5-18\$5f2f0de00c21ae572cc0e3afc16ef2ad\n) [-] -> TROUVÉ
[HJ INPROC][ZeroAccess] HKLM\[...]\InprocServer32 : (C:\RECYCLER\S-1-5-18\$5f2f0de00c21ae572cc0e3afc16ef2ad\n) [-] -> TROUVÉ
[APPINIT][SUSP PATH] HKLM\[...]\Windows : AppInit_DLLs (c:\Documents and Settings\All Users\Application Data\BrowserProtect\2.6.1125.80\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.dll) [7] -> TROUVÉ

¤¤¤ Fichiers / Dossiers particuliers: ¤¤¤
[ZeroAccess][FILE] n : C:\RECYCLER\S-1-5-18\$5f2f0de00c21ae572cc0e3afc16ef2ad\n [-] --> TROUVÉ
[ZeroAccess][FILE] n : C:\RECYCLER\S-1-5-21-1757981266-573735546-725345543-1004\$5f2f0de00c21ae572cc0e3afc16ef2ad\n [-] --> TROUVÉ
[ZeroAccess][FILE] @ : C:\RECYCLER\S-1-5-18\$5f2f0de00c21ae572cc0e3afc16ef2ad\@ [-] --> TROUVÉ
[ZeroAccess][FILE] @ : C:\RECYCLER\S-1-5-21-1757981266-573735546-725345543-1004\$5f2f0de00c21ae572cc0e3afc16ef2ad\@ [-] --> TROUVÉ
[ZeroAccess][FOLDER] U : C:\RECYCLER\S-1-5-18\$5f2f0de00c21ae572cc0e3afc16ef2ad\U --> TROUVÉ
[ZeroAccess][FOLDER] U : C:\RECYCLER\S-1-5-21-1757981266-573735546-725345543-1004\$5f2f0de00c21ae572cc0e3afc16ef2ad\U --> TROUVÉ
[ZeroAccess][FOLDER] L : C:\RECYCLER\S-1-5-18\$5f2f0de00c21ae572cc0e3afc16ef2ad\L --> TROUVÉ
[ZeroAccess][FOLDER] L : C:\RECYCLER\S-1-5-21-1757981266-573735546-725345543-1004\$5f2f0de00c21ae572cc0e3afc16ef2ad\L --> TROUVÉ

¤¤¤ Driver : [NON CHARGE] ¤¤¤

¤¤¤ Infection : ZeroAccess ¤¤¤

¤¤¤ Fichier HOSTS: ¤¤¤
--> C:\WINDOWS\system32\drivers\etc\hosts

127.0.0.1 localhost


¤¤¤ MBR Verif: ¤¤¤

+++++ PhysicalDrive0: +++++
--- User ---
[MBR] dec86aa1b7228aba20ee0ed45aebeef4
[BSP] 95530f7f0afb8aec6b599a822f9f29ea : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 295390 Mo
1 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 604959705 | Size: 9852 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Termine : << RKreport[1]_S_07042013_230619.txt >>
RKreport[1]_S_07042013_230619.txt



Mais le PB persiste malgré le rapport à 0
0
Malekal_morte- Messages postés 180304 Date d'inscription mercredi 17 mai 2006 Statut Modérateur, Contributeur sécurité Dernière intervention 15 décembre 2020 24 627
8 avril 2013 à 23:14
Faire suppression sur RogueKiller.
0
etilae Messages postés 11 Date d'inscription lundi 8 avril 2013 Statut Membre Dernière intervention 17 mai 2013
8 avril 2013 à 23:27
c fait ca , mais par acquis de conscience je recommence ....
0
etilae Messages postés 11 Date d'inscription lundi 8 avril 2013 Statut Membre Dernière intervention 17 mai 2013
8 avril 2013 à 23:33
RogueKiller V8.5.4 [Mar 18 2013] par Tigzy
mail : tigzyRK<at>gmail<dot>com
Remontees : https://www.luanagames.com/index.fr.html
Site Web : https://www.luanagames.com/index.fr.html
Blog : http://tigzyrk.blogspot.com/

Systeme d'exploitation : Windows XP (5.1.2600 Service Pack 3) 32 bits version
Demarrage : Mode sans echec avec prise en charge reseau
Utilisateur : Administrateur [Droits d'admin]
Mode : Suppression -- Date : 08/04/2013 23:32:37
| ARK || FAK || MBR |

¤¤¤ Processus malicieux : 0 ¤¤¤

¤¤¤ Entrees de registre : 0 ¤¤¤

¤¤¤ Fichiers / Dossiers particuliers: ¤¤¤

¤¤¤ Driver : [NON CHARGE] ¤¤¤

¤¤¤ Fichier HOSTS: ¤¤¤
--> C:\WINDOWS\system32\drivers\etc\hosts

127.0.0.1 localhost


¤¤¤ MBR Verif: ¤¤¤

+++++ PhysicalDrive0: +++++
--- User ---
[MBR] dec86aa1b7228aba20ee0ed45aebeef4
[BSP] 95530f7f0afb8aec6b599a822f9f29ea : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 295390 Mo
1 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 604959705 | Size: 9852 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Termine : << RKreport[16]_D_08042013_233237.txt >>
RKreport[10]_S_08042013_232856.txt ; RKreport[11]_D_08042013_232919.txt ; RKreport[12]_H_08042013_232923.txt ; RKreport[13]_PR_08042013_232926.txt ; RKreport[14]_DN_08042013_232928.txt ;
RKreport[15]_SC_08042013_233204.txt ; RKreport[16]_D_08042013_233237.txt ; RKreport[1]_S_07042013_230619.txt ; RKreport[2]_D_07042013_230650.txt ; RKreport[3]_S_07042013_231723.txt ;
RKreport[4]_D_07042013_231753.txt ; RKreport[5]_D_07042013_231819.txt ; RKreport[6]_S_07042013_231843.txt ; RKreport[7]_S_08042013_084635.txt ; RKreport[8]_S_08042013_230108.txt ;
RKreport[9]_D_08042013_230147.txt
0
etilae Messages postés 11 Date d'inscription lundi 8 avril 2013 Statut Membre Dernière intervention 17 mai 2013
8 avril 2013 à 23:40
incroyable mais le virus est toujours là avec sa page hadopi pourrit!
0
Réponse 3 / 3
Malekal_morte- Messages postés 180304 Date d'inscription mercredi 17 mai 2006 Statut Modérateur, Contributeur sécurité Dernière intervention 15 décembre 2020 24 627
9 avril 2013 à 12:33
ok :)


Installe Malwarebyte's Anti-Malware : https://www.malekal.com/tutoriel-malwarebyte-anti-malware/
Fais des scans réguliers avec, il est efficace.


Sécurise ton PC !

Important - ton infection est venue par un exploit sur site web :

Un exploit sur site WEB permet l'infection de ton ordinateur de manière automatiquement à la visite d'un site WEB qui a été hacké, il tire partie du fait que tu as des logiciels (Java, Adobe Reader etc) qui sont pas à jour et possèdent des vulnérabilités qui permettent l'execution de code (malicieux dans notre cas) à ton insu.
Le fait de ne pas avoir des logiciels à jour et qui ont potentiellement des vulnérabilités permettent donc d'infecter ton système.
Exemple avec : Exploit Java

Il faut donc impérativement maintenir tes logiciels à jour afin de ne pas voir ces portes d'entrée sur ton système.
Tant que ces logiciels ne seront pas à jour, ton PC est vulnérable et les infections peuvent s'installer facilement.

IMPORTANT : mettre à jour tes programmes notamment Java/Adobe Reader et Flash :
/faq/13362-mettre-a-jour-son-pc-contre-les-failles-de-securite
https://forum.malekal.com/viewtopic.php?t=15960&start=

Désactive Java de tes navigateurs WEB : https://www.commentcamarche.net/faq/35621-desactiver-java-sur-ses-navigateurs-web


Passe le mot à tes amis !

~~

Filtrer les PUPs/Adwares les plus fréquents avec HOSTS Anti-PUPs/Adwares : http://www.malekal.com/2012/01/10/hosts-anti-pupsadware/

~~

Le reste de la sécurité : http://forum.malekal.com/comment-securiser-son-ordinateur.html


0

Discussions similaires

Est ce que le site tlauncher est dangereux ?
caribou -
bazfile -

1 réponse
µTorrent et Hadopi...
Utilisateur anonyme -
Nonl -

36 réponses
comment envoyer un virus ?
willva -
BeFaX -

1 réponse
Comment savoir si j'ai attrapé un virus sur mon téléphone ?
Infolock -
bell -

66 réponses
4 virus en raison d’un porno ????
valou -
Bello040420 -

9 réponses