Sujet Précédent Sujet Suivant

Virus "bundespolizei" bloque mon PC

Résolu/Fermé
yoann - 11 déc. 2011 à 01:10
 maliikou06 - 21 déc. 2011 à 16:38
Bonjour,



comme dans le topic http://www.commentcamarche.net/forum/affich-23853958-besoin-d-aide-pour-virus-bundespolizei# , je suis touché par le virus qui affiche Bundespolizei en lieu et place du bureau, interdisant toute action, pas même un ctrl-alt-sup . idem en mode sans échec, j'ai donc booté à partir du liveCD indiqué et lancé OTPLE selon les instructions, ce qui me donne le rapport posté ci-dessous ; j'attends vos instructions à partir de là (merci d'avance) :


OTL logfile created on: 12/11/2011 1:00:20 AM - Run
OTLPE by OldTimer - Version 3.1.48.0 Folder = X:\Programs\OTLPE
Microsoft Windows XP Service Pack 3 (Version = 5.1.2600) - Type = SYSTEM
Internet Explorer (Version = 6.0.2900.5512)
Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy

959.00 Mb Total Physical Memory | 749.00 Mb Available Physical Memory | 78.00% Memory free
859.00 Mb Paging File | 775.00 Mb Available in Paging File | 90.00% Paging File free
Paging file location(s): C:\pagefile.sys 1440 2880 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 149.04 Gb Total Space | 84.46 Gb Free Space | 56.67% Space Free | Partition Type: NTFS
Drive H: | 246.71 Mb Total Space | 233.96 Mb Free Space | 94.83% Space Free | Partition Type: FAT
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet001

[color=#E56717]========== Win32 Services (SafeList) ==========/color

SRV - File not found [Disabled] -- -- (HidServ)
SRV - File not found [Auto] -- -- (ATI Smart)
SRV - File not found [On_Demand] -- -- (AppMgmt)
SRV - [2011/05/25 07:06:20 | 000,037,664 | ---- | M] (Apple Inc.) [Auto] -- C:\Program Files\Fichiers communs\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010/06/24 08:00:14 | 000,233,472 | ---- | M] (Teruten) [Auto] -- C:\WINDOWS\system32\FsUsbExService.Exe -- (FsUsbExService)
SRV - [2010/03/25 03:25:22 | 030,969,208 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
SRV - [2010/01/09 14:37:50 | 004,640,000 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\Program Files\Fichiers communs\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc)
SRV - [2010/01/09 14:18:00 | 000,149,352 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2009/02/05 16:08:40 | 000,138,680 | ---- | M] (ALWIL Software) [Auto] -- C:\Program Files\Alwil Software\Avast4\ashServ.exe -- (avast! Antivirus)
SRV - [2009/02/05 16:08:26 | 000,254,040 | ---- | M] (ALWIL Software) [On_Demand] -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe -- (avast! Mail Scanner)
SRV - [2009/02/05 16:06:04 | 000,352,920 | ---- | M] (ALWIL Software) [On_Demand] -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe -- (avast! Web Scanner)
SRV - [2009/02/05 16:01:25 | 000,018,752 | ---- | M] (ALWIL Software) [Auto] -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe -- (aswUpdSv)


[color=#E56717]========== Driver Services (SafeList) ==========/color

DRV - File not found [Kernel | On_Demand] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDCOMP)
DRV - File not found [Kernel | System] -- -- (PCIDump)
DRV - File not found [Kernel | System] -- -- (lbrtfdc)
DRV - File not found [Kernel | System] -- -- (i2omgmt)
DRV - File not found [Kernel | System] -- -- (Changer)
DRV - File not found [Kernel | On_Demand] -- -- (ATICDSDr)
DRV - [2011/04/27 07:19:28 | 000,020,032 | ---- | M] (Devguru Co., Ltd) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\dgderdrv.sys -- (dgderdrv)
DRV - [2011/02/17 23:47:42 | 000,180,672 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ssudserd.sys -- (ssudserd) SAMSUNG Mobile USB Diagnostic Serial Port(DEVGURU Ver.)
DRV - [2011/02/17 23:47:42 | 000,180,672 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ssudmdm.sys -- (ssudmdm) SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.)
DRV - [2011/02/17 23:47:42 | 000,066,112 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ssudbus.sys -- (dg_ssudbus) SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.)
DRV - [2010/06/24 08:00:14 | 000,036,608 | ---- | M] () [Kernel | On_Demand] -- C:\WINDOWS\system32\FsUsbExDisk.Sys -- (FsUsbExDisk)
DRV - [2009/02/05 16:08:10 | 000,094,032 | ---- | M] (ALWIL Software) [File_System | Auto] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2009/02/05 16:07:23 | 000,114,768 | ---- | M] (ALWIL Software) [Kernel | System] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2009/02/05 16:07:12 | 000,020,560 | ---- | M] (ALWIL Software) [File_System | Auto] -- C:\WINDOWS\system32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2009/02/05 16:06:20 | 000,051,376 | ---- | M] (ALWIL Software) [Kernel | System] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2009/02/05 16:06:10 | 000,023,152 | ---- | M] (ALWIL Software) [Kernel | On_Demand] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2009/02/05 16:05:11 | 000,026,944 | ---- | M] (ALWIL Software) [Kernel | System] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2008/04/13 04:35:40 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Pilote NT de carte Realtek PCI Fast Ethernet à base RTL8139(A/B/C)
DRV - [2006/06/18 17:37:34 | 000,036,864 | ---- | M] (Advanced Micro Devices) [Kernel | System] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)
DRV - [2006/06/07 17:08:56 | 001,580,544 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2005/05/18 11:50:30 | 002,319,680 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)


[color=#E56717]========== Standard Registry (SafeList) ==========/color


[color=#E56717]========== Internet Explorer ==========/color

IE - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\Administrateur_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\Yoann_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\Yoann_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\Program Files\Microsoft Office\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\Program Files\Microsoft Office\Office14\NPSPWRAP.DLL (Microsoft Corporation)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/11/09 12:47:27 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

[2011/12/02 07:47:38 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/12/02 07:47:38 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
[2011/11/09 12:47:27 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/10/05 04:25:07 | 000,001,516 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-france.xml
[2011/10/05 04:25:07 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/10/05 04:25:07 | 000,001,822 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\cnrtl-tlfi-fr.xml
[2011/10/05 04:25:07 | 000,001,154 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-france.xml
[2011/10/05 04:25:07 | 000,001,426 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-fr.xml
[2011/10/05 04:25:07 | 000,000,956 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-france.xml

O1 HOSTS File: ([2011/08/05 06:07:40 | 000,000,880 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (EpsonToolBandKicker Class) - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O3 - HKLM\..\Toolbar: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O3 - HKU\Yoann_ON_C\..\Toolbar\WebBrowser: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [avast!] C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)
O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - HKU\Yoann_ON_C..\Run: [EPSON Stylus SX200 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIEFE.EXE (SEIKO EPSON CORPORATION)
O4 - HKU\Yoann_ON_C..\Run: [EPSON Stylus SX200 Series (Copie 1)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIEFE.EXE (SEIKO EPSON CORPORATION)
O4 - HKU\Yoann_ON_C..\Run: [KiesHelper] C:\Program Files\Samsung\Kies\KiesHelper.exe (Samsung)
O4 - HKU\Yoann_ON_C..\Run: [KiesPDLR] C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe ()
O4 - HKU\Yoann_ON_C..\Run: [KiesTrayAgent] C:\Program Files\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
O4 - HKU\Yoann_ON_C..\Run: [RocketDock] C:\Program Files\RocketDock\RocketDock.exe ()
O4 - Startup: C:\Documents and Settings\Yoann\Menu Démarrer\Programmes\Démarrage\Lanceur.lnk = C:\Program Files\Micro Application\LauncherMA.exe (Micro Application)
O4 - Startup: C:\Documents and Settings\Yoann\Menu Démarrer\Programmes\Démarrage\OpenOffice.org 3.1.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Administrateur_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\LocalService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\NetworkService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Yoann_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Notes &liées OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Notes &liées OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Fichiers communs\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (C:\Documents and Settings\Yoann\Application Data\mahmud.exe) - C:\Documents and Settings\Yoann\Application Data\mahmud.exe (Packard Bell BV)
O20 - HKLM Winlogon: TaskMan - (C:\Documents and Settings\Yoann\Application Data\ygmdrm.exe) - C:\Documents and Settings\Yoann\Application Data\ygmdrm.exe ()
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop Components:0 (Ma page d'accueil) - About:Home
O24 - Desktop BackupWallPaper:
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/11/10 07:27:24 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2011/12/05 17:18:48 | 000,000,490 | ---- | M] () - H:\autorun.inf -- [ FAT ]
O32 - AutoRun File - [2006/03/24 06:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: AppMgmt - File not found
NetSvcs: HidServ - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found


SafeBootMin: AppMgmt - File not found
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: AppMgmt - File not found
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vga.sys - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Rendu VML (Vector Graphics Rendering)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Lecteur Windows Media Microsoft 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Liaison de données Dynamic HTML pour Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Logiciel de navigation hors connexion
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Création avancée
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Aide sur Internet Explorer
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - Classes Java DirectAnimation
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.7
ActiveX: {5056b317-8d4c-43ee-8543-b9d1e234b8f4} - Mise à jour de sécurité pour Windows XP (KB923789)
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Outils d'installation Internet Explorer
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Améliorations pour la navigation
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - Accès au site MSN
ActiveX: {73fa19d0-2d75-11d2-995d-00c04f98bbc9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - %SystemRoot%\system32\ie4uinit.exe
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - DOTNETFRAMEWORKS
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Liaison de données Dynamic HTML
ActiveX: {ACC563BC-4266-43f0-B6ED-9D38C4202C7E} -
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Polices de base Internet Explorer
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Planificateur de tâches
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - Aide HTML
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)

[color=#E56717]========== Files/Folders - Created Within 30 Days ==========/color

[2011/12/10 17:13:58 | 000,196,608 | ---- | C] (Packard Bell BV) -- C:\Documents and Settings\Yoann\Application Data\mahmud.exe
[2011/12/10 14:52:14 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Yoann\Recent
[2011/12/04 16:54:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Yoann\Bureau\machine à coudre
[2011/12/04 14:35:34 | 000,000,000 | ---D | C] -- C:\Program Files\NetDrive
[2011/12/04 14:35:26 | 000,327,168 | ---- | C] (InstallShield Software Corporation) -- C:\WINDOWS\IsUn040c.exe
[2011/12/04 10:08:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Yoann\Bureau\noêl
[2011/12/02 07:48:07 | 000,000,000 | ---D | C] -- C:\Program Files\Fichiers communs\Java
[2011/12/02 07:47:36 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2011/12/02 07:47:36 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2011/12/02 07:47:36 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2011/11/27 18:09:15 | 000,000,000 | ---D | C] -- C:\WINDOWS\Sun
[2011/11/25 10:24:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Yoann\Bureau\problèmes fiche paie elise
[2011/11/19 13:32:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Yoann\Bureau\Photos mag
[2011/11/19 09:46:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Démarrer\Programmes\CCleaner
[2011/11/19 09:46:07 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2011/11/19 09:02:28 | 000,000,000 | ---D | C] -- C:\Program Files\Micro Application
[2011/11/19 09:02:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Micro Application
[2011/11/11 12:34:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Yoann\Bureau\Antoine
[2010/02/15 05:37:47 | 000,570,128 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\Yoann\Application Data\DAO350.DLL
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

[color=#E56717]========== Files - Modified Within 30 Days ==========/color

[2011/12/10 18:31:23 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/12/10 17:13:58 | 000,196,608 | ---- | M] (Packard Bell BV) -- C:\Documents and Settings\Yoann\Application Data\mahmud.exe
[2011/12/10 14:12:39 | 000,009,435 | ---- | M] () -- C:\Documents and Settings\Yoann\.recently-used.xbel
[2011/12/10 08:06:40 | 000,003,456 | ---- | M] () -- C:\Documents and Settings\Yoann\Mes documents\cc_20111210_140637.reg
[2011/12/09 20:10:55 | 011,167,190 | ---- | M] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-1993962763-484763869-682003330-1004-0.dat
[2011/12/09 20:10:52 | 000,318,582 | ---- | M] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
[2011/12/09 14:28:31 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/12/07 11:12:11 | 000,016,981 | ---- | M] () -- C:\Documents and Settings\Yoann\Bureau\CP - exemple.ods
[2011/12/07 08:26:46 | 000,002,278 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/12/06 09:39:21 | 000,017,369 | ---- | M] () -- C:\Documents and Settings\Yoann\Bureau\cotis retraite.ods
[2011/12/03 15:07:02 | 000,000,702 | ---- | M] () -- C:\Documents and Settings\Yoann\Mes documents\cc_20111203_210649.reg
[2011/11/30 17:43:11 | 000,115,559 | ---- | M] () -- C:\Documents and Settings\Yoann\Bureau\attachment.ashx-1.pdf
[2011/11/28 08:14:00 | 000,021,649 | ---- | M] () -- C:\Documents and Settings\Yoann\Bureau\témoignage.odt
[2011/11/27 17:35:18 | 000,023,003 | ---- | M] () -- C:\Documents and Settings\Yoann\Bureau\paie pour calc copie.ods
[2011/11/19 09:53:01 | 000,069,380 | ---- | M] () -- C:\Documents and Settings\Yoann\Mes documents\cc_20111119_155255.reg
[2011/11/19 09:46:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Menu Démarrer\Programmes\CCleaner
[2011/11/19 09:02:29 | 000,001,873 | ---- | M] () -- C:\Documents and Settings\Yoann\Menu Démarrer\Programmes\Démarrage\Lanceur.lnk
[2011/11/19 08:16:28 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2011/11/17 19:52:41 | 000,009,190 | ---- | M] () -- C:\Documents and Settings\Yoann\Bureau\encourskevin.ods
[2011/11/17 08:24:07 | 000,026,767 | ---- | M] () -- C:\Documents and Settings\Yoann\Bureau\q° dp novembre.odt
[2011/11/11 17:28:38 | 000,018,048 | ---- | M] () -- C:\Documents and Settings\Yoann\Mes documents\Vinyles à Tours.ods
[2011/11/11 13:07:05 | 000,019,968 | ---- | M] () -- C:\Documents and Settings\Yoann\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

[color=#E56717]========== Files Created - No Company Name ==========/color

[2011/12/10 14:12:39 | 000,009,435 | ---- | C] () -- C:\Documents and Settings\Yoann\.recently-used.xbel
[2011/12/10 08:06:39 | 000,003,456 | ---- | C] () -- C:\Documents and Settings\Yoann\Mes documents\cc_20111210_140637.reg
[2011/12/09 14:28:31 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/12/07 10:03:32 | 000,016,981 | ---- | C] () -- C:\Documents and Settings\Yoann\Bureau\CP - exemple.ods
[2011/12/03 15:07:01 | 000,000,702 | ---- | C] () -- C:\Documents and Settings\Yoann\Mes documents\cc_20111203_210649.reg
[2011/12/01 10:26:31 | 000,017,369 | ---- | C] () -- C:\Documents and Settings\Yoann\Bureau\cotis retraite.ods
[2011/11/30 17:43:11 | 000,115,559 | ---- | C] () -- C:\Documents and Settings\Yoann\Bureau\attachment.ashx-1.pdf
[2011/11/28 08:14:00 | 000,021,649 | ---- | C] () -- C:\Documents and Settings\Yoann\Bureau\témoignage.odt
[2011/11/25 10:05:14 | 000,023,003 | ---- | C] () -- C:\Documents and Settings\Yoann\Bureau\paie pour calc copie.ods
[2011/11/19 09:52:58 | 000,069,380 | ---- | C] () -- C:\Documents and Settings\Yoann\Mes documents\cc_20111119_155255.reg
[2011/11/19 09:02:29 | 000,001,873 | ---- | C] () -- C:\Documents and Settings\Yoann\Menu Démarrer\Programmes\Démarrage\Lanceur.lnk
[2011/11/17 19:52:40 | 000,009,190 | ---- | C] () -- C:\Documents and Settings\Yoann\Bureau\encourskevin.ods
[2011/11/17 08:24:06 | 000,026,767 | ---- | C] () -- C:\Documents and Settings\Yoann\Bureau\q° dp novembre.odt
[2011/11/11 17:28:38 | 000,018,048 | ---- | C] () -- C:\Documents and Settings\Yoann\Mes documents\Vinyles à Tours.ods
[2011/06/03 05:47:09 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2011/04/27 07:19:32 | 000,030,568 | ---- | C] () -- C:\WINDOWS\MusiccityDownload.exe
[2011/04/27 07:19:30 | 000,974,848 | ---- | C] () -- C:\WINDOWS\System32\cis-2.4.dll
[2011/04/27 07:19:30 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\issacapi_bs-2.3.dll
[2011/04/27 07:19:30 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\issacapi_pe-2.3.dll
[2011/04/27 07:19:30 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\issacapi_se-2.3.dll
[2011/03/14 06:27:32 | 000,019,968 | ---- | C] () -- C:\Documents and Settings\Yoann\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/01/24 18:11:00 | 011,167,190 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-1993962763-484763869-682003330-1004-0.dat
[2011/01/24 18:11:00 | 000,318,582 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
[2011/01/24 16:33:39 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\FsUsbExDevice.Dll
[2011/01/24 16:33:39 | 000,036,608 | ---- | C] () -- C:\WINDOWS\System32\FsUsbExDisk.Sys
[2011/01/24 16:33:31 | 000,002,528 | ---- | C] () -- C:\Documents and Settings\Yoann\Application Data\$_hpcst$.hpc
[2010/12/12 07:47:46 | 000,111,932 | ---- | C] () -- C:\WINDOWS\System32\EPPICPrinterDB.dat
[2010/12/12 07:47:46 | 000,031,053 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern131.dat
[2010/12/12 07:47:46 | 000,027,417 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern121.dat
[2010/12/12 07:47:46 | 000,026,154 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern1.dat
[2010/12/12 07:47:46 | 000,024,903 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern3.dat
[2010/12/12 07:47:46 | 000,021,390 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern5.dat
[2010/12/12 07:47:46 | 000,020,148 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern2.dat
[2010/12/12 07:47:46 | 000,011,811 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern4.dat
[2010/12/12 07:47:46 | 000,004,943 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern6.dat
[2010/12/12 07:47:46 | 000,001,146 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_DU.dat
[2010/12/12 07:47:46 | 000,001,139 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_PT.dat
[2010/12/12 07:47:46 | 000,001,139 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_BP.dat
[2010/12/12 07:47:46 | 000,001,136 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_ES.dat
[2010/12/12 07:47:46 | 000,001,129 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_FR.dat
[2010/12/12 07:47:46 | 000,001,129 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_CF.dat
[2010/12/12 07:47:46 | 000,001,120 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_IT.dat
[2010/12/12 07:47:46 | 000,001,107 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_GE.dat
[2010/12/12 07:47:46 | 000,001,104 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_EN.dat
[2010/12/12 07:47:46 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2010/12/12 07:46:36 | 000,000,025 | ---- | C] () -- C:\WINDOWS\CDE SX200DEFGIPS.ini
[2010/12/08 18:56:51 | 000,267,264 | RHS- | C] () -- C:\Documents and Settings\Yoann\Application Data\ygmdrm.exe
[2009/11/10 20:49:56 | 000,129,112 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2009/11/10 07:29:23 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2009/11/10 07:24:37 | 000,021,892 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2009/11/10 07:10:28 | 000,004,205 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2009/11/10 07:09:13 | 000,286,112 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2008/04/14 07:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2008/04/14 07:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2008/04/14 07:00:00 | 000,472,074 | ---- | C] () -- C:\WINDOWS\System32\perfh00C.dat
[2008/04/14 07:00:00 | 000,407,916 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2008/04/14 07:00:00 | 000,322,810 | ---- | C] () -- C:\WINDOWS\System32\perfi00C.dat
[2008/04/14 07:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2008/04/14 07:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2008/04/14 07:00:00 | 000,066,360 | ---- | C] () -- C:\WINDOWS\System32\perfc00C.dat
[2008/04/14 07:00:00 | 000,055,200 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2008/04/14 07:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2008/04/14 07:00:00 | 000,034,108 | ---- | C] () -- C:\WINDOWS\System32\perfd00C.dat
[2008/04/14 07:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2008/04/14 07:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2008/04/14 07:00:00 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2008/04/14 07:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2008/04/14 07:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2004/09/07 08:23:16 | 000,156,672 | ---- | C] () -- C:\WINDOWS\System32\RTLCPAPI.dll

[color=#E56717]========== LOP Check ==========/color

[2011/12/10 14:12:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Yoann\Application Data\gtk-2.0
[2010/12/03 12:41:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Yoann\Application Data\OpenOffice.org
[2011/07/23 06:12:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Yoann\Application Data\redsn0w
[2011/06/14 16:26:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Yoann\Application Data\Samsung
[2011/01/27 12:42:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Yoann\Application Data\Sports Interactive
[2010/12/12 07:47:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EPSON
[2011/11/19 09:18:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Micro Application
[2011/06/14 16:26:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Samsung
[2011/01/27 12:54:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sports Interactive
[2010/12/12 07:52:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\UDL
[2011/07/21 01:01:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}

[color=#E56717]========== Purity Check ==========/color



[color=#E56717]========== Custom Scans ==========/color


Invalid Environment Variable: %ALLUSERSPROFILE%\Application Data\*.

Invalid Environment Variable: %ALLUSERSPROFILE%\Application Data\*.exe

[color=#A23BEC]< %SYSTEMDRIVE%\*.exe >/color


[color=#A23BEC]< MD5 for: AEC.SYS >/color
[2008/04/14 07:00:00 | 020,102,028 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:aec.sys
[2008/04/13 03:39:24 | 000,142,592 | ---- | M] (Microsoft Corporation) MD5=8BED39E3C35D6A489438B8141717A557 -- C:\WINDOWS\system32\dllcache\aec.sys
[2008/04/13 03:39:24 | 000,142,592 | ---- | M] (Microsoft Corporation) MD5=8BED39E3C35D6A489438B8141717A557 -- C:\WINDOWS\system32\drivers\aec.sys

[color=#A23BEC]< MD5 for: AGP440.SYS >/color
[2008/04/14 07:00:00 | 020,102,028 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys

[color=#A23BEC]< MD5 for: ATAPI.SYS >/color
[2008/04/14 07:00:00 | 020,102,028 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2008/04/14 07:00:00 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys

[color=#A23BEC]< MD5 for: CDROM.SYS >/color
[2008/04/14 07:00:00 | 020,102,028 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:cdrom.sys
[2008/04/14 07:00:00 | 000,062,976 | ---- | M] (Microsoft Corporation) MD5=1F4260CC5B42272D71F79E570A27A4FE -- C:\WINDOWS\system32\drivers\cdrom.sys

[color=#A23BEC]< MD5 for: DISK.SYS >/color
[2008/04/14 07:00:00 | 020,102,028 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:disk.sys
[2008/04/14 07:00:00 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=044452051F3E02E7963599FC8F4F3E25 -- C:\WINDOWS\system32\drivers\disk.sys

[color=#A23BEC]< MD5 for: EVENTLOG.DLL >/color
[2008/04/14 07:00:00 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=4EC800BDF80521B0207BD2301DFC7D14 -- C:\WINDOWS\system32\dllcache\eventlog.dll
[2008/04/14 07:00:00 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=4EC800BDF80521B0207BD2301DFC7D14 -- C:\WINDOWS\system32\eventlog.dll

[color=#A23BEC]< MD5 for: EXPLORER.EXE >/color
[2008/04/14 07:00:00 | 001,037,824 | ---- | M] (Microsoft Corporation) MD5=F2317622D29F9FF0F88AEECD5F60F0DD -- C:\WINDOWS\explorer.exe
[2008/04/14 07:00:00 | 001,037,824 | ---- | M] (Microsoft Corporation) MD5=F2317622D29F9FF0F88AEECD5F60F0DD -- C:\WINDOWS\system32\dllcache\explorer.exe

[color=#A23BEC]< MD5 for: MOUNTMGR.SYS >/color
[2008/04/14 07:00:00 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=A80B9A0BAD1B73637DBCBBA7DF72D3FD -- C:\WINDOWS\system32\dllcache\mountmgr.sys
[2008/04/14 07:00:00 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=A80B9A0BAD1B73637DBCBBA7DF72D3FD -- C:\WINDOWS\system32\drivers\mountmgr.sys

[color=#A23BEC]< MD5 for: MRXSMB.SYS >/color
[2008/04/14 07:00:00 | 020,102,028 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:mrxsmb.sys
[2011/04/29 11:19:43 | 000,456,320 | ---- | M] (Microsoft Corporation) MD5=0DC719E9B15E902346E87E9DCD5751FA -- C:\WINDOWS\$NtUninstallKB2536276-v2$\mrxsmb.sys
[2011/02/17 08:18:24 | 000,455,936 | ---- | M] (Microsoft Corporation) MD5=0EA4D8ED179B75F8AFA7998BA22285CA -- C:\WINDOWS\$NtUninstallKB2536276$\mrxsmb.sys
[2008/10/24 06:21:09 | 000,455,296 | ---- | M] (Microsoft Corporation) MD5=60AE98742484E7AB80C3C1450E708148 -- C:\WINDOWS\$NtUninstallKB2511455$\mrxsmb.sys
[2008/04/14 07:00:00 | 000,456,576 | ---- | M] (Microsoft Corporation) MD5=68755F0FF16070178B54674FE5B847B0 -- C:\WINDOWS\$NtUninstallKB957097$\mrxsmb.sys
[2008/10/24 06:41:11 | 000,455,936 | ---- | M] (Microsoft Corporation) MD5=7170AB42B51954DEF2781A4D1CCE65F4 -- C:\WINDOWS\$hf_mig$\KB957097\SP3QFE\mrxsmb.sys
[2011/07/15 08:29:31 | 000,456,320 | ---- | M] (Microsoft Corporation) MD5=7D304A5EB4344EBEEAB53A2FE3FFB9F0 -- C:\WINDOWS\Driver Cache\i386\mrxsmb.sys
[2011/07/15 08:29:31 | 000,456,320 | ---- | M] (Microsoft Corporation) MD5=7D304A5EB4344EBEEAB53A2FE3FFB9F0 -- C:\WINDOWS\system32\dllcache\mrxsmb.sys
[2011/07/15 08:29:31 | 000,456,320 | ---- | M] (Microsoft Corporation) MD5=7D304A5EB4344EBEEAB53A2FE3FFB9F0 -- C:\WINDOWS\system32\drivers\mrxsmb.sys
[2011/04/29 11:47:42 | 000,457,856 | ---- | M] (Microsoft Corporation) MD5=8DD801E28EB76FDA2A38907882A0036F -- C:\WINDOWS\$hf_mig$\KB2536276\SP3QFE\mrxsmb.sys
[2011/07/15 08:29:35 | 000,457,856 | ---- | M] (Microsoft Corporation) MD5=FB2FCCC70F7174C7BF64F48E96D3ADF4 -- C:\WINDOWS\$hf_mig$\KB2536276-v2\SP3QFE\mrxsmb.sys
[2011/02/17 08:19:38 | 000,457,472 | ---- | M] (Microsoft Corporation) MD5=FB7DFD15D760AD339837A470F0E780D3 -- C:\WINDOWS\$hf_mig$\KB2511455\SP3QFE\mrxsmb.sys

[color=#A23BEC]< MD5 for: NDIS.SYS >/color
[2008/04/14 07:00:00 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\system32\dllcache\ndis.sys
[2008/04/14 07:00:00 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\system32\drivers\ndis.sys

[color=#A23BEC]< MD5 for: NETLOGON.DLL >/color
[2008/04/14 07:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=04821179C3171554C1BD1F9888A113E2 -- C:\WINDOWS\system32\dllcache\netlogon.dll
[2008/04/14 07:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=04821179C3171554C1BD1F9888A113E2 -- C:\WINDOWS\system32\netlogon.dll

[color=#A23BEC]< MD5 for: RASACD.SYS >/color
[2008/04/14 07:00:00 | 000,008,832 | ---- | M] (Microsoft Corporation) MD5=FE0D99D6F31E4FAD8159F690D68DED9C -- C:\WINDOWS\system32\dllcache\rasacd.sys
[2008/04/14 07:00:00 | 000,008,832 | ---- | M] (Microsoft Corporation) MD5=FE0D99D6F31E4FAD8159F690D68DED9C -- C:\WINDOWS\system32\drivers\rasacd.sys

[color=#A23BEC]< MD5 for: SCECLI.DLL >/color
[2008/04/14 07:00:00 | 000,187,392 | ---- | M] (Microsoft Corporation) MD5=973B36634C544948C663E8269AA1B3A3 -- C:\WINDOWS\system32\dllcache\scecli.dll
[2008/04/14 07:00:00 | 000,187,392 | ---- | M] (Microsoft Corporation) MD5=973B36634C544948C663E8269AA1B3A3 -- C:\WINDOWS\system32\scecli.dll

[color=#A23BEC]< MD5 for: TERMDD.SYS >/color
[2008/04/14 07:00:00 | 020,102,028 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:termdd.sys
[2008/04/13 13:34:54 | 000,040,840 | ---- | M] (Microsoft Corporation) MD5=88155247177638048422893737429D9E -- C:\WINDOWS\system32\drivers\termdd.sys

[color=#A23BEC]< MD5 for: WIN32K.SYS >/color
[2008/04/14 07:00:00 | 001,845,760 | ---- | M] (Microsoft Corporation) MD5=0E65F97FF5B39068D1D2186B3D7600C7 -- C:\WINDOWS\$NtUninstallKB969947$\win32k.sys
[2011/06/06 06:36:19 | 001,868,032 | ---- | M] (Microsoft Corporation) MD5=31C9FCD53634B437F36B0417DA48066A -- C:\WINDOWS\$hf_mig$\KB2555917\SP3QFE\win32k.sys
[2011/03/03 08:53:37 | 001,858,048 | ---- | M] (Microsoft Corporation) MD5=3BEDF6024160399E2AF010BB2E7F4F59 -- C:\WINDOWS\$NtUninstallKB2555917$\win32k.sys
[2009/08/14 10:58:52 | 001,859,840 | ---- | M] (Microsoft Corporation) MD5=479DD2D56488951B4842B6ECBB770239 -- C:\WINDOWS\$hf_mig$\KB969947\SP3QFE\win32k.sys
[2011/09/06 09:08:29 | 001,868,032 | ---- | M] (Microsoft Corporation) MD5=501628FE99EE77D59BFD29B6DC6803DA -- C:\WINDOWS\$hf_mig$\KB2567053\SP3QFE\win32k.sys
[2011/06/06 06:35:23 | 001,859,072 | ---- | M] (Microsoft Corporation) MD5=667C2CED1208788BD0FE1F6E8CFE1CD0 -- C:\WINDOWS\$NtUninstallKB2567053$\win32k.sys
[2009/08/14 10:13:59 | 001,850,752 | ---- | M] (Microsoft Corporation) MD5=8441F8A5DC42BD5F2BEAA95297EE0E10 -- C:\WINDOWS\$NtUninstallKB2506223$\win32k.sys
[2009/04/19 14:42:34 | 001,847,936 | ---- | M] (Microsoft Corporation) MD5=A4CB910DA61C2AB50D1D4E15CDA48D32 -- C:\WINDOWS\SoftwareDistribution\Download\95a87184f2268536b785815192ba79e5\sp3qfe\win32k.sys
[2009/04/19 14:50:30 | 001,847,296 | ---- | M] (Microsoft Corporation) MD5=E2D4E6609DCF4175FCC8BCA489F28D9C -- C:\WINDOWS\SoftwareDistribution\Download\95a87184f2268536b785815192ba79e5\sp3gdr\win32k.sys
[2011/03/03 08:52:12 | 001,867,008 | ---- | M] (Microsoft Corporation) MD5=E832E04ADDD745DC462ED800E8416B9C -- C:\WINDOWS\$hf_mig$\KB2506223\SP3QFE\win32k.sys
[2011/09/06 09:10:01 | 001,859,072 | ---- | M] (Microsoft Corporation) MD5=FD0E6DD2893EB98845EA3C84A774A926 -- C:\WINDOWS\system32\dllcache\win32k.sys
[2011/09/06 09:10:01 | 001,859,072 | ---- | M] (Microsoft Corporation) MD5=FD0E6DD2893EB98845EA3C84A774A926 -- C:\WINDOWS\system32\win32k.sys

[color=#A23BEC]< MD5 for: WINLOGON.EXE >/color
[2009/11/11 12:19:05 | 000,512,000 | ---- | M] (Microsoft Corporation) MD5=8D71F28DEB37CC9C2E344095D8BFE1EE -- C:\WINDOWS\system32\winlogon.exe

[color=#A23BEC]< %systemroot%\*. /mp /s >/color

[color=#A23BEC]< %systemroot%\system32\*.dll /lockedfiles >/color
[2011/03/03 01:55:26 | 000,149,504 | ---- | M] (Microsoft Corporation)[b] Unable to obtain MD5/b -- C:\WINDOWS\system32\dnsapi.dll
[2008/04/14 07:00:00 | 000,281,600 | ---- | M] (Microsoft Corporation)[b] Unable to obtain MD5/b -- C:\WINDOWS\system32\mstask.dll
[2008/04/14 07:00:00 | 000,067,072 | ---- | M] (Microsoft Corporation)[b] Unable to obtain MD5/b -- C:\WINDOWS\system32\ntdsapi.dll
[2011/09/05 08:56:25 | 001,510,912 | ---- | M] (Microsoft Corporation)[b] Unable to obtain MD5/b -- C:\WINDOWS\system32\shdocvw.dll
[2011/01/21 09:44:12 | 008,518,656 | ---- | M] (Microsoft Corporation)[b] Unable to obtain MD5/b -- C:\WINDOWS\system32\shell32.dll
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

[color=#A23BEC]< %systemroot%\Tasks\*.job /lockedfiles >/color

[color=#A23BEC]< %systemroot%\system32\drivers\*.sys /lockedfiles >/color

[color=#A23BEC]< %systemroot%\System32\config\*.sav >/color
[2009/11/10 07:08:22 | 000,094,208 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav
[2009/11/10 07:08:22 | 001,069,056 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav
[2009/11/10 07:08:21 | 000,458,752 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav

[color=#A23BEC]< CREATERESTOREPOINT >/color

[color=#E56717]========== Alternate Data Streams ==========/color

@Alternate Data Stream - 88 bytes -> C:\Documents and Settings\Yoann\Bureau\paie pour calc copie.ods:SummaryInformation
< End of report >
A voir également:

4 réponses

Réponse 1 / 4
kalimusic Messages postés 14014 Date d'inscription samedi 7 novembre 2009 Statut Contributeur sécurité Dernière intervention 20 novembre 2015 3 027
11 déc. 2011 à 01:22
Bonsoir,

1. Relance OTL

● Dans la partie "Personnalisation", copie/colle : 

:OTL
O20 - HKLM Winlogon: Shell - (C:\Documents and Settings\Yoann\Application Data\mahmud.exe) - C:\Documents and Settings\Yoann\Application Data\mahmud.exe (Packard Bell BV) 
O20 - HKLM Winlogon: TaskMan - (C:\Documents and Settings\Yoann\Application Data\ygmdrm.exe) - C:\Documents and Settings\Yoann\Application Data\ygmdrm.exe () 
[2011/12/10 17:13:58 | 000,196,608 | ---- | C] (Packard Bell BV) -- C:\Documents and Settings\Yoann\Application Data\mahmud.exe 
[2010/12/08 18:56:51 | 000,267,264 | RHS- | C] () -- C:\Documents and Settings\Yoann\Application Data\ygmdrm.exe

● Clique sur le bouton Correction.
● Patiente pendant le travail de l'outil.

2. Redémarre normalement.

3. Fait un scan complet avec Malwarebytes
https://www.malekal.com/tutoriel-malwarebyte-anti-malware/

A +
3
Réponse 2 / 4
DockerJeckyll Messages postés 4 Date d'inscription dimanche 11 décembre 2011 Statut Membre Dernière intervention 14 juillet 2012
11 déc. 2011 à 02:46
re

(c'est yoann, je me suis crée un compte, et désolé de ne pas pouvoir mettre ce topic en résolu).

Le trojan et en quarantaine et le PC se porte comme un charme.

Merci beaucoup, vraiment.

Bonne nuit !
0
maliikou06
21 déc. 2011 à 16:38
salut moi aussi jei etait touche par ce virus ce qe j'ai fait je l'ai redemarer j'ai fait le plus vite possible pour tou suppr et redemarer sans echec fait u autre session et voila
0
Réponse 3 / 4
kalimusic Messages postés 14014 Date d'inscription samedi 7 novembre 2009 Statut Contributeur sécurité Dernière intervention 20 novembre 2015 3 027
11 déc. 2011 à 09:34
Bonjour,

Désactive puis réactive la restauration système

== == == == == == == == == == == == == == == == == == == == == ==

les choses simples qui font la différence

Maintenir Windows à jour

Maintenir les logiciels à jour

Ne pas surfer en droits administrateurs

Ne pas installer n'importe quel logiciel sur son PC (surtout via des liens publicitaires), toujours se renseigner avant. Les télécharger dans la mesure du possible sur le site de l'éditeur. Éviter d'installer les diverses barres d'outils ou de recherches, etc....proposées lors de l'installation.

Bannir les sites à risques (pornographiques, etc...) et les comportements à risques (P2P, cracks, warez....)

Ne pas cliquer aveuglement sur des liens contenus dans les e-mails, les messageries instantanées, les réseaux sociaux, etc ...même si l'expéditeur est connu et à plus forte raison s'il est inconnu ou suspect.

Utiliser un navigateur alternatif et le sécuriser (par exemple Firefox avec des modules complémentaires comme AdBlock, Noscript, WOT, etc...)

== == == == == == == == == == == == == == == == == == == == == ==

La sécurité de son PC, c'est quoi ? (par Malekal)

== == == == == == == == == == == == == == == == == == == == == ==

Bonne continuation
0
Réponse 4 / 4
sniper0891 Messages postés 208 Date d'inscription vendredi 26 février 2010 Statut Membre Dernière intervention 2 janvier 2014 16
11 déc. 2011 à 01:19
change de pc :D non plus sérieusement à tu essayer de formater ? (que la partition windows, si tu en as une bien sur)
-4