[Résolu] malware Lkckclckl1i1i.com

par **strat333** » 01 Avr 2011, 22:26

Bonjour,

Configuration: Windows XP / Firefox 4.0 antivirus: ESET NOD32

le problème:
redirections et ouverture de fenêtres internet intempestives des que je suis connecte. Également l'ordinateur rame un peu

tentatives:
j'ai passe un coup de EMSISOFT qui à pu détecter et enlever plusieurs malwares
le problème continu
j'ai donc passe un coup de Malwarebytes qui à détecter d'autres bestioles et les à enlevés

cependant le problème persiste mais moins fréquent

Après ma tentative avec EMSISOFT et Malwarebytes, mon antivirus qui ne détecte rien de suspect quand je le lance, emet cependant régulièrement une alerte concernant un URL
Lkckclckl1i1i.com

L'alerte se fait régulièrement mais si je vais dans le journal des événements de ESET, il n'y a rien de répertorié

Quelqu'un peut il m'aider ?

Je vous remercie

par **MoJac** » 02 Avr 2011, 16:22

Pb pris en charge sur un autre forum.

Sujet ré-ouvert à la demande de l'utilisateur ....

par **strat333** » 09 Avr 2011, 19:39

bonjour

une personne m'a fait faire les manip suivantes

ZHPDiag puis TDSS killer puis Rogue Killer puis malwarebytes: plusieurs rogues et fake éliminés
voici les rapports:
http://cjoint.com/?1ecqinzn8a8
http://cjoint.com/?1ectLQERhBe
http://cjoint.com/?0ecwzGqQQmv

Depuis l'ordi ne rame plus , je n'ai plus d'alerte de l'antivirus et je n'ai plus d'ouverture de fenêtres internet ou de redirection internet

Cependant un problème persiste:
De temps en temps j'ai une fenêtre qui s'ouvre, elle représente la page d'inscription ou d'accueil de la messagerie hotmail ou yahoo, voici une copie d’écran de ce qui s'affiche sur mon ordi.
http://cjoint.com/?0eixPnoXWvp
L'image est "animée" et peux cliquer dans les parties de zones de textes, cependant ca n'est pas vraiment une fenêtre internet, il n'y a pas de barre d'adressage par exemple
c'est pas très clair je sais mais c'est difficile d'expliquer
cela le fait plus souvent quand je visionne une vidéo Utube, mais c'est pt être juste une coïncidence

Merci pour votre aide

par **MoJac** » 09 Avr 2011, 19:48

Bonsoir strat333,

Nous allons regarder tout ça de plus prés ...

La première chose à faire est de changer tous tes mots de passe (MSN, Messageries, ...).

- Suis les indications données ici pour la vérif de solidité de tes nouveaux mots de passe:

http://www.microsoft.com/canada/fr/atho ... ecker.mspx

- Et ici pour la création d'un mot de passe valable:

http://www.microsoft.com/canada/fr/atho ... sword.mspx

Ensuite après mise à jour refais un scan Malwarebyte's Antimalware et poste le log si il trouve quelque chose.

Dis nous si le changement de mot de passe a fait cesser les pb.

A plus

par **strat333** » 15 Avr 2011, 19:39

bonjour
désolé pour la réponse tardive, je m’étais absenter quelques jours

je ne suis pas certain que ns ns soyons compris...Je n'ai pas de problème de messagerie, je peux accéder a ma messagerie sans problème, et personne ne la piratée (pour l'instant)
le copie d’écran que j'ai envoyée ne concerne pas mon compte de messagerie. C'est juste comme je l'ai dit, une fenêtre qui s'ouvre toute seule.
lorsque on ouvre une fenêtre internet, celle-ci est représentée en bas de l’écran sur la barre de tache avec l’icône du navigateur
Dans le cas de la fenêtre dont je parle qui s'ouvre toute seule, ca représentation sur la barre de tache est l’icône d'un dossier.

Malwarebytes et consort ne trouvent rien

merci

par **MoJac** » 15 Avr 2011, 20:05

Bonsoir strat333,

OK. On va donc chercher autre chose:

:ss)

Télécharge l'outil suivant (de noahdfear) sur ton Bureau :
http://noahdfear.net/downloads/HAMeb_check.exe

> Lance-le. Un rapport apparaîtra à l'écran ; copie/colle son contenu ici, dans ta réponse.

Télécharge OTL (OldTimer) sur ton Bureau :

- Ferme toutes les fenêtres de programme ouvertes.

- Double clic sur OTL.exe pour lancer l'outil (XP).

Sous Windows Vista/Sept, faire un clic droit sur OTL.exe puis choisir "Exécuter en tant qu'Administrateur" pour lancer l'outil.

- L'écran principal de OTL s'affiche:

(1) Si ce n'est déjà fait, dans le paragraphe Registre: Approfondi, cocher le bouton-radio Avec liste blanche:

(2) Coche (en haut) la case située devant Tous les utilisateurs:

NB: si le système est un 64 bit, cette caractéristique apparaitra ici. Veiller à la laisser cocher

(3) Sélectionne très précisément tout ce qui est en gras avec la souris et copie/colle le contenu dans la zone "Personnalisation" de la fenêtre OTL

netsvcs
hklm\software\clients\startmenuinternet|command /rs
%SYSTEMDRIVE%\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\System32\config\*.sav
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\system32\*.dll /lockedfiles
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
SAVEMBR:0
/md5start
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
iexplore.exe
/md5stop

(4) Puis cliquer sur le bouton Analyse:

- Laisser l'outil travailler sans l'interrompre.

Lorsque l'outil a terminé, il y a ouverture de 2 fenêtres du Bloc-notes contenant OTL.Txt et Extras.Txt.
Sélectionne et copie le contenu de ces 2 fichiers, l'un après l'autre, dans ta prochaine réponse.(au besoins fais plusieurs messages)

Sont donc attendus:

Le rapport HAMeb_check
Les rapports OTL.txt et Extras.txt

A plus

par **strat333** » 15 Avr 2011, 20:59

voici le 1er rapport

C:\Documents and Settings\Admin\Desktop\EXE\NoahdFear\HAMeb_check.exe
15/04/2011 at 21:43:52,79

Account active No
Local Group Memberships

~~ Checking profile list ~~

No HelpAssistant profile in registry

~~ Checking for HelpAssistant directories ~~

none found

~~ Checking mbr ~~

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys intelide.sys PCIIDEX.SYS
kernel: MBR read successfully
user & kernel MBR OK

~~ Checking for termsrv32.dll ~~

termsrv32.dll was not found

HKEY_LOCAL_MACHINE\system\currentcontrolset\services\termservice\parameters
ServiceDll REG_EXPAND_SZ %SystemRoot%\System32\termsrv.dll

~~ Checking firewall ports ~~

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile\GloballyOpenPorts\List]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

~~ EOF ~~

par **strat333** » 15 Avr 2011, 21:02

la suite, OTL.txt

OTL logfile created on: 15/04/2011 21:48:02 - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\Admin\Desktop\EXE\OTL
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy

1 023,00 Mb Total Physical Memory | 507,00 Mb Available Physical Memory | 50,00% Memory free
2,00 Gb Paging File | 2,00 Gb Available in Paging File | 76,00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 111,79 Gb Total Space | 14,88 Gb Free Space | 13,31% Space Free | Partition Type: NTFS
Drive E: | 14,95 Gb Total Space | 12,44 Gb Free Space | 83,22% Space Free | Partition Type: FAT32
Drive F: | 446,77 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: UDF
Drive G: | 297,44 Gb Total Space | 2,51 Gb Free Space | 0,85% Space Free | Partition Type: NTFS

Computer Name: DAMIEN | User Name: Admin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/04/15 21:38:52 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Admin\Desktop\EXE\OTL\OTL.exe
PRC - [2010/10/27 18:24:42 | 000,645,952 | ---- | M] (TuneUp Software) -- C:\Documents and Settings\Admin\Desktop\EXE\Tune up\TuneUpPortable\App\TuneUp\TuneUpUtilitiesApp32.exe
PRC - [2010/10/27 18:23:16 | 001,483,072 | ---- | M] (TuneUp Software) -- C:\Documents and Settings\Admin\Desktop\EXE\Tune up\TuneUpPortable\App\TuneUp\TuneUpUtilitiesService32.exe
PRC - [2010/10/24 22:58:19 | 000,202,256 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2009/11/24 10:53:34 | 000,348,160 | ---- | M] () -- C:\Program Files\Creative\Shared Files\AVCManU.exe
PRC - [2009/11/13 13:31:14 | 000,092,008 | ---- | M] (TomTom) -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
PRC - [2009/08/17 10:52:08 | 000,098,304 | ---- | M] (WDC) -- C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
PRC - [2009/06/16 09:58:08 | 000,020,480 | ---- | M] (Memeo) -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe
PRC - [2009/02/06 14:23:36 | 000,727,720 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
PRC - [2009/02/06 14:23:12 | 002,021,400 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
PRC - [2008/08/13 05:49:30 | 000,405,504 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Creative\Software Update 3\SoftAuto.exe
PRC - [2008/06/24 04:26:10 | 000,102,400 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Creative\Creative Centrale\CTUPnPFn.exe
PRC - [2008/05/21 13:42:56 | 000,064,000 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Creative\Creative Centrale\CTUPnPSv.exe
PRC - [2008/04/14 05:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/03/30 12:28:58 | 000,774,144 | ---- | M] (Nuance Communications, Inc.) -- C:\Program Files\Nuance\PDF Professional 5\PdfPro5Hook.exe
PRC - [2008/03/30 12:28:58 | 000,144,672 | ---- | M] (Nuance Communications, Inc.) -- C:\Program Files\Nuance\PDF Professional 5\PDFProFiltSrv.exe
PRC - [2007/04/02 08:15:40 | 000,061,440 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Creative\Shared Files\CTDevSrv.exe
PRC - [2002/03/07 14:49:06 | 000,171,665 | ---- | M] (Compaq) -- C:\Program Files\COMPAQ\EAB\eabservr.exe
PRC - [2002/02/26 17:08:48 | 000,110,592 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
PRC - [2002/02/14 12:42:50 | 000,315,392 | ---- | M] (ATI Technologies, Inc.) -- C:\WINDOWS\system32\atiptaxx.exe

========== Modules (SafeList) ==========

MOD - [2011/04/15 21:38:52 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Admin\Desktop\EXE\OTL\OTL.exe
MOD - [2010/08/23 18:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
MOD - [2002/02/26 17:08:28 | 000,065,536 | ---- | M] (Synaptics, Inc.) -- C:\WINDOWS\system32\SynTPFcs.dll

========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - [2011/03/25 13:11:44 | 000,739,328 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\wllqaatc.dll -- (wqnkjdgs)
SRV - [2010/10/27 18:23:16 | 001,483,072 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Documents and Settings\Admin\Desktop\EXE\Tune up\TuneUpPortable\App\TuneUp\TuneUpUtilitiesService32.exe -- (TuneUp.UtilitiesSvc)
SRV - [2010/09/12 15:30:52 | 000,251,248 | ---- | M] (CybelSoft) [On_Demand | Stopped] -- C:\Program Files\ma-config.com\maconfservice.exe -- (maconfservice)
SRV - [2009/11/13 13:31:14 | 000,092,008 | ---- | M] (TomTom) [Auto | Running] -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService)
SRV - [2009/08/17 10:52:08 | 000,098,304 | ---- | M] (WDC) [Auto | Running] -- C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe -- (WDDMService)
SRV - [2009/06/16 09:58:08 | 000,020,480 | ---- | M] (Memeo) [Auto | Running] -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe -- (WDSmartWareBackgroundService)
SRV - [2009/02/06 14:27:06 | 000,020,680 | ---- | M] (ESET) [On_Demand | Stopped] -- C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe -- (EhttpSrv)
SRV - [2009/02/06 14:23:36 | 000,727,720 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe -- (ekrn)
SRV - [2008/05/21 13:42:56 | 000,064,000 | ---- | M] (Creative Technology Ltd) [Auto | Running] -- C:\Program Files\Creative\Creative Centrale\CTUPnPSv.exe -- (CTUPnPSv)
SRV - [2008/03/30 12:28:58 | 000,144,672 | ---- | M] (Nuance Communications, Inc.) [Auto | Running] -- C:\Program Files\Nuance\PDF Professional 5\PDFProFiltSrv.exe -- (PDFProFiltSrv)
SRV - [2007/04/02 08:15:40 | 000,061,440 | ---- | M] (Creative Technology Ltd) [Auto | Running] -- C:\Program Files\Creative\Shared Files\CTDevSrv.exe -- (CTDevice_Srv)

========== Driver Services (SafeList) ==========

DRV - [2010/10/07 13:34:32 | 000,010,064 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Running] -- C:\Documents and Settings\Admin\Desktop\EXE\Tune up\TuneUpPortable\App\TuneUp\TuneUpUtilitiesDriver32.sys -- (TuneUpUtilitiesDrv)
DRV - [2010/08/30 12:19:54 | 000,014,336 | ---- | M] (CybelSoft) [Kernel | On_Demand | Stopped] -- C:\Program Files\ma-config.com\Drivers\driverhardwarev2.sys -- (driverhardwarev2)
DRV - [2010/05/10 20:41:30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Documents and Settings\Admin\Local Settings\Temp\SAS_SelfExtract\saskutil.sys -- (SASKUTIL)
DRV - [2010/02/17 20:25:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Documents and Settings\Admin\Local Settings\Temp\SAS_SelfExtract\sasdifsv.sys -- (SASDIFSV)
DRV - [2009/02/13 12:02:52 | 000,011,520 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wdcsam.sys -- (WDC_SAM)
DRV - [2009/02/06 14:24:24 | 000,093,336 | ---- | M] (ESET) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\epfwtdir.sys -- (epfwtdir)
DRV - [2009/02/06 14:23:18 | 000,106,208 | ---- | M] (ESET) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ehdrv.sys -- (ehdrv)
DRV - [2009/02/06 14:19:52 | 000,113,448 | ---- | M] (ESET) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\eamon.sys -- (eamon)
DRV - [2005/12/21 10:16:34 | 000,470,048 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ar5211.sys -- (AR5211)
DRV - [2004/08/03 22:41:36 | 000,606,684 | ---- | M] (LT) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ltmdmnt.sys -- (ltmodem5)
DRV - [2002/02/20 14:07:34 | 000,381,824 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2002/02/12 09:09:12 | 000,006,960 | ---- | M] (Compaq Computer Corp.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\EABFILTR.SYS -- (EABFiltr)
DRV - [2002/01/28 16:43:58 | 000,005,168 | ---- | M] (Compaq Computer Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\EABUSB.SYS -- (eabusb)
DRV - [2002/01/16 14:48:54 | 000,054,222 | ---- | M] (Compaq Computer Corp) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\ClntMgmt.sys -- (ClntMgmt.sys)
DRV - [2001/10/04 00:00:06 | 000,585,200 | ---- | M] (Conexant Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2001/08/17 13:48:56 | 000,289,664 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\atimpab.sys -- (atimpab)
DRV - [2001/08/17 13:47:42 | 000,023,424 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\zbxcgmab.sys -- (zbxcgmab)
DRV - [2001/08/17 13:19:48 | 000,174,464 | ---- | M] (ESS Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\es198x.sys -- (allegro) ESS Allegro Audio Driver (WDM)
DRV - [2001/08/17 13:10:28 | 000,035,913 | ---- | M] (SMC) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\smcirda.sys -- (SMCIRDA)
DRV - [2001/07/16 11:17:30 | 000,076,610 | ---- | M] (Conexant Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\basic2.sys -- (basic2)
DRV - [2001/07/16 11:16:58 | 000,539,917 | ---- | M] (Conexant Systems) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\v124nt.sys -- (V124)
DRV - [2001/07/15 18:05:54 | 000,067,222 | ---- | M] (Conexant Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rksample.sys -- (Rksample)
DRV - [2001/07/03 17:42:30 | 000,017,776 | ---- | M] (Conexant Systems) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\cnxtdiag.sys -- (Cnxtdiag)
DRV - [2001/06/24 17:16:36 | 000,427,215 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\k56nt.sys -- (K56)
DRV - [2001/06/24 17:16:08 | 000,124,189 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\fsksnt.sys -- (Fsks)
DRV - [2001/06/24 17:15:20 | 000,215,195 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\faxnt.sys -- (SoftFax)
DRV - [2001/06/24 17:14:18 | 000,059,375 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\tonesnt.sys -- (Tones)
DRV - [2001/06/24 17:13:56 | 000,308,403 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\fallback.sys -- (Fallback)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-2111342016-995690780-1244716356-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-2111342016-995690780-1244716356-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
IE - HKU\S-1-5-21-2111342016-995690780-1244716356-1005\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-2111342016-995690780-1244716356-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..keyword.URL: "www.google.com"

FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010/10/24 22:59:30 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/03/21 18:59:21 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2010/10/18 01:35:19 | 000,000,000 | ---D | M]

[2010/12/22 23:20:53 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Admin\Application Data\Mozilla\Extensions
[2010/12/22 23:20:53 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Admin\Application Data\Mozilla\Extensions\home2@tomtom.com
[2011/04/07 20:22:36 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\lu69q6hy.default\extensions
[2011/04/03 17:42:52 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\lu69q6hy.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2011/04/03 15:55:36 | 000,000,000 | ---D | M] (British English Dictionary) -- C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\lu69q6hy.default\extensions\en-GB@dictionaries.addons.mozilla.org
[2011/03/21 18:59:21 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
File not found (No name found) --
() (No name found) -- C:\DOCUMENTS AND SETTINGS\ADMIN\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\LU69Q6HY.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
[2010/11/11 17:50:21 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2010/10/25 13:34:34 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
[2011/03/18 19:58:47 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browsercomps.dll
[2010/01/01 10:00:00 | 000,001,516 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-france.xml
[2010/01/01 10:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\bing.xml
[2010/01/01 10:00:00 | 000,001,822 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\cnrtl-tlfi-fr.xml
[2010/01/01 10:00:00 | 000,001,154 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-france.xml
[2010/01/01 10:00:00 | 000,001,426 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-fr.xml
[2010/01/01 10:00:00 | 000,000,956 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-france.xml

O1 HOSTS File: ([2011/03/26 22:33:32 | 000,000,734 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: () - {D57A861A-B272-E2CD-4316-D78CCC33D9C9} - C:\WINDOWS\system32\wllqaatc.dll ()
O2 - BHO: (ZeonIEEventHelper Class) - {DA986D7D-CCAF-47B2-84FE-BFA1549BEBF9} - C:\Program Files\Nuance\PDF Professional 5\bin\ZeonIEFavClient.dll (Zeon Corporation)
O3 - HKLM\..\Toolbar: (Nuance PDF) - {E3286BF1-E654-42FF-B4A6-5E111731DF6B} - C:\Program Files\Nuance\PDF Professional 5\bin\ZeonIEFavClient.dll (Zeon Corporation)
O3 - HKU\S-1-5-21-2111342016-995690780-1244716356-1005\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4 - HKLM..\Run: [ATIModeChange] C:\WINDOWS\System32\Ati2mdxx.exe (ATI Technologies, Inc.)
O4 - HKLM..\Run: [AtiPTA] C:\WINDOWS\System32\atiptaxx.exe (ATI Technologies, Inc.)
O4 - HKLM..\Run: [eabconfg.cpl] C:\Program Files\Compaq\EAB\EabServr.exe (Compaq)
O4 - HKLM..\Run: [egui] C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET)
O4 - HKLM..\Run: [PDF5 Registry Controller] C:\Program Files\Nuance\PDF Professional 5\RegistryController.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [PDFHook] C:\Program Files\Nuance\PDF Professional 5\PdfPro5Hook.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKU\S-1-5-21-2111342016-995690780-1244716356-1005..\Run: [SoftAuto.exe] C:\Program Files\Creative\Software Update 3\SoftAuto.exe (Creative Technology Ltd)
O4 - HKU\S-1-5-21-2111342016-995690780-1244716356-1005..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\System32\Macromed\Flash\FlashUtil10l_Plugin.exe (Adobe Systems, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2111342016-995690780-1244716356-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Ajouter au fichier PDF existant - C:\Program Files\Nuance\PDF Professional 5\bin\ZeonIEFavClient.dll (Zeon Corporation)
O8 - Extra context menu item: Ajouter le contenu des liens sélectionnés à un fichier PDF existant - C:\Program Files\Nuance\PDF Professional 5\bin\ZeonIEFavClient.dll (Zeon Corporation)
O8 - Extra context menu item: Ajouter le contenu du lien à un fichier PDF existant - C:\Program Files\Nuance\PDF Professional 5\bin\ZeonIEFavClient.dll (Zeon Corporation)
O8 - Extra context menu item: Créer des fichiers PDF à partir des liens sélectionnés - C:\Program Files\Nuance\PDF Professional 5\bin\ZeonIEFavClient.dll (Zeon Corporation)
O8 - Extra context menu item: Créer fichier PDF - C:\Program Files\Nuance\PDF Professional 5\bin\ZeonIEFavClient.dll (Zeon Corporation)
O8 - Extra context menu item: Créer un fichier PDF depuis le contenu du lien - C:\Program Files\Nuance\PDF Professional 5\bin\ZeonIEFavClient.dll (Zeon Corporation)
O8 - Extra context menu item: Ouvrir avec Nuance PDF Converter 5.0 - C:\Program Files\Nuance\PDF Professional 5\cnvres_fre.dll (Nuance Communications, Inc.)
O9 - Extra Button: Sites Perso - {06FE5D05-8F11-11d2-804F-00105A133818} - File not found
O9 - Extra 'Tools' menuitem : Compaq France - {06FE5D05-8F11-11d2-804F-00105A133818} - File not found
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O15 - HKU\S-1-5-21-2111342016-995690780-1244716356-1005\..Trusted Domains: ([]msn in My Computer)
O15 - HKU\S-1-5-21-2111342016-995690780-1244716356-1005\..Trusted Domains: localhost ([]http in Trusted sites)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shoc ... tor/sw.cab (Reg Error: Key error.)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupda ... 7284484411 (WUWebControl Class)
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} http://fichiers.touslesdrivers.com/maco ... _6_0_1.cab ("Ma-Config.com control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 172.16.0.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\WINDOWS\compaq.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\compaq.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/18 23:12:18 | 000,000,088 | R--- | M] () - F:\autorun.inf -- [ UDF ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: AppMgmt - File not found
NetSvcs: wqnkjdgs - C:\WINDOWS\system32\wllqaatc.dll ()
NetSvcs: HidServ - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: SSHNAS - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (16902109354000384)
PhysicalDisk0 MBR saved to C:\PhysicalMBR.bin

========== Files/Folders - Created Within 30 Days ==========

[2011/04/15 19:06:41 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Admin\Recent
[2011/04/04 22:32:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Flight Test 5
[2011/04/04 22:32:26 | 000,000,000 | ---D | C] -- C:\FlightTest5
[2011/04/03 17:57:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin\dwhelper
[2011/03/31 21:03:12 | 000,000,000 | ---D | C] -- C:\Ad-Remover
[2011/03/31 19:48:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2011/03/31 19:48:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin\Application Data\SUPERAntiSpyware.com
[2011/03/29 22:03:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin\My Documents\Téléchargements
[2011/03/28 21:33:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin\Application Data\TuneUp Software
[2011/03/28 21:33:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TuneUp Software
[2011/03/28 17:52:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin\Application Data\Malwarebytes
[2011/03/28 17:52:44 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/03/28 17:52:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/03/28 17:52:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2011/03/28 17:52:37 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/03/28 17:52:37 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/03/27 21:47:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin\Desktop\jla
[2011/03/26 15:28:42 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2011/03/26 15:28:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2011/03/25 15:17:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2011/03/25 15:16:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2011/03/25 14:37:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2011/03/25 14:33:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2011/03/23 23:33:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite
[2011/03/23 23:33:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin\Application Data\DAEMON Tools Lite
[2011/03/23 18:52:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\e-Carte Bleue LCL
[2011/03/23 18:52:01 | 000,000,000 | ---D | C] -- C:\Program Files\e-Carte Bleue LCL
[2011/03/23 14:32:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin\My Documents\FAA
[2011/03/21 19:00:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin\Local Settings\Application Data\Mozilla
[2011/03/21 18:59:20 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2011/03/20 01:21:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\FAA Written Test Prep
[2011/03/20 01:20:14 | 000,000,000 | ---D | C] -- C:\Program Files\GroundSchool
[2011/03/16 23:16:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin\Start Menu\Programs\Microsoft Office
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/04/15 21:49:05 | 000,000,512 | ---- | M] () -- C:\PhysicalMBR.bin
[2011/04/15 17:59:04 | 000,002,265 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2011/04/15 17:56:57 | 000,000,278 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-2111342016-995690780-1244716356-1005.job
[2011/04/15 17:56:53 | 000,000,280 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-18.job
[2011/04/15 17:56:40 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/04/15 17:56:38 | 1073,139,712 | -HS- | M] () -- C:\hiberfil.sys
[2011/04/12 15:46:12 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/04/10 17:42:57 | 000,000,436 | ---- | M] () -- C:\WINDOWS\tasks\At1.job
[2011/04/10 17:34:01 | 000,000,286 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-2111342016-995690780-1244716356-1005.job
[2011/04/04 22:32:33 | 000,001,504 | ---- | M] () -- C:\Documents and Settings\Admin\Desktop\Study with Flight Test 5.lnk
[2011/04/04 19:18:07 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/04/02 16:00:02 | 000,058,981 | ---- | M] () -- C:\Documents and Settings\Admin\Desktop\MORApdf.pdf
[2011/04/02 15:00:34 | 002,800,615 | ---- | M] () -- C:\Documents and Settings\Admin\Desktop\l_25420080920en00010238.pdf
[2011/04/02 13:56:42 | 000,000,739 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\ZHPDiag.lnk
[2011/04/02 13:56:42 | 000,000,734 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\ZHPFix.lnk
[2011/04/02 12:41:26 | 000,000,288 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-18.job
[2011/04/02 12:37:09 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/03/30 21:31:18 | 000,000,010 | ---- | M] () -- C:\WINDOWS\WININIT.INI
[2011/03/29 21:40:47 | 000,000,742 | ---- | M] () -- C:\Documents and Settings\Admin\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/03/28 21:03:42 | 000,000,211 | RHS- | M] () -- C:\boot.ini
[2011/03/28 17:52:45 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/03/28 00:23:02 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\csfchjac.dll
[2011/03/27 12:41:35 | 000,432,924 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/03/27 12:41:35 | 000,067,714 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/03/26 22:33:32 | 000,000,734 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011/03/25 13:11:44 | 000,739,328 | ---- | M] () -- C:\WINDOWS\System32\wllqaatc.dll
[2011/03/23 18:52:02 | 000,001,593 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\e-Carte Bleue LCL.lnk
[2011/03/23 14:37:53 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2011/03/21 19:00:08 | 000,000,000 | ---- | M] () -- C:\WINDOWS\nsreg.dat
[2011/03/21 18:59:23 | 000,000,742 | ---- | M] () -- C:\Documents and Settings\Admin\Desktop\Mozilla Firefox.lnk
[2011/03/20 01:21:00 | 000,000,670 | ---- | M] () -- C:\Documents and Settings\Admin\Desktop\GroundSchool.lnk
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/04/15 21:49:05 | 000,000,512 | ---- | C] () -- C:\PhysicalMBR.bin
[2011/04/04 22:32:33 | 000,001,504 | ---- | C] () -- C:\Documents and Settings\Admin\Desktop\Study with Flight Test 5.lnk
[2011/04/02 15:59:56 | 000,058,981 | ---- | C] () -- C:\Documents and Settings\Admin\Desktop\MORApdf.pdf
[2011/04/02 15:00:21 | 002,800,615 | ---- | C] () -- C:\Documents and Settings\Admin\Desktop\l_25420080920en00010238.pdf
[2011/04/01 14:29:37 | 000,000,288 | ---- | C] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-18.job
[2011/04/01 14:29:37 | 000,000,280 | ---- | C] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-18.job
[2011/03/30 21:31:16 | 000,000,010 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2011/03/30 21:27:12 | 000,000,739 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\ZHPDiag.lnk
[2011/03/30 21:27:12 | 000,000,734 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\ZHPFix.lnk
[2011/03/29 21:40:47 | 000,000,742 | ---- | C] () -- C:\Documents and Settings\Admin\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/03/28 17:52:45 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/03/28 00:23:02 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\csfchjac.dll
[2011/03/25 14:09:42 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/03/25 13:12:09 | 000,000,436 | ---- | C] () -- C:\WINDOWS\tasks\At1.job
[2011/03/25 13:11:43 | 000,739,328 | ---- | C] () -- C:\WINDOWS\System32\wllqaatc.dll
[2011/03/23 18:52:02 | 000,001,593 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\e-Carte Bleue LCL.lnk
[2011/03/22 17:15:21 | 000,116,632 | ---- | C] () -- C:\Documents and Settings\Admin\Desktop\permanences_d_accueil_01.pdf
[2011/03/21 19:00:08 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2011/03/21 18:59:23 | 000,000,742 | ---- | C] () -- C:\Documents and Settings\Admin\Desktop\Mozilla Firefox.lnk
[2011/03/21 18:59:23 | 000,000,730 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk
[2011/03/20 01:21:00 | 000,000,670 | ---- | C] () -- C:\Documents and Settings\Admin\Desktop\GroundSchool.lnk
[2011/03/11 23:26:22 | 000,000,067 | ---- | C] () -- C:\WINDOWS\contact.ini
[2010/11/29 21:16:55 | 000,003,584 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/11/26 13:30:38 | 000,087,552 | ---- | C] () -- C:\WINDOWS\System32\cpwmon2k.dll
[2010/10/24 18:05:03 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini
[2010/10/24 18:04:58 | 000,819,200 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2010/10/24 18:04:58 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2010/10/24 18:04:57 | 000,108,032 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2010/10/23 13:23:40 | 000,004,608 | ---- | C] () -- C:\Documents and Settings\Admin\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/10/21 08:38:37 | 000,165,376 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2010/10/21 08:22:39 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2010/10/18 01:20:13 | 000,004,692 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2010/10/18 01:17:39 | 000,006,550 | ---- | C] () -- C:\WINDOWS\jautoexp.dat
[2010/10/18 01:04:49 | 000,000,044 | ---- | C] () -- C:\WINDOWS\System32\msssc.dll
[2010/10/18 01:04:22 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\Aud2Full.exe
[2010/10/17 15:44:05 | 000,004,511 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2010/10/17 15:44:01 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2010/10/17 15:43:56 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2010/10/17 15:42:30 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2010/10/17 15:42:16 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2010/10/17 15:11:17 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\ati2evxx.exe
[2010/10/17 15:10:37 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\SynTPCoI.dll
[2010/10/17 03:01:44 | 000,000,382 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2004/08/02 14:20:40 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2003/04/01 10:58:02 | 000,005,260 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002/12/03 23:25:48 | 000,000,062 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\Systemag.ini
[2001/09/16 22:24:10 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2001/09/16 22:21:26 | 000,224,024 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2001/09/16 22:15:04 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2001/09/16 22:11:00 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2001/09/16 22:10:12 | 000,432,924 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2001/09/16 22:10:12 | 000,067,714 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2001/08/17 13:47:42 | 000,150,784 | ---- | C] () -- C:\WINDOWS\System32\jipijpbr.dat
[2001/08/17 13:47:42 | 000,135,936 | ---- | C] () -- C:\WINDOWS\System32\qjtaokeu.dat
[2001/08/17 13:47:42 | 000,058,112 | ---- | C] () -- C:\WINDOWS\System32\dwdmyvvt.dat
[2001/08/17 13:47:42 | 000,050,432 | ---- | C] () -- C:\WINDOWS\System32\itionchj.dat
[2001/08/17 13:47:42 | 000,039,680 | ---- | C] () -- C:\WINDOWS\System32\agtfkxhc.dat
[2001/08/17 13:47:42 | 000,034,560 | ---- | C] () -- C:\WINDOWS\System32\oqwcqfzz.dat
[2001/08/17 13:47:42 | 000,031,488 | ---- | C] () -- C:\WINDOWS\System32\jsxstzph.dat
[2001/08/17 13:47:42 | 000,030,464 | ---- | C] () -- C:\WINDOWS\System32\vjtcwkow.dat
[2001/08/17 13:30:26 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2001/08/17 13:30:26 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2001/08/17 13:15:40 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2001/07/21 14:36:50 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2001/07/21 14:36:06 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2000/07/15 01:00:00 | 000,030,720 | ---- | C] () -- C:\WINDOWS\regtlib.exe

========== Custom Scans ==========

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2011/03/18 19:58:49 | 000,713,760 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2011/03/18 19:58:49 | 000,713,760 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2011/03/18 19:58:49 | 000,713,760 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2011/03/18 19:58:47 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2011/03/18 19:58:47 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2011/03/18 19:58:47 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2010/12/20 14:55:27 | 000,173,568 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2010/12/20 14:55:27 | 000,173,568 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2010/12/20 14:55:27 | 000,173,568 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\MSN Explorer\shell\open\command\\: "C:\Program Files\MSN\MSNCoreFiles\MSN6.EXE" [2001/07/21 18:44:20 | 000,090,112 | ---- | M] (Microsoft Corporation)

< %SYSTEMDRIVE%\*.* >
[2011/03/31 21:05:07 | 000,000,477 | ---- | M] () -- C:\Ad-Report-CLEAN[1].txt
[2011/03/31 21:31:19 | 000,000,476 | ---- | M] () -- C:\Ad-Report-SCAN[1].txt
[2011/04/02 14:06:44 | 000,000,476 | ---- | M] () -- C:\Ad-Report-SCAN[2].txt
[2011/03/28 21:03:42 | 000,000,211 | RHS- | M] () -- C:\boot.ini
[2010/10/17 15:54:46 | 000,000,333 | -H-- | M] () -- C:\BOOTLOG.TXT
[2011/04/15 17:56:38 | 1073,139,712 | -HS- | M] () -- C:\hiberfil.sys
[2011/02/08 22:44:29 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2011/02/08 22:44:29 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2010/10/20 06:44:51 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2010/10/20 07:14:26 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2011/04/15 17:56:37 | 1610,612,736 | -HS- | M] () -- C:\pagefile.sys
[2011/04/15 21:49:05 | 000,000,512 | ---- | M] () -- C:\PhysicalMBR.bin
[2011/04/02 12:04:25 | 000,002,134 | ---- | M] () -- C:\TDSSKiller.2.4.21.0_02.04.2011_12.03.44_log.txt
[2011/04/02 12:06:30 | 000,043,990 | ---- | M] () -- C:\TDSSKiller.2.4.21.0_02.04.2011_12.04.37_log.txt
[2011/04/02 14:06:15 | 000,002,134 | ---- | M] () -- C:\TDSSKiller.2.4.21.0_02.04.2011_14.06.06_log.txt
[2011/04/06 20:47:27 | 000,043,350 | ---- | M] () -- C:\TDSSKiller.2.4.21.0_06.04.2011_20.46.46_log.txt

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >
[2001/09/16 22:01:00 | 000,090,112 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2001/09/16 22:01:00 | 000,606,208 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2001/09/16 22:01:00 | 000,393,216 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\system32\*.dll /lockedfiles >
[2009/03/08 04:31:44 | 000,348,160 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\dxtmsft.dll
[2009/03/08 04:31:38 | 000,216,064 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\dxtrans.dll
[2008/04/14 05:41:54 | 000,380,445 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\expsrv.dll
[2010/12/21 01:59:19 | 000,184,320 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\iepeers.dll
[2 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2011-03-24 15:05:49

< MD5 for: EXPLORER.EXE >
[2008/04/14 05:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\explorer.exe
[2008/04/14 05:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe
[2004/08/04 00:56:50 | 001,032,192 | ---- | M] (Microsoft Corporation) MD5=A0732187050030AE399B241436565E64 -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe
[2004/08/04 09:56:49 | 001,032,192 | ---- | M] (Microsoft Corporation) MD5=A0732187050030AE399B241436565E64 -- C:\WINDOWS\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819\explorer.exe

< MD5 for: IEXPLORE.EXE >
[2008/04/14 05:42:24 | 000,093,184 | ---- | M] (Microsoft Corporation) MD5=55794B97A7FAABD2910873C85274F409 -- C:\WINDOWS\ie8\iexplore.exe
[2008/04/14 05:42:24 | 000,093,184 | ---- | M] (Microsoft Corporation) MD5=55794B97A7FAABD2910873C85274F409 -- C:\WINDOWS\ServicePackFiles\i386\iexplore.exe
[2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation) MD5=B60DDDD2D63CE41CB8C487FCFBB6419E -- C:\Program Files\Internet Explorer\iexplore.exe
[2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation) MD5=B60DDDD2D63CE41CB8C487FCFBB6419E -- C:\WINDOWS\system32\dllcache\iexplore.exe
[2004/08/04 00:56:52 | 000,093,184 | ---- | M] (Microsoft Corporation) MD5=E7484514C0464642BE7B4DC2689354C8 -- C:\WINDOWS\$NtServicePackUninstall$\iexplore.exe
[2004/08/04 09:56:50 | 000,093,184 | ---- | M] (Microsoft Corporation) MD5=E7484514C0464642BE7B4DC2689354C8 -- C:\WINDOWS\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819\iexplore.exe

< MD5 for: SVCHOST.EXE >
[2008/04/14 05:42:38 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\ServicePackFiles\i386\svchost.exe
[2008/04/14 05:42:38 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\system32\svchost.exe
[2004/08/04 00:56:58 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=8F078AE4ED187AAABC0A305146DE6716 -- C:\WINDOWS\$NtServicePackUninstall$\svchost.exe
[2004/08/04 09:56:57 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=8F078AE4ED187AAABC0A305146DE6716 -- C:\WINDOWS\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819\svchost.exe

< MD5 for: USERINIT.EXE >
[2004/08/04 00:56:58 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe
[2004/08/04 09:56:57 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- C:\WINDOWS\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819\userinit.exe
[2008/04/14 05:42:40 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008/04/14 05:42:40 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\userinit.exe

< MD5 for: WINLOGON.EXE >
[2004/08/04 00:56:58 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[2004/08/04 09:56:57 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:\WINDOWS\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819\winlogon.exe
[2008/04/14 05:42:40 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008/04/14 05:42:40 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\winlogon.exe

< End of report >

par **strat333** » 15 Avr 2011, 21:03

Extras.txt

OTL Extras logfile created on: 15/04/2011 21:48:02 - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\Admin\Desktop\EXE\OTL
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy

1 023,00 Mb Total Physical Memory | 507,00 Mb Available Physical Memory | 50,00% Memory free
2,00 Gb Paging File | 2,00 Gb Available in Paging File | 76,00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 111,79 Gb Total Space | 14,88 Gb Free Space | 13,31% Space Free | Partition Type: NTFS
Drive E: | 14,95 Gb Total Space | 12,44 Gb Free Space | 83,22% Space Free | Partition Type: FAT32
Drive F: | 446,77 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: UDF
Drive G: | 297,44 Gb Total Space | 2,51 Gb Free Space | 0,85% Space Free | Partition Type: NTFS

Computer Name: DAMIEN | User Name: Admin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

[HKEY_USERS\S-1-5-21-2111342016-995690780-1244716356-1005\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"48113:TCP" = 48113:TCP:LocalSubNet:Enabled:maconfig_tcp
"48113:UDP" = 48113:UDP:LocalSubNet:Enabled:maconfig_udp
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"2861:TCP" = 2861:TCP:LocalSubNet:Enabled:Creative Centrale TCP Port 2

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\WINDOWS\system32\dpvsetup.exe" = C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test -- (Microsoft Corporation)
"C:\Program Files\ma-config.com\maconfservice.exe" = C:\Program Files\ma-config.com\maconfservice.exe:LocalSubNet:Enabled:maconfservice -- (CybelSoft)
"C:\Program Files\Creative\Creative Centrale\CTUPnPFn.exe" = C:\Program Files\Creative\Creative Centrale\CTUPnPFn.exe:LocalSubNet:Enabled:Creative Centrale Media Server Component -- (Creative Technology Ltd)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{06477AA4-5F5B-4B8A-BFC3-52ACEC893F05}" = Nuance PDF Professional 5
"{068724F8-D8BE-4B43-8DDD-B9FE9E49FD76}" = Scansoft PDF Professional
"{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java(TM) 6 Update 22
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3D6B54EF-65E4-4624-8709-03A3BBE2C240}" = e-Carte Bleue LCL
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{4442AB48-DEC4-4B39-B067-1F75BF8017E7}" = Creative Centrale
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{60451544-C17E-4057-9273-5F10176472BD}" = Creative ZEN X-Fi Video Converter
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{76EFFC7C-17A6-479D-9E47-8E658C1695AE}" = Windows Backup Utility
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{86604C06-DA30-425E-AECE-47304FE81C45}" = Creative Software Update
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules
"{9011040C-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0010-040C-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (French) 12
"{90120000-0016-040C-0000-0000000FF1CE}" = Microsoft Office Excel MUI (French) 2007
"{90120000-0016-040C-0000-0000000FF1CE}_HOMESTUDENTR_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-040C-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (French) 2007
"{90120000-0018-040C-0000-0000000FF1CE}_HOMESTUDENTR_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-040C-0000-0000000FF1CE}" = Microsoft Office Word MUI (French) 2007
"{90120000-001B-040C-0000-0000000FF1CE}_HOMESTUDENTR_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0401-0000-0000000FF1CE}" = Microsoft Office Proof (Arabic) 2007
"{90120000-001F-0401-0000-0000000FF1CE}_HOMESTUDENTR_{14809F99-C601-4D4A-9391-F1E8FAA964C5}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0413-0000-0000000FF1CE}" = Microsoft Office Proof (Dutch) 2007
"{90120000-001F-0413-0000-0000000FF1CE}_HOMESTUDENTR_{D66D5A44-E480-4BA4-B4F2-C554F6B30EBB}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-040C-0000-0000000FF1CE}" = Microsoft Office Proofing (French) 2007
"{90120000-006E-040C-0000-0000000FF1CE}" = Microsoft Office Shared MUI (French) 2007
"{90120000-006E-040C-0000-0000000FF1CE}_HOMESTUDENTR_{B165D3C2-40AE-4D39-86F7-E5C87C4264C0}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-040C-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (French) 2007
"{90120000-00A1-040C-0000-0000000FF1CE}_HOMESTUDENTR_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{96EB95A2-5245-4EA2-B6EA-B8BA2FBF64C4}" = Ma-Config.com
"{9835CDDD-B133-401B-8336-D8FAA9970F7D}" = ESET NOD32 Antivirus
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{AC76BA86-7AD7-1036-7B44-A94000000001}" = Adobe Reader 9.4.3 - Français
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C1C910A7-0B89-4260-8845-FE221D9285E8}_is1" = PC Chrono 1.1.0.6
"{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}" = Skype Toolbars
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{DD7A785B-45C9-4DDB-A726-0889F7A9C006}" = WD SmartWare
"{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.1
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F4F4F84E-804F-4E9A-84D7-C34283F0088F}" = RealUpgrade 1.0
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Ad-Remover" = Ad-Remover By C_XX
"ATI Display Driver" = ATI Display Driver
"CCleaner" = CCleaner
"Compaq Wizard Host Online" = Compaq Wizard Host Online
"Creative Centrale" = Creative Centrale
"Creative ZEN X-Fi Video Converter" = Creative ZEN X-Fi Video Converter
"CutePDF Writer Installation" = CutePDF Writer 2.8
"Easy Access Buttons" = Compaq Easy Access Buttons 3.00 A9
"Flight Test 5 " = Flight Test 5
"GroundSchool - Airline Transport Pilot (ATP)_is1" = GroundSchool - Airline Transport Pilot (ATP)
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"ie8" = Windows Internet Explorer 8
"KLiteCodecPack_is1" = K-Lite Codec Pack 6.5.0 (Full)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox 4.0 (x86 fr)" = Mozilla Firefox 4.0 (x86 fr)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"My Drivers_is1" = My Drivers 5.00
"PROSet" = Intel(R) PRO Ethernet Adapter and Software
"RealPlayer 12.0" = RealPlayer
"Setup Compaq Software" = Setup Compaq Software
"SmartPCRecorder" = Smart PC Recorder - by freebird
"SynTPDeinstKey" = Synaptics TouchPad
"TomTom HOME" = TomTom HOME 2.7.3.1894
"VLC media player" = VLC media player 1.1.1
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Lecteur Windows Media 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = Logiciel d'archivage WinRAR
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Xvid_is1" = Xvid 1.2.2 final uninstall
"ZENX-FI" = Creative ZEN X-Fi User's Guide
"ZHPDiag_is1" = ZHPDiag 1.25

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-2111342016-995690780-1244716356-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 01/04/2011 15:48:43 | Computer Name = DAMIEN | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: The connection with the server was terminated abnormally

Error - 01/04/2011 15:48:43 | Computer Name = DAMIEN | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.

Error - 01/04/2011 15:58:45 | Computer Name = DAMIEN | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: The connection with the server was terminated abnormally

Error - 01/04/2011 15:58:45 | Computer Name = DAMIEN | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.

Error - 02/04/2011 05:54:05 | Computer Name = DAMIEN | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: The connection with the server was terminated abnormally

Error - 02/04/2011 05:54:06 | Computer Name = DAMIEN | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.

Error - 02/04/2011 05:54:19 | Computer Name = DAMIEN | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 2.0.0.4094, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 02/04/2011 06:04:07 | Computer Name = DAMIEN | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: The connection with the server was terminated abnormally

Error - 02/04/2011 06:04:07 | Computer Name = DAMIEN | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.

Error - 02/04/2011 08:39:14 | Computer Name = DAMIEN | Source = Application Hang | ID = 1002
Description = Hanging application ADR.exe, version 2.0.0.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

[ System Events ]
Error - 06/04/2011 10:05:47 | Computer Name = DAMIEN | Source = System Error | ID = 1003
Description = Error code 1000008e, parameter1 c0000005, parameter2 bf0546ce, parameter3
af695bc0, parameter4 00000000.

Error - 06/04/2011 10:59:25 | Computer Name = DAMIEN | Source = System Error | ID = 1003
Description = Error code 1000008e, parameter1 c0000005, parameter2 bf0546ce, parameter3
af515bc0, parameter4 00000000.

Error - 06/04/2011 13:38:33 | Computer Name = DAMIEN | Source = System Error | ID = 1003
Description = Error code 1000008e, parameter1 c0000005, parameter2 bf0546ce, parameter3
af1e2bc0, parameter4 00000000.

Error - 06/04/2011 14:49:22 | Computer Name = DAMIEN | Source = Service Control Manager | ID = 7034
Description = The TuneUp Utilities Service service terminated unexpectedly. It
has done this 1 time(s).

Error - 07/04/2011 11:28:47 | Computer Name = DAMIEN | Source = System Error | ID = 1003
Description = Error code 1000008e, parameter1 c0000005, parameter2 bf0546ce, parameter3
aff46bc0, parameter4 00000000.

Error - 10/04/2011 11:44:01 | Computer Name = DAMIEN | Source = System Error | ID = 1003
Description = Error code 1000008e, parameter1 c0000005, parameter2 bf0546ce, parameter3
af3ccbc0, parameter4 00000000.

Error - 14/04/2011 04:26:16 | Computer Name = DAMIEN | Source = Service Control Manager | ID = 7038
Description = The upnphost service was unable to log on as NT AUTHORITY\LocalService
with the currently configured password due to the following error: %%5 To ensure
that the service is configured properly, use the Services snap-in in Microsoft Management
Console
(MMC).

Error - 14/04/2011 04:26:16 | Computer Name = DAMIEN | Source = Service Control Manager | ID = 7000
Description = The Universal Plug and Play Device Host service failed to start due
to the following error: %%1069

Error - 14/04/2011 04:26:16 | Computer Name = DAMIEN | Source = Service Control Manager | ID = 7001
Description = The Creative Centrale Media Server service depends on the Universal
Plug and Play Device Host service which failed to start because of the following
error: %%1069

Error - 14/04/2011 14:47:54 | Computer Name = DAMIEN | Source = Windows Update Agent | ID = 16
Description = Unable to Connect: Windows is unable to connect to the automatic updates
service and therefore cannot download and install updates according to the set
schedule. Windows will continue to try to establish a connection.

< End of report >

par **MoJac** » 16 Avr 2011, 07:34

Bonjour strat333,

:ss)

Fais analyser le fichier ci-dessous sur VirusTotal.com.

C:\WINDOWS\system32\wllqaatc.dll

Pour analyser un fichier:

Tu cliques sur le bouton Parcourir et tu recherches dans la fenêtre qui s'ouvre (arborescence de ton disque dur) le fichier en question.
Ensuite tu cliques sur Envoyer le Fichier.
Ton fichier va être mis en file d'attente: Votre Fichier est dans la file d'attente en position: ...
Patiente le temps d'analyse du fichier. Ca peut durer un petit moment si le serveur est surchargé.

( Si VirusTotal indique que le fichier a déjà été analysé, (File already Submited) clique sur le bouton Ré-analyse le fichier maintenant )
A la fin de l'analyse dans Situation actuelle, tu dois voir: Terminé
Copie-colle le contenu du rapport dans ta prochaine réponse.

NB: L'analyse peut être lancée à partir d'IE ou Firefox.

par **strat333** » 16 Avr 2011, 11:02

voila le rapport

Antivirus Version Last Update Result
AhnLab-V3 2011.04.16.00 2011.04.16 -
AntiVir 7.11.6.143 2011.04.15 TR/Spy.739328.7
Antiy-AVL 2.0.3.7 2011.04.16 -
Avast 4.8.1351.0 2011.04.15 Win32:Kryptik-BAN
Avast5 5.0.677.0 2011.04.15 Win32:Kryptik-BAN
AVG 10.0.0.1190 2011.04.16 -
BitDefender 7.2 2011.04.16 Gen:Trojan.Heur.TC8ayGVarRic
CAT-QuickHeal 11.00 2011.04.16 -
ClamAV 0.97.0.0 2011.04.16 -
Commtouch 5.2.11.5 2011.04.15 W32/Boaxxe.F.gen!Eldorado
Comodo 8361 2011.04.16 -
DrWeb 5.0.2.03300 2011.04.16 -
Emsisoft 5.1.0.5 2011.04.16 Gen.Trojan.Heur!IK
eSafe 7.0.17.0 2011.04.15 -
eTrust-Vet 36.1.8274 2011.04.15 Win32/Boaxxe.GA
F-Prot 4.6.2.117 2011.04.15 W32/Boaxxe.F.gen!Eldorado
F-Secure 9.0.16440.0 2011.04.15 Gen:Trojan.Heur.TC8ayGVarRic
Fortinet 4.2.257.0 2011.04.16 -
GData 22 2011.04.16 Gen:Trojan.Heur.TC8ayGVarRic
Ikarus T3.1.1.103.0 2011.04.16 Gen.Trojan.Heur
Jiangmin 13.0.900 2011.04.16 -
K7AntiVirus 9.96.4398 2011.04.15 Riskware
Kaspersky 7.0.0.125 2011.04.16 -
McAfee 5.400.0.1158 2011.04.16 Suspect-AB!2361C9F2FC98
McAfee-GW-Edition 2010.1D 2011.04.16 -
Microsoft 1.6702 2011.04.16 -
NOD32 6045 2011.04.16 a variant of Win32/Boaxxe.B
Norman 6.07.07 2011.04.15 W32/Crypt.AVAJ
Panda 10.0.3.5 2011.04.16 -
PCTools 7.0.3.5 2011.04.16 -
Prevx 3.0 2011.04.16 Medium Risk Malware
Rising 23.53.05.03 2011.04.16 -
Sophos 4.64.0 2011.04.16 -
SUPERAntiSpyware 4.40.0.1006 2011.04.16 PotentiallyUnwanted.TioIE
Symantec 20101.3.2.89 2011.04.16 -
TheHacker 6.7.0.1.175 2011.04.16 Backdoor/Turkojan.mqo
TrendMicro 9.200.0.1012 2011.04.16 -
TrendMicro-HouseCall 9.200.0.1012 2011.04.16 -
VBA32 3.12.16.0 2011.04.15 Trojan.Agent.hqeg
VIPRE 9027 2011.04.16 -
ViRobot 2011.4.16.4414 2011.04.16 -
VirusBuster 13.6.307.0 2011.04.15 -
Additional information
MD5 : 2361c9f2fc98dfdcdee736a8f66fb75b
SHA1 : d3120fe9593de468d25394a161c0f029f2466f0f
SHA256: cfb77b5e45044ee44635c416969c91c3be920f1a1fc66e87c96cc36757f578bf
ssdeep: 12288:ZGkKmIHLYCaWpXzU4fE1d1xs0Yfv0zAWFuhlCXRbmqky4mbdJ2I3ZvY59OhOuB41:EmcN
aWpY9AWoyXFmqk3mb7JvY59O0uB4
File size : 739328 bytes
First seen: 2011-04-16 09:50:42
Last seen : 2011-04-16 09:50:42
TrID:
Win16/32 Executable Delphi generic (34.0%)
Generic Win/DOS Executable (32.9%)
DOS Executable Generic (32.8%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.1%)
sigcheck:
publisher....: zebbwzajut Corporation
copyright....: (c) zebbwzajut Corporation. All rights reserved.
product......: Microsoft_ Windows_ Operating System
description..: tioieija DLL
original name: tioieija.dll
internal name: tioieija
file version.: 5.1.2600.5167
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned
PEInfo: PE structure information

[[ basic data ]]
entrypointaddress: 0x182000
timedatestamp....: 0x2A425E19 (Fri Jun 19 22:22:17 1992)
machinetype......: 0x14c (I386)

[[ 7 section(s) ]]
name, viradd, virsiz, rawdsiz, ntropy, md5
, 0x1000, 0x19000, 0x15C00, 7.93, 935cbf106931123809aeb6651df7faa4
.edata, 0x1A000, 0x2000, 0x200, 0.00, bf619eac0cdf3f68d496ea9344137e8b
.rsrc, 0x1C000, 0x3AC, 0x400, 3.71, 106073c8dc25b2c78fdaa6119499eb51
.idata , 0x1D000, 0x1000, 0x200, 1.31, 26dcd5c0b64cf1c9a0e0711c9835579b
, 0x1E000, 0xC7000, 0x200, 0.26, 992a4de228028566e9df036765deb6a6
esvfktmq, 0xE5000, 0x9D000, 0x9D000, 7.91, 170ad980be8e6eb295e6a535447c3c61
orjdbrua, 0x182000, 0x1000, 0x200, 3.26, deeafc79e7c226225cf1ccff7e3e9224

[[ 2 import(s) ]]
kernel32.dll: lstrcpy
comctl32.dll: InitCommonControls

[[ 7 export(s) ]]
DllCanUnloadNow, DllGetClassObject, Locgkbl, DllMain, DllRegisterServer, DllUnregisterServer, ServiceMain
Prevx Info:
http://info.prevx.com/aboutprogramtext. ... 0029E6D247
ExifTool:
file metadata
CharacterSet: Windows, Latin1
CodeSize: 15360
CompanyName: zebbwzajut Corporation
EntryPoint: 0x182000
FileDescription: tioieija DLL
FileFlagsMask: 0x0000
FileOS: Win32
FileSize: 722 kB
FileSubtype: 0
FileType: Win32 DLL
FileVersion: 5.1.2600.5167
FileVersionNumber: 5.1.2600.5167
ImageVersion: 0.0
InitializedDataSize: 80896
InternalName: tioieija
LanguageCode: English (U.S.)
LegalCopyright: zebbwzajut Corporation. All rights reserved.
LinkerVersion: 2.25
MIMEType: application/octet-stream
MachineType: Intel 386 or later, and compatibles
OSVersion: 4.0
ObjectFileType: Executable application
OriginalFilename: tioieija.dll
PEType: PE32
ProductName: Microsoft Windows Operating System
ProductVersion: 5.1.2600.5167
ProductVersionNumber: 5.1.2600.5167
Subsystem: Windows GUI
SubsystemVersion: 4.0
TimeStamp: 1992:06:20 00:22:17+02:00
UninitializedDataSize: 0
Symantec reputation:Suspicious.Insight

VT Community

This file has never been reviewed by any VT Community member. Be the first one to comment on it!

par **MoJac** » 16 Avr 2011, 11:35

RE:

Allons y:

:ss)

Nouvelle utilisation de OTL (de OldTimer), mais en nettoyage cette fois ci:

Fais un double clic sur OTL.exe pour lancer l'outil.

Ou clic droit et Exécuter en tant qu'Administrateur sous Vista/Sept
Sélectionne très précisément tout ce qui est en gras avec la souris et copie le contenu dans la zone "Personnalisation" de la fenêtre OTL

:OTL
SRV - [2011/03/25 13:11:44 | 000,739,328 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\wllqaatc.dll -- (wqnkjdgs)
O2 - BHO: () - {D57A861A-B272-E2CD-4316-D78CCC33D9C9} - C:\WINDOWS\system32\wllqaatc.dll ()
O3 - HKU\S-1-5-21-2111342016-995690780-1244716356-1005\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2011/04/10 17:42:57 | 000,000,436 | ---- | M] () -- C:\WINDOWS\tasks\At1.job
[2011/03/25 13:11:44 | 000,739,328 | ---- | M] () -- C:\WINDOWS\System32\wllqaatc.dll
:Files
ipconfig /flushdns /c
C:\Windows\tasks\At*.job
:Commands
[purity]
[emptytemp]
[EMPTYFLASH]
[CREATERESTOREPOINT]
Ferme toutes les fenêtres de programme ouvertes (navigateur, traitement de texte, etc...).
Clique sur le bouton Correction:

Note: Si le redémarrage est demandé, clique sur Oui/Yes

Télécharge Security Check de screen317 et enregistre le sur ton Bureau.
- Double-clique sur Security Check.exe afin de l'exécuter (ou clic droit et exécuter en tant qu'administrateur si tu es sous Vista).
- Suis les instructions affichées à l'écran.
  
  Lors del a phase "DNS Vulnerability Check: / Vulnérabilité DNS", le processus DIG.exe va demander une connexion en sortie qu'il faut autoriser.
- Un document texte appelé checkup.txt va s'ouvrir automatiquement dans le Bloc-notes.
- Poste le contenu dans ta prochaine réponse
Relance OTL et clic sur Analyse Rapide

Un rapport (assez court) sera produit.
Lors du redémarrage le bloc-note sera ouvert avec le contenu du fichier OTL.txt

Sont donc attendus:
- Le rapport de désinfection OTL
- Le rapport Security Check
- Le dernier rapport de contrôle OTL
As tu toujours des pb ?

A plus
Poste son contenu

par **strat333** » 16 Avr 2011, 20:52

voici le rapport de Scurity check

Results of screen317's Security Check version 0.99.10
Windows XP Service Pack 3
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Enabled!
ESET NOD32 Antivirus
```````````````````````````````
Anti-malware/Other Utilities Check:
Malwarebytes' Anti-Malware
CCleaner
Java(TM) 6 Update 22
Out of date Java installed!
Adobe Flash Player 10.1.102.64
Adobe Reader 9.4.3 - Français
Out of date Adobe Reader installed!
Mozilla Firefox (x86 fr..)
````````````````````````````````
Process Check:
objlist.exe by Laurent
``````````End of Log````````````

par **strat333** » 16 Avr 2011, 20:58

rapport OTL

OTL logfile created on: 16/04/2011 21:52:59 - Run 2
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\Admin\Desktop\EXE\OTL
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy

1 023,00 Mb Total Physical Memory | 302,00 Mb Available Physical Memory | 29,00% Memory free
2,00 Gb Paging File | 2,00 Gb Available in Paging File | 73,00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 111,79 Gb Total Space | 14,26 Gb Free Space | 12,75% Space Free | Partition Type: NTFS
Drive F: | 446,77 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: UDF
Drive G: | 297,44 Gb Total Space | 2,51 Gb Free Space | 0,85% Space Free | Partition Type: NTFS

Computer Name: DAMIEN | User Name: Admin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/04/15 21:38:52 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Admin\Desktop\EXE\OTL\OTL.exe
PRC - [2010/10/27 18:24:42 | 000,645,952 | ---- | M] (TuneUp Software) -- C:\Documents and Settings\Admin\Desktop\EXE\Tune up\TuneUpPortable\App\TuneUp\TuneUpUtilitiesApp32.exe
PRC - [2010/10/27 18:23:16 | 001,483,072 | ---- | M] (TuneUp Software) -- C:\Documents and Settings\Admin\Desktop\EXE\Tune up\TuneUpPortable\App\TuneUp\TuneUpUtilitiesService32.exe
PRC - [2010/10/24 22:58:19 | 000,202,256 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2009/11/24 10:53:34 | 000,348,160 | ---- | M] () -- C:\Program Files\Creative\Shared Files\AVCManU.exe
PRC - [2009/11/13 13:31:14 | 000,092,008 | ---- | M] (TomTom) -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
PRC - [2009/08/17 10:52:08 | 000,098,304 | ---- | M] (WDC) -- C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
PRC - [2009/06/16 09:58:08 | 000,020,480 | ---- | M] (Memeo) -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe
PRC - [2009/02/06 14:23:36 | 000,727,720 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
PRC - [2009/02/06 14:23:12 | 002,021,400 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
PRC - [2008/08/13 05:49:30 | 000,405,504 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Creative\Software Update 3\SoftAuto.exe
PRC - [2008/06/24 04:26:10 | 000,102,400 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Creative\Creative Centrale\CTUPnPFn.exe
PRC - [2008/05/21 13:42:56 | 000,064,000 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Creative\Creative Centrale\CTUPnPSv.exe
PRC - [2008/04/14 05:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/03/30 12:28:58 | 000,774,144 | ---- | M] (Nuance Communications, Inc.) -- C:\Program Files\Nuance\PDF Professional 5\PdfPro5Hook.exe
PRC - [2008/03/30 12:28:58 | 000,144,672 | ---- | M] (Nuance Communications, Inc.) -- C:\Program Files\Nuance\PDF Professional 5\PDFProFiltSrv.exe
PRC - [2007/04/02 08:15:40 | 000,061,440 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Creative\Shared Files\CTDevSrv.exe
PRC - [2002/03/07 14:49:06 | 000,171,665 | ---- | M] (Compaq) -- C:\Program Files\COMPAQ\EAB\eabservr.exe
PRC - [2002/02/26 17:08:48 | 000,110,592 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
PRC - [2002/02/14 12:42:50 | 000,315,392 | ---- | M] (ATI Technologies, Inc.) -- C:\WINDOWS\system32\atiptaxx.exe

========== Modules (SafeList) ==========

MOD - [2011/04/15 21:38:52 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Admin\Desktop\EXE\OTL\OTL.exe
MOD - [2010/08/23 18:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
MOD - [2002/02/26 17:08:28 | 000,065,536 | ---- | M] (Synaptics, Inc.) -- C:\WINDOWS\system32\SynTPFcs.dll

========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - [2011/03/25 13:11:44 | 000,739,328 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\wllqaatc.dll -- (wqnkjdgs)
SRV - [2010/10/27 18:23:16 | 001,483,072 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Documents and Settings\Admin\Desktop\EXE\Tune up\TuneUpPortable\App\TuneUp\TuneUpUtilitiesService32.exe -- (TuneUp.UtilitiesSvc)
SRV - [2010/09/12 15:30:52 | 000,251,248 | ---- | M] (CybelSoft) [On_Demand | Stopped] -- C:\Program Files\ma-config.com\maconfservice.exe -- (maconfservice)
SRV - [2009/11/13 13:31:14 | 000,092,008 | ---- | M] (TomTom) [Auto | Running] -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService)
SRV - [2009/08/17 10:52:08 | 000,098,304 | ---- | M] (WDC) [Auto | Running] -- C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe -- (WDDMService)
SRV - [2009/06/16 09:58:08 | 000,020,480 | ---- | M] (Memeo) [Auto | Running] -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe -- (WDSmartWareBackgroundService)
SRV - [2009/02/06 14:27:06 | 000,020,680 | ---- | M] (ESET) [On_Demand | Stopped] -- C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe -- (EhttpSrv)
SRV - [2009/02/06 14:23:36 | 000,727,720 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe -- (ekrn)
SRV - [2008/05/21 13:42:56 | 000,064,000 | ---- | M] (Creative Technology Ltd) [Auto | Running] -- C:\Program Files\Creative\Creative Centrale\CTUPnPSv.exe -- (CTUPnPSv)
SRV - [2008/03/30 12:28:58 | 000,144,672 | ---- | M] (Nuance Communications, Inc.) [Auto | Running] -- C:\Program Files\Nuance\PDF Professional 5\PDFProFiltSrv.exe -- (PDFProFiltSrv)
SRV - [2007/04/02 08:15:40 | 000,061,440 | ---- | M] (Creative Technology Ltd) [Auto | Running] -- C:\Program Files\Creative\Shared Files\CTDevSrv.exe -- (CTDevice_Srv)

========== Driver Services (SafeList) ==========

DRV - [2010/10/07 13:34:32 | 000,010,064 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Running] -- C:\Documents and Settings\Admin\Desktop\EXE\Tune up\TuneUpPortable\App\TuneUp\TuneUpUtilitiesDriver32.sys -- (TuneUpUtilitiesDrv)
DRV - [2010/08/30 12:19:54 | 000,014,336 | ---- | M] (CybelSoft) [Kernel | On_Demand | Stopped] -- C:\Program Files\ma-config.com\Drivers\driverhardwarev2.sys -- (driverhardwarev2)
DRV - [2009/02/13 12:02:52 | 000,011,520 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wdcsam.sys -- (WDC_SAM)
DRV - [2009/02/06 14:24:24 | 000,093,336 | ---- | M] (ESET) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\epfwtdir.sys -- (epfwtdir)
DRV - [2009/02/06 14:23:18 | 000,106,208 | ---- | M] (ESET) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ehdrv.sys -- (ehdrv)
DRV - [2009/02/06 14:19:52 | 000,113,448 | ---- | M] (ESET) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\eamon.sys -- (eamon)
DRV - [2005/12/21 10:16:34 | 000,470,048 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ar5211.sys -- (AR5211)
DRV - [2004/08/03 22:41:36 | 000,606,684 | ---- | M] (LT) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ltmdmnt.sys -- (ltmodem5)
DRV - [2002/02/20 14:07:34 | 000,381,824 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2002/02/12 09:09:12 | 000,006,960 | ---- | M] (Compaq Computer Corp.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\EABFILTR.SYS -- (EABFiltr)
DRV - [2002/01/28 16:43:58 | 000,005,168 | ---- | M] (Compaq Computer Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\EABUSB.SYS -- (eabusb)
DRV - [2002/01/16 14:48:54 | 000,054,222 | ---- | M] (Compaq Computer Corp) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\ClntMgmt.sys -- (ClntMgmt.sys)
DRV - [2001/10/04 00:00:06 | 000,585,200 | ---- | M] (Conexant Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2001/08/17 13:48:56 | 000,289,664 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\atimpab.sys -- (atimpab)
DRV - [2001/08/17 13:47:42 | 000,023,424 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\zbxcgmab.sys -- (zbxcgmab)
DRV - [2001/08/17 13:19:48 | 000,174,464 | ---- | M] (ESS Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\es198x.sys -- (allegro) ESS Allegro Audio Driver (WDM)
DRV - [2001/08/17 13:10:28 | 000,035,913 | ---- | M] (SMC) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\smcirda.sys -- (SMCIRDA)
DRV - [2001/07/16 11:17:30 | 000,076,610 | ---- | M] (Conexant Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\basic2.sys -- (basic2)
DRV - [2001/07/16 11:16:58 | 000,539,917 | ---- | M] (Conexant Systems) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\v124nt.sys -- (V124)
DRV - [2001/07/15 18:05:54 | 000,067,222 | ---- | M] (Conexant Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rksample.sys -- (Rksample)
DRV - [2001/07/03 17:42:30 | 000,017,776 | ---- | M] (Conexant Systems) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\cnxtdiag.sys -- (Cnxtdiag)
DRV - [2001/06/24 17:16:36 | 000,427,215 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\k56nt.sys -- (K56)
DRV - [2001/06/24 17:16:08 | 000,124,189 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\fsksnt.sys -- (Fsks)
DRV - [2001/06/24 17:15:20 | 000,215,195 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\faxnt.sys -- (SoftFax)
DRV - [2001/06/24 17:14:18 | 000,059,375 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\tonesnt.sys -- (Tones)
DRV - [2001/06/24 17:13:56 | 000,308,403 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\fallback.sys -- (Fallback)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..keyword.URL: "www.google.com"

FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010/10/24 22:59:30 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/03/21 18:59:21 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2010/10/18 01:35:19 | 000,000,000 | ---D | M]

[2010/12/22 23:20:53 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Admin\Application Data\Mozilla\Extensions
[2010/12/22 23:20:53 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Admin\Application Data\Mozilla\Extensions\home2@tomtom.com
[2011/04/07 20:22:36 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\lu69q6hy.default\extensions
[2011/04/03 17:42:52 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\lu69q6hy.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2011/04/03 15:55:36 | 000,000,000 | ---D | M] (British English Dictionary) -- C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\lu69q6hy.default\extensions\en-GB@dictionaries.addons.mozilla.org
[2011/03/21 18:59:21 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
File not found (No name found) --
() (No name found) -- C:\DOCUMENTS AND SETTINGS\ADMIN\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\LU69Q6HY.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
[2010/11/11 17:50:21 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2010/10/25 13:34:34 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
[2011/03/18 19:58:47 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browsercomps.dll
[2010/01/01 10:00:00 | 000,001,516 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-france.xml
[2010/01/01 10:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\bing.xml
[2010/01/01 10:00:00 | 000,001,822 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\cnrtl-tlfi-fr.xml
[2010/01/01 10:00:00 | 000,001,154 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-france.xml
[2010/01/01 10:00:00 | 000,001,426 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-fr.xml
[2010/01/01 10:00:00 | 000,000,956 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-france.xml

O1 HOSTS File: ([2011/03/26 22:33:32 | 000,000,734 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: () - {D57A861A-B272-E2CD-4316-D78CCC33D9C9} - C:\WINDOWS\system32\wllqaatc.dll ()
O2 - BHO: (ZeonIEEventHelper Class) - {DA986D7D-CCAF-47B2-84FE-BFA1549BEBF9} - C:\Program Files\Nuance\PDF Professional 5\bin\ZeonIEFavClient.dll (Zeon Corporation)
O3 - HKLM\..\Toolbar: (Nuance PDF) - {E3286BF1-E654-42FF-B4A6-5E111731DF6B} - C:\Program Files\Nuance\PDF Professional 5\bin\ZeonIEFavClient.dll (Zeon Corporation)
O4 - HKLM..\Run: [ATIModeChange] C:\WINDOWS\System32\Ati2mdxx.exe (ATI Technologies, Inc.)
O4 - HKLM..\Run: [AtiPTA] C:\WINDOWS\System32\atiptaxx.exe (ATI Technologies, Inc.)
O4 - HKLM..\Run: [eabconfg.cpl] C:\Program Files\Compaq\EAB\EabServr.exe (Compaq)
O4 - HKLM..\Run: [egui] C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET)
O4 - HKLM..\Run: [PDF5 Registry Controller] C:\Program Files\Nuance\PDF Professional 5\RegistryController.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [PDFHook] C:\Program Files\Nuance\PDF Professional 5\PdfPro5Hook.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKCU..\Run: [SoftAuto.exe] C:\Program Files\Creative\Software Update 3\SoftAuto.exe (Creative Technology Ltd)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Ajouter au fichier PDF existant - C:\Program Files\Nuance\PDF Professional 5\bin\ZeonIEFavClient.dll (Zeon Corporation)
O8 - Extra context menu item: Ajouter le contenu des liens sélectionnés à un fichier PDF existant - C:\Program Files\Nuance\PDF Professional 5\bin\ZeonIEFavClient.dll (Zeon Corporation)
O8 - Extra context menu item: Ajouter le contenu du lien à un fichier PDF existant - C:\Program Files\Nuance\PDF Professional 5\bin\ZeonIEFavClient.dll (Zeon Corporation)
O8 - Extra context menu item: Créer des fichiers PDF à partir des liens sélectionnés - C:\Program Files\Nuance\PDF Professional 5\bin\ZeonIEFavClient.dll (Zeon Corporation)
O8 - Extra context menu item: Créer fichier PDF - C:\Program Files\Nuance\PDF Professional 5\bin\ZeonIEFavClient.dll (Zeon Corporation)
O8 - Extra context menu item: Créer un fichier PDF depuis le contenu du lien - C:\Program Files\Nuance\PDF Professional 5\bin\ZeonIEFavClient.dll (Zeon Corporation)
O8 - Extra context menu item: Ouvrir avec Nuance PDF Converter 5.0 - C:\Program Files\Nuance\PDF Professional 5\cnvres_fre.dll (Nuance Communications, Inc.)
O9 - Extra Button: Sites Perso - {06FE5D05-8F11-11d2-804F-00105A133818} - File not found
O9 - Extra 'Tools' menuitem : Compaq France - {06FE5D05-8F11-11d2-804F-00105A133818} - File not found
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O15 - HKCU\..Trusted Domains: ([]msn in My Computer)
O15 - HKCU\..Trusted Domains: localhost ([]http in Trusted sites)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shoc ... tor/sw.cab (Reg Error: Key error.)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupda ... 7284484411 (WUWebControl Class)
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} http://fichiers.touslesdrivers.com/maco ... _6_0_1.cab ("Ma-Config.com control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_22)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 172.16.0.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\WINDOWS\compaq.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\compaq.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/18 23:12:18 | 000,000,088 | R--- | M] () - F:\autorun.inf -- [ UDF ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/04/16 14:34:23 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/04/16 11:29:06 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Admin\Recent
[2011/04/04 22:32:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Flight Test 5
[2011/04/04 22:32:26 | 000,000,000 | ---D | C] -- C:\FlightTest5
[2011/04/03 17:57:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin\dwhelper
[2011/03/31 21:03:12 | 000,000,000 | ---D | C] -- C:\Ad-Remover
[2011/03/31 19:48:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2011/03/31 19:48:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin\Application Data\SUPERAntiSpyware.com
[2011/03/29 22:03:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin\My Documents\Téléchargements
[2011/03/28 21:33:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin\Application Data\TuneUp Software
[2011/03/28 21:33:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TuneUp Software
[2011/03/28 17:52:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin\Application Data\Malwarebytes
[2011/03/28 17:52:44 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/03/28 17:52:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/03/28 17:52:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2011/03/28 17:52:37 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/03/28 17:52:37 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/03/27 21:47:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin\Desktop\jla
[2011/03/26 15:28:42 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2011/03/26 15:28:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2011/03/25 15:17:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2011/03/25 15:16:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2011/03/25 14:37:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2011/03/25 14:33:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2011/03/23 23:33:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite
[2011/03/23 23:33:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin\Application Data\DAEMON Tools Lite
[2011/03/23 18:52:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\e-Carte Bleue LCL
[2011/03/23 18:52:01 | 000,000,000 | ---D | C] -- C:\Program Files\e-Carte Bleue LCL
[2011/03/23 14:32:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin\My Documents\FAA
[2011/03/21 19:00:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin\Local Settings\Application Data\Mozilla
[2011/03/21 18:59:20 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2011/03/20 01:21:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\FAA Written Test Prep
[2011/03/20 01:20:14 | 000,000,000 | ---D | C] -- C:\Program Files\GroundSchool

========== Files - Modified Within 30 Days ==========

[2011/04/16 19:45:21 | 000,000,278 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-2111342016-995690780-1244716356-1005.job
[2011/04/16 19:45:14 | 000,000,280 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-18.job
[2011/04/16 19:45:04 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/04/16 19:45:02 | 1073,139,712 | -HS- | M] () -- C:\hiberfil.sys
[2011/04/16 14:10:13 | 000,002,265 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2011/04/16 12:41:00 | 000,000,288 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-18.job
[2011/04/16 09:31:08 | 000,224,024 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/04/15 23:48:44 | 000,432,924 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/04/15 23:48:44 | 000,067,714 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/04/15 21:49:05 | 000,000,512 | ---- | M] () -- C:\PhysicalMBR.bin
[2011/04/12 15:46:12 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/04/10 17:34:01 | 000,000,286 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-2111342016-995690780-1244716356-1005.job
[2011/04/04 22:32:33 | 000,001,504 | ---- | M] () -- C:\Documents and Settings\Admin\Desktop\Study with Flight Test 5.lnk
[2011/04/04 19:18:07 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/04/02 16:00:02 | 000,058,981 | ---- | M] () -- C:\Documents and Settings\Admin\Desktop\MORApdf.pdf
[2011/04/02 15:00:34 | 002,800,615 | ---- | M] () -- C:\Documents and Settings\Admin\Desktop\l_25420080920en00010238.pdf
[2011/04/02 13:56:42 | 000,000,739 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\ZHPDiag.lnk
[2011/04/02 13:56:42 | 000,000,734 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\ZHPFix.lnk
[2011/04/02 12:37:09 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/03/30 21:31:18 | 000,000,010 | ---- | M] () -- C:\WINDOWS\WININIT.INI
[2011/03/29 21:40:47 | 000,000,742 | ---- | M] () -- C:\Documents and Settings\Admin\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/03/28 21:03:42 | 000,000,211 | RHS- | M] () -- C:\boot.ini
[2011/03/28 17:52:45 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/03/28 00:23:02 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\csfchjac.dll
[2011/03/26 22:33:32 | 000,000,734 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011/03/25 13:11:44 | 000,739,328 | ---- | M] () -- C:\WINDOWS\System32\wllqaatc.dll
[2011/03/23 18:52:02 | 000,001,593 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\e-Carte Bleue LCL.lnk
[2011/03/23 14:37:53 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2011/03/21 19:00:08 | 000,000,000 | ---- | M] () -- C:\WINDOWS\nsreg.dat
[2011/03/21 18:59:23 | 000,000,742 | ---- | M] () -- C:\Documents and Settings\Admin\Desktop\Mozilla Firefox.lnk
[2011/03/20 01:21:00 | 000,000,670 | ---- | M] () -- C:\Documents and Settings\Admin\Desktop\GroundSchool.lnk

========== Files Created - No Company Name ==========

[2011/04/15 21:49:05 | 000,000,512 | ---- | C] () -- C:\PhysicalMBR.bin
[2011/04/04 22:32:33 | 000,001,504 | ---- | C] () -- C:\Documents and Settings\Admin\Desktop\Study with Flight Test 5.lnk
[2011/04/02 15:59:56 | 000,058,981 | ---- | C] () -- C:\Documents and Settings\Admin\Desktop\MORApdf.pdf
[2011/04/02 15:00:21 | 002,800,615 | ---- | C] () -- C:\Documents and Settings\Admin\Desktop\l_25420080920en00010238.pdf
[2011/04/01 14:29:37 | 000,000,288 | ---- | C] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-18.job
[2011/04/01 14:29:37 | 000,000,280 | ---- | C] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-18.job
[2011/03/30 21:31:16 | 000,000,010 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2011/03/30 21:27:12 | 000,000,739 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\ZHPDiag.lnk
[2011/03/30 21:27:12 | 000,000,734 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\ZHPFix.lnk
[2011/03/29 21:40:47 | 000,000,742 | ---- | C] () -- C:\Documents and Settings\Admin\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/03/28 17:52:45 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/03/28 00:23:02 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\csfchjac.dll
[2011/03/25 14:09:42 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/03/25 13:11:43 | 000,739,328 | ---- | C] () -- C:\WINDOWS\System32\wllqaatc.dll
[2011/03/23 18:52:02 | 000,001,593 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\e-Carte Bleue LCL.lnk
[2011/03/22 17:15:21 | 000,116,632 | ---- | C] () -- C:\Documents and Settings\Admin\Desktop\permanences_d_accueil_01.pdf
[2011/03/21 19:00:08 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2011/03/21 18:59:23 | 000,000,742 | ---- | C] () -- C:\Documents and Settings\Admin\Desktop\Mozilla Firefox.lnk
[2011/03/21 18:59:23 | 000,000,730 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk
[2011/03/20 01:21:00 | 000,000,670 | ---- | C] () -- C:\Documents and Settings\Admin\Desktop\GroundSchool.lnk
[2011/03/11 23:26:22 | 000,000,067 | ---- | C] () -- C:\WINDOWS\contact.ini
[2010/11/29 21:16:55 | 000,003,584 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/11/26 13:30:38 | 000,087,552 | ---- | C] () -- C:\WINDOWS\System32\cpwmon2k.dll
[2010/10/24 18:05:03 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini
[2010/10/24 18:04:58 | 000,819,200 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2010/10/24 18:04:58 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2010/10/24 18:04:57 | 000,108,032 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2010/10/23 13:23:40 | 000,004,608 | ---- | C] () -- C:\Documents and Settings\Admin\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/10/21 08:38:37 | 000,165,376 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2010/10/21 08:22:39 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2010/10/18 01:20:13 | 000,004,692 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2010/10/18 01:17:39 | 000,006,550 | ---- | C] () -- C:\WINDOWS\jautoexp.dat
[2010/10/18 01:04:49 | 000,000,044 | ---- | C] () -- C:\WINDOWS\System32\msssc.dll
[2010/10/18 01:04:22 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\Aud2Full.exe
[2010/10/17 15:44:05 | 000,004,511 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2010/10/17 15:44:01 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2010/10/17 15:43:56 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2010/10/17 15:42:30 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2010/10/17 15:42:16 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2010/10/17 15:11:17 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\ati2evxx.exe
[2010/10/17 15:10:37 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\SynTPCoI.dll
[2010/10/17 03:01:44 | 000,000,382 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2004/08/02 14:20:40 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2003/04/01 10:58:02 | 000,005,260 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002/12/03 23:25:48 | 000,000,062 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\Systemag.ini
[2001/09/16 22:24:10 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2001/09/16 22:21:26 | 000,224,024 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2001/09/16 22:15:04 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2001/09/16 22:11:00 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2001/09/16 22:10:12 | 000,432,924 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2001/09/16 22:10:12 | 000,067,714 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2001/08/17 13:47:42 | 000,150,784 | ---- | C] () -- C:\WINDOWS\System32\jipijpbr.dat
[2001/08/17 13:47:42 | 000,135,936 | ---- | C] () -- C:\WINDOWS\System32\qjtaokeu.dat
[2001/08/17 13:47:42 | 000,058,112 | ---- | C] () -- C:\WINDOWS\System32\dwdmyvvt.dat
[2001/08/17 13:47:42 | 000,050,432 | ---- | C] () -- C:\WINDOWS\System32\itionchj.dat
[2001/08/17 13:47:42 | 000,039,680 | ---- | C] () -- C:\WINDOWS\System32\agtfkxhc.dat
[2001/08/17 13:47:42 | 000,034,560 | ---- | C] () -- C:\WINDOWS\System32\oqwcqfzz.dat
[2001/08/17 13:47:42 | 000,031,488 | ---- | C] () -- C:\WINDOWS\System32\jsxstzph.dat
[2001/08/17 13:47:42 | 000,030,464 | ---- | C] () -- C:\WINDOWS\System32\vjtcwkow.dat
[2001/08/17 13:30:26 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2001/08/17 13:30:26 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2001/08/17 13:15:40 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2001/07/21 14:36:50 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2001/07/21 14:36:06 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2000/07/15 01:00:00 | 000,030,720 | ---- | C] () -- C:\WINDOWS\regtlib.exe

========== LOP Check ==========

[2011/03/24 14:59:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\DAEMON Tools Lite
[2011/03/23 12:27:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\GroundSchool FAA
[2010/11/23 22:20:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\moovida-1
[2010/12/17 20:52:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\PriceGong
[2010/10/23 01:22:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\ScanSoft
[2010/10/17 06:09:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\TeamViewer
[2010/12/22 23:20:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\TomTom
[2011/03/16 18:31:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\Transcend
[2011/03/28 21:33:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\TuneUp Software
[2010/10/24 17:32:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\Uniblue
[2011/03/25 15:37:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\uTorrent
[2010/10/20 07:00:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\Western Digital
[2010/10/23 01:22:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\Zeon
[2011/03/23 23:33:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite
[2010/10/24 17:00:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Driver Whiz
[2010/10/18 01:35:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ESET
[2010/10/24 17:17:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\inf
[2010/10/24 16:48:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ma-config.com
[2010/10/23 00:38:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nuance
[2011/03/11 23:25:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SOFTENTREPRISE
[2010/12/22 23:21:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TomTom
[2011/03/28 21:34:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TuneUp Software
[2010/10/19 08:58:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Western Digital
[2010/10/23 00:37:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\zeon
[2010/10/27 03:55:45 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{26D901A1-2540-4430-81DC-0317F01BD7BE}
[2010/10/27 04:04:07 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{47B5977E-772D-4BBA-AAA4-4C8FF0532136}
[2010/10/27 03:55:06 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{BF1E655E-0210-4F9E-BE22-94A9069BF84B}
[2010/10/22 21:13:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{F40E9D30-5DFC-4B21-BFDB-A5CDEE6440A6}

========== Purity Check ==========

< End of report >

par **strat333** » 16 Avr 2011, 21:03

désolé j'ai pas mis les rapports deans le bon ordre....mais les manip ont bien été faites dans l’ordre demande

voici le rapport désinfection OTL

All processes killed
========== OTL ==========
Error: Unable to stop service wqnkjdgs!
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wqnkjdgs deleted successfully.
File move failed. C:\WINDOWS\system32\wllqaatc.dll scheduled to be moved on reboot.
Registry delete failed. HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D57A861A-B272-E2CD-4316-D78CCC33D9C9}\ scheduled to be deleted on reboot.
Unable to delete registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D57A861A-B272-E2CD-4316-D78CCC33D9C9}\ .
File move failed. C:\WINDOWS\system32\wllqaatc.dll scheduled to be moved on reboot.
Registry value HKEY_USERS\S-1-5-21-2111342016-995690780-1244716356-1005\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
File oft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab not found.
Starting removal of ActiveX control Microsoft XML Parser for Java
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\Microsoft XML Parser for Java\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\Microsoft XML Parser for Java\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\Microsoft XML Parser for Java\ not found.
C:\WINDOWS\002184_.tmp deleted successfully.
C:\WINDOWS\002185_.tmp deleted successfully.
C:\WINDOWS\004960_.tmp deleted successfully.
C:\WINDOWS\147BCE03C0F14C9F81576A89B6D2D973.TMP\WiseCustomCalla.dll deleted successfully.
C:\WINDOWS\147BCE03C0F14C9F81576A89B6D2D973.TMP folder deleted successfully.
C:\WINDOWS\System32\ConduitEngine.tmp deleted successfully.
C:\WINDOWS\System32\CONFIG.TMP deleted successfully.
C:\WINDOWS\tasks\At1.job moved successfully.
File move failed. C:\WINDOWS\system32\wllqaatc.dll scheduled to be moved on reboot.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Documents and Settings\Admin\Desktop\EXE\OTL\cmd.bat deleted successfully.
C:\Documents and Settings\Admin\Desktop\EXE\OTL\cmd.txt deleted successfully.
File\Folder C:\Windows\tasks\At*.job not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: Admin
->Temp folder emptied: 3451781 bytes
->Temporary Internet Files folder emptied: 10377531 bytes
->Java cache emptied: 142047 bytes
->FireFox cache emptied: 62078647 bytes
->Flash cache emptied: 1073 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33193 bytes

User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 800455 bytes
->Flash cache emptied: 456 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 107804503 bytes
->Flash cache emptied: 1554 bytes

User: Owner
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33193 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 39650 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 91085510 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 9651099 bytes
RecycleBin emptied: 237327059 bytes

Total Files Cleaned = 499,00 mb

[EMPTYFLASH]

User: Admin
->Flash cache emptied: 0 bytes

User: All Users

User: Default User

User: LocalService
->Flash cache emptied: 0 bytes

User: NetworkService
->Flash cache emptied: 0 bytes

User: Owner

Total Flash Files Cleaned = 0,00 mb

Restore point Set: OTL Restore Point (0)

OTL by OldTimer - Version 3.2.22.3 log created on 04162011_143423

Files\Folders moved on Reboot...
File move failed. C:\WINDOWS\system32\wllqaatc.dll scheduled to be moved on reboot.
File\Folder C:\Documents and Settings\Admin\Local Settings\Temp\Temporary Internet Files\Content.IE5\L9ZQBMQL\O_j1oleNy4ZU86-W2NiZUucgTNFgplm4,3RvVC7Y9WVKPncm_RYDkVXAjYsPDrOyhF34pTj0uaHf2O4Llr3eGY97S7o50OmIyPFLeYS2oL-CVPzT3E2iL5TyJZqfWd-2ph4XPQL7WyO5XqBjq7A&callback=google.LU[1].featureMap not found!
File\Folder C:\Documents and Settings\Admin\Local Settings\Temp\~DF8B12.tmp not found!
C:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.Word\~WRF{3526868F-76F4-4BCB-A9A9-B35E8766D022}.tmp moved successfully.
C:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.Word\~WRS{17B837E7-37A3-4157-9DBF-FA850781140D}.tmp moved successfully.
C:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.Word\~WRS{31ADD709-5B16-41E6-8AE6-37A0269B874D}.tmp moved successfully.
File\Folder C:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.Word\~WRS{32F62943-AE52-48E8-98CE-3CFD450EA7AD}.tmp not found!
C:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.Word\~WRS{B7536705-3931-43B7-B1FD-314AC68B811B}.tmp moved successfully.
C:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.Word\~WRS{C0C0F437-ABD7-420C-BFE2-EEDD67FEE537}.tmp moved successfully.
C:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\I0FLQ4LK\blank[1].html moved successfully.
C:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\I0FLQ4LK\blank[2].html moved successfully.
C:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\I0FLQ4LK\blank[3].html moved successfully.
C:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\I0FLQ4LK\openmail.app[1].invoke moved successfully.
C:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\I0FLQ4LK\openmail.app[2].invoke moved successfully.
C:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\HB8ATQKV\launch[1].txt moved successfully.
C:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\E0K4243N\fc[1].txt moved successfully.
C:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\5U3SXOMV\mailoptions[1].txt moved successfully.

Registry entries deleted on Reboot...
Registry delete failed. HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D57A861A-B272-E2CD-4316-D78CCC33D9C9}\ scheduled to be deleted on reboot.
Unable to delete registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D57A861A-B272-E2CD-4316-D78CCC33D9C9}\ .

[Résolu] malware Lkckclckl1i1i.com

[Résolu] malware Lkckclckl1i1i.com

Re: malware Lkckclckl1i1i.com

Re: malware Lkckclckl1i1i.com

Re: malware Lkckclckl1i1i.com

Re: malware Lkckclckl1i1i.com

Re: malware Lkckclckl1i1i.com

Re: malware Lkckclckl1i1i.com

Re: malware Lkckclckl1i1i.com

Re: malware Lkckclckl1i1i.com

Re: malware Lkckclckl1i1i.com

Re: malware Lkckclckl1i1i.com

Re: malware Lkckclckl1i1i.com

Re: malware Lkckclckl1i1i.com

Re: malware Lkckclckl1i1i.com

Re: malware Lkckclckl1i1i.com

Qui est en ligne