Bonjour

Sécurité et insécurité. Virus, Trojans, Spywares, Failles etc. …

Modérateur: Modérateurs et Modératrices

Règles du forum
Assiste.com a suspendu l'assistance à la décontamination après presque 15 ans sur l'ancien forum puis celui-ci. Voir :

Procédure de décontamination 1 - Anti-malware
Décontamination anti-malwares

Procédure de décontamination 2 - Anti-malware et antivirus (La Manip)
La Manip - Procédure standard de décontamination

Entretien périodique d'un PC sous Windows
Entretien périodique d'un PC sous Windows

Protection des navigateurs, de la navigation et de la vie privée
Protéger le navigateur, la navigation et la vie privée

Bonjour

Messagede Tichaton » 15 Fév 2009, 13:50

Voici le premier rapport...

Error: Unable to interpret <rien> in the current context!
========== PROCESSES ==========
Process explorer.exe killed successfully.
========== REGISTRY ==========
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0476cb87-79a8-11dd-9a4f-0011d8e8b558}\\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c94c21b1-d37f-11dd-9abf-000e8e080121}\\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e58ae2f9-feec-11dc-99b2-0060b30ee877}\\ deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\"NoDriveTypeAutoRun"|dword:000000ff /E : value set successfully!
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\"NoDriveTypeAutoRun"|dword:000000ff /E : value set successfully!
========== FILES ==========
C:\autorun.inf moved successfully.
C:\ur0.com moved successfully.
File/Folder C:\tmf3w3g0.com not found.
DllUnregisterServer procedure not found in C:\WINDOWS\System32\nmdfgds1.dll
C:\WINDOWS\System32\nmdfgds1.dll NOT unregistered.
C:\WINDOWS\System32\nmdfgds1.dll moved successfully.
C:\opgde.exe moved successfully.
C:\1utbfd.bat moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\System32\nmdfgds0.dll
C:\WINDOWS\System32\nmdfgds0.dll NOT unregistered.
C:\WINDOWS\System32\nmdfgds0.dll moved successfully.
C:\autorun.MSNFix moved successfully.
File/Folder C:\m0vnonh.bat not found.
========== COMMANDS ==========
Explorer started successfully
File delete failed. C:\DOCUME~1\DDD570~1\LOCALS~1\Temp\hpodvd09.log scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\DDD570~1\LOCALS~1\Temp\WCESLog.log scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\DDD570~1\LOCALS~1\Temp\~DF1D00.tmp scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Temporary Internet Files folder emptied.
User's Internet Explorer cache folder emptied.
Local Service Temp folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
Local Service Temporary Internet Files folder emptied.
Windows Temp folder emptied.
Java cache emptied.
FireFox cache emptied.
Temp folders emptied.

OTMoveIt3 by OldTimer - Version 1.0.8.0 log created on 02142009_215049

Files moved on Reboot...
C:\DOCUME~1\DDD570~1\LOCALS~1\Temp\hpodvd09.log moved successfully.
C:\DOCUME~1\DDD570~1\LOCALS~1\Temp\WCESLog.log moved successfully.
File C:\DOCUME~1\DDD570~1\LOCALS~1\Temp\~DF1D00.tmp not found!
File move failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be moved on reboot.
Tichaton
 
Messages: 18
Inscription: 08 Fév 2009, 11:40

Suite...

Messagede Tichaton » 15 Fév 2009, 13:52

OTListIt logfile created on: 14/02/2009 21:58:11 - Run 3
OTListIt2 by OldTimer - Version 1.0.4.1 Folder = C:\Documents and Settings\Dédé\Bureau
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy

1023,30 Mb Total Physical Memory | 595,04 Mb Available Physical Memory | 58,15% Memory free
2,40 Gb Paging File | 2,02 Gb Available in Paging File | 84,18% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 152,66 Gb Total Space | 4,98 Gb Free Space | 3,27% Space Free | Partition Type: NTFS
Drive D: | 4,06 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: CELISSE-EB9D4AC
Current User Name: Dédé
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Output = Standard
File Age = 30 Days
Company Name Whitelist: On

========== Processes (SafeList) ==========

[2006/03/23 16:06:38 | 00,880,128 | ---- | M] (Nero AG) -- C:\Program Files\Ahead\InCD\InCDsrv.exe
[2007/09/11 09:40:32 | 00,214,056 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
[2007/08/28 13:16:22 | 00,063,016 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
[2004/03/29 16:08:16 | 00,049,152 | ---- | M] () -- C:\Program Files\Wireless 802.11g Monitor\WLService.exe
[2004/09/02 17:09:56 | 00,794,624 | ---- | M] () -- C:\Program Files\Wireless 802.11g Monitor\WLanCfgG.exe
[2008/05/16 17:12:44 | 00,102,400 | ---- | M] (WDC) -- C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe
[2008/04/14 03:34:28 | 00,218,112 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\wmiprvse.exe
[2008/04/14 03:34:29 | 00,013,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wscntfy.exe
[2003/10/31 18:42:40 | 00,032,768 | ---- | M] (Cyberlink Corp.) -- C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
[2004/06/18 09:31:02 | 00,067,584 | R--- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\SOUNDMAN.EXE
[2005/03/08 05:42:09 | 00,176,128 | ---- | M] (HP) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb12.exe
[2006/03/23 16:06:50 | 01,398,272 | ---- | M] (Nero AG) -- C:\Program Files\Ahead\InCD\InCD.exe
[2008/02/22 04:25:21 | 00,144,784 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
[2007/05/08 16:24:20 | 00,054,840 | ---- | M] (Hewlett-Packard) -- C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
[2004/08/22 16:05:02 | 00,081,920 | ---- | M] (DAEMON'S HOME) -- C:\Program Files\D-Tools\daemon.exe
[2005/10/23 00:00:00 | 00,385,024 | ---- | M] (Team H2O) -- C:\Program Files\Syncrosoft\POS\H2O\cledx.exe
[2008/10/15 01:04:34 | 00,039,792 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
[2008/05/16 17:12:08 | 00,430,080 | ---- | M] (WDC) -- C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrUI.exe
[2007/08/31 12:25:18 | 00,249,896 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
[2005/08/09 19:14:54 | 00,155,648 | R--- | M] (Sony Ericsson Mobile Communications AB) -- C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
[2006/06/21 01:20:50 | 01,211,176 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft ActiveSync\wcescomm.exe
[2008/04/14 03:34:13 | 01,695,232 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe
[2005/05/11 22:23:26 | 00,282,624 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
[2004/10/21 07:50:52 | 00,045,056 | ---- | M] () -- C:\WINDOWS\system32\AlertModule\AlertModule.exe
[2008/12/02 21:50:04 | 00,143,360 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\Dédé\Application Data\Microsoft\Live Search\Notification-LiveSearch.exe
[2005/06/08 17:45:04 | 00,278,528 | ---- | M] (Teleca Software Solutions AB) -- C:\Program Files\Fichiers communs\Teleca Shared\CapabilityManager.exe
[2008/10/16 14:09:44 | 00,051,224 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wuauclt.exe
[2008/12/02 21:50:05 | 00,125,440 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\Dédé\Application Data\Microsoft\Live Search\Mise-a-jour-LiveSearch.exe
[2006/06/21 01:20:20 | 00,187,176 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft ActiveSync\rapimgr.exe
[2005/05/11 23:33:52 | 00,479,232 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
[2005/05/11 23:40:38 | 00,204,800 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe
[2008/02/07 09:55:12 | 01,180,896 | ---- | M] (Memeo Inc.) -- C:\Program Files\WD\WD Anywhere Backup\MemeoBackup.exe
[2005/08/10 08:54:34 | 00,385,024 | R--- | M] (Teleca Software Solutions) -- C:\Program Files\Fichiers communs\Teleca Shared\Generic.exe
[2005/07/07 22:45:10 | 00,860,160 | R--- | M] (Sony Ericsson Mobile Communications AB) -- C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
[2009/02/08 21:55:48 | 00,419,328 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Dédé\Bureau\OTListIt2.exe

========== (O23) Win32 Services (SafeList) ==========

[2007/08/28 13:16:22 | 00,063,016 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe -- (AntiVirScheduler [Auto | Running])
[2007/09/11 09:40:32 | 00,214,056 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe -- (AntiVirService [Auto | Running])
[2007/10/24 01:47:22 | 00,033,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
[2007/10/24 01:47:40 | 00,070,144 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
[2007/10/09 12:58:12 | 00,036,864 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Stopped])
[2008/04/14 03:33:38 | 00,038,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\pchealth\helpctr\binaries\pchsvc.dll -- (helpsvc [Auto | Running])
[2007/10/11 09:55:10 | 00,864,256 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc [Unknown | Stopped])
[2006/03/23 16:06:38 | 00,880,128 | ---- | M] (Nero AG) -- C:\Program Files\Ahead\InCD\InCDsrv.exe -- (InCDsrv [Auto | Running])
[2007/10/11 09:55:14 | 00,122,880 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled | Stopped])
[2003/07/28 19:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
[2007/08/09 08:27:52 | 00,073,728 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12 [Auto | Stopped])
[2004/03/29 16:08:16 | 00,049,152 | ---- | M] () -- C:\Program Files\Wireless 802.11g Monitor\WLService.exe -- (R54G Wireless Service [Auto | Running])
[2008/05/16 17:12:44 | 00,102,400 | ---- | M] (WDC) -- C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe -- (WDBtnMgrSvc.exe [Auto | Running])
[2006/11/03 09:59:14 | 00,918,016 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc [On_Demand | Stopped])
[2006/09/28 18:56:14 | 00,055,808 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\WudfSvc.dll -- (WudfSvc [Auto | Running])

========== Driver Services (SafeList) ==========

[2004/04/30 08:37:02 | 00,160,640 | ---- | M] ( ) -- C:\WINDOWS\system32\drivers\a347bus.sys -- (a347bus [Boot | Running])
[2004/04/30 08:33:00 | 00,005,248 | ---- | M] ( ) -- C:\WINDOWS\system32\drivers\a347scsi.sys -- (a347scsi [Boot | Running])
[2004/02/24 04:08:52 | 00,400,384 | R--- | M] (Sensaura) -- C:\WINDOWS\system32\drivers\ALCXSENS.SYS -- (ALCXSENS [On_Demand | Running])
[2004/06/21 09:53:20 | 00,626,204 | R--- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM [On_Demand | Running])
[2003/11/28 18:34:40 | 00,011,264 | ---- | M] (Pinnacle Systems GmbH) -- C:\WINDOWS\system32\drivers\asapiW2k.sys -- (ASAPIW2K [On_Demand | Running])
[2008/04/13 19:40:30 | 00,096,512 | ---- | M] () -- C:\WINDOWS\system32\drivers\atapi.sys -- (atapi [Boot | Running])
[2004/08/04 01:38:44 | 00,701,440 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag [On_Demand | Running])
[2007/02/27 15:25:10 | 00,011,840 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgio.sys -- (avgio [System | Running])
[2007/09/17 11:25:03 | 00,048,448 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgntflt.sys -- (avgntflt [On_Demand | Running])
[2007/09/07 12:05:19 | 00,062,016 | ---- | M] (AVIRA GmbH) -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb [System | Running])
[2001/08/17 22:04:48 | 00,171,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\camdrv30.sys -- (Camdrv30 [On_Demand | Stopped])
[2005/05/09 19:08:40 | 00,033,792 | ---- | M] (Team H2O) -- C:\WINDOWS\system32\drivers\cledx.sys -- (CLEDX [On_Demand | Running])
[2004/08/22 15:31:10 | 00,155,136 | ---- | M] ( ) -- C:\WINDOWS\system32\drivers\d347bus.sys -- (d347bus [Boot | Running])
[2004/08/22 15:31:48 | 00,005,248 | ---- | M] ( ) -- C:\WINDOWS\system32\drivers\d347prt.sys -- (d347prt [Boot | Running])
[2001/12/12 20:31:24 | 00,004,608 | ---- | M] (Elaborate Bytes) -- C:\WINDOWS\system32\drivers\ElbyCDFL.sys -- (ElbyCDFL [On_Demand | Running])
[2002/01/02 14:09:14 | 00,013,268 | ---- | M] (Elaborate Bytes) -- C:\WINDOWS\system32\drivers\ElbyCDIO.sys -- (ElbyCDIO [Auto | Running])
[2005/03/08 05:43:25 | 00,051,120 | R--- | M] (HP) -- C:\WINDOWS\system32\drivers\HPZid412.sys -- (HPZid412 [On_Demand | Stopped])
[2005/03/08 05:43:26 | 00,016,496 | R--- | M] (HP) -- C:\WINDOWS\system32\drivers\HPZipr12.sys -- (HPZipr12 [On_Demand | Stopped])
[2005/03/08 05:43:27 | 00,021,744 | R--- | M] (HP) -- C:\WINDOWS\system32\drivers\HPZius12.sys -- (HPZius12 [On_Demand | Stopped])
[2006/03/23 16:15:58 | 00,102,016 | ---- | M] (Nero AG) -- C:\WINDOWS\system32\drivers\InCDfs.sys -- (InCDfs [Disabled | Running])
[2006/03/23 16:15:56 | 00,029,440 | ---- | M] (Nero AG) -- C:\WINDOWS\system32\drivers\InCDpass.sys -- (InCDPass [System | Running])
[2006/03/23 16:15:56 | 00,033,536 | ---- | M] (Nero AG) -- C:\WINDOWS\system32\drivers\InCDrm.sys -- (incdrm [System | Running])
[2008/04/14 03:05:15 | 00,014,720 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\kbdhid.sys -- (kbdhid [System | Stopped])
[2008/12/03 19:31:46 | 00,015,781 | ---- | M] (Meetinghouse Data Communications) -- C:\WINDOWS\system32\drivers\mdc8021x.sys -- (MDC8021X [Auto | Running])
[2001/08/17 23:00:04 | 00,002,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\msmpu401.sys -- (ms_mpu401 [On_Demand | Running])
[2004/07/28 08:15:36 | 00,033,024 | R--- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD [On_Demand | Running])
[2004/07/28 08:15:38 | 00,012,928 | R--- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus [On_Demand | Running])
[2003/08/04 15:22:44 | 00,016,128 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) -- C:\WINDOWS\system32\PCANDIS5.SYS -- (PCANDIS5 [On_Demand | Stopped])
[2005/06/09 13:15:56 | 00,017,359 | ---- | M] (PCTEL Inc.) -- C:\WINDOWS\system32\PCTINDIS5.sys -- (PCTINDIS5 [On_Demand | Stopped])
[2004/07/22 15:28:40 | 00,057,088 | R--- | M] (TerraTec Electronic GmbH) -- C:\WINDOWS\system32\drivers\Protec.sys -- (Protec [On_Demand | Running])
[2004/08/05 13:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink [On_Demand | Running])
[2005/01/26 01:03:00 | 00,020,576 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\pxhelp20.sys -- (PxHelp20 [Boot | Running])
[2004/05/07 13:47:10 | 00,079,616 | ---- | M] (Ralink Technology Inc.) -- C:\WINDOWS\system32\drivers\rt2571.sys -- (rt2571 [On_Demand | Running])
[2007/11/13 11:25:54 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv [Auto | Running])
[2005/08/10 13:44:04 | 00,050,688 | ---- | M] (Protection Technology) -- C:\WINDOWS\system32\drivers\sfdrv01.sys -- (sfdrv01 [Boot | Running])
[2005/05/16 14:20:39 | 00,006,656 | ---- | M] (Protection Technology) -- C:\WINDOWS\system32\drivers\sfhlp02.sys -- (sfhlp02 [Boot | Running])
[2005/08/10 15:06:28 | 00,019,968 | ---- | M] (Protection Technology) -- C:\WINDOWS\system32\drivers\sfsync02.sys -- (sfsync02 [Boot | Running])
[2005/11/03 15:40:07 | 00,063,488 | ---- | M] (Protection Technology) -- C:\WINDOWS\system32\drivers\sfvfs02.sys -- (sfvfs02 [Boot | Running])
[2001/08/17 20:56:16 | 00,007,552 | ---- | M] (Sony Corporation) -- C:\WINDOWS\system32\drivers\SONYPVU1.SYS -- (SONYPVU1 [On_Demand | Stopped])
[2005/07/13 11:08:20 | 00,033,890 | ---- | M] (Service & Quality Technology.) -- C:\WINDOWS\system32\drivers\Capt905c.sys -- (SQTECH905C [On_Demand | Stopped])
[2007/03/01 10:34:36 | 00,028,352 | ---- | M] (Avira GmbH) -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv [System | Running])
[2008/04/13 19:45:12 | 00,060,032 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\usbaudio.sys -- (usbaudio [On_Demand | Stopped])
[2008/04/13 19:56:49 | 00,012,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\usb8023x.sys -- (usb_rndisx [On_Demand | Stopped])
[2005/08/01 14:46:40 | 00,060,928 | R--- | M] (MCCI) -- C:\WINDOWS\system32\drivers\w550bus.sys -- (w550bus [On_Demand | Stopped])
[2005/08/01 14:46:42 | 00,008,336 | R--- | M] (MCCI) -- C:\WINDOWS\system32\drivers\w550mdfl.sys -- (w550mdfl [On_Demand | Stopped])
[2005/08/01 14:46:44 | 00,096,672 | R--- | M] (MCCI) -- C:\WINDOWS\system32\drivers\w550mdm.sys -- (w550mdm [On_Demand | Stopped])
[2005/08/01 14:46:28 | 00,088,080 | R--- | M] (MCCI) -- C:\WINDOWS\system32\drivers\w550mgmt.sys -- (w550mgmt [On_Demand | Stopped])
[2005/08/01 14:46:46 | 00,085,952 | R--- | M] (MCCI) -- C:\WINDOWS\system32\drivers\w550obex.sys -- (w550obex [On_Demand | Stopped])
[2004/08/05 13:00:00 | 00,012,032 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\ws2ifsl.sys -- (WS2IFSL [System | Running])
[2006/12/13 07:34:06 | 00,031,400 | ---- | M] (Exent Technologies Ltd.) -- C:\Program Files\Metaboli Player\X4HSX32.sys -- (X4HSX32 [Auto | Running])
[2003/09/25 21:15:32 | 00,015,872 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) -- C:\WINDOWS\system32\GTNDIS5.sys -- (GTNDIS5 [On_Demand | Running])

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://fr.yahoo.com
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://fr.rd.yahoo.com/customize/ie/def ... .yahoo.com
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL =
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://fr.rd.yahoo.com/customize/ie/def ... .yahoo.com
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://fr.rd.yahoo.com/customize/ie/def ... .yahoo.com
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = @ieframe.dll,-12512
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,AutoSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/saautosearch.aspx
HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



HKU\S-1-5-21-746137067-1972579041-839522115-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
HKU\S-1-5-21-746137067-1972579041-839522115-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://fr.rd.yahoo.com/customize/ie/def ... .yahoo.com
HKU\S-1-5-21-746137067-1972579041-839522115-1004\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = @ieframe.dll,-12512
HKU\S-1-5-21-746137067-1972579041-839522115-1004\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
HKU\S-1-5-21-746137067-1972579041-839522115-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
HKU\S-1-5-21-746137067-1972579041-839522115-1004\SOFTWARE\Microsoft\Internet Explorer\Search,AutoSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/saautosearch.aspx
HKU\S-1-5-21-746137067-1972579041-839522115-1004\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
HKU\S-1-5-21-746137067-1972579041-839522115-1004\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
HKU\S-1-5-21-746137067-1972579041-839522115-1004\S-1-5-21-746137067-1972579041-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

O1 HOSTS File: (790 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Aide pour le lien d'Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - Reg Error: Key does not exist or could not be opened. File not found
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Programme d'aide de l'Assistant de connexion Windows Live) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - Reg Error: Key does not exist or could not be opened. File not found
O3 - HKCU\..\Toolbar: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - Reg Error: Key does not exist or could not be opened. File not found
O3 - HKCU\..\Toolbar: (no name) - {B5146C40-189A-4311-BDA9-FBAE3E023187} - C:\Program Files\Multi_Media\tbMult.dll File not found
O3 - HKCU\..\Toolbar: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key does not exist or could not be opened. File not found
O3 - HKU\S-1-5-21-746137067-1972579041-839522115-1004\..\Toolbar: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - Reg Error: Key does not exist or could not be opened. File not found
O3 - HKU\S-1-5-21-746137067-1972579041-839522115-1004\..\Toolbar: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - Reg Error: Key does not exist or could not be opened. File not found
O3 - HKU\S-1-5-21-746137067-1972579041-839522115-1004\..\Toolbar: (no name) - {B5146C40-189A-4311-BDA9-FBAE3E023187} - C:\Program Files\Multi_Media\tbMult.dll File not found
O3 - HKU\S-1-5-21-746137067-1972579041-839522115-1004\..\Toolbar: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key does not exist or could not be opened. File not found
O4 - HKLM..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe" (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min (Avira GmbH)
O4 - HKLM..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033 (DAEMON'S HOME)
O4 - HKLM..\Run: [ElbyCheckElbyCDFL] "C:\Program Files\Elaborate Bytes\CloneCD\ElbyCheck.exe" /L ElbyCDFL (Elaborate Bytes)
O4 - HKLM..\Run: [H2O] C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe (Team H2O)
O4 - HKLM..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe (Hewlett-Packard)
O4 - HKLM..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb12.exe (HP)
O4 - HKLM..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe (Nero AG)
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" (Cyberlink Corp.)
O4 - HKLM..\Run: [SoundMan] SOUNDMAN.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [WD Drive Manager] C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrUI.exe (WDC)
O4 - HKCU..\Run: [cdoosoft] C:\WINDOWS\system32\olhrwef.exe ()
O4 - HKCU..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe" (Microsoft Corporation)
O4 - HKCU..\Run: [Livecom] "C:\PROGRA~1\Livecom\APPLIC~1\CommunicationAgent\CommunicationAgent.exe" -ICom_StartNoSplashScreen ()
O4 - HKCU..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet (Yahoo! Inc.)
O4 - HKCU..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (Microsoft Corporation)
O4 - HKCU..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (Microsoft Corporation)
O4 - HKCU..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe" (Ahead Software AG)
O4 - HKCU..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /Minimized (Sony Ericsson Mobile Communications AB)
O4 - HKCU..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\GestMaj.exe EspaceWanadoo.exe File not found
O4 - HKU\S-1-5-21-746137067-1972579041-839522115-1004..\Run: [cdoosoft] C:\WINDOWS\system32\olhrwef.exe ()
O4 - HKU\S-1-5-21-746137067-1972579041-839522115-1004..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe" (Microsoft Corporation)
O4 - HKU\S-1-5-21-746137067-1972579041-839522115-1004..\Run: [Livecom] "C:\PROGRA~1\Livecom\APPLIC~1\CommunicationAgent\CommunicationAgent.exe" -ICom_StartNoSplashScreen ()
O4 - HKU\S-1-5-21-746137067-1972579041-839522115-1004..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet (Yahoo! Inc.)
O4 - HKU\S-1-5-21-746137067-1972579041-839522115-1004..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (Microsoft Corporation)
O4 - HKU\S-1-5-21-746137067-1972579041-839522115-1004..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (Microsoft Corporation)
O4 - HKU\S-1-5-21-746137067-1972579041-839522115-1004..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe" (Ahead Software AG)
O4 - HKU\S-1-5-21-746137067-1972579041-839522115-1004..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /Minimized (Sony Ericsson Mobile Communications AB)
O4 - HKU\S-1-5-21-746137067-1972579041-839522115-1004..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\GestMaj.exe EspaceWanadoo.exe File not found
O4 - Startup: C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Démarrage rapide du logiciel HP Image Zone.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe (Hewlett-Packard Co.)
O4 - Startup: C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
O4 - Startup: C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\WD Anywhere Backup Launcher.lnk = C:\WINDOWS\Installer\{649C4B1A-6A76-499A-9AEC-0C9530FA7D2C}\NewShortcut4_3A95A0BFA90C41A28DFACEDE7630C4FB.exe ()
O4 - Startup: C:\Documents and Settings\Dédé\Menu Démarrer\Programmes\Démarrage\Outil de notification Live Search.lnk = C:\Documents and Settings\Dédé\Application Data\Microsoft\Live Search\Notification-LiveSearch.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-746137067-1972579041-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra 'Tools' menuitem : Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\npjpi160_05.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Créer un favori mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O15 - HKLM\..Trusted Sites: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {00000055-9980-0010-8000-00AA00389B71} http://codecs.microsoft.com/codecs/i386/fhg.CAB (Reg Error: Key does not exist or could not be opened.)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/ ... ontrol.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0014-0000-0003-ABCDEFFEDCBA} http://java.sun.com/products/plugin/aut ... 03-win.cab (Java Plug-in 1.4.0_03)
O16 - DPF: {CAFEEFAC-0015-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinsta ... s-i586.cab (Java Plug-in 1.5.0_03)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinsta ... s-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinsta ... s-i586.cab (Java Plug-in 1.5.0_09)
O16 - DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinsta ... s-i586.cab (Java Plug-in 1.5.0_10)
O16 - DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinsta ... s-i586.cab (Java Plug-in 1.5.0_11)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_01)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_02)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/s ... wflash.cab (Shockwave Flash Object)
O18 - Protocol\Handler: - ipp - No CLSID value found
O18 - Protocol\Handler: - ipp\0x00000001 - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler: - livecall - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
O18 - Protocol\Handler: - msdaipp - No CLSID value found
O18 - Protocol\Handler: - msdaipp\0x00000001 - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler: - msdaipp\oledb - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler: - ms-itss - C:\Program Files\Fichiers communs\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler: - msnim - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
O18 - Protocol\Handler: - mso-offdap - C:\Program Files\Fichiers communs\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler: - mso-offdap11 - C:\Program Files\Fichiers communs\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Filter: - text/xml - C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - See sections below for AppInitDlls and Winlogon settings

========== Safeboot Options ==========

"AlternateShell" = cmd.exe

========== CDRom AutoRun Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom]
"AutoRun" = 1

========== Autorun Files on Drives ==========

AUTOEXEC.BAT []
[2005/10/05 10:35:57 | 00,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT -- [ NTFS ]

autorun.inf [[AutoRun] | ;JsdkJaOdrjkAaaSIs2Z32i3iqr | open=ur0.com | ;2a01 | shell\open\Command=ur0.com | ]
[2009/02/14 21:58:24 | 00,000,089 | RHS- | M] () -- C:\autorun.inf -- [ NTFS ]

========== Files/Folders - Created Within 30 Days ==========

[1 C:\Documents and Settings\Dédé\Bureau\*.tmp files]
[2009/02/14 21:56:36 | 00,095,744 | RHS- | C] () -- C:\WINDOWS\System32\nmdfgds1.dll
[2009/02/14 21:56:17 | 00,107,898 | RHS- | C] () -- C:\ur0.com
[2009/02/14 21:56:17 | 00,000,089 | RHS- | C] () -- C:\autorun.inf
[2009/02/14 21:55:43 | 00,095,744 | ---- | C] () -- C:\WINDOWS\System32\nmdfgds0.dll
[2009/02/14 21:50:49 | 00,000,000 | ---D | C] -- C:\_OTMoveIt
[2009/02/14 21:22:56 | 00,348,160 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Dédé\Bureau\OTMoveIt3.exe
[2009/02/14 10:52:41 | 00,107,898 | RHS- | C] () -- C:\WINDOWS\System32\olhrwef.exe
[2009/02/13 17:33:47 | 01,161,576 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\Dédé\Bureau\wlsetup-custom(2).exe
[2009/02/13 17:25:04 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Dédé\Local Settings\Application Data\Yahoo
[2009/02/12 03:04:36 | 00,000,206 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2009/02/08 22:09:18 | 00,000,000 | ---D | C] -- C:\ToolBar SD
[2009/02/08 22:04:48 | 00,000,634 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\Navilog1.lnk
[2009/02/08 22:04:48 | 00,000,000 | ---D | C] -- C:\Program Files\Navilog1
[2009/02/08 22:03:56 | 00,576,970 | ---- | C] (IL-MAFIOSO ) -- C:\Documents and Settings\Dédé\Bureau\Navilog1.exe
[2009/02/08 21:58:40 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Dédé\Application Data\Malwarebytes
[2009/02/08 21:58:39 | 00,000,700 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\Malwarebytes' Anti-Malware.lnk
[2009/02/08 21:58:38 | 00,015,504 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/02/08 21:58:36 | 00,038,496 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/02/08 21:58:34 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/02/08 21:58:34 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009/02/08 21:57:24 | 02,737,800 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Dédé\Bureau\mbam-setup.exe
[2009/02/08 21:56:37 | 00,343,017 | ---- | C] () -- C:\Documents and Settings\Dédé\Bureau\ToolbarSD.exe
[2009/02/08 21:55:47 | 00,419,328 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Dédé\Bureau\OTListIt2.exe
[2009/02/08 21:43:48 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Dédé\Bureau\HJT
[2009/02/08 21:24:11 | 00,000,000 | ---D | C] -- C:\HijackThis
[2009/02/08 20:59:52 | 00,024,064 | ---- | C] () -- C:\Documents and Settings\Dédé\Bureau\Mama eh.doc
[2009/02/08 20:56:00 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Dédé\Bureau\Enregistrement 2 février
[2009/02/08 20:34:37 | 00,080,689 | ---- | C] () -- C:\Documents and Settings\Dédé\Bureau\mamaeh_acc_lak.pdf
[2009/02/08 11:37:46 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Dédé\Bureau\backups
[2009/02/07 00:50:34 | 00,000,854 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2009/02/07 00:29:00 | 00,000,937 | ---- | C] () -- C:\Documents and Settings\Dédé\Bureau\Spybot - Search & Destroy.lnk
[2009/02/07 00:28:54 | 00,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2009/02/07 00:28:54 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2009/02/07 00:27:55 | 00,040,768 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntdd.sys
[2009/02/07 00:27:55 | 00,028,352 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\ssmdrv.sys
[2009/02/07 00:27:55 | 00,021,312 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntmgr.sys
[2009/02/07 00:27:52 | 00,062,016 | ---- | C] (AVIRA GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys
[2009/02/07 00:27:52 | 00,000,000 | ---D | C] -- C:\Program Files\Avira
[2009/02/07 00:27:52 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Avira
[2009/02/07 00:10:31 | 00,000,610 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\MSNFix.lnk
[2009/02/07 00:10:29 | 00,000,000 | ---D | C] -- C:\Program Files\MSNFix
[2009/02/07 00:10:11 | 01,118,726 | ---- | C] (Changelog.fr ) -- C:\Documents and Settings\Dédé\Bureau\MSNFix.exe
[2009/02/06 18:52:40 | 00,049,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\sirenacm.dll
[2009/02/06 17:02:26 | 00,048,640 | ---- | C] () -- C:\Documents and Settings\Dédé\Bureau\Pub pour le stage.doc
[2009/02/06 15:50:58 | 00,029,184 | ---- | C] () -- C:\Documents and Settings\Dédé\Bureau\promo stage.doc
[2009/02/02 22:07:28 | 00,027,648 | ---- | C] () -- C:\Documents and Settings\Dédé\Bureau\liste de materiel lys.doc
[2009/02/01 20:55:45 | 00,000,162 | -H-- | C] () -- C:\Documents and Settings\Dédé\Bureau\~$xte théâtre musical.doc
[2009/02/01 14:41:55 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Dédé\Bureau\Mémoire pro
[2009/01/31 10:46:03 | 00,005,505 | ---- | C] () -- C:\Documents and Settings\Dédé\Bureau\reve.jpg
[2009/01/26 23:21:45 | 00,019,968 | ---- | C] () -- C:\Documents and Settings\Dédé\Bureau\texte théâtre musical.doc
[2009/01/26 21:28:52 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Dédé\Bureau\Enregistrement 3
[2009/01/25 21:57:35 | 73,287,8848 | ---- | C] () -- C:\Documents and Settings\Dédé\Bureau\Asterix Le Gaulois.avi
[2009/01/25 21:56:07 | 67,209,4208 | ---- | C] () -- C:\Documents and Settings\Dédé\Bureau\Les 12 travaux d'Astérix.avi
[2009/01/25 21:54:42 | 73,350,9632 | ---- | C] () -- C:\Documents and Settings\Dédé\Bureau\Astérix et Cléopatre.avi
[2009/01/25 21:53:31 | 73,403,5968 | ---- | C] () -- C:\Documents and Settings\Dédé\Bureau\Asterix Chez Les Bretons.avi
[2009/01/25 21:19:54 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Dédé\Bureau\Enregistrement 2
[2009/01/25 21:19:45 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Dédé\Bureau\enregistrement 1
[2009/01/25 18:22:47 | 00,037,376 | ---- | C] () -- C:\Documents and Settings\Dédé\Bureau\PLAN BIS.doc
[2009/01/24 21:54:08 | 00,069,632 | ---- | C] () -- C:\Documents and Settings\Dédé\Bureau\Cahier_des_charges_projet.doc
[2009/01/24 21:52:39 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Dédé\Bureau\ICTUS 2009
[2009/01/22 20:42:54 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Dédé\Bureau\Dossier dernière année CFMI
[2009/01/18 18:45:01 | 00,025,600 | ---- | C] () -- C:\Documents and Settings\Dédé\Bureau\présentation perso.doc

========== Files - Modified Within 30 Days ==========

[13 C:\WINDOWS\System32\*.tmp files]
[4 C:\WINDOWS\*.tmp files]
[1 C:\Documents and Settings\Dédé\Bureau\*.tmp files]
[2009/02/14 21:59:39 | 00,000,089 | RHS- | M] () -- C:\autorun.inf
[2009/02/14 21:57:10 | 00,067,064 | ---- | M] () -- C:\Documents and Settings\Dédé\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2009/02/14 21:56:36 | 00,095,744 | RHS- | M] () -- C:\WINDOWS\System32\nmdfgds1.dll
[2009/02/14 21:56:33 | 00,107,898 | RHS- | M] () -- C:\WINDOWS\System32\olhrwef.exe
[2009/02/14 21:56:33 | 00,107,898 | RHS- | M] () -- C:\ur0.com
[2009/02/14 21:55:45 | 00,002,371 | ---- | M] () -- C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\WD Anywhere Backup Launcher.lnk
[2009/02/14 21:55:44 | 00,095,744 | ---- | M] () -- C:\WINDOWS\System32\nmdfgds0.dll
[2009/02/14 21:55:03 | 00,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/02/14 21:54:57 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/02/14 21:54:52 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/02/14 21:22:58 | 00,348,160 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Dédé\Bureau\OTMoveIt3.exe
[2009/02/13 17:33:48 | 01,161,576 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\Dédé\Bureau\wlsetup-custom(2).exe
[2009/02/12 03:04:36 | 00,000,206 | ---- | M] () -- C:\WINDOWS\System32\MRT.INI
[2009/02/12 03:01:40 | 00,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009/02/11 10:19:42 | 00,038,496 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/02/11 10:19:34 | 00,015,504 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/02/08 22:04:48 | 00,000,634 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\Navilog1.lnk
[2009/02/08 22:03:57 | 00,576,970 | ---- | M] (IL-MAFIOSO ) -- C:\Documents and Settings\Dédé\Bureau\Navilog1.exe
[2009/02/08 21:58:39 | 00,000,700 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\Malwarebytes' Anti-Malware.lnk
[2009/02/08 21:57:48 | 02,737,800 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Dédé\Bureau\mbam-setup.exe
[2009/02/08 21:56:39 | 00,343,017 | ---- | M] () -- C:\Documents and Settings\Dédé\Bureau\ToolbarSD.exe
[2009/02/08 21:55:48 | 00,419,328 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Dédé\Bureau\OTListIt2.exe
[2009/02/08 21:40:02 | 00,427,520 | -HS- | M] () -- C:\Documents and Settings\Dédé\Bureau\Thumbs.db
[2009/02/08 21:40:01 | 00,192,000 | ---- | M] () -- C:\Documents and Settings\Dédé\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/02/08 20:59:52 | 00,024,064 | ---- | M] () -- C:\Documents and Settings\Dédé\Bureau\Mama eh.doc
[2009/02/08 20:34:37 | 00,080,689 | ---- | M] () -- C:\Documents and Settings\Dédé\Bureau\mamaeh_acc_lak.pdf
[2009/02/07 01:41:32 | 00,003,072 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2009/02/07 00:50:36 | 00,000,854 | ---- | M] () -- C:\WINDOWS\wininit.ini
[2009/02/07 00:29:00 | 00,000,937 | ---- | M] () -- C:\Documents and Settings\Dédé\Bureau\Spybot - Search & Destroy.lnk
[2009/02/07 00:10:31 | 00,000,610 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\MSNFix.lnk
[2009/02/07 00:10:12 | 01,118,726 | ---- | M] (Changelog.fr ) -- C:\Documents and Settings\Dédé\Bureau\MSNFix.exe
[2009/02/06 18:52:40 | 00,049,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\sirenacm.dll
[2009/02/06 17:20:27 | 00,048,640 | ---- | M] () -- C:\Documents and Settings\Dédé\Bureau\Pub pour le stage.doc
[2009/02/04 22:27:26 | 00,029,184 | ---- | M] () -- C:\Documents and Settings\Dédé\Bureau\promo stage.doc
[2009/02/04 00:21:12 | 21,244,864 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe
[2009/02/02 22:09:40 | 00,027,648 | ---- | M] () -- C:\Documents and Settings\Dédé\Bureau\liste de materiel lys.doc
[2009/02/01 20:57:16 | 00,019,968 | ---- | M] () -- C:\Documents and Settings\Dédé\Bureau\texte théâtre musical.doc
[2009/02/01 20:55:45 | 00,000,162 | -H-- | M] () -- C:\Documents and Settings\Dédé\Bureau\~$xte théâtre musical.doc
[2009/02/01 13:56:32 | 00,037,376 | ---- | M] () -- C:\Documents and Settings\Dédé\Bureau\Stage Lys - Programme.doc
[2009/01/31 10:46:04 | 00,005,505 | ---- | M] () -- C:\Documents and Settings\Dédé\Bureau\reve.jpg
[2009/01/25 18:22:47 | 00,037,376 | ---- | M] () -- C:\Documents and Settings\Dédé\Bureau\PLAN BIS.doc
[2009/01/25 15:35:14 | 00,000,202 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2009/01/22 18:28:33 | 00,113,060 | ---- | M] () -- C:\WINDOWS\hpoins07.dat
[2009/01/22 18:28:05 | 00,000,825 | ---- | M] () -- C:\WINDOWS\win.ini
[2009/01/18 18:45:01 | 00,025,600 | ---- | M] () -- C:\Documents and Settings\Dédé\Bureau\présentation perso.doc
[2009/01/18 14:44:05 | 00,000,151 | ---- | M] () -- C:\WINDOWS\PhotoSnapViewer.INI
[2009/01/16 21:15:42 | 03,594,752 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mshtml.dll
[2009/01/16 21:15:42 | 03,594,752 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtml.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 0 bytes -> %UserProfile%\Mes documents\Thumbs.db:encryptable
@Alternate Data Stream - 0 bytes -> %UserProfile%\Bureau\Thumbs.db:encryptable
@Alternate Data Stream - 0 bytes -> %SystemRoot%\Thumbs.db:encryptable
<End>
Tichaton
 
Messages: 18
Inscription: 08 Fév 2009, 11:40

au sujet de mon ordinateur...

Messagede Tichaton » 15 Fév 2009, 14:07

Je ne sais pas si le pc tourne mieux car je n'arrive toujours pas à lancer windows live sans qu'il se coupe 1 minute après s'être connecté...

Il y a toujours des moments où l'ordinateur tourne au ralenti: la barre du bas se projette 3 fois comme une ombre mais il ne plante pas, c'est comme un bug de qq secondes...

Des fichiers ont été supprimés effectivement comme des films que j'avais mis sur le bureau mais sinon, je ne sais pas...

Par contre, effectivement, je pense que le pc a été infecté par une clé... Cependant, le jour ou je l'ai utilisé, je l'ai mise dans l'ordinateur de mon ami qui est, de ce fait, atteint par les mêmes symptômes...
Donc j'ai plusieurs questions à te poser...

Pour son ordinateur:
- Faut-il le désinfecter avant de faire des sauvegardes de fichiers? ou puis je faire des gravures sur cd sans risque et réinstaller windows ensuite?Son ordinateur sera-t-il nettoyé?
- Pourrais tu jeter un œil sur son ordinateur et si oui comment?

Pour mon ordinateur:
- Il y a peu j'ai acheté un disque dur externe et j'ai sauvegardé le contenu de mon pc dessus... Je me demandais donc s'il y a des virus dans cette sauvegarde et si oui comment je pouvais faire pour le nettoyer...
- Je me demandais aussi quel antivirus était vraiment efficace pour ne plus avoir de soucis car mon frère m'a conseillé d'installer Antivir et Spybot plutôt que Avast...

Décidément, je te prends beaucoup de ton temps... J'espère que tu ne vas pas te sentir submergé par toutes ces questions!
A bientôt,
Tichaton
Tichaton
 
Messages: 18
Inscription: 08 Fév 2009, 11:40

Messagede nickW » 17 Fév 2009, 01:50

Bonsoir,

Pour nettoyer l'autre PC, il faudra ouvrir un nouveau sujet.


On continue .....

Je te conseille d'imprimer la procédure, d'enregistrer la page dans un fichier HTML (c'est la meilleure solution), ou d'en sélectionner toutes les lignes puis de copier cette sélection dans un fichier texte sur ton PC (Note: tu n'auras pas accès à Internet pendant son exécution).
Si un élément te paraît obscur, demande des explications avant de commencer la désinfection.


Note: Ces manips doivent être effectuées en ayant ouvert une session avec les "droits Administrateur" (ne pas utiliser le profil utilisateur nommé "Administrateur" visible en mode sans échec).


Étape 1: Flash_Disinfector (de sUBs)
Télécharger l'outil depuis l'un des deux liens ci-dessous:
http://www.techsupportforum.com/sectool ... fector.exe
http://download.bleepingcomputer.com/sU ... fector.exe
Faire un clic droit sur l'un des liens ci-dessus, puis enregistrer le fichier sur le Bureau.

Fermer absolument toutes les applications, ainsi que les navigateurs (ne pas oublier d'enregistrer tous les documents en cours de modification).

Faire un double clic sur Flash_Disinfector.exe pour lancer l'exécution de l'outil.

L'écran intitulé "Start - Flash_Disinfector" te demande de brancher ta(tes) clé(s) USB si tu en as: il faut que tu le fasses. Ensuite, cliquer sur OK.
L'affichage du Bureau va disparaître: c'est normal.

Lorsque le travail de l'outil est terminé, sur l'écran affichant "Done !!", cliquer sur OK.

Note:
S'il y a de nombreuses clés USB à désinfecter, il faut renouveler l'opération en branchant les clés non traitées une à une.


Étape 2: OTMoveIt3 (de OldTimer)
Ouvrir une fenêtre du Bloc-notes, via Démarrer---->Exécuter, taper notepad puis cliquer sur OK
Sélectionner toutes les lignes de la zone blanche située sous "Code:" ci-dessous, puis appuyer simultanément sur les touches Ctrl et C

Code: Tout sélectionner
rien
:Processes
explorer.exe

:Reg
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"cdoosoft"=-
[HKEY_USERS\S-1-5-21-746137067-1972579041-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"cdoosoft"=-

:Files
C:\WINDOWS\System32\nmdfgds1.dll
C:\ur0.com
C:\autorun.inf
C:\WINDOWS\System32\nmdfgds0.dll
C:\WINDOWS\System32\olhrwef.exe

:Commands
[start explorer]
[emptytemp]



Retourner dans la fenêtre du Bloc-notes, faire un clic droit dans la fenêtre et choisir Coller
Vérifier dans le menu Format (en haut) que "Retour automatique à ligne" n'est pas actif (pas coché).
Enregistrer le fichier sous le nom OTMI-2.txt
Fermer le Bloc-notes.
Note: Les lignes de la zone Code ci-dessus ont été créées exclusivement pour CET utilisateur: Tichaton.
si vous n'êtes pas CET utilisateur, il ne faut pas les utiliser: elles pourraient endommager votre système.



Étape 3: Pas de processus de contrôle en temps réel
Désactiver le module résident de l'antivirus.
Image Avira Antivir: clic droit sur l'icône dans la SysBarre (à coté de l'horloge), décocher "Activer Antivir Guard/AntiVir Guard enable"


Étape 4: OTMoveIt3 (de OldTimer)
Faire un double clic sur OTMoveIt3.exe pour lancer l'outil.
Ouvrir le fichier OTMI-2.txt dans le Bloc-notes.
Dans le Bloc-notes, cliquer sur le menu Edition (en haut) et choisir Sélectionner tout.
Dans le Bloc-notes, cliquer sur le menu Edition (en haut) et choisir Copier.

Retourner dans la fenêtre de OTMoveIt3, faire un clic droit dans la fenêtre située sur la gauche nommée "Paste Instructions for Items to be Moved" Image et choisir Coller.

Cliquer sur le bouton MoveIt!: Image
Attendre la fin du travail de l'outil puis fermer OTMoveIt3.
Note: Un redémarrage est parfois nécessaire. S'il est demandé, cliquer sur Oui/Yes


Étape 5: Processus de contrôle en temps réel
Important: Réactiver le module résident de l'antivirus.


Étape 6: OTListIt2 (de OldTimer)
Fermer toutes les fenêtres de programme ouvertes.

Faire un double clic sur OTListIt2.exe pour lancer l'outil.

L'écran principal de OTListIt2 s'affiche:
Image

Cocher (en haut) la case située devant Scan All Users: Image

Puis cliquer sur le bouton Run Scan: Image

Laisser l'outil travailler sans l'interrompre.
Lorsque l'outil a terminé, il y a ouverture d'une fenêtre du Bloc-notes contenant un rapport (log).
Fermer le Bloc-notes.
Fermer la fenêtre de OTListIt2.


Étape 7: Résultats
Envoyer en réponse:
*- le rapport de OTMoveIt3 (contenu du fichier Lecteur\_OTMoveIt\MovedFiles\********_******.log - les *** sont des chiffres représentant la date [moisjourannée] et l'heure)
[Lecteur représente la partition depuis laquelle OTMoveIt3 a été lancé, généralement C:]

Envoyer ensuite en réponse dans un message distinct (à cause de la longueur du log):
*- le rapport principal de OTListIt2 (contenu du fichier OTListIt.txt situé sur le Bureau).
Le rapport envoyé sur le forum doit se terminer par une ligne contenant <End>. Si ce n'est pas le cas, il est incomplet, et doit alors être découpé en plusieurs messages.

A suivre,
nickW - Image
30/07/2012: Plus de désinfection de PC jusqu'à nouvel ordre.
Pas de demande d'analyse de log en MP (Message Privé)
Mes configs
Avatar de l’utilisateur
nickW
Modérateur
 
Messages: 21698
Inscription: 20 Mai 2004, 17:41
Localisation: Dordogne/Île de France

Précédente

Retourner vers Sécurité (Contamination - Décontamination)

Qui est en ligne

Utilisateurs parcourant ce forum: Aucun utilisateur enregistré et 20 invités