[OK] Infection win32

Sécurité et insécurité. Virus, Trojans, Spywares, Failles etc. …

Modérateur: Modérateurs et Modératrices

Règles du forum
Assiste.com a suspendu l'assistance à la décontamination après presque 15 ans sur l'ancien forum puis celui-ci. Voir :

Procédure de décontamination 1 - Anti-malware
Décontamination anti-malwares

Procédure de décontamination 2 - Anti-malware et antivirus (La Manip)
La Manip - Procédure standard de décontamination

Entretien périodique d'un PC sous Windows
Entretien périodique d'un PC sous Windows

Protection des navigateurs, de la navigation et de la vie privée
Protéger le navigateur, la navigation et la vie privée

[OK] Infection win32

Messagede nicop » 07 Jan 2010, 09:34

Bonjour,
J'ai pris en charge le PC d'une amie, infecté d'après elle par Win32 (apparemment détecté par Avast). Je ne suis sûr de rien car le PC est complètement bloqué et elle n'y connait pas grand chose.
Ce que je connais de sa config :

- XP familial
- Avast

Symptômes :

Le démarrage se fait jusqu'au choix des sessions (4 sessions ; elle ne sait pas me dire laquelle a les droits administrateur).
Trois des sessions ne s'ouvrent pas du tout (restent bloqués sur "chargement de vos paramètres personnels).
Une session s'ouvre sur le fond d'écran, mais aucun objet du bureau ni aucune barre d'outil ne s'affiche (Ctrl-Alt-Supp ne marche pas. Obligé d'éteindre avec appui prolongé sur bouton.

J'ai donc essayé le mode sans échec........avec échec !
Il affiche "Windows n'a pas démarré correctement....." et me repropose le mode sans échec
J'ai essayé plusieurs fois de suite sans succès.
"Dernière bonne configuration connue" ne marche pas non plus.

Que faire ??
Merci

Edité : le mode de démarrage "invite de commande" ne marche pas non plus.
Avatar de l’utilisateur
nicop
 
Messages: 371
Inscription: 21 Jan 2005, 11:00
Localisation: Pyrénées

Messagede nicop » 09 Jan 2010, 17:47

Un petit up

(Désolé de mon empressement, mais la personne qui m'a passé le PC s'en sert pour le boulot.)
Avatar de l’utilisateur
nicop
 
Messages: 371
Inscription: 21 Jan 2005, 11:00
Localisation: Pyrénées

Messagede nickW » 10 Jan 2010, 01:13

Bonsoir,

As-tu le CD qui a servi à installer ce Windows?

Salut,
nickW - Image
30/07/2012: Plus de désinfection de PC jusqu'à nouvel ordre.
Pas de demande d'analyse de log en MP (Message Privé)
Mes configs
Avatar de l’utilisateur
nickW
Modérateur
 
Messages: 21698
Inscription: 20 Mai 2004, 17:41
Localisation: Dordogne/Île de France

Messagede nicop » 10 Jan 2010, 19:37

Bonsoir nickW,

lorsqu'elle a acheté l'ordinateur neuf (c'est un Packard Bell), Windows était installé, et l'étiquette avec n° de licence est collée au chassis. Mais apparemment, le vendeur ne lui a pas donné le CD d'XP.
Par contre, ils lui ont fait un CD de restauration (c'est équivalent ??).
Je dois le récupérer demain après-midi.
Dis-moi ce que je dois faire avec.
Merci
Avatar de l’utilisateur
nicop
 
Messages: 371
Inscription: 21 Jan 2005, 11:00
Localisation: Pyrénées

Messagede nicop » 11 Jan 2010, 20:21

Bonsoir,
J'ai bien récupéré le CD (CD gravé intitulé : "restauration PC Packard Bell"), ainsi qu'un CD de mise à jour du BIOS. J'espère que ça ira pour dépanner...??
J'attends tes instructions.
Merci.
Avatar de l’utilisateur
nicop
 
Messages: 371
Inscription: 21 Jan 2005, 11:00
Localisation: Pyrénées

Messagede nickW » 13 Jan 2010, 00:52

Bonsoir,

Arf, ce n'est pas un véritable CD d'installation de Windows, mais un CD de restauration d'un portable de marque.


Peux-tu faire ceci:

Comme le PC ne démarre plus, tu vas créer puis utiliser un CD de démarrage qui va permettre d'effectuer une analyse du PC.


Je te conseille d'imprimer la procédure puisque tu vas démarrer à partir d'un CD spécial.
Il faut exécuter toutes les étapes, sans interruption, dans l'ordre exact indiqué ci-dessous.
Si un élément te paraît obscur, demande des explications avant de commencer la désinfection.



OTLPE (de OldTimer), analyse
Télécharger OTLPE.iso depuis ce lien: http://oldtimer.geekstogo.com/OTLPE.iso (taille du fichier: environ 272 Mo)
Brûler un CD à partir de cette image ISO. Attention: quel que soit le logiciel utilisé, il ne faut pas créer un CD de données, mais "graver" une image ISO.
Modifier le BIOS du PC afin que le démarrage s'effectue à partir du CD avant le disque dur. Voir: ici (en anglais) ou ici (en français)

Faire redémarrer le PC, qui doit démarrer depuis le CD-Rom et afficher un Bureau REATOGO-X-PE
Faire un double clic sur l'icône OTLPE
A la demande "Do you wish to load the remote registry", répondre Yes
A la demande "Do you wish to load remote user profile(s) for scanning", répondre Yes
Vérifier que la case "Automatically Load All Remaining Users" est cochée, puis cliquer sur OK

L'écran principal de OTLPE s'affiche:
Image

Vérifier que les paramètres sont identiques à ceux de l'image ci-dessus.

Puis cliquer sur le bouton Run Scan:
Image

Le fichier rapport est sauvegardé dans C:\OTL.txt

Le transférer sur une clé USB afin de pouvoir l'envoyer sur le forum.
Le rapport envoyé sur le forum doit se terminer par une ligne contenant <End>. Si ce n'est pas le cas, il est incomplet, et doit alors être découpé en plusieurs messages.

A suivre,
nickW - Image
30/07/2012: Plus de désinfection de PC jusqu'à nouvel ordre.
Pas de demande d'analyse de log en MP (Message Privé)
Mes configs
Avatar de l’utilisateur
nickW
Modérateur
 
Messages: 21698
Inscription: 20 Mai 2004, 17:41
Localisation: Dordogne/Île de France

Messagede nicop » 13 Jan 2010, 09:19

Bonjour,

C'était pas évident car le PC ne reconnaît aucune souris et j'ai tout fait par raccourcis-clavier, quand on connaît pas, c'est galère... Sinon, tout s'est bien passé.
Tu n'as pas parlé du rapport "Extra", mais comme il a été fait, dans le doute, je le mets aussi.
Merci

Edité : en attendant ta réponse, j'ai laissé le PC allumé sur reatogo.

Rapport OTL :
__________________________________________________________________________________________________________

OTL logfile created on: 1/13/2010 7:29:53 AM - Run
OTLPE by OldTimer - Version 3.1.23.0 Folder = X:\Programs\OTLPE
Windows XP Professional Edition (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy

1,023.00 Mb Total Physical Memory | 774.00 Mb Available Physical Memory | 76.00% Memory free
922.00 Mb Paging File | 850.00 Mb Available in Paging File | 92.00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 78.81 Gb Total Space | 40.48 Gb Free Space | 51.37% Space Free | Partition Type: NTFS
Drive D: | 107.49 Gb Total Space | 106.98 Gb Free Space | 99.52% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive X: | 272.98 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: REATOGO
Current User Name: SYSTEM
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Win32 Services (SafeList) ==========

SRV - [2009/12/22 05:49:09 | 00,278,016 | ---- | M] () [Auto] -- C:\WINDOWS\system32\sshnas.dll -- (SSHNAS)
SRV - [2009/11/24 18:51:35 | 00,138,680 | ---- | M] (ALWIL Software) [Auto] -- C:\Program Files\Alwil Software\Avast4\ashServ.exe -- (avast! Antivirus)
SRV - [2009/11/24 18:51:21 | 00,254,040 | ---- | M] (ALWIL Software) [On_Demand] -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe -- (avast! Mail Scanner)
SRV - [2009/11/24 18:48:48 | 00,352,920 | ---- | M] (ALWIL Software) [On_Demand] -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe -- (avast! Web Scanner)
SRV - [2009/11/24 18:43:56 | 00,018,752 | ---- | M] (ALWIL Software) [Auto] -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe -- (aswUpdSv)
SRV - [2009/11/12 10:33:00 | 00,545,568 | ---- | M] (Apple Inc.) [On_Demand] -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service)
SRV - [2009/10/10 22:17:35 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) [Auto] -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2009/08/28 13:42:54 | 00,144,672 | ---- | M] (Apple Inc.) [Auto] -- C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2009/08/05 15:48:42 | 00,704,864 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\Program Files\Windows Live\Family Safety\fsssvc.exe -- (fsssvc)
SRV - [2009/07/27 03:12:33 | 00,070,896 | ---- | M] (Winsudate) [Auto] -- C:\Program Files\Winsudate\gibsvc.exe -- (WinSvc)
SRV - [2009/05/19 04:36:18 | 00,240,512 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)
SRV - [2009/03/24 13:03:55 | 00,183,280 | ---- | M] (Google) [Auto] -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc)
SRV - [2008/12/12 04:17:38 | 00,238,888 | ---- | M] (Apple Inc.) [Auto] -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service)
SRV - [2007/06/13 08:58:56 | 00,106,546 | ---- | M] (F-Secure Corporation) [Auto] -- C:\Program Files\AntivirusFirewall\Common\FSMA32.EXE -- (FSMA)
SRV - [2007/06/13 08:58:54 | 00,450,560 | ---- | M] (F-Secure Corporation) [On_Demand] -- C:\Program Files\AntivirusFirewall\FSAUA\program\fsaua.exe -- (FSAUA)
SRV - [2007/06/13 08:58:28 | 00,446,464 | ---- | M] (F-Secure Corporation) [On_Demand] -- C:\Program Files\AntivirusFirewall\FWES\Program\fsdfwd.exe -- (FSDFWD)
SRV - [2007/06/13 08:58:24 | 00,041,043 | ---- | M] (F-Secure Corporation) [Auto] -- C:\Program Files\AntivirusFirewall\Anti-Virus\fsgk32st.exe -- (F-Secure Gatekeeper Handler Starter)
SRV - [2007/01/05 07:41:10 | 00,774,144 | ---- | M] (Nero AG) [On_Demand] -- C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe -- (NBService)
SRV - [2006/12/23 11:54:04 | 00,262,144 | ---- | M] (Nero AG) [On_Demand] -- C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe -- (NMIndexingService)
SRV - [2006/09/28 20:18:00 | 00,266,343 | ---- | M] () [Auto] -- C:\Program Files\CyberLink\Shared Files\RichVideo.exe -- (RichVideo) Cyberlink RichVideo Service(CRVS)
SRV - [2006/06/01 11:22:00 | 00,155,715 | ---- | M] (NVIDIA Corporation) [Auto] -- C:\WINDOWS\system32\nvsvc32.exe -- (NVSvc)
SRV - [2003/07/28 13:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE -- (ose)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand] -- -- (W8335XP) NETGEAR WG311v3 802.11g Wireless PCI Adapter for Windows XP (8335)
DRV - File not found [Kernel | On_Demand] -- -- (RTL8187B)
DRV - File not found [Kernel | On_Demand] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDCOMP)
DRV - File not found [Kernel | System] -- -- (PCIDump)
DRV - File not found [Kernel | System] -- -- (lbrtfdc)
DRV - File not found [Kernel | System] -- -- (i2omgmt)
DRV - File not found [Kernel | System] -- -- (Changer)
DRV - [2009/11/24 18:49:07 | 00,048,560 | ---- | M] (ALWIL Software) [Kernel | System] -- C:\WINDOWS\system32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2009/11/24 18:48:57 | 00,023,120 | ---- | M] (ALWIL Software) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2009/11/24 18:47:54 | 00,027,408 | ---- | M] (ALWIL Software) [Kernel | System] -- C:\WINDOWS\system32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2009/11/14 11:40:30 | 00,011,376 | ---- | M] () [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv)
DRV - [2009/09/15 05:56:14 | 00,094,160 | ---- | M] (ALWIL Software) [File_System | Auto] -- C:\WINDOWS\system32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2009/09/15 05:55:30 | 00,114,768 | ---- | M] (ALWIL Software) [Kernel | System] -- C:\WINDOWS\system32\drivers\aswSP.sys -- (aswSP)
DRV - [2009/09/15 05:55:19 | 00,020,560 | ---- | M] (ALWIL Software) [File_System | Auto] -- C:\WINDOWS\system32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2009/08/05 15:48:42 | 00,054,752 | ---- | M] (Microsoft Corporation) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\fssfltr_tdi.sys -- (fssfltr)
DRV - [2009/05/18 08:17:00 | 00,026,600 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV - [2009/03/26 08:23:46 | 00,036,864 | ---- | M] (Apple, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\usbaapl.sys -- (USBAAPL)
DRV - [2008/06/06 12:08:49 | 00,021,035 | ---- | M] (Meetinghouse Data Communications) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\AegisP.sys -- (AegisP) AEGIS Protocol (IEEE 802.1x)
DRV - [2008/04/13 13:46:22 | 00,015,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\mpe.sys -- (MPE)
DRV - [2008/04/13 13:40:30 | 00,096,512 | ---- | M] () [Kernel | Boot] -- C:\WINDOWS\system32\drivers\atapi.sys -- (atapi)
DRV - [2008/04/13 12:45:12 | 00,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio) Pilote USB audio (WDM)
DRV - [2007/10/09 22:13:00 | 00,038,144 | ---- | M] (Realtek) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\EAPPkt.sys -- (EAPPkt)
DRV - [2007/06/13 08:58:28 | 00,051,104 | ---- | M] (F-Secure Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\fsdfw.sys -- (FSFW)
DRV - [2007/06/13 08:58:26 | 00,052,736 | ---- | M] () [Kernel | On_Demand] -- C:\Program Files\AntivirusFirewall\Anti-Virus\minifilter\fsgk.sys -- (F-Secure Gatekeeper)
DRV - [2007/06/13 08:58:26 | 00,033,024 | ---- | M] () [Kernel | Disabled] -- C:\Program Files\AntivirusFirewall\Anti-Virus\win2k\fsfilter.sys -- (F-Secure Filter)
DRV - [2007/06/13 08:58:26 | 00,018,432 | ---- | M] () [Kernel | Disabled] -- C:\Program Files\AntivirusFirewall\Anti-Virus\win2k\fsrec.sys -- (F-Secure Recognizer)
DRV - [2006/06/01 11:22:00 | 03,925,920 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2005/05/18 11:50:30 | 02,319,680 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
DRV - [2005/05/03 05:25:56 | 00,710,144 | ---- | M] (Philips Semiconductors GmbH) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\3xHybrid.sys -- (3xHybrid)
DRV - [2004/08/05 07:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink)
DRV - [2004/08/05 07:00:00 | 00,007,936 | ---- | M] (Microsoft Corporation) [Recognizer | System] -- C:\WINDOWS\system32\drivers\fs_rec.sys -- (Fs_Rec)
DRV - [2004/08/05 07:00:00 | 00,002,864 | ---- | M] (Microsoft Corporation) [Adapter | On_Demand] -- C:\WINDOWS\system32\winsock.dll -- (Winsock)
DRV - [2004/08/03 17:31:34 | 00,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Pilote NT de carte Realtek PCI Fast Ethernet à base RTL8139(A/B/C)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\hugo_ON_C\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\hugo_ON_C\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
IE - HKU\hugo_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\hugo_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

IE - HKU\Invité_ON_C\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://fr.msn.com/?ocid=iehp
IE - HKU\Invité_ON_C\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = fr
IE - HKU\Invité_ON_C\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = BE 9D CD 47 9B 63 CA 01 [binary data]
IE - HKU\Invité_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


IE - HKU\lucas_ON_C\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.jeuxvideo-flash.com/ [binary data]
IE - HKU\lucas_ON_C\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://fr.msn.com/?ocid=iehp
IE - HKU\lucas_ON_C\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = fr
IE - HKU\lucas_ON_C\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 46 82 A0 1F D5 7B CA 01 [binary data]
IE - HKU\lucas_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


IE - HKU\Nils_ON_C\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/
IE - HKU\Nils_ON_C\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://fr.msn.com/?ocid=iehp
IE - HKU\Nils_ON_C\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = fr
IE - HKU\Nils_ON_C\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 82 2E FF 28 E5 F8 C9 01 [binary data]
IE - HKU\Nils_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\Nils_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

IE - HKU\Propriétaire_ON_C\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.orange.fr/
IE - HKU\Propriétaire_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



O1 HOSTS File: (361587 bytes) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 12430 more lines...
O2 - BHO: (Aide pour le lien d'Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (Programme d'aide de l'Assistant de connexion Windows Live) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll (Google Inc.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Easy-WebPrint) - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll ()
O3 - HKU\hugo_ON_C\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKU\hugo_ON_C\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKU\Invité_ON_C\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKU\Invité_ON_C\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKU\lucas_ON_C\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKU\lucas_ON_C\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKU\Nils_ON_C\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKU\Nils_ON_C\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKU\Propriétaire_ON_C\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKU\Propriétaire_ON_C\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O4 - HKLM..\Run: [avast!] C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Inc.)
O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKU\hugo_ON_C..\Run: [RegistryMonitor1] C:\WINDOWS\System32\qtplugin.exe File not found
O4 - HKU\hugo_ON_C..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKU\Invité_ON_C..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Inc.)
O4 - HKU\Invité_ON_C..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKU\lucas_ON_C..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKU\Nils_ON_C..\Run: [4VDD85L8NF] C:\WINDOWS\msa.exe ()
O4 - HKU\Nils_ON_C..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe (Nero AG)
O4 - HKU\Nils_ON_C..\Run: [dngoeof] c:\documents and settings\nils\local settings\application data\dngoeof.exe ()
O4 - HKU\Nils_ON_C..\Run: [Free Download Manager] C:\Program Files\Free Download Manager\fdm.exe File not found
O4 - HKU\Nils_ON_C..\Run: [RegistryMonitor1] C:\WINDOWS\System32\qtplugin.exe File not found
O4 - HKU\Nils_ON_C..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKU\Nils_ON_C..\Run: [Zeldar] C:\DOCUME~1\Nils\LOCALS~1\Temp\c.exe File not found
O4 - HKU\Propriétaire_ON_C..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe (Nero AG)
O4 - HKU\Propriétaire_ON_C..\Run: [RegistryMonitor1] C:\WINDOWS\System32\qtplugin.exe File not found
O4 - HKU\Propriétaire_ON_C..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKU\Propriétaire_ON_C..\Run: [WinUsr] C:\Program Files\Winsudate\gibusr.exe (Winsudate)
O4 - HKU\hugo_ON_C..\RunOnce: [Shockwave Updater] C:\WINDOWS\System32\Adobe\Shockwave 11\SwHelper_1150596.exe -Update -1150596 -Mozilla\4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident\4.0; File not found
O4 - HKU\lucas_ON_C..\RunOnce: [Shockwave Updater] C:\WINDOWS\System32\Adobe\Shockwave 11\SwHelper_1150596.exe -Update -1150596 -Mozilla\4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident\4.0; File not found
O4 - HKU\Nils_ON_C..\RunOnce: [Shockwave Updater] C:\WINDOWS\System32\Adobe\Shockwave 11\SwHelper_1150596.exe -Update -1150596 -Mozilla\4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident\4.0; File not found
O4 - HKU\Propriétaire_ON_C..\RunOnce: [Shockwave Updater] C:\WINDOWS\System32\Adobe\Shockwave 11\SwHelper_1150596.exe -Update -1150596 -Mozilla\4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident\4.0; File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\hugo_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Invité_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\LocalService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\lucas_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\NetworkService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Nils_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Propriétaire_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll (Google Inc.)
O9 - Extra Button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKLM\..Trusted Domains: 58 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\hugo_ON_C\..Trusted Domains: 57 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\Invité_ON_C\..Trusted Domains: 57 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\lucas_ON_C\..Trusted Domains: 57 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\Propriétaire_ON_C\..Trusted Domains: 57 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shoc ... tor/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/windows ... 6024542140 (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/Me ... b56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/s ... wflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Fichiers communs\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop Components:0 (Ma page d'accueil) - About:Home
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/03/20 06:16:30 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2008/07/14 10:48:46 | 00,000,086 | ---- | M] () - D:\AUTORUN.INF -- [ NTFS ]
O32 - AutoRun File - [2006/03/24 06:06:41 | 00,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{be42352c-f669-11dc-8f6f-806d6172696f}\Shell\AutoRun\command - "" = D:\setupSNK.exe -- [2004/08/03 17:55:02 | 00,028,672 | ---- | M] (Microsoft Corporation)
O33 - MountPoints2\{f394fa94-3e16-11dd-992a-0013d34eaba8}\Shell\Auto\command - "" = AdobeR.exe e
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2009/12/23 04:25:53 | 00,000,000 | ---D | C] -- C:\Documents and Settings\hugo\Local Settings\Application Data\Identities
[2009/12/20 03:54:37 | 00,000,000 | ---D | C] -- C:\Documents and Settings\hugo\Bureau\Logiciels
[2009/12/20 02:45:16 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Propriétaire\Mes documents\Photo album
[2009/12/14 13:48:00 | 00,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2009/12/14 13:47:57 | 00,000,000 | R--D | C] -- C:\Documents and Settings\NetworkService\Favoris
[2009/12/14 13:47:52 | 00,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/01/13 01:49:43 | 00,229,376 | -H-- | M] () -- C:\Documents and Settings\NetworkService\NTUSER.DAT
[2010/01/13 01:49:43 | 00,229,376 | -H-- | M] () -- C:\Documents and Settings\LocalService\NTUSER.DAT
[2010/01/13 01:49:40 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/01/13 01:49:36 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/01/13 01:49:34 | 00,001,000 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2010/01/13 01:33:16 | 00,000,238 | -H-- | M] () -- C:\WINDOWS\tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job
[2010/01/12 12:21:16 | 00,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/01/08 04:45:07 | 00,000,432 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{C3E7A75A-04A5-49BA-97DD-FCAF93575C3D}.job
[2010/01/03 05:06:48 | 07,602,176 | -H-- | M] () -- C:\Documents and Settings\hugo\NTUSER.DAT
[2010/01/03 05:05:10 | 00,055,808 | ---- | M] () -- C:\Documents and Settings\hugo\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/01/03 05:04:16 | 00,063,804 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2010/01/02 09:22:01 | 00,000,430 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{9325EF0E-1630-4750-BDDE-250A59A62D63}.job
[2010/01/02 09:22:01 | 00,000,430 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{6727F52E-01DA-41BA-BAA6-3A3BB6ADC299}.job
[2009/12/24 12:42:59 | 00,000,627 | ---- | M] () -- C:\WINDOWS\win.ini
[2009/12/24 04:21:04 | 00,026,064 | ---- | M] () -- C:\Documents and Settings\hugo\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2009/12/24 04:20:44 | 00,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2009/12/23 08:46:02 | 00,001,943 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009/12/23 08:07:06 | 04,849,660 | -H-- | M] () -- C:\Documents and Settings\hugo\Local Settings\Application Data\IconCache.db
[2009/12/23 05:24:39 | 07,077,888 | -H-- | M] () -- C:\Documents and Settings\lucas\NTUSER.DAT
[2009/12/23 05:24:17 | 00,007,168 | ---- | M] () -- C:\Documents and Settings\lucas\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/12/23 03:24:38 | 00,001,479 | ---- | M] () -- C:\Documents and Settings\Propriétaire\Bureau\Solitaire.lnk
[2009/12/22 16:04:10 | 00,002,279 | ---- | M] () -- C:\Documents and Settings\Nils\Local Settings\Application Data\dngoeof_navps.dat
[2009/12/22 16:04:05 | 00,003,186 | ---- | M] () -- C:\Documents and Settings\Nils\Local Settings\Application Data\dngoeof.dat
[2009/12/22 11:54:51 | 00,319,251 | ---- | M] () -- C:\Documents and Settings\Nils\Local Settings\Application Data\dngoeof_nav.dat
[2009/12/22 05:49:09 | 00,278,016 | ---- | M] () -- C:\WINDOWS\System32\sshnas.dll
[2009/12/21 15:54:47 | 03,932,160 | -H-- | M] () -- C:\Documents and Settings\Nils\NTUSER.DAT
[2009/12/21 15:54:27 | 00,000,184 | -HS- | M] () -- C:\Documents and Settings\hugo\ntuser.ini
[2009/12/21 15:54:26 | 07,864,320 | -H-- | M] () -- C:\Documents and Settings\Propriétaire\NTUSER.DAT
[2009/12/21 15:53:03 | 00,000,284 | -HS- | M] () -- C:\Documents and Settings\Propriétaire\ntuser.ini
[2009/12/21 09:11:08 | 00,212,992 | ---- | M] () -- C:\WINDOWS\msa.exe
[2009/12/20 15:11:07 | 00,000,284 | -HS- | M] () -- C:\Documents and Settings\Nils\ntuser.ini
[2009/12/20 01:06:50 | 00,023,552 | ---- | M] () -- C:\Documents and Settings\Propriétaire\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/12/19 15:13:19 | 16,112,802 | ---- | M] () -- C:\Documents and Settings\hugo\Mes documents\Eni-tyl.swf
[2009/12/19 15:13:19 | 00,000,673 | ---- | M] () -- C:\Documents and Settings\hugo\Mes documents\Eni-tyl.swf.html
[2009/12/17 12:27:11 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2009/12/16 02:24:18 | 01,122,712 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/12/16 02:24:18 | 00,510,678 | ---- | M] () -- C:\WINDOWS\System32\perfh00C.dat
[2009/12/16 02:24:18 | 00,442,400 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/12/16 02:24:18 | 00,084,958 | ---- | M] () -- C:\WINDOWS\System32\perfc00C.dat
[2009/12/16 02:24:18 | 00,071,590 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/12/15 09:31:28 | 00,000,455 | ---- | M] () -- C:\WINDOWS\System32\tdlrm.dll
[2009/12/15 09:31:28 | 00,000,455 | ---- | M] () -- C:\WINDOWS\System32\tdlclk.dll
[2009/12/14 13:56:30 | 00,425,984 | ---- | M] () -- C:\Documents and Settings\Nils\Local Settings\Application Data\dngoeof.exe
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2009/12/22 05:49:02 | 00,278,016 | ---- | C] () -- C:\WINDOWS\System32\sshnas.dll
[2009/12/21 09:12:23 | 00,212,992 | ---- | C] () -- C:\WINDOWS\msa.exe
[2009/12/21 09:11:24 | 00,000,238 | -H-- | C] () -- C:\WINDOWS\tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job
[2009/12/19 15:13:19 | 00,000,673 | ---- | C] () -- C:\Documents and Settings\hugo\Mes documents\Eni-tyl.swf.html
[2009/12/19 15:03:51 | 16,112,802 | ---- | C] () -- C:\Documents and Settings\hugo\Mes documents\Eni-tyl.swf
[2009/12/15 09:26:13 | 00,000,455 | ---- | C] () -- C:\WINDOWS\System32\tdlclk.dll
[2009/12/14 13:56:30 | 00,425,984 | ---- | C] () -- C:\Documents and Settings\Nils\Local Settings\Application Data\dngoeof.exe
[2009/12/14 13:56:30 | 00,319,251 | ---- | C] () -- C:\Documents and Settings\Nils\Local Settings\Application Data\dngoeof_nav.dat
[2009/12/14 13:56:30 | 00,003,186 | ---- | C] () -- C:\Documents and Settings\Nils\Local Settings\Application Data\dngoeof.dat
[2009/12/14 13:56:30 | 00,002,279 | ---- | C] () -- C:\Documents and Settings\Nils\Local Settings\Application Data\dngoeof_navps.dat
[2009/11/13 11:14:46 | 00,000,455 | ---- | C] () -- C:\WINDOWS\System32\tdlrm.dll
[2009/07/29 09:59:40 | 00,014,336 | ---- | C] () -- C:\Documents and Settings\Nils\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/06/01 03:19:23 | 00,007,168 | ---- | C] () -- C:\Documents and Settings\lucas\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/08/12 13:00:14 | 00,023,552 | ---- | C] () -- C:\Documents and Settings\Propriétaire\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/05/02 11:25:37 | 00,055,808 | ---- | C] () -- C:\Documents and Settings\hugo\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/05/02 10:33:38 | 00,008,704 | ---- | C] () -- C:\WINDOWS\System32\CNMVS7J.DLL
[2008/05/02 10:32:34 | 00,000,532 | ---- | C] () -- C:\WINDOWS\MAXLINK.INI
[2008/04/27 02:50:06 | 00,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2008/03/30 03:14:59 | 00,000,385 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008/03/27 12:29:05 | 00,000,301 | ---- | C] () -- C:\WINDOWS\thug2.ini
[2008/03/20 09:37:28 | 00,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2008/03/20 09:33:58 | 01,662,976 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2008/03/20 09:33:58 | 01,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2008/03/20 09:33:57 | 00,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2008/03/20 09:33:56 | 01,466,368 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2008/03/20 09:33:56 | 00,581,632 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll
[2008/03/20 09:33:56 | 00,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2008/03/20 09:33:54 | 00,196,608 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll
[2004/09/07 08:23:16 | 00,156,672 | ---- | C] () -- C:\WINDOWS\System32\RTLCPAPI.dll
[2004/08/05 07:00:00 | 00,096,512 | ---- | C] () -- C:\WINDOWS\System32\drivers\atapi.sys
[2004/08/05 07:00:00 | 00,011,376 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys
[2003/04/01 03:58:02 | 00,005,260 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2003/02/27 04:07:20 | 00,003,072 | ---- | C] () -- C:\WINDOWS\System32\34CoInstaller.dll
[1999/02/19 07:09:00 | 00,193,536 | ---- | C] () -- C:\WINDOWS\System32\LOADSERV.DLL
[1997/06/14 03:56:08 | 00,056,832 | ---- | C] () -- C:\WINDOWS\System32\iyvu9_32.dll

========== LOP Check ==========

[2009/12/20 03:55:04 | 00,000,000 | ---D | M] -- C:\Documents and Settings\hugo\Application Data\Canon
[2008/05/02 11:16:46 | 00,000,000 | ---D | M] -- C:\Documents and Settings\hugo\Application Data\F-Secure
[2009/04/29 13:52:57 | 00,000,000 | ---D | M] -- C:\Documents and Settings\hugo\Application Data\Free Download Manager
[2008/03/30 03:20:46 | 00,000,000 | ---D | M] -- C:\Documents and Settings\hugo\Application Data\ispnews
[2009/03/04 07:47:42 | 00,000,000 | ---D | M] -- C:\Documents and Settings\lucas\Application Data\Canon
[2009/04/29 13:53:05 | 00,000,000 | ---D | M] -- C:\Documents and Settings\lucas\Application Data\Free Download Manager
[2009/06/30 06:46:34 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Nils\Application Data\Canon
[2008/05/02 10:31:38 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Nils\Application Data\F-Secure
[2009/05/20 13:24:25 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Nils\Application Data\Free Download Manager
[2008/05/02 10:05:51 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Nils\Application Data\ispnews
[2008/05/02 10:32:36 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Nils\Application Data\ScanSoft
[2008/03/20 12:59:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Propriétaire\Application Data\F-Secure
[2009/07/24 06:46:16 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Propriétaire\Application Data\Icones
[2008/03/20 11:27:46 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Propriétaire\Application Data\ispnews
[2008/03/20 11:33:42 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Propriétaire\Application Data\PEX
[2009/12/03 04:23:12 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Propriétaire\Application Data\thecleaner
[2009/12/03 03:56:17 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Propriétaire\Application Data\Uniblue
[2009/06/20 14:28:29 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Propriétaire\Application Data\Windows Live Writer
[2008/06/03 04:53:24 | 00,000,534 | ---- | M] () -- C:\WINDOWS\Tasks\Scheduled scanning task.job
[2010/01/02 09:22:01 | 00,000,430 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{6727F52E-01DA-41BA-BAA6-3A3BB6ADC299}.job
[2010/01/02 09:22:01 | 00,000,430 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{9325EF0E-1630-4750-BDDE-250A59A62D63}.job
[2010/01/08 04:45:07 | 00,000,432 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{C3E7A75A-04A5-49BA-97DD-FCAF93575C3D}.job
[2010/01/13 01:33:16 | 00,000,238 | -H-- | M] () -- C:\WINDOWS\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job

========== Purity Check ==========


<End>
_________________________________________________________________________________________________________________
Avatar de l’utilisateur
nicop
 
Messages: 371
Inscription: 21 Jan 2005, 11:00
Localisation: Pyrénées

Messagede nicop » 13 Jan 2010, 09:20

Rapport "Extra" :

_____________________________________________________________________________________________________________________
OTL Extras logfile created on: 1/13/2010 7:29:53 AM - Run
OTLPE by OldTimer - Version 3.1.23.0 Folder = X:\Programs\OTLPE
Windows XP Professional Edition (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy

1,023.00 Mb Total Physical Memory | 774.00 Mb Available Physical Memory | 76.00% Memory free
922.00 Mb Paging File | 850.00 Mb Available in Paging File | 92.00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 78.81 Gb Total Space | 40.48 Gb Free Space | 51.37% Space Free | Partition Type: NTFS
Drive D: | 107.49 Gb Total Space | 106.98 Gb Free Space | 99.52% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive X: | 272.98 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: REATOGO
Current User Name: SYSTEM
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"15483:TCP" = 15483:TCP:*:Enabled:spport
"19475:TCP" = 19475:TCP:*:Enabled:spport
"7100:TCP" = 7100:TCP:*:Enabled:spport
"22874:TCP" = 22874:TCP:*:Enabled:spport
"27058:TCP" = 27058:TCP:*:Enabled:spport
"13308:TCP" = 13308:TCP:*:Enabled:spport
"6724:TCP" = 6724:TCP:*:Enabled:spport
"14911:TCP" = 14911:TCP:*:Enabled:spport
"24477:TCP" = 24477:TCP:*:Enabled:spport
"10575:TCP" = 10575:TCP:*:Enabled:spport
"8646:TCP" = 8646:TCP:*:Enabled:spport
"22224:TCP" = 22224:TCP:*:Enabled:spport
"6811:TCP" = 6811:TCP:*:Enabled:spport
"9118:TCP" = 9118:TCP:*:Enabled:spport
"16380:TCP" = 16380:TCP:*:Enabled:spport
"20074:TCP" = 20074:TCP:*:Enabled:spport
"25312:TCP" = 25312:TCP:*:Enabled:spport
"6653:TCP" = 6653:TCP:*:Enabled:spport
"10447:TCP" = 10447:TCP:*:Enabled:spport
"16639:TCP" = 16639:TCP:*:Enabled:spport
"15299:TCP" = 15299:TCP:*:Enabled:spport
"15306:TCP" = 15306:TCP:*:Enabled:spport
"11712:TCP" = 11712:TCP:*:Enabled:spport
"12117:TCP" = 12117:TCP:*:Enabled:spport
"26611:TCP" = 26611:TCP:*:Enabled:spport
"28529:TCP" = 28529:TCP:*:Enabled:spport
"26692:TCP" = 26692:TCP:*:Enabled:spport
"25351:TCP" = 25351:TCP:*:Enabled:spport
"25607:TCP" = 25607:TCP:*:Enabled:spport
"14935:TCP" = 14935:TCP:*:Enabled:spport
"5759:TCP" = 5759:TCP:*:Enabled:spport
"12154:TCP" = 12154:TCP:*:Enabled:spport
"15504:TCP" = 15504:TCP:*:Enabled:spport
"28136:TCP" = 28136:TCP:*:Enabled:spport
"14270:TCP" = 14270:TCP:*:Enabled:spport
"12257:TCP" = 12257:TCP:*:Enabled:spport
"12740:TCP" = 12740:TCP:*:Enabled:spport
"8106:TCP" = 8106:TCP:*:Enabled:spport
"8248:TCP" = 8248:TCP:*:Enabled:spport
"12620:TCP" = 12620:TCP:*:Enabled:spport
"14026:TCP" = 14026:TCP:*:Enabled:spport
"29437:TCP" = 29437:TCP:*:Enabled:spport
"29303:TCP" = 29303:TCP:*:Enabled:spport
"18596:TCP" = 18596:TCP:*:Enabled:spport
"14261:TCP" = 14261:TCP:*:Enabled:spport
"20477:TCP" = 20477:TCP:*:Enabled:spport
"10395:TCP" = 10395:TCP:*:Enabled:spport
"27306:TCP" = 27306:TCP:*:Enabled:spport
"16554:TCP" = 16554:TCP:*:Enabled:spport

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" = C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live FolderShare -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\CyberLink\PCM4Everio\PCM4Everio.exe" = C:\Program Files\CyberLink\PCM4Everio\PCM4Everio.exe:*:Enabled:CyberLink PowerCinema NE for Everio -- File not found
"C:\Program Files\CyberLink\PCM4Everio\EverioService.exe" = C:\Program Files\CyberLink\PCM4Everio\EverioService.exe:*:Enabled:CyberLink PowerCinema NE for Everio Resident Program -- File not found
"C:\Program Files\Microsoft Games\Age of Mythology\aomx.exe" = C:\Program Files\Microsoft Games\Age of Mythology\aomx.exe:*:Enabled:Age of Mythology - The Titans Expansion -- (Ensemble Studios)
"C:\Program Files\Metin2_France\metin2.bin" = C:\Program Files\Metin2_France\metin2.bin:*:Enabled:metin2 -- ()
"C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour -- (Apple Inc.)
"C:\Documents and Settings\Nils\Local Settings\Application Data\Chat Republic Games\Superstar Racing\ChatRepublicPlayer.exe" = C:\Documents and Settings\Nils\Local Settings\Application Data\Chat Republic Games\Superstar Racing\ChatRepublicPlayer.exe:*:Disabled:Chat Republic Games Player -- (Chat Republic Games OY)
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" = C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live FolderShare -- (Microsoft Corporation)
"c:\windows\temp\nodesetsups.exe" = c:\windows\temp\nodesetsups.exe:*:Enabled:Microsoft Update -- File not found
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01501EBA-EC35-4F9F-8889-3BE346E5DA13}" = MSXML4 Parser
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}" = Google Earth
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = DVD Suite
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Outil de téléchargement Windows Live
"{2075CB0A-D26F-4DAA-B424-5079296B43BA}" = Windows Live FolderShare
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java(TM) 6 Update 17
"{3248F0A8-6813-11D6-A77B-00B0D0160000}" = Java(TM) SE Runtime Environment 6
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{350C940c-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3B7E7EF8-1680-4894-9D35-86BAB9EEB6AC}" = OpenOffice.org 2.2
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{4634B21A-CC07-4396-890C-2B8168661FEA}" = Windows Live Writer
"{46ABBC54-1872-4AA3-95E2-F2C063A63F31}" = Installation Windows Live
"{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack
"{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}" = Microsoft Office Live Add-in 1.3
"{5DD76286-9BE7-4894-A990-E905E91AC818}" = Windows Live Mail
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6E298B0A-558C-4138-0096-740677B382CD}" = LSDA Le Retour du Roi tm
"{770F1BEC-2871-4E70-B837-FB8525FFA3B1}" = Windows Live Messenger
"{79D5997E-BF79-48BB-8B41-9BE59C15C2D7}" = OmniPage SE 2.0
"{82C7B308-0BDD-49D8-8EA5-9CD3A3F9DF41}" = Windows Live Call
"{85309D89-7BE9-4094-BB17-24999C6118FC}" = ArcSoft PhotoStudio 5.5
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{9112040C-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Standard Edition 2003
"{91175441-4E5D-4e13-B116-828FD352CDB2}" = Canon MP170
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95120000-0122-040C-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A6FDF86A-F541-4E7B-AEA0-8849A2A700D5}" = iTunes
"{AAB93551-3FFE-42B2-8315-96252BBC1036}" = Nero 7 Essentials
"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
"{AC76BA86-7AD7-1036-7B44-A81200000003}" = Adobe Reader 8.1.2 - Français
"{B131E59D-202C-43C6-84C9-68F0C37541F1}" = Galerie de photos Windows Live
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = PowerProducer
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CF9CD37C-E29A-11D5-AE3D-005004B8E30C}" = Digital Photo Navigator 1.5
"{D5D81435-B8DE-4CAF-867F-7998F2B92CFC}" = Windows Live Contrôle parental
"{D6E4E5D6-7693-4BB4-95BA-21F38FAFEE90}" = Safari
"{DCE8CD14-FBF5-4464-B9A4-E18E473546C7}" = Assistant de connexion Windows Live
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E63E34A7-E552-412B-9E40-FD6FC5227ABA}_is1" = Uniblue RegistryBooster 2010
"{E88CF118-873D-4865-835C-D090606A44A3}" = Tony Hawk's Pro Skater 4
"{EF1394D4-9FB6-4F1F-9A09-20FF3033AE14}" = Tony Hawk's Underground 2
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F7D27C70-90F5-49B9-B188-0A133C0CE353}" = Windows Live Toolbar
"4StoryFR_is1" = 4Story 1.2
"7-Zip" = 7-Zip 4.44 beta
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Age of Empires 2.0" = Microsoft Age of Empires II
"Age of Mythology Expansion Pack 1.0" = Age of Mythology Gold
"avast!" = avast! Antivirus
"dngoeof" = Favorit
"Dofus 1.28.0" = Dofus 1.28.0
"Easy-PhotoPrint" = Canon Utilities Easy-PhotoPrint
"Easy-WebPrint" = Easy-WebPrint
"F-Secure Product 440" =
"GameSpy Arcade" = GameSpy Arcade
"Google Updater" = Outil de mise à jour Google
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InstallShield_{EF1394D4-9FB6-4F1F-9A09-20FF3033AE14}" = Tony Hawk's Underground 2
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MP Navigator 2.0" = Canon MP Navigator 2.0
"MSNINST" = MSN
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA Drivers" = NVIDIA Drivers
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows XP Service" = Windows XP Service Pack 3
"WinLiveSuite_Wave3" = Installation Windows Live

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\Nils_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Notification de cadeaux MSN" = Notification de cadeaux MSN

<End>
Avatar de l’utilisateur
nicop
 
Messages: 371
Inscription: 21 Jan 2005, 11:00
Localisation: Pyrénées

Messagede nickW » 14 Jan 2010, 01:41

Bonsoir,

Étape 1: OTLPE (de OldTimer), préparation
Sur un PC "en bonne santé", ouvrir une fenêtre du Bloc-notes, via Démarrer---->Exécuter, taper notepad puis cliquer sur OK
Sélectionner toutes les lignes de la zone blanche située sous "Code:" ci-dessous, puis appuyer simultanément sur les touches Ctrl et C

Code: Tout sélectionner
rien

:Services
SSHNAS
WinSvc

:otl
SRV - [2009/12/22 05:49:09 | 00,278,016 | ---- | M] () [Auto] -- C:\WINDOWS\system32\sshnas.dll -- (SSHNAS)
SRV - [2009/07/27 03:12:33 | 00,070,896 | ---- | M] (Winsudate) [Auto] -- C:\Program Files\Winsudate\gibsvc.exe -- (WinSvc)
O4 - HKU\hugo_ON_C..\Run: [RegistryMonitor1] C:\WINDOWS\System32\qtplugin.exe File not found
O4 - HKU\Nils_ON_C..\Run: [4VDD85L8NF] C:\WINDOWS\msa.exe ()
O4 - HKU\Nils_ON_C..\Run: [dngoeof] c:\documents and settings\nils\local settings\application data\dngoeof.exe ()
O4 - HKU\Nils_ON_C..\Run: [RegistryMonitor1] C:\WINDOWS\System32\qtplugin.exe File not found
O4 - HKU\Nils_ON_C..\Run: [Zeldar] C:\DOCUME~1\Nils\LOCALS~1\Temp\c.exe File not found
O4 - HKU\Propriétaire_ON_C..\Run: [RegistryMonitor1] C:\WINDOWS\System32\qtplugin.exe File not found
O4 - HKU\Propriétaire_ON_C..\Run: [WinUsr] C:\Program Files\Winsudate\gibusr.exe (Winsudate)
O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Reg Error: Key error.)
O33 - MountPoints2\{f394fa94-3e16-11dd-992a-0013d34eaba8}\Shell\Auto\command - "" = AdobeR.exe e

:Files
C:\Program Files\Winsudate\gibusr.exe
C:\Program Files\Winsudate\gibsvc.exe
C:\WINDOWS\System32\qtplugin.exe
C:\WINDOWS\msa.exe
C:\Program Files\Winsudate
C:\WINDOWS\tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job
C:\WINDOWS\Tasks\{66BA574B-1E11-49b8-909C-8CC9E0E8E015}.job
C:\Documents and Settings\Nils\Local Settings\Application Data\dngoeof_navps.dat
C:\Documents and Settings\Nils\Local Settings\Application Data\dngoeof.dat
C:\Documents and Settings\Nils\Local Settings\Application Data\dngoeof_nav.dat
C:\WINDOWS\System32\sshnas.dll
C:\WINDOWS\System32\tdlrm.dll
C:\WINDOWS\System32\tdlclk.dll
C:\Documents and Settings\Nils\Local Settings\Application Data\dngoeof.exe
C:\Documents and Settings\Nils\Local Settings\Temp\c.exe

:Commands
[emptytemp]



Retourner dans la fenêtre du Bloc-notes, faire un clic droit dans la fenêtre et choisir Coller
Vérifier dans le menu Format (en haut) que "Retour automatique à ligne" n'est pas actif (pas coché).
Enregistrer le fichier sous le nom OTLPE-1.txt
Fermer le Bloc-notes.
Note: Les lignes de la zone Code ci-dessus ont été créées exclusivement pour CET utilisateur: nicop.
si vous n'êtes pas CET utilisateur, il ne faut pas les utiliser: elles pourraient endommager votre système.


Copier ce fichier OTLPE-1.txt sur une clé USB de façon à pouvoir le transférer sur le PC "malade" via REATOGO.


Étape 2: OTLPE (de OldTimer), nettoyage

Sur le PC "malade", lancer OTLPE.
Sur le PC "malade", ouvrir le fichier OTLPE-1.txt dans le Bloc-notes (notepad).

Dans le Bloc-notes, cliquer sur le menu Edition (en haut) et choisir Sélectionner tout.
Dans le Bloc-notes, cliquer sur le menu Edition (en haut) et choisir Copier.

Retourner dans la fenêtre de OTLPE, faire un clic droit dans la fenêtre située en bas nommée "Custom Scans/Fixes" Image et choisir Coller.

Cliquer sur le bouton Run Fix: Image

Note: Un redémarrage est parfois nécessaire. S'il est demandé, cliquer sur Oui/Yes

Lorsque l'outil a terminé son travail, il y a affichage dans une petite fenêtre du message "Fix Complete! Click OK to open the fix log". Cliquer sur OK. Fermer le Bloc-notes.


Cliquer sur le bouton Quick Scan:
Image

Laisser l'outil travailler sans l'interrompre.
Lorsque l'outil a terminé, il y a ouverture d'une fenêtre du Bloc-notes contenant un rapport (log).
Fermer le Bloc-notes.
Fermer la fenêtre de OTLPE.


Le fichier rapport de correction est enregistré dans C:\_OTL\MovedFiles\********_******.log - les *** sont des chiffres représentant la date [moisjourannée] et l'heure
Le fichier rapport d'analyse est sauvegardé dans C:\OTL.txt

Les transférer sur une clé USB afin de pouvoir les envoyer sur le forum.
Les rapports envoyés sur le forum doivent se terminer par une ligne contenant <End>. Si ce n'est pas le cas, ils sont incomplets, et doivent alors être découpés en plusieurs messages.

Note importante: Pour l'envoi de ta(tes) réponse(s), il ne faut pas créer un nouveau sujet, mais cliquer sur le bouton "Répondre"
Image pour continuer dans ce fil de discussion.


Question: le PC "malade" démarre-t-il?

A suivre,
nickW - Image
30/07/2012: Plus de désinfection de PC jusqu'à nouvel ordre.
Pas de demande d'analyse de log en MP (Message Privé)
Mes configs
Avatar de l’utilisateur
nickW
Modérateur
 
Messages: 21698
Inscription: 20 Mai 2004, 17:41
Localisation: Dordogne/Île de France

Messagede nicop » 14 Jan 2010, 11:35

Bonjour,

A la fin du "fix", cette fenêtre est apparue :

<img src="http://www.imageshotel.org/images/nicop/image2.png" alt="Image hébergée sur http://www.imageshotel.org/">

Elle n'a jamais disparu et masquait tout vu qu'elle restait toujours au premier plan ; et comme la souris ne marchait pas, ça a été la galère :evil: c'était long mais j'ai réussi.

J'ai redémarré sans le CD et ça marche. Toutes les sessions ont l'air de fonctionner (les 4 sessions sont "Administrateur").

Voici le fichier rapport de correction :
__________________________________________________________________________________________________________________
Error: Unable to interpret <rien> in the current context!
========== SERVICES/DRIVERS ==========
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SSHNAS deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSvc deleted successfully.
========== OTL ==========
Service\Driver key SSHNAS not found.
C:\WINDOWS\system32\sshnas.dll moved successfully.
Service\Driver key WinSvc not found.
C:\Program Files\Winsudate\gibsvc.exe moved successfully.
Registry value HKEY_USERS\hugo_ON_C\Software\Microsoft\Windows\CurrentVersion\Run\\RegistryMonitor1 deleted successfully.
Registry value HKEY_USERS\Nils_ON_C\Software\Microsoft\Windows\CurrentVersion\Run\\4VDD85L8NF deleted successfully.
C:\WINDOWS\msa.exe moved successfully.
Registry value HKEY_USERS\Nils_ON_C\Software\Microsoft\Windows\CurrentVersion\Run\\dngoeof deleted successfully.
c:\Documents and Settings\Nils\Local Settings\Application Data\dngoeof.exe moved successfully.
Registry value HKEY_USERS\Nils_ON_C\Software\Microsoft\Windows\CurrentVersion\Run\\RegistryMonitor1 deleted successfully.
Registry value HKEY_USERS\Nils_ON_C\Software\Microsoft\Windows\CurrentVersion\Run\\Zeldar deleted successfully.
Registry value HKEY_USERS\Propriétaire_ON_C\Software\Microsoft\Windows\CurrentVersion\Run\\RegistryMonitor1 deleted successfully.
Registry value HKEY_USERS\Propriétaire_ON_C\Software\Microsoft\Windows\CurrentVersion\Run\\WinUsr deleted successfully.
C:\Program Files\Winsudate\gibusr.exe moved successfully.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f394fa94-3e16-11dd-992a-0013d34eaba8}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f394fa94-3e16-11dd-992a-0013d34eaba8}\ not found.
File AdobeR.exe e not found.
========== FILES ==========
File\Folder C:\Program Files\Winsudate\gibusr.exe not found.
File\Folder C:\Program Files\Winsudate\gibsvc.exe not found.
File\Folder C:\WINDOWS\System32\qtplugin.exe not found.
File\Folder C:\WINDOWS\msa.exe not found.
C:\Program Files\Winsudate folder moved successfully.
C:\WINDOWS\tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job moved successfully.
File\Folder C:\WINDOWS\Tasks\{66BA574B-1E11-49b8-909C-8CC9E0E8E015}.job not found.
C:\Documents and Settings\Nils\Local Settings\Application Data\dngoeof_navps.dat moved successfully.
C:\Documents and Settings\Nils\Local Settings\Application Data\dngoeof.dat moved successfully.
C:\Documents and Settings\Nils\Local Settings\Application Data\dngoeof_nav.dat moved successfully.
File\Folder C:\WINDOWS\System32\sshnas.dll not found.
C:\WINDOWS\System32\tdlrm.dll moved successfully.
C:\WINDOWS\System32\tdlclk.dll moved successfully.
File\Folder C:\Documents and Settings\Nils\Local Settings\Application Data\dngoeof.exe not found.
File\Folder C:\Documents and Settings\Nils\Local Settings\Temp\c.exe not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: hugo_ON_C
->Temp folder emptied: 176834740 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Java cache emptied: 49933891 bytes

User: Invité_ON_C
->Temp folder emptied: 2324786 bytes
->Temporary Internet Files folder emptied: 56850835 bytes
->Java cache emptied: 107623 bytes

User: LocalService_ON_C
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 3254111 bytes
->Java cache emptied: 25494385 bytes

User: lucas_ON_C
->Temp folder emptied: 16336150 bytes
->Temporary Internet Files folder emptied: 43020093 bytes
->Java cache emptied: 39827636 bytes

User: NetworkService_ON_C
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 127910152 bytes

User: Nils_ON_C
->Temp folder emptied: 233019806 bytes
->Temporary Internet Files folder emptied: 164208545 bytes
->Java cache emptied: 44850330 bytes

User: Propriétaire_ON_C
->Temp folder emptied: 15340037 bytes
->Temporary Internet Files folder emptied: 6746023 bytes
->Java cache emptied: 50877086 bytes
->Google Chrome cache emptied: 88932650 bytes
->Apple Safari cache emptied: 74344 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 2134506 bytes
%systemroot%\System32 .tmp files removed: 5942784 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 5462112 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 23932626 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 19681531 bytes
RecycleBin emptied: 168724581 bytes

Total Files Cleaned = 1,308.00 mb


OTLPE by OldTimer - Version 3.1.23.0 log created on 01142010_064725
Avatar de l’utilisateur
nicop
 
Messages: 371
Inscription: 21 Jan 2005, 11:00
Localisation: Pyrénées

Suivante

Retourner vers Sécurité (Contamination - Décontamination)

Qui est en ligne

Utilisateurs parcourant ce forum: Aucun utilisateur enregistré et 45 invités