Probleme de redémarage , merci !

Sécurité et insécurité. Virus, Trojans, Spywares, Failles etc. …

Modérateur: Modérateurs et Modératrices

Règles du forum
Assiste.com a suspendu l'assistance à la décontamination après presque 15 ans sur l'ancien forum puis celui-ci. Voir :

Procédure de décontamination 1 - Anti-malware
Décontamination anti-malwares

Procédure de décontamination 2 - Anti-malware et antivirus (La Manip)
La Manip - Procédure standard de décontamination

Entretien périodique d'un PC sous Windows
Entretien périodique d'un PC sous Windows

Protection des navigateurs, de la navigation et de la vie privée
Protéger le navigateur, la navigation et la vie privée

Probleme de redémarage , merci !

Messagede trueshade » 10 Jan 2010, 18:34

Bonjours , vous m'avez deja aider (surtout Nickw , merci encore ^^)Pour un autre ordinateur, voila, j'ai 6 ordinateurs chez moi, et j'ai a nouveaux un probleme avec mon ordinateur principale (la derniere fois que vous m'aviez aider, c'etais pour un autre ordinateur). Cette fois si je ne connais rien, si sais un virus, spyware, probleme physique de l'ordinateur, etc . Tous se que je sais, sais que ma conjointe a essayer de l'ouvrir hier et ausssitôt le mot de passe de la session entrer et qu'elle a appuiyer sur enter, elle a vue: Chargement de vos parametre personel, et pouf redemarage, et en boucle, imposible de passer l'etape *Chargement de vos parametre de la session*. ALord je me suis dis, je vais redemarer en mode sans echec, sa fonctione, j'ai restaurer a une date anterieur et sa fonctionner, mon ordinateur est redevenu normal, mais aussitot mon ordinateur remis en marche, quand j'ai ouvert internet (mozzila): Pouf le *probleme* est revenue , donc redemarage en boucle a letape *chargement de vos parametre*

Donc esque quel qu'un pourrais m'aidez silvousplait?

PS: Je dispose d'une cle USB de 4GB donc, si j'ai besoin de telecharger/installer des programmes, je peux le faire en transferant d'ordinateur en ordinateur.

Merci
trueshade
 
Messages: 28
Inscription: 24 Nov 2009, 02:49

Messagede nickW » 11 Jan 2010, 02:05

Bonsoir,

Peux-tu suivre les instructions de ce sujet et envoyer les trois rapports demandés?
Note: si nécessaire, télécharger les différents logiciels depuis un autre PC et les transférer via une clé USB.

A suivre,
nickW - Image
30/07/2012: Plus de désinfection de PC jusqu'à nouvel ordre.
Pas de demande d'analyse de log en MP (Message Privé)
Mes configs
Avatar de l’utilisateur
nickW
Modérateur
 
Messages: 21698
Inscription: 20 Mai 2004, 17:41
Localisation: Dordogne/Île de France

Messagede trueshade » 11 Jan 2010, 03:45

Voila, je met a jour mon problème: Depuis quel que heures je peux aller sur internet et je n'ai rencontrer aucun problème, j'ai simplement peur que cela se reproduisent a nouveaux et que je perde des travaux en cours.

Voila les rapport demander ( Si vous voyez des problèmes / virus qui ne concerne pas mon problème principale sa serais bien de cleaner mon ordinateur au complet ^^ merci )

Malwarebytes' Anti-Malware :

Malwarebytes' Anti-Malware 1.44
Version de la base de données: 3538
Windows 5.1.2600 Service Pack 2
Internet Explorer 6.0.2900.2180

2010-01-10 21:19:14
mbam-log-2010-01-10 (21-19-09).txt

Type de recherche: Examen rapide
Eléments examinés: 111691
Temps écoulé: 3 minute(s), 49 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 2
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 7

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{0ea88f0f-b698-4ab1-8dbc-ebe2cd00927f} (Backdoor.Bot) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Active Setup\Installed Components\{0ea88f0f-b698-4ab1-8dbc-ebe2cd00927f} (Backdoor.Bot) -> No action taken.

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
C:\WINDOWS\Temp\~TM10.tmp (Trojan.Hiloti) -> No action taken.
C:\WINDOWS\Temp\~TM13.tmp (Trojan.Dropper) -> No action taken.
C:\WINDOWS\nidubjm(2).dll (Trojan.Hiloti) -> No action taken.
C:\WINDOWS\system32\inform.dat (Malware.Trace) -> No action taken.
C:\Documents and Settings\Shma\Application Data\avdrn.dat (Malware.Trace) -> No action taken.
C:\Documents and Settings\NetworkService\Application Data\fvgqad.dat (Malware.Trace) -> No action taken.
C:\Documents and Settings\Shma\Application Data\fvgqad.dat (Malware.Trace) -> No action taken.
trueshade
 
Messages: 28
Inscription: 24 Nov 2009, 02:49

Messagede trueshade » 11 Jan 2010, 03:46

De OTL :

OTL logfile created on: 2010-01-10 21:24:14 - Run 1
OTL by OldTimer - Version 3.1.23.0 Folder = C:\Documents and Settings\Shma\Bureau
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000C0C | Country: Canada | Language: FRC | Date Format: yyyy-MM-dd

1 023,00 Mb Total Physical Memory | 578,00 Mb Available Physical Memory | 56,00% Memory free
2,00 Gb Paging File | 2,00 Gb Available in Paging File | 84,00% Paging File free
Paging file location(s): C:\pagefile.sys 1152 2304 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74,52 Gb Total Space | 27,64 Gb Free Space | 37,09% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: SHADE
Current User Name: Shma
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010-01-10 21:19:37 | 00,543,744 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Shma\Bureau\OTL.exe
PRC - [2009-12-17 09:26:37 | 00,908,248 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2009-11-20 20:32:14 | 00,154,216 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe
PRC - [2009-08-18 14:06:19 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2009-08-18 14:06:19 | 00,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
PRC - [2008-10-24 13:14:28 | 00,068,865 | ---- | M] (Avira GmbH) -- C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
PRC - [2008-10-24 13:14:25 | 00,151,297 | ---- | M] (Avira GmbH) -- C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
PRC - [2008-01-15 02:40:04 | 00,110,592 | ---- | M] (Apple, Inc.) -- C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2006-10-13 16:04:02 | 00,707,376 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\vVX1000.exe
PRC - [2004-10-15 19:40:56 | 02,577,632 | ---- | M] (Sygate Technologies, Inc.) -- C:\Program Files\Sygate\SPF\Smc.exe
PRC - [2004-08-19 16:09:54 | 01,036,288 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (SafeList) ==========

MOD - [2010-01-10 21:19:37 | 00,543,744 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Shma\Bureau\OTL.exe
MOD - [2004-10-15 18:32:10 | 00,083,096 | ---- | M] (Sygate Technologies, Inc.) -- C:\WINDOWS\system32\SSSensor.dll
MOD - [2004-08-19 16:07:58 | 01,050,624 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (MSCamSvc)
SRV - File not found [On_Demand | Stopped] -- -- (gusvc)
SRV - [2009-12-17 19:00:28 | 00,243,056 | ---- | M] (CybelSoft) [On_Demand | Stopped] -- C:\Program Files\ma-config.com\maconfservice.exe -- (maconfservice)
SRV - [2009-11-20 20:32:14 | 00,154,216 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\WINDOWS\system32\nvsvc32.exe -- (nvsvc)
SRV - [2009-08-18 14:06:19 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) [Auto | Running] -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2008-10-24 13:14:28 | 00,068,865 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\AntiVir PersonalEdition Classic\sched.exe -- (AntiVirScheduler)
SRV - [2008-10-24 13:14:25 | 00,151,297 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe -- (AntiVirService)
SRV - [2008-02-04 14:18:32 | 00,504,104 | ---- | M] (Apple Inc.) [On_Demand | Stopped] -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service)
SRV - [2008-01-15 02:40:04 | 00,110,592 | ---- | M] (Apple, Inc.) [Auto | Running] -- C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2005-04-04 00:41:10 | 00,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT)
SRV - [2004-10-15 19:40:56 | 02,577,632 | ---- | M] (Sygate Technologies, Inc.) [Auto | Running] -- C:\Program Files\Sygate\SPF\Smc.exe -- (SmcService)


========== Driver Services (SafeList) ==========

DRV - [2009-12-18 10:23:14 | 00,014,336 | ---- | M] (CybelSoft) [Kernel | On_Demand | Stopped] -- C:\Program Files\ma-config.com\Drivers\driverhardwarev2.sys -- (driverhardwarev2)
DRV - [2009-12-07 18:00:08 | 00,025,280 | ---- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hamachi.sys -- (hamachi)
DRV - [2009-11-20 21:34:54 | 10,235,968 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2009-05-27 16:41:29 | 00,022,360 | ---- | M] (Avira GmbH) [File_System | Boot | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\avgntmgr.sys -- (avgntmgr)
DRV - [2009-05-27 16:41:28 | 00,075,096 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2009-05-27 16:41:28 | 00,045,400 | ---- | M] (Avira GmbH) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\avgntdd.sys -- (avgntdd)
DRV - [2009-04-09 13:14:06 | 00,344,064 | ---- | M] (INCA Internet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\TKFsAv.dll -- (TKFsAv)
DRV - [2009-04-09 13:14:06 | 00,155,648 | ---- | M] (INCA Internet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\TKFsAc.dll -- (TKFsAc)
DRV - [2009-04-09 13:14:06 | 00,147,456 | ---- | M] (INCA Internet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\TKRgAc.dll -- (TKRgAc)
DRV - [2009-04-09 13:14:06 | 00,143,360 | ---- | M] (INCA Internet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\TKRgFt.dll -- (TKRgFt)
DRV - [2009-01-14 14:44:24 | 00,143,360 | ---- | M] (INCA Internet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\TKFsFt.dll -- (TKFsFt)
DRV - [2008-07-24 11:49:53 | 00,717,296 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2008-01-15 02:39:58 | 00,030,464 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbaapl.sys -- (USBAAPL)
DRV - [2007-10-26 11:20:40 | 04,124,352 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\alcxwdm.sys -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
DRV - [2007-10-18 18:28:00 | 00,052,224 | ---- | M] (VIA Technologies, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\ViPrt.sys -- (ViPrt)
DRV - [2007-10-18 18:28:00 | 00,016,896 | ---- | M] (VIA Technologies, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\ViBus.sys -- (ViBus)
DRV - [2007-09-21 17:49:00 | 00,009,216 | ---- | M] (VIA Technologies, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\videX32.sys -- (videX32)
DRV - [2007-08-28 17:05:12 | 00,055,808 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\xusb21.sys -- (xusb21)
DRV - [2007-03-07 18:51:00 | 00,043,528 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20)
DRV - [2007-03-01 10:34:36 | 00,028,352 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2006-10-13 16:04:28 | 01,966,000 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\VX1000.sys -- (VX1000)
DRV - [2006-09-19 14:44:04 | 00,015,664 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV - [2006-08-28 23:54:56 | 00,010,664 | ---- | M] (Applied Networking Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\gan_adapter.sys -- (hamachi_oem)
DRV - [2006-07-01 22:42:58 | 00,043,520 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)
DRV - [2005-01-04 04:43:08 | 00,004,682 | ---- | M] (INCA Internet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\npptNT2.sys -- (NPPTNT2)
DRV - [2004-10-15 18:32:44 | 00,014,568 | ---- | M] (Sygate Technologies, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\Drivers\wg6n.sys -- (wg6n)
DRV - [2004-10-15 18:32:42 | 00,014,568 | ---- | M] (Sygate Technologies, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\Drivers\wg5n.sys -- (wg5n)
DRV - [2004-10-15 18:32:40 | 00,014,568 | ---- | M] (Sygate Technologies, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\Drivers\wg4n.sys -- (wg4n)
DRV - [2004-10-15 18:32:38 | 00,014,568 | ---- | M] (Sygate Technologies, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\Drivers\wg3n.sys -- (wg3n)
DRV - [2004-10-15 18:18:46 | 00,021,075 | ---- | M] (Sygate Technologies, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\wpsdrvnt.sys -- (wpsdrvnt)
DRV - [2004-10-15 18:17:02 | 00,060,496 | ---- | M] (Sygate Technologies, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\SYSTEM32\Drivers\Teefer.sys -- (Teefer)
DRV - [2004-08-03 23:03:36 | 00,088,448 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkipx.sys -- (NwlnkIpx)
DRV - [2004-08-03 22:59:52 | 00,040,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmnt.sys -- (nm)
DRV - [2004-08-03 22:07:56 | 00,059,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2003-07-02 04:42:00 | 00,027,904 | ---- | M] (VIA Technologies, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\viaagp1.sys -- (viaagp1)
DRV - [2002-10-07 18:07:38 | 00,011,376 | R--- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv)
DRV - [2001-10-04 06:56:35 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink)
DRV - [2001-10-04 06:56:16 | 00,063,232 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnknb.sys -- (NwlnkNb)
DRV - [2001-10-04 06:56:16 | 00,055,936 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkspx.sys -- (NwlnkSpx)
DRV - [2001-08-17 14:13:08 | 00,027,165 | ---- | M] (VIA Technologies, Inc. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\fetnd5.sys -- (FETNDIS)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie


IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1993962763-527237240-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-1993962763-527237240-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-1993962763-527237240-725345543-1003\S-1-5-21-1993962763-527237240-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.ca/"
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0

FF - HKLM\software\mozilla\Mozilla Firefox 3.5.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009-12-17 09:26:45 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010-01-10 17:39:33 | 00,000,000 | ---D | M]

[2009-08-04 09:44:35 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Shma\Application Data\Mozilla\Extensions
[2009-09-17 16:42:13 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Shma\Application Data\Mozilla\Firefox\Profiles\iei5wvgg.default\extensions
[2010-01-04 11:46:15 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2009-07-15 14:03:50 | 00,001,516 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-france.xml
[2009-07-15 14:03:50 | 00,001,822 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\cnrtl-tlfi-fr.xml
[2009-07-15 14:03:50 | 00,000,757 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-france.xml
[2009-07-15 14:03:50 | 00,001,426 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-fr.xml
[2009-07-15 14:03:50 | 00,000,652 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-france.xml

O1 HOSTS File: (371083 bytes) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 127.0.0.1 123haustiereundmehr.com
O1 - Hosts: 12817 more lines...
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Programme d'aide de l'Assistant de connexion Windows Live) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKU\S-1-5-21-1993962763-527237240-725345543-1003\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-21-1993962763-527237240-725345543-1003\..\Toolbar\WebBrowser: (no name) - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - No CLSID value found.
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] File not found
O4 - HKLM..\Run: [SmcService] C:\Program Files\Sygate\SPF\Smc.exe (Sygate Technologies, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [VX1000] C:\WINDOWS\vVX1000.exe (Microsoft Corporation)
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - Startup: C:\Documents and Settings\Shma\Menu Démarrer\Programmes\Démarrage\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1993962763-527237240-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: 59 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\.DEFAULT\..Trusted Domains: 58 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-18\..Trusted Domains: 58 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-19\..Trusted Domains: 32 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-20\..Trusted Domains: 32 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-21-1993962763-527237240-725345543-1003\..Trusted Domains: 58 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} http://download.microsoft.com/download/ ... mv9VCM.CAB (Reg Error: Key error.)
O16 - DPF: {33564D57-9980-0010-8000-00AA00389B71} http://download.microsoft.com/download/ ... mv9dmo.cab (Reg Error: Key error.)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/windows ... 2692024201 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microso ... 2692484234 (MUWebControl Class)
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} http://ma-config.com/plugins/MaConfig_4_0_1_3.cab (Ma-Config control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/fl ... rashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_04)
O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shoc ... wflash.cab (Shockwave Flash Object)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Reg Error: Value error. - Reg Error: Value error. File not found
O24 - Desktop Components:0 (Ma page d'accueil) - About:Home
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007-12-24 12:01:29 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{1f27f6a2-d5e9-11dc-8e8f-0015f26f3534}\Shell\AutoRun\command - "" = RECYCLER\recycld.exe
O33 - MountPoints2\{1f27f6a2-d5e9-11dc-8e8f-0015f26f3534}\Shell\open\command - "" = RECYCLER\recycld.exe
O33 - MountPoints2\{9a49343b-ccab-11de-b32e-0015f26f3534}\Shell\Auto\command - "" = G:\launcher.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2007-12-24 12:01:10 | 00,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

========== Files/Folders - Created Within 30 Days ==========

[2010-01-10 21:23:18 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010-01-10 21:22:40 | 00,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2010-01-10 21:19:36 | 00,543,744 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Shma\Bureau\OTL.exe
[2010-01-10 20:23:34 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Shma\Application Data\Malwarebytes
[2010-01-10 20:23:30 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010-01-10 20:23:27 | 00,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010-01-10 20:23:27 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010-01-10 20:23:27 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010-01-10 17:40:29 | 00,000,000 | RH-D | C] -- C:\Documents and Settings\Shma\Recent
[2010-01-10 15:59:44 | 00,014,568 | ---- | C] (Sygate Technologies, Inc.) -- C:\WINDOWS\System32\drivers\wg6n.sys
[2010-01-10 15:59:44 | 00,014,568 | ---- | C] (Sygate Technologies, Inc.) -- C:\WINDOWS\System32\drivers\wg5n.sys
[2010-01-10 15:59:43 | 00,014,568 | ---- | C] (Sygate Technologies, Inc.) -- C:\WINDOWS\System32\drivers\wg4n.sys
[2010-01-10 15:59:43 | 00,014,568 | ---- | C] (Sygate Technologies, Inc.) -- C:\WINDOWS\System32\drivers\wg3n.sys
[2010-01-10 15:59:42 | 00,060,496 | ---- | C] (Sygate Technologies, Inc.) -- C:\WINDOWS\System32\drivers\Teefer.sys
[2010-01-10 15:59:42 | 00,021,075 | ---- | C] (Sygate Technologies, Inc.) -- C:\WINDOWS\System32\drivers\wpsdrvnt.sys
[2010-01-10 15:59:34 | 00,083,096 | ---- | C] (Sygate Technologies, Inc.) -- C:\WINDOWS\System32\SSSensor.dll
[2010-01-10 15:59:30 | 00,000,000 | ---D | C] -- C:\Program Files\Sygate
[2010-01-10 11:18:12 | 00,000,000 | ---D | C] -- C:\Config.Msi
[2010-01-04 12:41:43 | 00,000,000 | ---D | C] -- C:\Program Files\Trine
[2010-01-03 18:46:33 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Shma\Local Settings\Application Data\Monte Cristo
[2010-01-02 23:30:17 | 00,000,000 | ---D | C] -- C:\Program Files\Fichiers communs\Adobe AIR
[2010-01-02 23:27:01 | 00,000,000 | ---D | C] -- C:\Riot Games
[2010-01-02 01:20:26 | 00,000,000 | ---D | C] -- C:\gPotato.com
[2010-01-02 01:12:32 | 00,000,000 | ---D | C] -- C:\Program Files\Allods Online
[2009-12-28 00:16:08 | 00,000,000 | ---D | C] -- C:\Program Files\Pando Networks
[2009-12-23 14:01:17 | 00,000,000 | ---D | C] -- C:\Program Files\NVIDIA Corporation
[2009-12-23 14:00:24 | 13,602,816 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvoglnt.dll
[2009-12-23 14:00:24 | 02,259,560 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvcuvid.dll
[2009-12-23 14:00:24 | 01,989,224 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvcuvenc.dll
[2009-12-23 14:00:24 | 00,069,632 | ---- | C] (Khronos Group) -- C:\WINDOWS\System32\OpenCL.dll
[2009-12-23 14:00:23 | 11,374,592 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvcompiler.dll
[2009-12-23 14:00:23 | 04,038,656 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvcuda.dll
[2009-12-23 14:00:23 | 01,056,768 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvapi.dll
[2009-12-23 14:00:23 | 00,182,888 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvcodins.dll
[2009-12-23 14:00:23 | 00,182,888 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvcod.dll
[2009-12-21 11:42:04 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Shma\Local Settings\Application Data\SCE
[2009-12-21 11:42:03 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Shma\Application Data\Sony Online Entertainment
[2009-12-18 16:08:50 | 00,021,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hidserv.dll
[2009-12-18 16:08:44 | 00,014,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdhid.sys
[2009-10-01 21:46:28 | 00,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2009-09-10 09:40:37 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Google
[2009-09-07 09:43:50 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Google
[2009-01-18 09:53:05 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2009-01-18 09:50:16 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2009-01-18 09:50:15 | 00,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2008-05-30 18:48:39 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\AdobeUM
[2008-04-26 19:30:29 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Adobe
[2008-04-26 19:30:01 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2008-03-13 10:33:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010-01-10 21:22:44 | 00,000,767 | ---- | M] () -- C:\Documents and Settings\Shma\Menu Démarrer\Programmes\Démarrage\ERUNT AutoBackup.lnk
[2010-01-10 21:20:12 | 13,369,344 | ---- | M] () -- C:\Documents and Settings\Shma\ntuser.dat
[2010-01-10 21:19:37 | 00,543,744 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Shma\Bureau\OTL.exe
[2010-01-10 16:18:18 | 00,272,291 | ---- | M] () -- C:\WINDOWS\System32\NvApps.xml
[2010-01-10 16:17:48 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010-01-10 16:17:43 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010-01-10 14:01:24 | 00,371,083 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010-01-10 11:35:52 | 00,000,008 | ---- | M] () -- C:\Documents and Settings\Shma\Application Data\avdrn.dat
[2010-01-10 11:09:32 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010-01-07 20:16:01 | 00,000,024 | ---- | M] () -- C:\Documents and Settings\Shma\Application Data\fvgqad.dat
[2010-01-07 16:07:14 | 00,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010-01-07 16:07:04 | 00,019,160 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010-01-07 07:03:06 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010-01-05 23:06:05 | 00,000,045 | ---- | M] () -- C:\WINDOWS\popcinfo.dat
[2010-01-05 01:20:13 | 04,284,680 | -H-- | M] () -- C:\Documents and Settings\Shma\Local Settings\Application Data\IconCache.db
[2010-01-02 01:27:54 | 00,000,757 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\Allods Online.lnk
[2009-12-22 23:19:06 | 00,153,088 | ---- | M] () -- C:\Documents and Settings\Shma\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009-12-17 19:52:12 | 00,001,637 | ---- | M] () -- C:\Documents and Settings\Shma\Bureau\Luxor.lnk
[2009-12-14 22:48:33 | 00,001,008 | ---- | M] () -- C:\Documents and Settings\Shma\Bureau\Numero.doc
[2009-12-14 10:09:10 | 00,000,948 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\Zuma Deluxe.lnk
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010-01-10 21:22:44 | 00,000,767 | ---- | C] () -- C:\Documents and Settings\Shma\Menu Démarrer\Programmes\Démarrage\ERUNT AutoBackup.lnk
[2010-01-10 11:36:05 | 00,000,024 | ---- | C] () -- C:\Documents and Settings\NetworkService\Application Data\fvgqad.dat
[2010-01-07 20:15:58 | 00,000,024 | ---- | C] () -- C:\Documents and Settings\Shma\Application Data\fvgqad.dat
[2010-01-07 20:15:46 | 00,000,008 | ---- | C] () -- C:\Documents and Settings\Shma\Application Data\avdrn.dat
[2010-01-02 02:49:00 | 13,369,344 | ---- | C] () -- C:\Documents and Settings\Shma\ntuser.dat
[2010-01-02 01:27:53 | 00,000,757 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\Allods Online.lnk
[2009-12-23 14:00:21 | 02,293,286 | ---- | C] () -- C:\WINDOWS\System32\nvdata.bin
[2009-12-17 19:52:12 | 00,001,637 | ---- | C] () -- C:\Documents and Settings\Shma\Bureau\Luxor.lnk
[2009-12-14 10:09:10 | 00,000,948 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\Zuma Deluxe.lnk
[2009-08-17 22:09:18 | 01,970,176 | ---- | C] () -- C:\WINDOWS\System32\d3dx9.dll
[2009-07-16 22:20:41 | 01,511,424 | ---- | C] () -- C:\WINDOWS\System32\sn3win.dll
[2009-03-15 01:01:38 | 01,554,808 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2009-03-01 14:05:34 | 00,022,328 | ---- | C] () -- C:\Documents and Settings\Shma\Application Data\PnkBstrK.sys
[2008-10-07 08:13:22 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll
[2008-10-07 08:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll
[2008-10-07 08:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll
[2008-10-07 08:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll
[2008-10-07 08:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll
[2008-10-07 08:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll
[2008-10-07 08:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll
[2008-10-07 08:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll
[2008-10-07 08:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll
[2008-08-20 19:03:43 | 00,000,000 | ---- | C] () -- C:\WINDOWS\WoWEmuHackSettings.ini
[2008-07-29 09:49:22 | 00,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2008-07-24 11:49:52 | 00,717,296 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2008-06-22 18:57:43 | 00,000,023 | ---- | C] () -- C:\WINDOWS\BlendSettings.ini
[2008-06-05 07:58:26 | 00,197,912 | ---- | C] () -- C:\WINDOWS\System32\physxcudart_20.dll
[2008-06-01 20:04:03 | 01,073,152 | ---- | C] () -- C:\WINDOWS\System32\libmysql_c.dll
[2008-04-26 12:12:03 | 00,000,032 | ---- | C] () -- C:\WINDOWS\GunzLauncher.INI
[2008-03-07 19:38:42 | 00,000,010 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2008-02-10 23:26:07 | 00,139,264 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2008-02-10 23:11:44 | 03,889,728 | ---- | C] () -- C:\WINDOWS\System32\avcodec.dll
[2008-02-10 23:11:44 | 01,143,989 | ---- | C] () -- C:\WINDOWS\System32\avformat.dll
[2008-02-10 23:11:44 | 00,524,288 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2008-02-10 22:49:39 | 00,000,127 | ---- | C] () -- C:\Documents and Settings\Shma\Local Settings\Application Data\fusioncache.dat
[2008-02-10 22:05:50 | 00,081,920 | ---- | C] () -- C:\WINDOWS\System32\ieencode.dll
[2008-01-16 00:29:25 | 00,000,305 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\addr_file.html
[2008-01-15 20:35:41 | 00,000,324 | ---- | C] () -- C:\WINDOWS\WPE PRO.INI
[2008-01-15 20:31:51 | 00,001,802 | ---- | C] () -- C:\WINDOWS\TSearch.INI
[2008-01-01 12:25:23 | 00,021,840 | ---- | C] () -- C:\WINDOWS\System32\SIntfNT.dll
[2008-01-01 12:25:23 | 00,017,212 | ---- | C] () -- C:\WINDOWS\System32\SIntf32.dll
[2008-01-01 12:25:23 | 00,012,067 | ---- | C] () -- C:\WINDOWS\System32\SIntf16.dll
[2007-12-29 01:01:59 | 00,153,088 | ---- | C] () -- C:\Documents and Settings\Shma\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007-12-26 21:24:49 | 00,056,832 | ---- | C] () -- C:\WINDOWS\System32\Iyvu9_32.dll
[2007-12-25 15:16:41 | 00,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2007-12-25 13:30:48 | 00,002,043 | ---- | C] () -- C:\WINDOWS\ATICIM.INI
[2007-12-25 13:29:09 | 00,147,456 | ---- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
[2006-04-27 05:19:01 | 00,015,498 | ---- | C] () -- C:\WINDOWS\VX1000.ini
[2004-10-15 18:31:56 | 00,218,264 | ---- | C] () -- C:\WINDOWS\System32\SetAid.dll
[2001-10-04 06:56:45 | 00,011,376 | R--- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys

========== LOP Check ==========

[2008-09-06 16:10:30 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrateur\Application Data\Grisoft
[2008-09-06 16:11:55 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrateur\Application Data\uTorrent
[2010-01-10 12:37:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AntiVir PersonalEdition Classic
[2010-01-10 12:12:57 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BioWare
[2007-12-24 12:11:02 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Grisoft
[2009-12-23 12:57:19 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ma-config.com
[2009-02-09 09:26:44 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Messenger Plus!
[2009-09-11 11:25:44 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MGS
[2009-08-16 20:42:35 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters
[2009-11-14 18:02:07 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2008-02-10 23:27:07 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Shma\Application Data\AVSMedia
[2009-06-25 09:34:39 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Shma\Application Data\Bioshock
[2008-07-24 11:49:46 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Shma\Application Data\DAEMON Tools
[2009-04-01 07:46:14 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Shma\Application Data\GetRightToGo
[2007-12-24 12:11:36 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Shma\Application Data\Grisoft
[2009-03-30 09:29:34 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Shma\Application Data\id Software
[2008-04-26 19:29:03 | 00,000,000 | -H-D | M] -- C:\Documents and Settings\Shma\Application Data\ijjigame
[2010-01-04 14:56:31 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Shma\Application Data\LimeWire
[2009-03-09 15:39:37 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Shma\Application Data\Nexon
[2009-11-12 22:23:08 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Shma\Application Data\Pogo Games
[2009-12-04 13:12:27 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Shma\Application Data\Soldat
[2009-12-21 11:42:46 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Shma\Application Data\Sony Online Entertainment
[2009-12-20 22:55:35 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Shma\Application Data\uTorrent
[2009-11-25 14:52:46 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Shma\Application Data\XnView

========== Purity Check ==========



========== Custom Scans ==========


<SYSTEMDRIVE>


<MD5>
[2004-08-19 16:20:54 | 18,782,711 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2004-08-19 16:20:54 | 18,782,711 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:AGP440.sys
[2004-08-03 23:07:42 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2004-08-03 23:07:42 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\system32\drivers\agp440.sys

<MD5>
[2004-08-19 16:20:54 | 18,782,711 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2004-08-19 16:20:54 | 18,782,711 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:atapi.sys
[2001-10-04 06:54:18 | 00,086,656 | ---- | M] (Microsoft Corporation) MD5=A64013E98426E1877CB653685C5C0009 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
[2001-10-04 06:54:18 | 00,086,656 | ---- | M] (Microsoft Corporation) MD5=A64013E98426E1877CB653685C5C0009 -- C:\WINDOWS\system32\ReinstallBackups\0014\DriverFiles\i386\atapi.sys
[2001-10-04 06:54:18 | 00,086,656 | ---- | M] (Microsoft Corporation) MD5=A64013E98426E1877CB653685C5C0009 -- C:\WINDOWS\system32\ReinstallBackups\0015\DriverFiles\i386\atapi.sys
[2004-08-03 22:59:44 | 00,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2004-08-03 22:59:44 | 00,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\drivers\atapi.sys

<MD5>
[2001-10-04 06:55:08 | 00,047,616 | ---- | M] (Microsoft Corporation) MD5=21625DD16C2B397E3F69341E1D7E72BF -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll
[2004-08-19 16:09:26 | 00,055,808 | ---- | M] (Microsoft Corporation) MD5=49B1376885340BF9EA0D99F71557B59A -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2004-08-19 16:09:26 | 00,055,808 | ---- | M] (Microsoft Corporation) MD5=49B1376885340BF9EA0D99F71557B59A -- C:\WINDOWS\system32\eventlog.dll

<MD5>
[2001-10-04 06:56:04 | 00,397,824 | ---- | M] (Microsoft Corporation) MD5=5C6CAFA21A45A3F51DB9C2B699D98D7B -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll
[2004-08-19 16:09:38 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=D4CFAC76926C24E32B7F25A35C31BC6E -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2004-08-19 16:09:38 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=D4CFAC76926C24E32B7F25A35C31BC6E -- C:\WINDOWS\system32\netlogon.dll

<MD5>
[2001-10-04 06:56:43 | 00,180,224 | ---- | M] (Microsoft Corporation) MD5=414426B3CCD8D9A2AADFB9A9A4538F66 -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2004-08-19 16:09:40 | 00,186,368 | ---- | M] (Microsoft Corporation) MD5=58D439F6EF73A2D9288B204E819F4BBD -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2004-08-19 16:09:40 | 00,186,368 | ---- | M] (Microsoft Corporation) MD5=58D439F6EF73A2D9288B204E819F4BBD -- C:\WINDOWS\system32\scecli.dll

<MD5>
[2007-10-18 18:28:00 | 00,052,224 | ---- | M] (VIA Technologies, Inc.) MD5=020EB647FEA9187541827231CB236DCE -- C:\WINDOWS\system32\drivers\ViPrt.sys

<systemroot>

<systemroot>
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

<systemroot>

========== Alternate Data Streams ==========

@Alternate Data Stream - 99 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:24051EFF
@Alternate Data Stream - 137 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:588B60C7
@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:65B701A9
@Alternate Data Stream - 113 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:FACB65E7
@Alternate Data Stream - 106 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:28534A3F
<End>
trueshade
 
Messages: 28
Inscription: 24 Nov 2009, 02:49

Messagede trueshade » 11 Jan 2010, 03:48

OTL Extra :

OTL Extras logfile created on: 2010-01-10 21:24:14 - Run 1
OTL by OldTimer - Version 3.1.23.0 Folder = C:\Documents and Settings\Shma\Bureau
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000C0C | Country: Canada | Language: FRC | Date Format: yyyy-MM-dd

1 023,00 Mb Total Physical Memory | 578,00 Mb Available Physical Memory | 56,00% Memory free
2,00 Gb Paging File | 2,00 Gb Available in Paging File | 84,00% Paging File free
Paging file location(s): C:\pagefile.sys 1152 2304 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74,52 Gb Total Space | 27,64 Gb Free Space | 37,09% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: SHADE
Current User Name: Shma
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-1993962763-527237240-725345543-1003\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"7700:UDP" = 7700:UDP:*:Enabled:Gunz
"3724:TCP" = 3724:TCP:*:Enabled:wow
"8085:TCP" = 8085:TCP:*:Enabled:wow
"3306:TCP" = 3306:TCP:*:Enabled:wow
"7777:TCP" = 7777:TCP:*:Enabled:border
"7777:UDP" = 7777:UDP:*:Enabled:border
"28900:TCP" = 28900:TCP:*:Enabled:border
"27900:UDP" = 27900:UDP:*:Enabled:border
"28910:TCP" = 28910:TCP:*:Enabled:border
"48113:TCP" = 48113:TCP:LocalSubNet:Enabled:maconfig_tcp
"48113:UDP" = 48113:UDP:LocalSubNet:Enabled:maconfig_udp
"56851:TCP" = 56851:TCP:*:Enabled:Pando Media Booster
"56851:UDP" = 56851:UDP:*:Enabled:Pando Media Booster

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\NCsoft\Exteel\System\Exteel.exe" = C:\Program Files\NCsoft\Exteel\System\Exteel.exe:*:Enabled:Exteel -- File not found
"C:\Program Files\MSN Messenger\livecall.exe" = C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone) -- File not found

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
"C:\Program Files\War3\war3.exe" = C:\Program Files\War3\war3.exe:*:Enabled:Warcraft III -- (BoR0)
"C:\Program Files\MAIET\Gunz\GunzLauncher.exe" = C:\Program Files\MAIET\Gunz\GunzLauncher.exe:*:Enabled:GunzLauncher -- File not found
"C:\Program Files\Rockstar Games\GTA San Andreas\samp.exe" = C:\Program Files\Rockstar Games\GTA San Andreas\samp.exe:*:Enabled:San Andreas Multiplayer -- ()
"C:\Program Files\VentSrv\ventrilo_srv.exe" = C:\Program Files\VentSrv\ventrilo_srv.exe:*:Enabled:ventrilo_srv -- File not found
"C:\ijji\ENGLISH\u_gunz.exe" = C:\ijji\ENGLISH\u_gunz.exe:*:Enabled:<ijji> -- File not found
"C:\ijji\ENGLISH\Gunz\Gunz.exe" = C:\ijji\ENGLISH\Gunz\Gunz.exe:*:Enabled:Gunz -- File not found
"C:\World Of Warcraft\Repair.exe" = C:\World Of Warcraft\Repair.exe:*:Enabled:Blizzard Repair Utility -- File not found
"C:\FunServer\Server\xampp\apache\bin\apache.exe" = C:\FunServer\Server\xampp\apache\bin\apache.exe:*:Enabled:Apache HTTP Server -- File not found
"C:\FunServer\Server\Cystem\mysql\bin\mysqld.exe" = C:\FunServer\Server\Cystem\mysql\bin\mysqld.exe:*:Enabled:mysqld -- File not found
"C:\FunServer\Ascent\ascent-world.exe" = C:\FunServer\Ascent\ascent-world.exe:*:Enabled:ascent-world -- File not found
"C:\FunServer\Ascent\ascent-logonserver.exe" = C:\FunServer\Ascent\ascent-logonserver.exe:*:Enabled:ascent-logonserver -- File not found
"C:\Program Files\LimeWire\LimeWire.exe" = C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire -- (Lime Wire, LLC)
"C:\Program Files\NCsoft\Exteel\System\Exteel.exe" = C:\Program Files\NCsoft\Exteel\System\Exteel.exe:*:Enabled:Exteel -- File not found
"C:\Program Files\THQ\Titan Quest Immortal Throne\Tqit.exe" = C:\Program Files\THQ\Titan Quest Immortal Throne\Tqit.exe:*:Enabled:Tqit -- File not found
"\\PHANO\Heroes of Might and Magic V - Tribes of the East\bin\H5_Game.exe" = \\PHANO\Heroes of Might and Magic V - Tribes of the East\bin\H5_Game.exe:*:Enabled:H5_Game.exe
"C:\Documents and Settings\Shma\Local Settings\Temp\Rar$EX00.594\LieroX v0.56 Pack 1.9\LieroX.exe" = C:\Documents and Settings\Shma\Local Settings\Temp\Rar$EX00.594\LieroX v0.56 Pack 1.9\LieroX.exe:*:Enabled:LieroX -- File not found
"C:\Program Files\Codemasters\Overlord\Overlord.exe" = C:\Program Files\Codemasters\Overlord\Overlord.exe:*:Enabled:Game Application -- File not found
"C:\Program Files\Tremulous\tremulous.exe" = C:\Program Files\Tremulous\tremulous.exe:*:Enabled:tremulous -- File not found
"C:\WINDOWS\system32\PnkBstrA.exe" = C:\WINDOWS\system32\PnkBstrA.exe:*:Enabled:PnkBstrA -- File not found
"C:\WINDOWS\system32\PnkBstrB.exe" = C:\WINDOWS\system32\PnkBstrB.exe:*:Enabled:PnkBstrB -- File not found
"C:\Program Files\VALVe\Counter-Strike Source\hl2.exe" = C:\Program Files\VALVe\Counter-Strike Source\hl2.exe:*:Enabled:hl2 -- File not found
"C:\Program Files\VALVe\Counter-Strike Source\srcds.exe" = C:\Program Files\VALVe\Counter-Strike Source\srcds.exe:*:Enabled:srcds -- File not found
"C:\Program Files\LEFT 4 DEAD.[FRENCH].[PCDVD].(2008).by AkTivisT\left4dead.exe" = C:\Program Files\LEFT 4 DEAD.[FRENCH].[PCDVD].(2008).by AkTivisT\left4dead.exe:*:Enabled:left4dead -- File not found
"C:\Program Files\Black Isle\Baldur's Gate\BGMain.exe" = C:\Program Files\Black Isle\Baldur's Gate\BGMain.exe:*:Enabled:Baldur's Gate, the Game -- File not found
"C:\Program Files\Steam\SteamApps\common\left 4 dead\srcds.exe" = C:\Program Files\Steam\SteamApps\common\left 4 dead\srcds.exe:*:Enabled:srcds -- File not found
"C:\Program Files\LEFT 4 DEAD\left4dead.exe" = C:\Program Files\LEFT 4 DEAD\left4dead.exe:*:Enabled:left4dead -- File not found
"C:\Program Files\MSN Messenger\livecall.exe" = C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone) -- File not found
"C:\Program Files\Microsoft LifeCam\LifeExp.exe" = C:\Program Files\Microsoft LifeCam\LifeExp.exe:*:Enabled:LifeExp.exe -- File not found
"C:\Documents and Settings\Shma\Bureau\700_DDI_CB.exe" = C:\Documents and Settings\Shma\Bureau\700_DDI_CB.exe:*:Enabled:DD Insider -- File not found
"C:\WINDOWS\system32\dpvsetup.exe" = C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test -- (Microsoft Corporation)
"C:\Program Files\Savage 2 - A Tortured Soul\savage2.exe" = C:\Program Files\Savage 2 - A Tortured Soul\savage2.exe:*:Enabled:savage2 -- File not found
"C:\Program Files\World of Warcraft\Launcher.exe" = C:\Program Files\World of Warcraft\Launcher.exe:*:Enabled:Blizzard Launcher -- File not found
"C:\Diablo\diablo.exe" = C:\Diablo\diablo.exe:*:Enabled:Diablo -- File not found
"C:\Program Files\World of Warcraft\WoW-3.1.1.9835-to-3.1.2.9901-enUS-downloader.exe" = C:\Program Files\World of Warcraft\WoW-3.1.1.9835-to-3.1.2.9901-enUS-downloader.exe:*:Enabled:Blizzard Downloader -- File not found
"C:\Program Files\Borderlands\Binaries\Borderlands.exe" = C:\Program Files\Borderlands\Binaries\Borderlands.exe:*:Enabled:Borderlands -- File not found
"C:\Program Files\Turbine\Turbine Download Manager\TurbineMessageService.exe" = C:\Program Files\Turbine\Turbine Download Manager\TurbineMessageService.exe:*:Enabled:TurbineMessageService -- File not found
"C:\Program Files\Turbine\Turbine Download Manager\TurbineNetworkService.exe" = C:\Program Files\Turbine\Turbine Download Manager\TurbineNetworkService.exe:*:Enabled:TurbineNetworkService -- File not found
"C:\Program Files\ma-config.com\maconfservice.exe" = C:\Program Files\ma-config.com\maconfservice.exe:LocalSubNet:Enabled:maconfservice -- (CybelSoft)
"C:\gPotato.com\Allods Online\bin\Launcher.exe" = C:\gPotato.com\Allods Online\bin\Launcher.exe:*:Enabled:Allods Online launcher.exe -- (© 2008 - 2009 Astrum Nival, LLC)
"C:\gPotato.com\Allods Online\bin\AOgame.exe" = C:\gPotato.com\Allods Online\bin\AOgame.exe:*:Enabled:Allods Online AOgame.exe -- (© 2008 - 2009 Astrum Nival, LLC)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01501EBA-EC35-4F9F-8889-3BE346E5DA13}" = MSXML4 Parser
"{02DFB3FD-CF52-4183-8BCA-2A127D4888F4}" = iTunes
"{18754BA4-4F0C-4E6E-888B-9496AFA05F43}" = Ma-Config.com
"{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216015FF}" = Java(TM) 6 Update 15
"{3248F0A8-6813-11D6-A77B-00B0D0160040}" = Java(TM) 6 Update 4
"{350C97B8-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3F7924B9-D148-3141-87B1-68F36043A940}" = Microsoft .NET Framework 2.0 Service Pack 1 Language Pack - FRA
"{46ABBC54-1872-4AA3-95E2-F2C063A63F31}" = Installation Windows Live
"{511DF669-2930-30C0-8EB6-552887E29EC8}" = Microsoft .NET Framework 3.0 Service Pack 1 Language Pack - FRA
"{5B76AEA2-D4E5-3B55-B965-ACC36AE0EAFC}" = Microsoft .NET Framework 3.5 Language Pack - fra
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770F1BEC-2871-4E70-B837-FB8525FFA3B1}" = Windows Live Messenger
"{82C7B308-0BDD-49D8-8EA5-9CD3A3F9DF41}" = Windows Live Call
"{8DC42D05-680B-41B0-8878-6C14D24602DB}" = QuickTime
"{90AF040C-6000-11D3-8CFE-0150048383C9}" = Microsoft Office PowerPoint Viewer 2003
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{AC76BA86-7AD7-1033-7B44-A81100000003}" = Adobe Reader 8.1.1
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{BEF3EFE7-5159-436D-9BF0-CCC633179EB4}" = EVGA Display Driver
"{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = Les Sims™ 3
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C151CE54-E7EA-4804-854B-F515368B0798}" = AMD Processor Driver
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D8AB8F0C-CEEB-4A29-8EF5-219B064813F4}" = Apple Mobile Device Support
"{DCE8CD14-FBF5-4464-B9A4-E18E473546C7}" = Assistant de connexion Windows Live
"{DD1865F0-AD73-40FB-B23E-1822E02396FF}" = NVIDIA PhysX
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F34D9A5F-484A-4E31-A9D3-908CB265B289}" = Sygate Personal Firewall
"{F710FEE6-7ECF-4CDB-B6B5-966F79230215}" = nProtect Security Platform 2007
"{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player
"Age of Mythology 1.0" = Age of Mythology
"Age of Mythology Expansion Pack 1.0" = Age of Mythology - The Titans Expansion
"AntiVir PersonalEdition Classic" = Avira AntiVir Personal - Free Antivirus
"AstrumNival Allods" = Allods Online 1.0.04.11
"Bejeweled 2 Deluxe 1.0" = Bejeweled 2 Deluxe 1.0
"CCleaner" = CCleaner (remove only)
"Cheat Engine 5.5_is1" = Cheat Engine 5.5
"Diablo II" = Diablo II
"ERUNT_is1" = ERUNT 1.1j
"Hamachi" = Hamachi 1.0.3.0
"HijackThis" = HijackThis 2.0.2
"Indeo® software" = Indeo® software
"InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Le gestionnaire du dispositif de plate-forme
"LimeWire" = LimeWire 4.16.6
"Luxor" = Luxor (remove only)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Messenger Plus! Live" = Messenger Plus! Live
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 Language Pack - fra" = Module linguistique Microsoft .NET Framework 3.5 - fra
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.5.6)" = Mozilla Firefox (3.5.6)
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"NVIDIA nView Desktop Manager" = NVIDIA nView Desktop Manager
"OpenAL" = OpenAL
"Spybot - Search & Destroy_is1" = Spybot - Search & Destroy 1.5.2.20
"ST6UNST #1" = Hero Editor V0.96
"VLC media player" = VideoLAN VLC media player 0.8.6d
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows XP Service Pack" = Windows XP Service Pack 2
"WinLiveSuite_Wave3" = Installation Windows Live
"WinRAR archiver" = Archiveur WinRAR
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"XPSEPSCLP" = XML Paper Specification Shared Components Language Pack 1.0
"Zuma Deluxe 1.0" = Zuma Deluxe 1.0

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1993962763-527237240-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"ijji.com" = ijji
"uTorrent" = µTorrent

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 2009-12-12 21:33:45 | Computer Name = SHADE | Source = Application Error | ID = 1000
Description = Application défaillante gta_sa.exe, version 0.0.0.0, module défaillant
gta_sa.exe, version 0.0.0.0, adresse de défaillance 0x00354b52.

Error - 2009-12-15 12:18:35 | Computer Name = SHADE | Source = Application Error | ID = 1000
Description = Application défaillante gta_sa.exe, version 0.0.0.0, module défaillant
gta_sa.exe, version 0.0.0.0, adresse de défaillance 0x000f02d3.

Error - 2009-12-23 14:04:45 | Computer Name = SHADE | Source = Application Hang | ID = 1002
Description = Application bloquée mmc.exe, version 5.1.2600.2180, module bloqué
hungapp, version 0.0.0.0, adresse de blocage 0x00000000.

Error - 2009-12-30 23:05:27 | Computer Name = SHADE | Source = Application Hang | ID = 1002
Description = Application bloquée msnmsgr.exe, version 14.0.8089.726, module bloqué
hungapp, version 0.0.0.0, adresse de blocage 0x00000000.

Error - 2010-01-04 18:13:31 | Computer Name = SHADE | Source = Application Hang | ID = 1002
Description = Application bloquée avnotify.exe, version 8.0.10.0, module bloqué
hungapp, version 0.0.0.0, adresse de blocage 0x00000000.

Error - 2010-01-07 12:04:22 | Computer Name = SHADE | Source = Application Hang | ID = 1002
Description = Application bloquée explorer.exe, version 6.0.2900.2180, module bloqué
hungapp, version 0.0.0.0, adresse de blocage 0x00000000.

Error - 2010-01-10 12:21:21 | Computer Name = SHADE | Source = Avira AntiVir | ID = 4110
Description =

Error - 2010-01-10 12:23:59 | Computer Name = SHADE | Source = Avira AntiVir | ID = 4110
Description =

Error - 2010-01-10 12:38:05 | Computer Name = SHADE | Source = Avira AntiVir | ID = 4110
Description =

Error - 2010-01-10 13:03:00 | Computer Name = SHADE | Source = Avira AntiVir | ID = 4110
Description =

[ System Events ]
Error - 2010-01-10 13:18:19 | Computer Name = SHADE | Source = W32Time | ID = 39452689
Description = Fournisseur de temps NtpClient : une erreur s'est produite lors de
la recherche DNS de l'homologue manuellement configuré 'time.windows.com,0x1'. NtpClient
va essayer à nouveau la recherche DNS dans 30 minutes. L'erreur était : Une opération
a été tentée sur un hôte impossible à atteindre. (0x80072751)

Error - 2010-01-10 13:18:19 | Computer Name = SHADE | Source = W32Time | ID = 39452701
Description = Le fournisseur de temps NtpClient est configuré pour acquérir le temps
à partir d'une ou plusieurs sources de temps, cependant aucune source n'est actuellement
accessible. Aucune tentative pour en contacter une ne sera effectuée d'ici 29 minutes.
NtpClient
n'a pas de source de temps précis.

Error - 2010-01-10 13:37:20 | Computer Name = SHADE | Source = MRxSmb | ID = 8003
Description = Le maître explorateur a reçu une annonce de serveur de l'ordinateur
KATHY-PC qui pense qu'il est le maître explorateur sur le domaine pour le transport
NwlnkNb. Le maître explorateur s'arrête ou une élection est provoquée.

Error - 2010-01-10 13:41:35 | Computer Name = SHADE | Source = BROWSER | ID = 8032
Description = Le service Explorateur d'ordinateur a rencontré un nombre d'échecs
trop important en essayant de retrouver la copie de sauvegarde de la liste sur
le transport \Device\NetBT_Tcpip_{35DA0EE9-6477-4A81-A4AB-4478DD060E87}. L'explorateur
secondaire s'arrête.

Error - 2010-01-10 16:59:43 | Computer Name = SHADE | Source = Service Control Manager | ID = 7000
Description = Le service PlayLinc Adapter n'a pas pu démarrer en raison de l'erreur :
%%1058

Error - 2010-01-10 16:59:43 | Computer Name = SHADE | Source = Service Control Manager | ID = 7000
Description = Le service Connection TV/vidéo Microsoft n'a pas pu démarrer en raison
de l'erreur : %%1058

Error - 2010-01-10 17:18:04 | Computer Name = SHADE | Source = Service Control Manager | ID = 7000
Description = Le service MSCamSvc n'a pas pu démarrer en raison de l'erreur : %%2

Error - 2010-01-10 17:18:47 | Computer Name = SHADE | Source = MRxSmb | ID = 8003
Description = Le maître explorateur a reçu une annonce de serveur de l'ordinateur
KATHY-PC qui pense qu'il est le maître explorateur sur le domaine pour le transport
NwlnkNb. Le maître explorateur s'arrête ou une élection est provoquée.

Error - 2010-01-10 17:22:14 | Computer Name = SHADE | Source = BROWSER | ID = 8032
Description = Le service Explorateur d'ordinateur a rencontré un nombre d'échecs
trop important en essayant de retrouver la copie de sauvegarde de la liste sur
le transport \Device\NetBT_Tcpip_{35DA0EE9-6477-4A81-A4AB-4478DD060E87}. L'explorateur
secondaire s'arrête.

Error - 2010-01-10 17:47:53 | Computer Name = SHADE | Source = BROWSER | ID = 8032
Description = Le service Explorateur d'ordinateur a rencontré un nombre d'échecs
trop important en essayant de retrouver la copie de sauvegarde de la liste sur
le transport \Device\NwlnkNb. L'explorateur secondaire s'arrête.


<End>

<Merci>
trueshade
 
Messages: 28
Inscription: 24 Nov 2009, 02:49

Messagede trueshade » 14 Jan 2010, 03:55

Up
trueshade
 
Messages: 28
Inscription: 24 Nov 2009, 02:49

Messagede trueshade » 17 Jan 2010, 01:12

Bonjour, voila cela fais depuis près d'une semaine que je n'est plus reçu de réponse , si vous avez abandonnez mon sujet jaimerai le savoir
trueshade
 
Messages: 28
Inscription: 24 Nov 2009, 02:49

Messagede nickW » 17 Jan 2010, 01:56

Bonsoir,

D'après la version de l'antivirus installée, ce dernier n'est pas du tout à jour!
(AntiVir PersonalEdition Classic ====> version 8)


Premiers nettoyages:

Important:
Télécharger la dernière version de OTL, qui doit impérativement remplacer l'ancienne (sur le Bureau de l'utilisateur Shma).
http://oldtimer.geekstogo.com/OTL.exe


Étape 1: OTL (de OldTimer), nettoyage
Ouvrir une fenêtre du Bloc-notes, via Démarrer---->Exécuter, taper notepad puis cliquer sur OK
Sélectionner toutes les lignes de la zone blanche située sous "Code:" ci-dessous, puis appuyer simultanément sur les touches Ctrl et C

Code: Tout sélectionner
rien

:otl
O33 - MountPoints2\{1f27f6a2-d5e9-11dc-8e8f-0015f26f3534}\Shell\AutoRun\command - "" = RECYCLER\recycld.exe
O33 - MountPoints2\{1f27f6a2-d5e9-11dc-8e8f-0015f26f3534}\Shell\open\command - "" = RECYCLER\recycld.exe
O33 - MountPoints2\{9a49343b-ccab-11de-b32e-0015f26f3534}\Shell\Auto\command - "" = G:\launcher.exe -- File not found
@Alternate Data Stream - 99 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:24051EFF
@Alternate Data Stream - 137 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:588B60C7
@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:65B701A9
@Alternate Data Stream - 113 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:FACB65E7
@Alternate Data Stream - 106 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:28534A3F

:Files
C:\Documents and Settings\Shma\Application Data\avdrn.dat
C:\Documents and Settings\Shma\Application Data\fvgqad.dat
C:\Documents and Settings\NetworkService\Application Data\fvgqad.dat

:Commands
[emptytemp]



Retourner dans la fenêtre du Bloc-notes, faire un clic droit dans la fenêtre et choisir Coller
Vérifier dans le menu Format (en haut) que "Retour automatique à ligne" n'est pas actif (pas coché).
Enregistrer le fichier sous le nom fix.txt <---- ne pas modifier le nom du fichier
Fermer le Bloc-notes.
Note: Les lignes de la zone Code ci-dessus ont été créées exclusivement pour CET utilisateur: trueshade.
si vous n'êtes pas CET utilisateur, il ne faut pas les utiliser: elles pourraient endommager votre système.



Étape 2: Pas de processus de contrôle en temps réel
Désactiver le module résident de l'antivirus.
Image Avira Antivir: clic droit sur l'icône dans la SysBarre (à coté de l'horloge), décocher "Activer Antivir Guard/AntiVir Guard enable"


Étape 3: Malwarebytes' Anti-Malware, nettoyage
Fermer toutes les fenêtres de programme ouvertes.
Lancer Malwarebytes' Anti-Malware via le Menu Démarrer.
Dans l'onglet Paramètres, vérifier que toutes les cases sont cochées sauf "Créer une option dans le menu contextuel pour analyser des fichiers (clic droit)".
Dans l'onglet Mise à jour, cliquer sur le bouton Recherche de mise à jour et installer toutes les mises à jour trouvées.
Dans l'onglet Recherche, cocher le bouton radio situé devant "Exécuter un examen rapide" puis cliquer sur le bouton Rechercher.
Attendre sans rien faire d'autre la fin de la recherche; dans la fenêtre annonçant la fin de l'analyse, cliquer sur OK; puis cliquer sur le bouton "Afficher les résultats".

Si des éléments nuisibles ont été détectés, cliquer sur le bouton "Supprimer la sélection"
Attendre patiemment sans rien faire d'autre la fin du nettoyage.
Un redémarrage est parfois nécessaire. Accepter.
Une fenêtre du Bloc-notes s'ouvre pour afficher le rapport. Fermer le Bloc-notes.
Cliquer sur le bouton "Quitter" pour fermer Malwarebytes' Anti-Malware.


Étape 4: OTL (de OldTimer), nettoyage

Fermer toutes les fenêtres de programme ouvertes (navigateur, traitement de texte, etc...): un redémarrage du PC va se produire.

Faire un double clic sur OTL.exe pour lancer l'outil.

L'écran principal de OTL s'affiche:
Image

Cliquer sur le bouton Run Fix: Image

Il y a ouverture d'une petite fenêtre "Information": Image

Cliquer sur le bouton Yes.

A partir de la nouvelle fenêtre "Ouvrir", naviguer jusqu'au dossier de sauvegarde du fichier fix.txt puis cliquer sur le bouton Ouvrir.

Le contenu du fichier fix.txt est ainsi inséré dans le panneau "Custom Scans/Fixes" Image

Cliquer de nouveau sur le bouton Run Fix: Image

Note: Lorsque le redémarrage est demandé, cliquer sur Oui/Yes

Lorsque l'outil a terminé son travail, il y a affichage dans une petite fenêtre du message "Fix Complete! Click OK to open the fix log". Cliquer sur OK puis fermer OTL.


Étape 5: Processus de contrôle en temps réel
Important: Réactiver le module résident de l'antivirus.


Étape 6: OTL (de OldTimer), analyse
Fermer toutes les fenêtres de programme ouvertes.

Faire un double clic sur OTL.exe pour lancer l'outil.

L'écran principal de OTL s'affiche:
Image

Cliquer sur le bouton Quick Scan:
Image

Laisser l'outil travailler sans l'interrompre.
Lorsque l'outil a terminé, il y a ouverture d'une fenêtre du Bloc-notes contenant un rapport (log).
Fermer le Bloc-notes.
Fermer la fenêtre de OTL.


Étape 7: Résultats
Envoyer en réponse:
*- le rapport de correction de OTL (contenu du fichier SystemDrive\_OTL\MovedFiles\********_******.log - les *** sont des chiffres représentant la date [moisjourannée] et l'heure)
[SystemDrive représente la partition sur laquelle est installé le système, généralement C:]
*- le log de Malwarebytes' Anti-Malware (contenu du fichier mbam-log-****-**-** (**-**-**).txt situé dans le dossier SystemDrive\Documents and Settings\<tonprofil>\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs où ****-** (**-**-**) représente la date [année-mois-jour] et l'heure [hh-mn-ss])
[SystemDrive représente la partition sur laquelle est installé le système, généralement C:]

Envoyer ensuite en réponse dans un message distinct (à cause de la longueur du log):
*- le rapport principal de OTL (contenu du fichier OTL.txt situé sur le Bureau).
Le rapport envoyé sur le forum doit se terminer par une ligne contenant <End>. Si ce n'est pas le cas, il est incomplet, et doit alors être découpé en plusieurs messages.

Note importante: Pour l'envoi de ta(tes) réponse(s), il ne faut pas créer un nouveau sujet, mais cliquer sur le bouton "Répondre"
Image pour continuer dans ce fil de discussion.

A suivre,
nickW - Image
30/07/2012: Plus de désinfection de PC jusqu'à nouvel ordre.
Pas de demande d'analyse de log en MP (Message Privé)
Mes configs
Avatar de l’utilisateur
nickW
Modérateur
 
Messages: 21698
Inscription: 20 Mai 2004, 17:41
Localisation: Dordogne/Île de France

Messagede trueshade » 18 Jan 2010, 18:26

Alors voila , je ne comprend pas car mon antivirus Avira me semble a jour , quand je fais la mis a jour il ne trouve rien et dis que je suis déjà a jour : Search engine : V8.02.01.142, 2010-01-13
Virus Definition File : V7.10.02.225, 2010-01-18

Et depuis que j'ai *supprimer les sélections* avec malware, avira me detect un virus a chaque démarrage (j'ai fais 2 fois mettre en quarantaine ..) le nom du virus trouver est : TR/StartPage.KA.3.

Et voila le premier raport :

All processes killed
Error: Unable to interpret <rien> in the current context!
========== OTL ==========
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1f27f6a2-d5e9-11dc-8e8f-0015f26f3534}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1f27f6a2-d5e9-11dc-8e8f-0015f26f3534}\ not found.
File C:\RECYCLER\recycld.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1f27f6a2-d5e9-11dc-8e8f-0015f26f3534}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1f27f6a2-d5e9-11dc-8e8f-0015f26f3534}\ not found.
File C:\RECYCLER\recycld.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9a49343b-ccab-11de-b32e-0015f26f3534}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9a49343b-ccab-11de-b32e-0015f26f3534}\ not found.
File G:\launcher.exe not found.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:24051EFF deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:588B60C7 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:65B701A9 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:FACB65E7 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:28534A3F deleted successfully.
========== FILES ==========
File\Folder C:\Documents and Settings\Shma\Application Data\avdrn.dat not found.
File\Folder C:\Documents and Settings\Shma\Application Data\fvgqad.dat not found.
File\Folder C:\Documents and Settings\NetworkService\Application Data\fvgqad.dat not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrateur

User: All Users

User: Default User

User: LocalService

User: NetworkService

User: Shma
->Java cache emptied: 13690439 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 1320093 bytes
%systemroot%\System32 .tmp files removed: 3072 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 451928 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 1533736 bytes
RecycleBin emptied: 732336598 bytes

Total Files Cleaned = 715,00 mb


OTL by OldTimer - Version 3.1.25.2 log created on 01182010_121512

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...
trueshade
 
Messages: 28
Inscription: 24 Nov 2009, 02:49

Messagede trueshade » 18 Jan 2010, 18:26

Le deuxieme :

Malwarebytes' Anti-Malware 1.44
Version de la base de données: 3591
Windows 5.1.2600 Service Pack 2
Internet Explorer 6.0.2900.2180

2010-01-18 12:07:37
mbam-log-2010-01-18 (12-07-37).txt

Type de recherche: Examen rapide
Eléments examinés: 113910
Temps écoulé: 5 minute(s), 32 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 3
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 7

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{0ea88f0f-b698-4ab1-8dbc-ebe2cd00927f} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Active Setup\Installed Components\{0ea88f0f-b698-4ab1-8dbc-ebe2cd00927f} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall (Rogue.ControlCenter) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
C:\WINDOWS\Temp\~TM10.tmp (Trojan.Hiloti) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\~TM13.tmp (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\WINDOWS\nidubjm(2).dll (Trojan.Hiloti) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\inform.dat (Malware.Trace) -> Quarantined and deleted successfully.
C:\Documents and Settings\Shma\Application Data\avdrn.dat (Malware.Trace) -> Quarantined and deleted successfully.
C:\Documents and Settings\NetworkService\Application Data\fvgqad.dat (Malware.Trace) -> Quarantined and deleted successfully.
C:\Documents and Settings\Shma\Application Data\fvgqad.dat (Malware.Trace) -> Quarantined and deleted successfully.
trueshade
 
Messages: 28
Inscription: 24 Nov 2009, 02:49

Suivante

Retourner vers Sécurité (Contamination - Décontamination)

Qui est en ligne

Utilisateurs parcourant ce forum: Aucun utilisateur enregistré et 23 invités