Bloqu?nfect?class=

Fermé
nc_stevo Messages postés 1 Date d'inscription mercredi 3 novembre 2010 Statut Membre Dernière intervention 3 novembre 2010 - Modifié par nc_stevo le 3/11/2010 à 03:09
moment de grace Messages postés 29042 Date d'inscription samedi 6 décembre 2008 Statut Contributeur sécurité Dernière intervention 18 juillet 2013 - 3 nov. 2010 à 09:00
Bonjour,
Voila quelques heures maintenant que je tente de nettoie mon
PC...un peu d'aide serais vraiment bienvenue... J'ai suivi la m?ode OTLPE
et voila le rapport que j'ai

OTL logfile created on: 11/3/2010 3:44:10 AM - Run
OTLPE by OldTimer - Version 3.1.43.0 Folder = X:\Programs\OTLPE
Microsoft Windows XP Service Pack 2 (Version = 5.1.2600) - Type = SYSTEM
Internet Explorer (Version = 6.0.2900.2180)
Locale: 0000080C | Country: Belgium | Language: FRB | Date Format: d/MM/yyyy

1,023.00 Mb Total Physical Memory | 832.00 Mb Available Physical Memory | 81.00% Memory free
907.00 Mb Paging File | 851.00 Mb Available in Paging File | 94.00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 57.24 Gb Total Space | 36.10 Gb Free Space | 63.07% Space Free | Partition Type: NTFS
Drive X: | 434.99 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet001

[color=#E56717]========== Win32 Services (SafeList) ==========[/color]

SRV - File not found [Auto] -- C:\WINDOWS\System32\sshnas.dll -- (SSHNAS)
SRV - [2010/09/27 05:28:01 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto] -- C:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2004/08/04 08:00:00 | 000,729,600 | ---- | M] (pdvabgmsvt Corporation) [Auto] -- C:\WINDOWS\system32\dlo29.dll -- (tnhfjssy)
SRV - [2003/03/09 16:31:02 | 000,065,795 | ---- | M] (HP) [On_Demand] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)


[color=#E56717]========== Driver Services (SafeList) ==========[/color]

DRV - File not found [Kernel | On_Demand] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDCOMP)
DRV - File not found [Kernel | System] -- -- (PCIDump)
DRV - File not found [Kernel | System] -- -- (lbrtfdc)
DRV - File not found [Kernel | System] -- -- (i2omgmt)
DRV - File not found [Kernel | System] -- -- (Changer)
DRV - File not found [Kernel | System] -- C:\WINDOWS\System32\drivers\AtapiDrv.sys -- (AtapiDrv)
DRV - [2010/09/27 05:29:09 | 000,243,024 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System] -- C:\WINDOWS\System32\Drivers\avgtdix.sys -- (AvgTdiX)
DRV - [2010/09/27 05:28:56 | 000,029,584 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System] -- C:\WINDOWS\System32\Drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2010/09/27 05:26:13 | 000,216,400 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System] -- C:\WINDOWS\System32\Drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2004/08/04 08:00:00 | 000,023,424 | ---- | M] () [Kernel | Boot] -- C:\WINDOWS\system32\drivers\ciobizpp.sys -- (ciobizpp)
DRV - [2004/08/04 08:00:00 | 000,005,376 | ---- | M] () [Kernel | Boot] -- C:\WINDOWS\system32\drivers\viaide.sys -- (ViaIde)
DRV - [2004/08/03 19:08:22 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2004/08/03 18:32:32 | 000,084,480 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ac97via.sys -- (VIAudio) VIA AC'97 Audio Controller (WDM)
DRV - [2004/07/15 15:42:00 | 002,459,712 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2002/01/13 10:12:50 | 000,084,800 | ---- | M] () [Kernel | System] -- C:\WINDOWS\system32\drivers\cdrom.sys -- (Cdrom)
DRV - [2001/08/17 08:11:06 | 000,066,591 | ---- | M] (3Com Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\el90xbc5.sys -- (EL90XBC)


[color=#E56717]========== Standard Registry (SafeList) ==========[/color]


[color=#E56717]========== Internet Explorer ==========[/color]

IE - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm


IE - HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 12 AA FF 0E F8 C2 5B 4C A7 42 88 64 C0 3E E7 00 [binary data]
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\guiguigui_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.ask.com/?o=13170&l=dis
IE - HKU\guiguigui_ON_C\Software\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 12 AA FF 0E F8 C2 5B 4C A7 42 88 64 C0 3E E7 00 [binary data]
IE - HKU\guiguigui_ON_C\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
IE - HKU\guiguigui_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\LocalService_ON_C\Software\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 12 AA FF 0E F8 C2 5B 4C A7 42 88 64 C0 3E E7 00 [binary data]

IE - HKU\NetworkService_ON_C\Software\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 12 AA FF 0E F8 C2 5B 4C A7 42 88 64 C0 3E E7 00 [binary data]

IE - HKU\systemprofile_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

[color=#E56717]========== FireFox ==========[/color]

FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "https://www.google.be/?gws_rd=ssl"
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8
FF - prefs.js..extensions.enabledItems: toolbar@ask.com:3.6.10.99999
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.863
FF - prefs.js..extensions.enabledItems: {2aa0c3da-8436-4269-919d-3de95167cff4}:1.0
FF - prefs.js..extensions.enabledItems: {20ec9aa2-3990-ebba-c62a-41c1ac7cab13}:4.6.7.1
FF - prefs.js..keyword.URL: "http://www.search.ask.com/?l=dis"


FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG9\Firefox [2010/11/02 17:21:25 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/09/26 12:32:11 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/11/02 14:12:42 | 000,000,000 | ---D | M]

[2010/09/26 15:06:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\guiguigui\Application Data\Mozilla\Extensions
[2010/09/26 15:06:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\guiguigui\Application Data\Mozilla\Extensions\mozswing@mozswing.org
[2010/11/02 14:49:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\guiguigui\Application Data\Mozilla\Firefox\Profiles\ontbuaff.default\extensions
[2010/11/02 17:46:48 | 000,000,000 | ---D | M] (XUL Cache) -- C:\Documents and Settings\guiguigui\Application Data\Mozilla\Firefox\Profiles\ontbuaff.default\extensions\{2aa0c3da-8436-4269-919d-3de95167cff4}
[2010/09/25 16:24:36 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Documents and Settings\guiguigui\Application Data\Mozilla\Firefox\Profiles\ontbuaff.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2010/11/02 14:49:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\guiguigui\Application Data\Mozilla\Firefox\Profiles\ontbuaff.default\extensions\toolbar@ask.com
[2010/11/02 13:25:34 | 000,002,253 | ---- | M] () -- C:\Documents and Settings\guiguigui\Application Data\Mozilla\Firefox\Profiles\ontbuaff.default\searchplugins\askcom.xml
[2009/12/18 15:07:28 | 000,002,123 | ---- | M] () -- C:\Documents and Settings\guiguigui\Application Data\Mozilla\Firefox\Profiles\ontbuaff.default\searchplugins\MyStart Search.xml
[2010/11/02 13:34:55 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/09/26 20:19:54 | 000,000,000 | ---D | M] (z) -- C:\Program Files\Mozilla Firefox\extensions\{20ec9aa2-3990-ebba-c62a-41c1ac7cab13}
[2010/09/26 20:19:52 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions\{20ec9aa2-3990-ebba-c62a-41c1ac7cab13}.del
[2010/09/14 17:32:19 | 000,001,516 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-france.xml
[2010/09/14 17:32:19 | 000,001,822 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\cnrtl-tlfi-fr.xml
[2010/09/14 17:32:19 | 000,000,757 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-france.xml
[2010/09/14 17:32:19 | 000,001,426 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-fr.xml
[2010/09/14 17:32:19 | 000,000,956 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-france.xml

O1 HOSTS File: ([2004/08/04 08:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {0EFFAA12-C2F8-4C5B-A742-8864C03EE700} - C:\WINDOWS\system32\dsuiext32.dll (Inprise Corporation)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (b8d099a3) - {4BF86ADB-8A4D-8473-DE5B-B9D5CC319469} - C:\WINDOWS\System32\jgsd40032.dll File not found
O2 - BHO: () - {4E1799B9-1408-46D1-8E1B-FB27622B7B55} - C:\WINDOWS\system32\dlo29.dll (pdvabgmsvt Corporation)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (LimeWire Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
O2 - BHO: (brumacwkqgrm Object) - {DC2C4845-F3A8-4489-BF43-6CAE1C628480} - C:\WINDOWS\$NtUninstallMTF1011$\mmx.dll File not found
O2 - BHO: (netbits) - {dfefd3d6-97a1-11a0-1ee6-84cf769317b3} - C:\WINDOWS\system32\f91ac6a1-6aa2-4895-eeb2-bf9f706a4077.dll ()
O2 - BHO: (adfacwkqpr Object) - {F2A666E1-28DD-4089-A2F0-D027D6FB8F84} - C:\WINDOWS\$NtUninstallMTF1011$\mmduch.dll File not found
O3 - HKLM\..\Toolbar: (StylerToolBar) - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - C:\Program Files\Styler\TB\StylerTB.dll (StyleFantasist)
O3 - HKLM\..\Toolbar: (LimeWire Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
O3 - HKU\guiguigui_ON_C\..\Toolbar\WebBrowser: (LimeWire Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [bipro] C:\WINDOWS\$NtUninstallMTF1011$\mmduch.DLL File not found
O4 - HKLM..\Run: [cftmon] C:\WINDOWS\System32\ezmy.exe File not found
O4 - HKLM..\Run: [KernelFaultCheck] File not found
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [Regedit32] C:\WINDOWS\System32\regedit.exe File not found
O4 - HKU\guiguigui_ON_C..\Run: [syncman] C:\documents and settings\guiguigui\wuaucldt.exe File not found
O4 - Startup: C:\Documents and Settings\guiguigui\Start Menu\Programs\Startup\Styler.lnk = C:\Documents and Settings\guiguigui\Application Data\Microsoft\Installer\{E9ECF354-2422-4FDB-9ABF-D8ADAC0EF941}\_585b207a.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: RTHDBPL = C:\DOCUME~1\GUIGUI~1\LOCALS~1\Temp\2.tmp File not found
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\guiguigui_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\LocalService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\NetworkService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\systemprofile_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 109.88.203.3 212.68.193.196
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20 - AppInit_DLLs: (C:\WINDOWS\system32\jgsd40032.dll) - C:\WINDOWS\System32\jgsd40032.dll File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: TaskMan - (C:\Documents and Settings\guiguigui\Application Data\onbbw.exe) - C:\Documents and Settings\guiguigui\Application Data\onbbw.exe File not found
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - Winlogon\Notify\c8a3c9f61018: DllName - C:\WINDOWS\system32\jgsd40032.dll - C:\WINDOWS\System32\jgsd40032.dll File not found
O24 - Desktop WallPaper: B:\Documents and Settings\Default User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: B:\Documents and Settings\Default User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2002/01/01 06:13:11 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{5d197d22-f34c-11de-bbb8-00a024a848a2}\Shell\AutoRun\command - "" = cold\hott\raidhost.exe
O33 - MountPoints2\{5d197d22-f34c-11de-bbb8-00a024a848a2}\Shell\Explore\Command - "" = cold\hott\raidhost.exe
O33 - MountPoints2\{5d197d22-f34c-11de-bbb8-00a024a848a2}\Shell\open\command - "" = cold\hott\raidhost.exe
O33 - MountPoints2\{825ce1c2-fe58-11d5-9163-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{825ce1c2-fe58-11d5-9163-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{825ce1c2-fe58-11d5-9163-806d6172696f}\Shell\AutoRun\command - "" = G:\reatogoMenu.exe -- File not found
O33 - MountPoints2\{8475aab0-06fa-11d6-bb75-00a024a848a2}\Shell\AutoRun\command - "" = 3n8awsyg.exe
O33 - MountPoints2\{8475aab0-06fa-11d6-bb75-00a024a848a2}\Shell\open\Command - "" = 3n8awsyg.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]

[2010/11/02 17:45:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\guiguigui\Application Data\Malwarebytes
[2010/11/02 14:10:08 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe
[2 C:\Documents and Settings\guiguigui\*.tmp files -> C:\Documents and Settings\guiguigui\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\Documents and Settings\guiguigui\Desktop\*.tmp files -> C:\Documents and Settings\guiguigui\Desktop\*.tmp -> ]

[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]

[2010/11/02 22:15:49 | 000,004,452 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2010/11/02 22:15:49 | 000,002,253 | ---- | M] () -- C:\Documents and Settings\guiguigui\Start Menu\Programs\Startup\Styler.lnk
[2010/11/02 22:15:40 | 000,000,248 | -H-- | M] () -- C:\WINDOWS\tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job
[2010/11/02 22:15:21 | 1073,274,880 | -HS- | M] () -- C:\hiberfil.sys
[2010/11/02 21:26:26 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/11/02 20:18:10 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\guiguigui\Local Settings\Application Data\prvlcl.dat
[2010/11/02 20:01:00 | 000,000,242 | ---- | M] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
[2010/11/02 17:48:53 | 000,078,848 | ---- | M] () -- C:\Documents and Settings\guiguigui\My Documents\Rescue.asd
[2010/11/02 17:40:23 | 000,000,228 | ---- | M] () -- C:\WINDOWS\System32\winset.ini
[2010/11/02 17:17:46 | 067,098,201 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2010/11/02 15:36:19 | 000,000,001 | ---- | M] () -- C:\Documents and Settings\LocalService\oashdihasidhasuidhiasdhiashdiuasdhasd
[2010/11/02 13:23:05 | 000,430,826 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/11/02 13:23:05 | 000,067,424 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/11/02 13:11:06 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2 C:\Documents and Settings\guiguigui\*.tmp files -> C:\Documents and Settings\guiguigui\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\Documents and Settings\guiguigui\Desktop\*.tmp files -> C:\Documents and Settings\guiguigui\Desktop\*.tmp -> ]

[color=#E56717]========== Files Created - No Company Name ==========[/color]

[2010/11/02 15:43:51 | 000,078,848 | ---- | C] () -- C:\Documents and Settings\guiguigui\My Documents\Rescue.asd
[2010/09/27 14:29:52 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\guiguigui\Local Settings\Application Data\prvlcl.dat
[2010/09/27 05:06:34 | 000,001,710 | ---- | C] () -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\4E1799B9-1408-46D1-8E1B-FB27622B7B55.txt
[2010/09/26 20:31:10 | 000,002,964 | ---- | C] () -- C:\Documents and Settings\guiguigui\Local Settings\Application Data\4E1799B9-1408-46D1-8E1B-FB27622B7B55.txt
[2010/09/26 19:07:17 | 000,001,902 | ---- | C] () -- C:\WINDOWS\GnuHashes.ini
[2010/09/26 18:50:40 | 000,000,228 | ---- | C] () -- C:\WINDOWS\System32\winset.ini
[2010/09/26 18:13:28 | 000,000,001 | ---- | C] () -- C:\Documents and Settings\guiguigui\oashdihasidhasuidhiasdhiashdiuasdhasd
[2010/09/25 17:05:10 | 000,000,001 | ---- | C] () -- C:\Documents and Settings\LocalService\oashdihasidhasuidhiasdhiashdiuasdhasd
[2010/09/02 12:51:38 | 002,332,160 | ---- | C] () -- C:\WINDOWS\System32\f91ac6a1-6aa2-4895-eeb2-bf9f706a4077.dll
[2010/02/18 16:46:07 | 000,172,032 | ---- | C] () -- C:\WINDOWS\System32\PBMonNT.dll
[2010/02/18 16:45:49 | 003,153,920 | ---- | C] () -- C:\WINDOWS\System32\gsdll32.dll
[2010/02/18 16:45:49 | 000,258,048 | ---- | C] () -- C:\WINDOWS\System32\libpdfconv.dll
[2010/02/18 16:45:48 | 001,273,856 | ---- | C] () -- C:\WINDOWS\System32\PPTools.dll
[2010/02/18 16:45:48 | 000,131,072 | ---- | C] () -- C:\WINDOWS\System32\PPIconLoader.dll
[2010/01/16 18:26:13 | 000,000,096 | ---- | C] () -- C:\WINDOWS\permis.ini
[2009/12/30 20:39:59 | 000,001,058 | ---- | C] () -- C:\Documents and Settings\guiguigui\pctlsp.log
[2004/08/04 08:00:00 | 000,084,800 | ---- | C] () -- C:\WINDOWS\System32\drivers\cdrom.sys
[2004/08/04 08:00:00 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\ieencode.dll
[2004/08/04 08:00:00 | 000,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys
[2004/08/04 08:00:00 | 000,023,424 | ---- | C] () -- C:\WINDOWS\System32\drivers\ciobizpp.sys
[2004/08/04 08:00:00 | 000,005,376 | ---- | C] () -- C:\WINDOWS\System32\drivers\viaide.sys
[2003/03/09 16:31:04 | 000,561,152 | ---- | C] () -- C:\WINDOWS\System32\hpotscl.dll
[2002/01/07 08:56:55 | 000,064,200 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2002/01/07 08:03:19 | 000,023,040 | ---- | C] () -- C:\Documents and Settings\guiguigui\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2001/12/31 21:44:06 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI

[color=#E56717]========== LOP Check ==========[/color]

[2009/12/20 18:04:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\guiguigui\Application Data\Actecom
[2002/01/01 04:19:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\guiguigui\Application Data\Ashampoo
[2010/09/25 17:56:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\guiguigui\Application Data\Dev-Cpp
[2010/09/25 10:43:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\guiguigui\Application Data\Notepad++
[2002/01/07 09:21:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\guiguigui\Application Data\Publish Providers
[2010/09/26 20:18:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\guiguigui\Application Data\Sky-Banners
[2002/01/07 09:20:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\guiguigui\Application Data\Sony
[2010/09/26 20:17:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\guiguigui\Application Data\Street-Ads
[2010/09/27 16:55:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\guiguigui\Application Data\Styler
[2010/10/03 12:53:00 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\guiguigui\Application Data\SysWin
[2002/01/13 09:45:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\guiguigui\Application Data\Uniblue
[2009/12/02 17:30:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\guiguigui\Application Data\ViStart
[2010/09/26 19:47:49 | 000,000,430 | ---- | M] () -- C:\WINDOWS\Tasks\At1.job
[2010/11/02 20:01:00 | 000,000,242 | ---- | M] () -- C:\WINDOWS\Tasks\Scheduled Update for Ask Toolbar.job
[2010/11/02 22:15:40 | 000,000,248 | -H-- | M] () -- C:\WINDOWS\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job

[color=#E56717]========== Purity Check ==========[/color]


< End of report >


1 réponse

moment de grace Messages postés 29042 Date d'inscription samedi 6 décembre 2008 Statut Contributeur sécurité Dernière intervention 18 juillet 2013 2 274
3 nov. 2010 à 09:00
bonjour

bien infecté...

fais ceci stp

1)

Téléchargez USBFIX de El Desaparecido, C_xx

http://www.teamxscript.org/usbfixTelechargement.html

/!\ Utilisateur de vista et windows 7 :
ne pas oublier de désactiver Le contrôle des comptes utilisateurs
https://www.commentcamarche.net/faq/8343-vista-desactiver-l-uac

/!\ Branche tes sources de données externes à ton PC, (clé USB, disque dur externe, etc...) susceptible d'avoir été infectées sans les ouvrir

Double clic sur le raccourci UsbFix présent sur le bureau .

Choisir l'option suppression
(d'autres options disponibles, voir le tutoriel).
Laissez travailler l'outil.
Le menu démarrer et les icônes vont disparaître.. c'est normal.

Si un message te demande de redémarrer l'ordinateur fais le ...

Au redémarrage, le fix se relance... laisses l'opération s'effectuer.

Le bloc note s'ouvre avec un rapport, envoies le dans la prochaine réponse


* Note : Le rapport UsbFix.txt est sauvegardé a la racine du disque. ( C:\UsbFix.txt )

( CTRL+A Pour tout sélectionner , CTRL+C pour copier et CTRL+V pour coller )

* Note : "Process.exe", une composante de l'outil, est détecté par certains antivirus (AntiVir, Dr.Web, Kaspersky Anti-Virus) comme étant un RiskTool.
Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus.
Mis entre de mauvaises mains, cet utilitaire pourrait arrêter des logiciels de sécurité (Antivirus, Firewall...) d'où l'alerte émise par ces antivirus.


* Tuto : http://pagesperso-orange.fr/NosTools/usbfix.html


UsbFix peut te demander d'uploader un dossier compressé à cette adresse : http://www.teamxscript.org/Sample/Upload.php

Il est enregistré sur ton bureau.

Merci de l'envoyer à l'adresse indiquée afin d'aider l'auteur de UsbFix dans ses recherches.

......................

2)

Télécharge ZHPDiag ( de Nicolas coolman ).
https://www.zebulon.fr/telechargements/securite/systeme/zhpdiag.html


(outil de diagnostic)


Double clique sur le fichier d'installation, puis installe le avec les paramètres par défaut ( N'oublie pas de cocher " Créer une icône sur le bureau " )

Lance ZHPDiag en double cliquant sur l'icône présente sur ton bureau (Clique droit -> Executer en tant qu'admin ( vista )

Clique sur la loupe en haut à gauche, puis laisse l'outil scanner.

Une fois le scan terminé, clique sur l'icône en forme de disquette et enregistre le fichier sur ton bureau.

Rend toi sur Cjoint : http://www.cijoint.fr/

Clique sur "Parcourir " dans la partie " Joindre un fichier[...] "

Sélectionne le rapport ZHPdiag.txt qui se trouve sur ton bureau

Clique ensuite sur "Cliquez ici pour déposer le fichier " et copie/colle le lien dans ton prochain message


0