Tâche ATxx qui se créent toutes seules Fermé

Question

Bonjour à tous,

Alors, je vais réaborder un sujet mille fois abordé, mais je ne trouve pas mon cas dans tout ce que j'ai lu.

Je vous explique : j'ai constaté sur trois postes (1 windows XP, 2 windows 2000 - eh oui ! ;-) ) du réseau des tâches atxx.job, créées toutes seules, qui se lancent automatiquement et surchargent le poste avec des process rundll32 plantés.
J'en ai donc déduit que les postes étaient infectés par Conficker, et lancé des tentatives de nettoyage. Je l'ai fait sur tous, cela n'a fonctionné sur aucun, et je vais vous décrire plus précisément le cas de l'un d'entre eux (mais ils se ressemblent) : j'ai arrêté les services serveur et gestionnaire de tâches, lancé moult utilitaires de désinfection (Kaspersky, norton, avira, malawarebytes', utilitaire de Microsoft contre les logiciels malveillants, j'en passe et des meilleurs), fait les mises à jour recommandées pour Windows 2000. Plus aucun utilitaire ne trouve rien, et pourtant, mes tâches se créent toutes seules...

Est-ce que l'un d'entre vous aurait une idée de ce que je dois faire ?

Merci par avance et bonne journée à tous !



Configuration: Windows XP / Firefox 8.0

Utilisateur anonyme · Answer

bonjour  

On va regarder de plus près 

 * Télécharge http://www.geekstogo.com/forum/files/file/398-otl-oldtimers-list-it/ sur ton bureau. 
* Fais un double-clic sur l'icône d'OTL pour le lancer 

/!\ pour Vista/Seven fais un clic-droit sur l'icône d'OTL et choisis "Exécuter en tant qu'administrateur" 

* Assure toi d'avoir fermé toutes les applications en court de fonctionnement. 
* Quand la fenêtre d'OTL apparaît, assure toi que dans la section "Rapport" (en haut à droite) la case "Rapport minimal" soit cochée. 

* Copies et colles le contenue de cette citation dans la partie inférieure d'OTL "Personnalisation" 

NetSvcs 
%SYSTEMDRIVE%\*.exe 
%ALLUSERSPROFILE%\Application Data\*. 
%ALLUSERSPROFILE%\Application Data\*.exe /s 
%appdata%\*.exe /s 
%APPDATA%\*. 
%systemroot%\*. /mp /s 
%systemroot%\system32\*.dll /lockedfiles 
%systemroot%\Tasks\*.job /lockedfiles 
 

* Cliques sur l'icône "Analyse" (en haut à gauche) . 

* Laisse le scan aller à son terme sans te servir du PC 

* A la fin du scan un ou deux rapports vont s'ouvrir "OTL.Txt" et ( ou ) "Extras.Txt"( dans certains cas). 

* Copie et colle le ou les rapports dans ta réponse stp... 

* Au cas où, tu peux les retrouver dans le dossier C:\OTL ou sur ton bureau en fonction des cas rencontrés 




Formateur HF :)

infomag · Answer

Merci !!!! Voici le copié/collé des fichiers : OTL.txt OOTL logfile created on: 15/11/2011 10:35:06 - Run 1 OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\A_3.XXX\Bureau Windows 2000 Professional Edition Service Pack 4 (Version = 5.0.2195) - Type = NTWorkstation Internet Explorer (Version = 6.0.2800.1106) Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy 509,99 Mb Total Physical Memory | 85,75 Mb Available Physical Memory | 16,81% Memory free 861,64 Mb Paging File | 453,98 Mb Available in Paging File | 52,69% Paging File free Paging file location(s): C:\pagefile.sys 384 768 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINNT | %ProgramFiles% = C:\Program Files Drive C: | 37,19 Gb Total Space | 21,73 Gb Free Space | 58,42% Space Free | Partition Type: FAT32 Drive E: | 930,50 Gb Total Space | 517,14 Gb Free Space | 55,58% Space Free | Partition Type: NTFS Drive F: | 930,50 Gb Total Space | 517,14 Gb Free Space | 55,58% Space Free | Partition Type: NTFS Drive G: | 930,50 Gb Total Space | 517,14 Gb Free Space | 55,58% Space Free | Partition Type: NTFS Drive H: | 930,50 Gb Total Space | 517,14 Gb Free Space | 55,58% Space Free | Partition Type: NTFS Computer Name: CAISSE3 | User Name: A_3 | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days [color=#E56717]========== Processes (SafeList) ==========[/color] PRC - C:\Documents and Settings\A_3.XXX\Bureau\OTL.exe (OldTimer Tools) PRC - C:\Program Files\LogMeIn\x86\ramaint.exe (LogMeIn, Inc.) PRC - C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe (LogMeIn, Inc.) PRC - C:\Program Files\LogMeIn\x86\LogMeIn.exe (LogMeIn, Inc.) PRC - C:\Program Files\LogMeIn\x86\LogMeInSystray.exe (LogMeIn, Inc.) PRC - C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe (Sun Microsystems, Inc.) PRC - C:\Program Files\Kaspersky Lab\NetworkAgent\klnagent.exe (Kaspersky Lab) PRC - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus for Workstation 5\Up2Date.exe (Kaspersky Lab) PRC - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus for Workstation 5\KWSProd.exe (Kaspersky Lab) PRC - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus for Workstation 5\kavmm.exe (Kaspersky Lab) PRC - C:\WINNT\SYSTEM32\mstask.exe (Microsoft Corporation) PRC - C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe (RealNetworks, Inc.) PRC - C:\Program Files\Dell\OpenManage\Client\Iap.exe (Dell Inc) PRC - C:\WINNT\EXPLORER.EXE (Microsoft Corporation) PRC - C:\WINNT\SYSTEM32\WBEM\WINMGMT.EXE (Microsoft Corporation) PRC - C:\WINNT\SYSTEM32\REGSVC.EXE (Microsoft Corporation) PRC - C:\WINNT\SYSTEM32\INTERNAT.EXE (Microsoft Corporation) PRC - C:\WINNT\SYSTEM32\hidserv.exe (Microsoft Corporation) PRC - C:\Program Files\Intel\ASF Agent\ASFAgent.exe (Intel Corporation) [color=#E56717]========== Modules (No Company Name) ==========[/color] MOD - C:\WINNT\SYSTEM32\SamMonNT.dll () MOD - C:\WINNT\SYSTEM32\HPBHEALR.DLL () MOD - C:\WINNT\SYSTEM32\NavLogon.dll () [color=#E56717]========== Win32 Services (SafeList) ==========[/color] SRV - (bgijc) -- File not found SRV - (LMIMaint) -- C:\Program Files\LogMeIn\x86\RaMaint.exe (LogMeIn, Inc.) SRV - (LMIGuardianSvc) -- C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe (LogMeIn, Inc.) SRV - (LogMeIn) -- C:\Program Files\LogMeIn\x86\LogMeIn.exe (LogMeIn, Inc.) SRV - (klnagent) -- C:\Program Files\Kaspersky Lab\NetworkAgent\klnagent.exe (Kaspersky Lab) SRV - (KLBLMain) -- C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus for Workstation 5\kavmm.exe (Kaspersky Lab) SRV - (Schedule) -- C:\WINNT\SYSTEM32\mstask.exe (Microsoft Corporation) SRV - (Iap) -- C:\Program Files\Dell\OpenManage\Client\Iap.exe (Dell Inc) SRV - (WinMgmt) -- C:\WINNT\SYSTEM32\WBEM\WINMGMT.EXE (Microsoft Corporation) SRV - (dmadmin) -- C:\WINNT\System32\dmadmin.exe (VERITAS Software Corp.) SRV - (Fax) -- C:\WINNT\SYSTEM32\FAXSVC.EXE (Microsoft Corporation) SRV - (RemoteRegistry) -- C:\WINNT\SYSTEM32\REGSVC.EXE (Microsoft Corporation) SRV - (UtilMan) -- C:\WINNT\SYSTEM32\UTILMAN.EXE (Microsoft Corporation) SRV - (HidServ) -- C:\WINNT\SYSTEM32\hidserv.exe (Microsoft Corporation) SRV - (NMSSvc) Intel(R) -- C:\WINNT\SYSTEM32\NMSSvc.Exe (Intel Corporation) SRV - (ASFAgent) -- C:\Program Files\Intel\ASF Agent\ASFAgent.exe (Intel Corporation) [color=#E56717]========== Driver Services (SafeList) ==========[/color] DRV - (LMIRfsClientNP) -- C:\WINNT\System32\LMIRfsClientNP.dll (LogMeIn, Inc.) DRV - (LMIInfo) -- C:\Program Files\LogMeIn\x86\rainfo.sys (LogMeIn, Inc.) DRV - (LMIRfsDriver) -- C:\WINNT\SYSTEM32\DRIVERS\LMIRfsDriver.sys (LogMeIn, Inc.) DRV - (TSP) -- C:\WINNT\SYSTEM32\DRIVERS\klif.sys (Kaspersky Labs) DRV - (Klif) -- C:\WINNT\SYSTEM32\DRIVERS\klif.sys (Kaspersky Labs) DRV - (Klmc) -- C:\WINNT\system32\Drivers\klmc.sys (Kaspersky Lab) DRV - (omci) -- C:\WINNT\SYSTEM32\DRIVERS\omci.sys (Dell Inc) DRV - (DgiVecp) -- C:\WINNT\SYSTEM32\DRIVERS\DGIVECP.SYS (DeviceGuys, Inc.) DRV - (dmboot) -- C:\WINNT\SYSTEM32\DRIVERS\DMBOOT.SYS (VERITAS Software Corp.) DRV - (dmio) -- C:\WINNT\System32\drivers\dmio.sys (VERITAS Software Corp.) DRV - (Parallel) -- C:\WINNT\SYSTEM32\DRIVERS\PARALLEL.SYS (Microsoft Corporation) DRV - (EFS) -- C:\WINNT\System32\drivers\EFS.SYS (Microsoft Corporation) DRV - (RCA) -- C:\WINNT\SYSTEM32\DRIVERS\RCA.SYS (Microsoft Corporation) DRV - (NetDetect) -- C:\WINNT\system32\drivers\netdtect.sys (Microsoft Corporation) DRV - (Diskperf) -- C:\WINNT\System32\drivers\DISKPERF.SYS (Microsoft Corporation) DRV - (dmload) -- C:\WINNT\System32\drivers\dmload.sys (VERITAS Software Corp.) DRV - (uhcd) -- C:\WINNT\SYSTEM32\DRIVERS\uhcd.sys (Microsoft Corporation) DRV - (MPE) -- C:\WINNT\SYSTEM32\DRIVERS\mpe.sys (Microsoft Corporation) DRV - (E100B) Intel(R) -- C:\WINNT\SYSTEM32\DRIVERS\e100bnt5.sys (Intel Corporation) DRV - (NMSCFG) -- C:\WINNT\SYSTEM32\DRIVERS\NMSCFG.SYS (Intel Corporation) DRV - (PlatAlrt) -- C:\WINNT\SYSTEM32\DRIVERS\platalrt.sys (Intel Corporation) DRV - (NetAlrt) -- C:\WINNT\SYSTEM32\DRIVERS\Netalrt.sys (Intel Corporation) DRV - (usbhub20) -- C:\WINNT\SYSTEM32\DRIVERS\usbhub20.sys (Microsoft Corporation) DRV - (mraid2k) -- C:\WINNT\system32\DRIVERS\mraid2k.sys (American Megatrends, Inc.) DRV - (fasttrak) -- C:\WINNT\system32\DRIVERS\fasttrak.sys (Promise Technology, Inc.) DRV - (nv4) -- C:\WINNT\SYSTEM32\DRIVERS\NV4.SYS (NVIDIA Corporation) DRV - (EL90BC) -- C:\WINNT\SYSTEM32\DRIVERS\EL90XBC5.SYS (3Com Corporation) DRV - (Fd16_700) -- C:\WINNT\system32\DRIVERS\fd16_700.sys (Microsoft Corporation) [color=#E56717]========== Standard Registry (SafeList) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.euro.dell.com/countries/fr/fra/gen/default.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/toolbar/ie8/sidebar.html IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINNT\system32\blank.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/toolbar/ie8/sidebar.html IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = https://www.google.com/?gws_rd=ssl IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/toolbar/ie8/sidebar.html IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/toolbar/ie8/sidebar.html IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 192.168.1.1:80 [color=#E56717]========== FireFox ==========[/color] FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINNT\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc) FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.11.2088: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.2.2146: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.1069: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla 1.7.5\Extensions\Components: C:\Program Files\mozilla.org\Mozilla\Components [2005/03/17 16:37:56 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla 1.7.5\Extensions\Plugins: C:\Program Files\mozilla.org\Mozilla\Plugins [2005/03/17 16:37:44 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.24\extensions\Components: C:\Program Files\Mozilla Firefox\components [2005/08/30 16:02:56 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.24\extensions\Plugins: C:\Program Files\Mozilla Firefox\plugins [2005/08/30 16:02:56 | 000,000,000 | ---D | M] [2010/04/14 20:47:42 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\A_3.XXX\Application Data\Mozilla\Extensions [2004/08/27 13:54:08 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\A_3.XXX\Application Data\Mozilla\Firefox\Profiles\default.sbm\extensions [2010/12/11 19:31:56 | 000,000,000 | ---D | M] (Forecastfox Weather) -- C:\Documents and Settings\A_3.XXX\Application Data\Mozilla\Firefox\Profiles\default.sbm\extensions\{0538E3E3-7E9B-4d49-8831-A227C80A7AD3} [2005/03/17 16:22:24 | 000,000,000 | ---D | M] (DownloadStudio Integration) -- C:\Documents and Settings\A_3.XXX\Application Data\Mozilla\Firefox\Profiles\default.sbm\extensions\{0851d9cd-87db-4a0d-a792-097dc9071486} [2005/03/16 17:12:44 | 000,000,000 | ---D | M] (Tabbrowser Extensions) -- C:\Documents and Settings\A_3.XXX\Application Data\Mozilla\Firefox\Profiles\default.sbm\extensions\{0B0B0DA8-08BA-4bc6-987C-6BC9F4D8A81E} [2006/10/24 16:13:18 | 000,000,000 | ---D | M] (easyGestures) -- C:\Documents and Settings\A_3.XXX\Application Data\Mozilla\Firefox\Profiles\default.sbm\extensions\{11F9F076-72B3-4586-995D-5042CF5D3AD4} [2005/03/16 17:12:58 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\A_3.XXX\Application Data\Mozilla\Firefox\Profiles\default.sbm\extensions\{1280606b-2510-4fe0-97ef-9b5a22eafe6b} [2010/12/11 19:31:50 | 000,000,000 | ---D | M] ("LittleFox") -- C:\Documents and Settings\A_3.XXX\Application Data\Mozilla\Firefox\Profiles\default.sbm\extensions\{29852C08-1E91-4889-A6BF-C77F91D6A8F3} [2004/10/20 17:16:50 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\A_3.XXX\Application Data\Mozilla\Firefox\Profiles\default.sbm\extensions\{2bfc8624-5b8a-4060-b86a-e78ccbc38509} [2004/10/20 17:16:54 | 000,000,000 | ---D | M] ("Print It!") -- C:\Documents and Settings\A_3.XXX\Application Data\Mozilla\Firefox\Profiles\default.sbm\extensions\{349ce370-12e8-11d9-9669-0800200c9a66} [2010/12/11 19:31:52 | 000,000,000 | ---D | M] (Qute) -- C:\Documents and Settings\A_3.XXX\Application Data\Mozilla\Firefox\Profiles\default.sbm\extensions\{36C13C8F-54F1-412e-8177-2E411719162D} [2004/10/20 16:40:36 | 000,000,000 | ---D | M] (GrayModern) -- C:\Documents and Settings\A_3.XXX\Application Data\Mozilla\Firefox\Profiles\default.sbm\extensions\{463ddc2c-1059-4a76-88bc-fa3b0abe6d8c} [2004/10/20 17:16:46 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\A_3.XXX\Application Data\Mozilla\Firefox\Profiles\default.sbm\extensions\{463F6CA5-EE3C-4be1-B7E6-7FEE11953374} [2004/08/27 13:59:18 | 000,000,000 | ---D | M] (Plastikfox Crystal SVG) -- C:\Documents and Settings\A_3.XXX\Application Data\Mozilla\Firefox\Profiles\default.sbm\extensions\{4674e8a2-eb7e-4822-b517-b18328b3e8e8} [2005/03/16 16:21:26 | 000,000,000 | ---D | M] (CuteMenus) -- C:\Documents and Settings\A_3.XXX\Application Data\Mozilla\Firefox\Profiles\default.sbm\extensions\{63df8e21-711c-4074-a257-b065cadc28d7} [2005/03/16 15:46:02 | 000,000,000 | ---D | M] (Perennial) -- C:\Documents and Settings\A_3.XXX\Application Data\Mozilla\Firefox\Profiles\default.sbm\extensions\{7cf1c3ae-a6b0-46af-b761-979a59974f59} [2005/03/16 16:21:44 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\A_3.XXX\Application Data\Mozilla\Firefox\Profiles\default.sbm\extensions\{840F5BF5-ABD6-43d1-8050-757F0A914143} [2005/03/17 16:22:22 | 000,000,000 | ---D | M] (DerBrowserTimer) -- C:\Documents and Settings\A_3.XXX\Application Data\Mozilla\Firefox\Profiles\default.sbm\extensions\{853fc383-15d3-4f29-a104-53c603a10373} [2004/10/20 17:17:02 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\A_3.XXX\Application Data\Mozilla\Firefox\Profiles\default.sbm\extensions\{8e117890-a33f-424b-a2ea-deb272731365} [2010/12/11 19:31:50 | 000,000,000 | ---D | M] (Charamel) -- C:\Documents and Settings\A_3.XXX\Application Data\Mozilla\Firefox\Profiles\default.sbm\extensions\{961408A3-C970-4577-970A-D97C29839A67} [2004/08/27 14:00:36 | 000,000,000 | ---D | M] (Lila) -- C:\Documents and Settings\A_3.XXX\Application Data\Mozilla\Firefox\Profiles\default.sbm\extensions\{9957f6c1-021d-4cbf-9462-26a0c1921fe4} [2010/12/11 19:31:52 | 000,000,000 | ---D | M] (Noia 2.0 (eXtreme)) -- C:\Documents and Settings\A_3.XXX\Application Data\Mozilla\Firefox\Profiles\default.sbm\extensions\{9f08cb5a-76b1-4bcf-aff9-90e1a5d60b1e} [2008/10/23 21:54:02 | 000,000,000 | ---D | M] (Noia 2.0 (lite)) -- C:\Documents and Settings\A_3.XXX\Application Data\Mozilla\Firefox\Profiles\default.sbm\extensions\{a0f7b384-a625-4ba8-82cb-e33d6d2fd021} [2005/03/16 15:45:40 | 000,000,000 | ---D | M] (Longhorn Alternative) -- C:\Documents and Settings\A_3.XXX\Application Data\Mozilla\Firefox\Profiles\default.sbm\extensions\{b1b89bad-b882-44e7-8feb-9bf71c87b305} [2004/10/20 17:17:00 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\A_3.XXX\Application Data\Mozilla\Firefox\Profiles\default.sbm\extensions\{BA8E053E-2867-4772-B9F0-26A5979AFA09} [2008/10/23 21:54:32 | 000,000,000 | ---D | M] (QuickNote) -- C:\Documents and Settings\A_3.XXX\Application Data\Mozilla\Firefox\Profiles\default.sbm\extensions\{C0CB8BA3-6C1B-47e8-A6AB-1FAB889562D9} [2005/03/16 15:45:50 | 000,000,000 | ---D | M] (Neptune) -- C:\Documents and Settings\A_3.XXX\Application Data\Mozilla\Firefox\Profiles\default.sbm\extensions\{caad6bbc-ef9d-4b9b-9a57-b1068687b0a7} [2004/10/20 17:16:44 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\A_3.XXX\Application Data\Mozilla\Firefox\Profiles\default.sbm\extensions\{DA1B0AB5-7DD3-4066-BC2A-64AABBDD0A8B} [2011/07/13 15:57:30 | 000,000,000 | ---D | M] (BitDefender QuickScan) -- C:\Documents and Settings\A_3.XXX\Application Data\Mozilla\Firefox\Profiles\default.sbm\extensions\{e001c731-5e37-4538-a5cb-8168736a2360} [2008/10/23 21:54:30 | 000,000,000 | ---D | M] (Menu Editor) -- C:\Documents and Settings\A_3.XXX\Application Data\Mozilla\Firefox\Profiles\default.sbm\extensions\{EDA7B1D7-F793-4e03-B074-E6F303317FB0} [2005/03/16 15:37:04 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\A_3.XXX\Application Data\Mozilla\Firefox\Profiles\default.sbm\extensions\cardgames [2005/03/16 16:21:44 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\A_3.XXX\Application Data\Mozilla\Firefox\Profiles\default.sbm\extensions\ertool [2005/03/16 16:21:32 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\A_3.XXX\Application Data\Mozilla\Firefox\Profiles\default.sbm\extensions\minesweeper [2010/12/11 19:31:58 | 000,000,000 | ---D | M] (Noia 2.0 eXtreme OPT) -- C:\Documents and Settings\A_3.XXX\Application Data\Mozilla\Firefox\Profiles\default.sbm\extensions\noia2_option@kk.noia [2010/12/11 19:31:58 | 000,000,000 | ---D | M] (Silvermel and Charamel XT) -- C:\Documents and Settings\A_3.XXX\Application Data\Mozilla\Firefox\Profiles\default.sbm\extensions\silvermelxt@pardal.de [2004/10/20 16:40:32 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\A_3.XXX\Application Data\Mozilla\Firefox\Profiles\default.sbm\extensions\temp [2005/03/16 17:23:28 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\A_3.XXX\Application Data\Mozilla\Firefox\Profiles\default.sbm\tabextensions [2005/03/16 17:12:44 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\A_3.XXX\Application Data\Mozilla\Firefox\Profiles\default.sbm\chrome\overlayinfo\tabextensions [2005/03/16 17:12:44 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\A_3.XXX\Application Data\Mozilla\Firefox\Profiles\default.sbm\chrome\overlayinfo\tabextensions\content [2005/03/16 16:21:44 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\A_3.XXX\Application Data\Mozilla\Firefox\Profiles\default.sbm\extensions\{840F5BF5-ABD6-43d1-8050-757F0A914143}\chrome\filer\content\filer\extension [2005/03/17 16:49:04 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\A_3.XXX\Application Data\Mozilla\Profiles\default\fwkc2yf2.slt\extensions [2005/03/17 16:49:04 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\A_3.XXX\Application Data\Mozilla\Profiles\default\fwkc2yf2.slt\extensions\{0538E3E3-7E9B-4d49-8831-A227C80A7AD3} [2005/03/17 18:16:40 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\A_3.XXX\Application Data\Mozilla\Profiles\default\fwkc2yf2.slt\tabextensions [2005/03/17 18:16:00 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\A_3.XXX\Application Data\Mozilla\Profiles\default\fwkc2yf2.slt\chrome\overlayinfo\tabextensions [2005/03/17 18:16:00 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\A_3.XXX\Application Data\Mozilla\Profiles\default\fwkc2yf2.slt\chrome\overlayinfo\tabextensions\content [2005/08/30 16:03:14 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions [2010/06/12 17:03:24 | 000,000,748 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\MediaDICO-fr.xml [2011/09/14 16:57:12 | 000,001,516 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-france.xml [2011/09/14 16:57:12 | 000,001,822 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\cnrtl-tlfi-fr.xml [2011/09/14 16:57:12 | 000,000,757 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-france.xml [2011/09/14 16:57:12 | 000,001,426 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-fr.xml [2011/09/14 16:57:12 | 000,000,956 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-france.xml O1 HOSTS File: ([2003/06/23 07:00:00 | 000,000,790 | ---- | M]) - C:\WINNT\SYSTEM32\DRIVERS\ETC\HOSTS O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\Program Files\Google\GoogleToolbar2.dll (Google Inc.) O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar2.dll (Google Inc.) O3 - HKCU\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar2.dll (Google Inc.) O3 - HKCU\..\Toolbar\WebBrowser: (@msdxmLC.dll,-1@1033,&Radio) - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\SYSTEM32\msdxm.ocx (Microsoft Corporation) O4 - HKLM..\Run: [KAV50] C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus for Workstation 5\kwsprod.exe (Kaspersky Lab) O4 - HKLM..\Run: [LogMeIn GUI] C:\Program Files\LogMeIn\x86\LogMeInSystray.exe (LogMeIn, Inc.) O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe (Sun Microsystems, Inc.) O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe (RealNetworks, Inc.) O4 - HKCU..\Run: [internat.exe] C:\WINNT\System32\INTERNAT.EXE (Microsoft Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255 O8 - Extra context menu item: &Traduire à partir de l'anglais - c:\program files\google\GoogleToolbar2.dll (Google Inc.) O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINNT\System32\GPhotos.scr (Google Inc.) O8 - Extra context menu item: Pages liées - c:\program files\google\GoogleToolbar2.dll (Google Inc.) O8 - Extra context menu item: Pages similaires - c:\program files\google\GoogleToolbar2.dll (Google Inc.) O8 - Extra context menu item: Recherche &Google - c:\program files\google\GoogleToolbar2.dll (Google Inc.) O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - c:\program files\google\GoogleToolbar2.dll (Google Inc.) O9 - Extra 'Tools' menuitem : Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\npjpi160_02.dll (Sun Microsystems, Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINNT\SYSTEM32\RNR20.DLL (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINNT\SYSTEM32\MSAFD.DLL (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINNT\SYSTEM32\MSAFD.DLL (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINNT\SYSTEM32\MSAFD.DLL (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINNT\SYSTEM32\MSAFD.DLL (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINNT\SYSTEM32\MSAFD.DLL (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINNT\SYSTEM32\MSAFD.DLL (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINNT\SYSTEM32\MSAFD.DLL (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINNT\SYSTEM32\MSAFD.DLL (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINNT\SYSTEM32\MSAFD.DLL (Microsoft Corporation) O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Reg Error: Key error.) O16 - DPF: {1B3E3251-658E-4F03-8881-68302FE3CE9E} file://C:\Documents and Settings\A_3\Local Settings\Temp\Friendtmp.xms (Reg Error: Key error.) O16 - DPF: {31564D57-0000-0010-8000-00AA00389B71} http://codecs.microsoft.com/codecs/i386/wmvax.cab (Reg Error: Key error.) O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB (Reg Error: Key error.) O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} https://www.trendmicro.com/en_us/forHome/products/housecall.html (HouseCall Control) O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Facebook Photo Uploader 5 Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab (Java Plug-in 1.6.0_02) O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} http://messenger.msn.com/download/msnmessengersetupdownloader.cab (MsnMessengerSetupDownloadControl Class) O16 - DPF: {CAFEEFAC-0014-0002-0005-ABCDEFFEDCBA} https://www.oracle.com/java/technologies/ (Java Plug-in 1.4.2_05) O16 - DPF: {CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_02-windows-i586.cab (Java Plug-in 1.5.0_02) O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab (Java Plug-in 1.5.0_06) O16 - DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab (Java Plug-in 1.5.0_10) O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab (Java Plug-in 1.6.0_01) O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab (Java Plug-in 1.6.0_02) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab (Java Plug-in 1.6.0_02) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab (Shockwave Flash Object) O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} https://secure.logmein.com/activex/RACtrl.cab (Performance Viewer Activex Control) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.13 192.168.1.1 192.168.1.7 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = XXX.com O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{924A33A3-3413-4235-86DD-41BADA909EF7}: DhcpNameServer = 192.168.1.13 192.168.1.1 192.168.1.7 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{924A33A3-3413-4235-86DD-41BADA909EF7}: NameServer = 192.168.1.7 O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\vnd.ms.radio {3DA2AA3B-3D96-11D2-9BD2-204C4F4F5020} - C:\WINNT\SYSTEM32\msdxm.ocx (Microsoft Corporation) O18 - Protocol\Filter\application/octet-stream - No CLSID value found O18 - Protocol\Filter\application/x-complus - No CLSID value found O18 - Protocol\Filter\application/x-msdownload - No CLSID value found O18 - Protocol\Filter\Class Install Handler - No CLSID value found O18 - Protocol\Filter\deflate - No CLSID value found O18 - Protocol\Filter\gzip - No CLSID value found O18 - Protocol\Filter\lzdhtml - No CLSID value found O18 - Protocol\Filter\text/webviewhtml - No CLSID value found O20 - HKLM Winlogon: Shell - (Explorer.Exe) -C:\WINNT\EXPLORER.EXE (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\WINNT\system32\userinit.exe) -C:\WINNT\SYSTEM32\USERINIT.EXE (Microsoft Corporation) O20 - Winlogon\Notify\igfxcui: DllName - (igfxsrvc.dll) - C:\WINNT\System32\igfxsrvc.dll (Intel Corporation) O20 - Winlogon\Notify\NavLogon: DllName - (C:\WINNT\system32\NavLogon.dll) - C:\WINNT\SYSTEM32\NavLogon.dll () O20 - Winlogon\Notify\wzcnotif: DllName - (wzcdlg.dll) - C:\WINNT\System32\WZCDLG.DLL (Microsoft Corporation) O24 - Desktop Components:0 (Ma page d'accueil) - About:Home O24 - Desktop WallPaper: C:\Documents and Settings\A_3.XXX\Mes documents\Mes images\3New-York-Reflection-3.jpg O24 - Desktop BackupWallPaper: C:\Documents and Settings\A_3.XXX\Application Data\Microsoft\Internet Explorer\Papier peint de Internet Explorer.bmp O32 - HKLM CDRom: AutoRun - 1 O32 - Unable to obtain root file information for disk F:\ O32 - Unable to obtain root file information for disk H:\ O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* NetSvcs: Ias - C:\WINNT\System32\IAS.MSC () NetSvcs: Iprip - File not found NetSvcs: Nwsapagent - File not found NetSvcs: pqupfofo - File not found [color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color] [2011/11/15 10:34:25 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\A_3.XXX\Bureau\OTL.exe [2011/11/14 15:38:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\A_3.XXX\Bureau\backups [2011/11/14 15:31:36 | 000,218,112 | ---- | C] (Soeperman Enterprises Ltd.) -- C:\Documents and Settings\A_3.XXX\Bureau\HijackThis.exe [2011/11/10 15:00:05 | 000,000,000 | ---D | C] -- C:\Program Files\Exterminate It! [2011/11/10 15:00:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Exterminate It! [2011/11/10 11:13:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\A_3.XXX\Menu Démarrer\Programmes\Sophos [2011/11/10 11:13:50 | 000,000,000 | ---D | C] -- C:\Program Files\Sophos [2011/11/08 10:41:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Avira [2005/10/31 10:46:14 | 000,061,440 | ---- | C] ( ) -- C:\WINNT\System32\serialport.dll [2005/09/19 12:05:05 | 000,122,880 | ---- | C] ( ) -- C:\WINNT\System32\icsharpcode.sharpziplib.dll [2004/10/18 12:03:33 | 000,045,056 | R--- | C] ( ) -- C:\WINNT\System32\satori.data.mysql.dll [2004/07/08 13:12:33 | 000,057,344 | ---- | C] ( ) -- C:\WINNT\System32\interop.ebcryptlib.dll [5 C:\WINNT\System32\*.tmp files -> C:\WINNT\System32\*.tmp -> ] [4 C:\WINNT\*.tmp files -> C:\WINNT\*.tmp -> ] [color=#E56717]========== Files - Modified Within 30 Days ==========[/color] [2011/11/15 10:32:44 | 000,016,384 | ---- | M] () -- C:\WINNT\System32\Perflib_Perfdata_458.dat [2011/11/15 10:14:22 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\A_3.XXX\Bureau\OTL.exe [2011/11/15 09:26:56 | 000,834,794 | -H-- | M] () -- C:\WINNT\ShellIconCache [2011/11/15 09:25:40 | 000,022,303 | ---- | M] () -- C:\Documents and Settings\A_3.XXX\Mes documents\cc_20111115_0925.reg [2011/11/14 15:03:44 | 000,001,403 | ---- | M] () -- C:\Documents and Settings\A_3.XXX\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk [2011/11/11 20:35:48 | 000,000,653 | ---- | M] () -- C:\Documents and Settings\A_3.XXX\Application Data\Microsoft\Internet Explorer\Quick Launch\Démarrer Internet Explorer.lnk [2011/11/11 15:17:42 | 000,005,064 | ---- | M] () -- C:\WINNT\Sat_Spec.ini [2011/11/11 14:50:02 | 000,001,385 | ---- | M] () -- C:\Documents and Settings\A_3.XXX\Bureau\Mozilla Firefox.lnk [2011/11/11 14:36:44 | 000,001,385 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\Mozilla Firefox.lnk [2011/11/10 11:13:30 | 003,920,384 | ---- | M] () -- C:\Documents and Settings\A_3.XXX\Bureau\conficker-removal-tool.msi [2011/11/10 10:13:04 | 000,001,447 | ---- | M] () -- C:\WINNT\imsins.BAK [2011/11/07 14:01:12 | 000,016,384 | ---- | M] () -- C:\WINNT\System32\Perflib_Perfdata_978.dat [2011/11/03 12:18:30 | 000,000,417 | ---- | M] () -- C:\Documents and Settings\A_3.XXX\Bureau\NINE.lnk [2011/11/02 11:47:46 | 000,148,400 | ---- | M] () -- C:\WINNT\System32\FNTCACHE.DAT [2011/10/21 18:39:00 | 000,000,160 | ---- | M] () -- C:\Documents and Settings\A_3.XXX\Bureau\winlines.res [2011/10/20 20:08:26 | 000,002,522 | ---- | M] () -- C:\Documents and Settings\A_3.XXX\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Outlook.lnk [5 C:\WINNT\System32\*.tmp files -> C:\WINNT\System32\*.tmp -> ] [4 C:\WINNT\*.tmp files -> C:\WINNT\*.tmp -> ] [color=#E56717]========== Files Created - No Company Name ==========[/color] [2011/11/15 10:32:43 | 000,016,384 | ---- | C] () -- C:\WINNT\System32\Perflib_Perfdata_458.dat [2011/11/15 09:25:35 | 000,022,303 | ---- | C] () -- C:\Documents and Settings\A_3.XXX\Mes documents\cc_20111115_0925.reg [2011/11/10 11:13:22 | 003,920,384 | ---- | C] () -- C:\Documents and Settings\A_3.XXX\Bureau\conficker-removal-tool.msi [2011/11/07 14:01:10 | 000,016,384 | ---- | C] () -- C:\WINNT\System32\Perflib_Perfdata_978.dat [2011/10/14 14:12:14 | 000,016,384 | ---- | C] () -- C:\WINNT\System32\Perflib_Perfdata_4e4.dat [2011/10/04 11:50:12 | 000,016,384 | ---- | C] () -- C:\WINNT\System32\Perflib_Perfdata_280.dat [2011/09/29 12:06:07 | 000,016,384 | ---- | C] () -- C:\WINNT\System32\Perflib_Perfdata_59c.dat [2011/09/24 11:39:56 | 000,016,384 | ---- | C] () -- C:\WINNT\System32\Perflib_Perfdata_2cc.dat [2011/09/23 11:58:42 | 000,016,384 | ---- | C] () -- C:\WINNT\System32\Perflib_Perfdata_204.dat [2011/09/20 11:23:40 | 000,016,384 | ---- | C] () -- C:\WINNT\System32\Perflib_Perfdata_5a4.dat [2011/09/14 12:01:21 | 000,016,384 | ---- | C] () -- C:\WINNT\System32\Perflib_Perfdata_614.dat [2011/09/08 19:20:32 | 000,016,384 | ---- | C] () -- C:\WINNT\System32\Perflib_Perfdata_5f0.dat [2011/08/30 11:58:10 | 000,016,384 | ---- | C] () -- C:\WINNT\System32\Perflib_Perfdata_588.dat [2011/07/26 14:54:17 | 000,016,384 | ---- | C] () -- C:\WINNT\System32\Perflib_Perfdata_5e8.dat [2011/07/25 15:49:38 | 000,179,968 | ---- | C] () -- C:\Documents and Settings\A_3.XXX\Local Settings\Application Data\census.cache [2011/07/25 15:49:29 | 000,174,004 | ---- | C] () -- C:\Documents and Settings\A_3.XXX\Local Settings\Application Data\ars.cache [2011/07/25 09:20:33 | 000,016,384 | ---- | C] () -- C:\WINNT\System32\Perflib_Perfdata_260.dat [2011/07/25 09:17:34 | 000,016,384 | ---- | C] () -- C:\WINNT\System32\Perflib_Perfdata_758.dat [2011/07/12 14:48:40 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\A_3.XXX\Local Settings\Application Data\housecall.guid.cache [2011/07/11 09:37:15 | 000,016,384 | ---- | C] () -- C:\WINNT\System32\Perflib_Perfdata_73c.dat [2011/07/08 12:18:49 | 000,016,384 | ---- | C] () -- C:\WINNT\System32\Perflib_Perfdata_238.dat [2011/07/07 11:31:45 | 000,016,384 | ---- | C] () -- C:\WINNT\System32\Perflib_Perfdata_2fc.dat [2011/07/06 11:46:29 | 000,016,384 | ---- | C] () -- C:\WINNT\System32\Perflib_Perfdata_650.dat [2011/06/24 11:39:37 | 000,016,384 | ---- | C] () -- C:\WINNT\System32\Perflib_Perfdata_640.dat [2011/06/22 19:18:02 | 000,016,384 | ---- | C] () -- C:\WINNT\System32\Perflib_Perfdata_274.dat [2011/06/22 11:21:15 | 000,016,384 | ---- | C] () -- C:\WINNT\System32\Perflib_Perfdata_2f0.dat [2011/06/21 11:36:49 | 000,016,384 | ---- | C] () -- C:\WINNT\System32\Perflib_Perfdata_7ac.dat [2011/06/17 11:39:34 | 000,016,384 | ---- | C] () -- C:\WINNT\System32\Perflib_Perfdata_23c.dat [2010/12/11 11:37:10 | 000,016,384 | ---- | C] () -- C:\WINNT\System32\Perflib_Perfdata_648.dat [2010/10/01 11:10:14 | 000,016,384 | ---- | C] () -- C:\WINNT\System32\Perflib_Perfdata_64c.dat [2010/09/30 11:03:27 | 000,016,384 | ---- | C] () -- C:\WINNT\System32\Perflib_Perfdata_5fc.dat [2010/07/02 11:19:07 | 000,016,384 | ---- | C] () -- C:\WINNT\System32\Perflib_Perfdata_254.dat [2009/09/22 20:28:46 | 000,016,384 | ---- | C] () -- C:\WINNT\System32\Perflib_Perfdata_5b8.dat [2008/05/26 10:48:13 | 000,002,680 | ---- | C] () -- C:\WINNT\System32\satori.common.tlb [2008/03/08 15:17:33 | 001,118,208 | ---- | C] () -- C:\WINNT\System32\wmpui.dll [2008/03/08 15:17:33 | 000,819,200 | ---- | C] () -- C:\WINNT\System32\wmpcore.dll [2008/03/08 15:17:33 | 000,270,336 | ---- | C] () -- C:\WINNT\System32\pdbrowse.dll [2008/03/08 15:17:33 | 000,184,320 | ---- | C] () -- C:\WINNT\System32\wmpcd.dll [2008/03/08 15:17:30 | 000,147,456 | ---- | C] () -- C:\WINNT\System32\CEWMDM.dll [2007/11/22 14:30:58 | 000,057,344 | ---- | C] () -- C:\WINNT\System32\P3150PCL.DLL [2007/11/22 14:30:58 | 000,024,576 | ---- | C] () -- C:\WINNT\System32\SECADMIN.EXE [2007/11/22 14:30:46 | 000,212,992 | ---- | C] () -- C:\WINNT\System32\SamMonNT.dll [2007/08/10 20:11:07 | 000,071,749 | ---- | C] () -- C:\WINNT\hcextoutput.dll [2007/08/10 20:11:07 | 000,000,823 | ---- | C] () -- C:\WINNT\tsc.ini [2007/08/10 20:10:02 | 000,000,170 | ---- | C] () -- C:\WINNT\GetServer.ini [2007/08/06 11:07:30 | 000,008,784 | ---- | C] () -- C:\WINNT\System32\ractrlkeyhook.dll [2007/01/23 16:54:20 | 000,000,000 | ---- | C] () -- C:\WINNT\HPMProp.INI [2007/01/23 16:53:47 | 000,094,274 | ---- | C] () -- C:\WINNT\System32\HPBHEALR.DLL [2006/01/24 20:08:29 | 000,012,288 | ---- | C] () -- C:\WINNT\System32\DivXWMPExtType.dll [2005/11/23 06:00:00 | 000,778,240 | ---- | C] () -- C:\WINNT\System32\DivXsm.exe [2005/11/02 12:03:05 | 000,157,696 | ---- | C] () -- C:\WINNT\System32\unrar.dll [2005/09/06 14:39:11 | 000,000,128 | ---- | C] () -- C:\WINNT\Rb20upd.dat [2005/09/06 14:38:58 | 000,129,024 | ---- | C] () -- C:\WINNT\UNWISE.EXE [2005/08/24 13:08:04 | 000,099,970 | ---- | C] () -- C:\WINNT\UninstallFirefox.exe [2005/08/12 23:57:09 | 003,596,288 | ---- | C] () -- C:\WINNT\System32\qt-dx331.dll [2005/08/05 20:00:56 | 000,003,584 | ---- | C] () -- C:\Documents and Settings\A_3.XXX\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2005/08/05 20:00:56 | 000,000,140 | ---- | C] () -- C:\Documents and Settings\A_3.XXX\Local Settings\Application Data\fusioncache.dat [2005/08/05 18:04:53 | 000,000,083 | ---- | C] () -- C:\Documents and Settings\A_3.XXX\Application Data\sversion.ini [2005/08/05 18:04:40 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\A_3.XXX\Application Data\dm.ini [2005/05/21 14:31:31 | 000,000,200 | ---- | C] () -- C:\WINNT\AUDC50UI.dat [2005/05/12 16:05:56 | 000,007,043 | ---- | C] () -- C:\WINNT\cdplayer.ini [2005/04/08 15:07:15 | 000,000,104 | ---- | C] () -- C:\WINNT\EXCHESS.INI [2005/03/17 16:38:04 | 000,099,024 | ---- | C] () -- C:\WINNT\MozillaUninstall.exe [2005/03/17 16:37:52 | 000,098,512 | ---- | C] () -- C:\WINNT\GREUninstall.exe [2005/03/17 15:31:01 | 000,000,335 | ---- | C] () -- C:\WINNT\mozregistry.dat [2005/02/12 16:50:54 | 000,069,632 | ---- | C] () -- C:\WINNT\uinst001.exe [2005/01/10 17:57:23 | 000,000,040 | ---- | C] () -- C:\WINNT\opt_1430.ini [2005/01/10 17:57:15 | 000,000,472 | ---- | C] () -- C:\WINNT\BRWMARK.INI [2005/01/10 17:57:15 | 000,000,026 | ---- | C] () -- C:\WINNT\BRPP2KA.INI [2004/10/20 17:42:15 | 000,110,704 | ---- | C] () -- C:\WINNT\UninstallThunderbird.exe [2004/10/18 12:03:33 | 000,122,880 | ---- | C] () -- C:\WINNT\System32\satori.vb6.dll [2004/10/18 12:03:33 | 000,032,768 | ---- | C] () -- C:\WINNT\System32\satori.vb6.directx.dll [2004/09/29 13:19:23 | 000,001,125 | ---- | C] () -- C:\WINNT\winamp.ini [2004/08/27 13:54:08 | 000,000,335 | ---- | C] () -- C:\WINNT\nsreg.dat [2004/08/27 13:53:42 | 000,026,119 | ---- | C] () -- C:\WINNT\mozver.dat [2004/07/15 17:53:46 | 000,000,612 | ---- | C] () -- C:\WINNT\System32\msvr.dll [2004/07/08 14:07:21 | 001,290,240 | ---- | C] () -- C:\WINNT\System32\libmysql.dll [2004/06/25 15:28:22 | 000,614,400 | ---- | C] () -- C:\WINNT\System32\plandirectx.dll [2004/06/17 17:05:31 | 000,000,171 | ---- | C] () -- C:\WINNT\hpbafd.ini [2004/06/17 16:54:25 | 000,002,143 | ---- | C] () -- C:\WINNT\FONTSMRT.INI [2004/06/17 16:54:25 | 000,001,055 | ---- | C] () -- C:\WINNT\PRNTNAME.INI [2004/06/04 18:05:21 | 000,005,064 | ---- | C] () -- C:\WINNT\Sat_Spec.ini [2004/06/04 18:05:13 | 000,225,280 | R--- | C] () -- C:\WINNT\System32\GLUT32.DLL [2004/05/19 13:12:14 | 000,001,256 | ---- | C] () -- C:\WINNT\ODBC.INI [2004/05/12 19:24:10 | 000,354,816 | ---- | C] () -- C:\WINNT\System32\psisdecd.dll [2002/11/01 16:17:50 | 000,000,256 | ---- | C] () -- C:\WINNT\aucfg.ini [2002/07/04 15:05:34 | 000,000,269 | ---- | C] () -- C:\WINNT\tmupdate.ini [2002/05/07 16:06:36 | 000,019,968 | ---- | C] () -- C:\WINNT\System32\drivers\platmsg.dll [2002/05/07 16:06:16 | 000,019,968 | ---- | C] () -- C:\WINNT\System32\drivers\netamsg.dll [2002/04/16 16:57:28 | 000,135,168 | ---- | C] () -- C:\WINNT\System32\aolninst.dll [2002/02/06 09:04:14 | 000,065,536 | ---- | C] () -- C:\WINNT\System32\NMSInst.dll [2002/01/21 14:17:18 | 000,065,536 | ---- | C] () -- C:\WINNT\System32\PROInst.dll [2002/01/18 16:07:32 | 000,045,056 | ---- | C] () -- C:\WINNT\System32\NavLogon.dll [2001/12/14 13:34:46 | 000,164,864 | ---- | C] () -- C:\WINNT\patchw32.dll [1999/07/23 13:46:48 | 000,000,116 | ---- | C] () -- C:\WINNT\AuHCcup1.ini [1999/07/23 10:53:20 | 000,129,536 | ---- | C] () -- C:\WINNT\AuHCcup1.dll [1980/01/01 00:00:00 | 000,673,088 | ---- | C] () -- C:\WINNT\System32\MLANG.DAT [1980/01/01 00:00:00 | 000,454,862 | ---- | C] () -- C:\WINNT\System32\perfh00C.dat [1980/01/01 00:00:00 | 000,389,838 | ---- | C] () -- C:\WINNT\System32\PERFH009.DAT [1980/01/01 00:00:00 | 000,323,920 | ---- | C] () -- C:\WINNT\System32\perfi00C.dat [1980/01/01 00:00:00 | 000,272,492 | ---- | C] () -- C:\WINNT\System32\PERFI009.DAT [1980/01/01 00:00:00 | 000,217,359 | ---- | C] () -- C:\WINNT\System32\DSSEC.DAT [1980/01/01 00:00:00 | 000,176,400 | ---- | C] () -- C:\WINNT\System32\QCUT.DLL [1980/01/01 00:00:00 | 000,148,400 | ---- | C] () -- C:\WINNT\System32\FNTCACHE.DAT [1980/01/01 00:00:00 | 000,088,816 | ---- | C] () -- C:\WINNT\System32\drivers\LVCAM.SYS [1980/01/01 00:00:00 | 000,072,164 | ---- | C] () -- C:\WINNT\System32\perfc00C.dat [1980/01/01 00:00:00 | 000,060,388 | ---- | C] () -- C:\WINNT\System32\PERFC009.DAT [1980/01/01 00:00:00 | 000,046,258 | ---- | C] () -- C:\WINNT\System32\MIB.BIN [1980/01/01 00:00:00 | 000,034,576 | ---- | C] () -- C:\WINNT\System32\EFSADU.DLL [1980/01/01 00:00:00 | 000,033,462 | ---- | C] () -- C:\WINNT\System32\perfd00C.dat [1980/01/01 00:00:00 | 000,028,270 | ---- | C] () -- C:\WINNT\System32\PERFD009.DAT [1980/01/01 00:00:00 | 000,022,115 | -H-- | C] () -- C:\Program Files\FOLDER.HTT [1980/01/01 00:00:00 | 000,017,424 | ---- | C] () -- C:\WINNT\System32\drivers\LVSOUND.SYS [1980/01/01 00:00:00 | 000,015,204 | ---- | C] () -- C:\WINNT\System32\emptyregdb.dat [1980/01/01 00:00:00 | 000,013,604 | ---- | C] () -- C:\WINNT\System32\IASPERF.INI [1980/01/01 00:00:00 | 000,004,591 | ---- | C] () -- C:\WINNT\ODBCINST.INI [1980/01/01 00:00:00 | 000,003,134 | ---- | C] () -- C:\WINNT\System32\FAXPERF.INI [1980/01/01 00:00:00 | 000,000,741 | ---- | C] () -- C:\WINNT\System32\NOISE.DAT [1980/01/01 00:00:00 | 000,000,573 | ---- | C] () -- C:\WINNT\System32\OEMINFO.INI [1980/01/01 00:00:00 | 000,000,023 | ---- | C] () -- C:\WINNT\WELCOME.INI [color=#E56717]========== Custom Scans ==========[/color] [color=#A23BEC]< %SYSTEMDRIVE%\*.exe >[/color] [color=#A23BEC]< %ALLUSERSPROFILE%\Application Data\*. >[/color] [2004/05/12 19:20:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Microsoft [2004/05/19 13:14:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Symantec [2004/11/26 21:58:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\QuickTime [2005/05/28 14:18:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Adobe [2005/09/06 14:48:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Propellerhead Software [2006/05/02 16:01:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab [2009/05/04 12:49:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LogMeIn [2011/07/13 17:34:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes [2011/07/25 17:12:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData [2011/07/25 17:12:42 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files [2011/07/25 17:19:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg7 [2011/07/25 17:19:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Grisoft [2011/07/26 10:13:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy [2011/11/08 10:41:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Avira [color=#A23BEC]< %ALLUSERSPROFILE%\Application Data\*.exe /s >[/color] [2006/05/02 18:14:14 | 000,612,382 | ---- | M] (Kaspersky Antivirus ) -- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\KAV for Workstations\5.0\Patches\patch_all_wks_5.0.225[7]_to_228.exe [2011/11/10 11:20:12 | 009,852,544 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe [color=#A23BEC]< %appdata%\*.exe /s >[/color] [2009/03/13 23:19:36 | 001,915,520 | ---- | M] (Adobe Systems Incorporated) -- C:\Documents and Settings\A_3.XXX\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\fpupdateax\fpupdateax.exe [2008/11/25 21:09:56 | 001,850,800 | ---- | M] (Adobe Systems Incorporated) -- C:\Documents and Settings\A_3.XXX\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\fpupdatepl\fpupdatepl.exe [2011/11/10 11:13:54 | 000,065,536 | R--- | M] (Macrovision Corporation) -- C:\Documents and Settings\A_3.XXX\Application Data\Microsoft\Installer\{2c557f98-ef74-4a1e-a856-9df2f633b41f}\ARPPRODUCTICON.exe [2011/11/10 11:13:56 | 000,065,536 | R--- | M] (Macrovision Corporation) -- C:\Documents and Settings\A_3.XXX\Application Data\Microsoft\Installer\{2c557f98-ef74-4a1e-a856-9df2f633b41f}\gui.exe_810EDD9E2F0A4E2BACF86673C38D9F48.exe [2011/11/10 11:13:56 | 000,065,536 | R--- | M] (Macrovision Corporation) -- C:\Documents and Settings\A_3.XXX\Application Data\Microsoft\Installer\{2c557f98-ef74-4a1e-a856-9df2f633b41f}\gui.exe1_810EDD9E2F0A4E2BACF86673C38D9F48.exe [color=#A23BEC]< %APPDATA%\*. >[/color] [2004/05/12 19:20:34 | 000,000,000 | --SD | M] -- C:\Documents and Settings\A_3.XXX\Application Data\Microsoft [2004/05/19 13:22:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\A_3.XXX\Application Data\Identities [2005/05/12 15:56:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\A_3.XXX\Application Data\Real [2005/05/28 14:43:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\A_3.XXX\Application Data\AdobeUM [2005/05/21 14:37:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\A_3.XXX\Application Data\Seven Zip [2005/03/17 16:13:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\A_3.XXX\Application Data\OpenOffice.org1.9.79 [2004/10/20 17:42:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\A_3.XXX\Application Data\Thunderbird [2004/08/27 13:54:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\A_3.XXX\Application Data\Talkback [2004/08/27 13:53:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\A_3.XXX\Application Data\Mozilla [2004/07/15 10:49:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\A_3.XXX\Application Data\Sun [2004/07/13 16:12:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\A_3.XXX\Application Data\Help [2004/07/02 18:43:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\A_3.XXX\Application Data\Adobe [2004/07/01 17:01:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\A_3.XXX\Application Data\Macromedia [2005/11/03 16:36:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\A_3.XXX\Application Data\AdobeAUM [2006/05/02 16:28:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\A_3.XXX\Application Data\Propellerhead Software [2007/01/16 18:50:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\A_3.XXX\Application Data\4D [2009/01/13 17:04:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\A_3.XXX\Application Data\Leadertech [2011/07/13 17:34:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\A_3.XXX\Application Data\Malwarebytes [2011/07/25 17:21:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\A_3.XXX\Application Data\AVG7 [color=#A23BEC]< %systemroot%\*. /mp /s >[/color] [color=#A23BEC]< %systemroot%\system32\*.dll /lockedfiles >[/color] [5 C:\WINNT\system32\*.tmp files -> C:\WINNT\system32\*.tmp -> ] [color=#A23BEC]< %systemroot%\Tasks\*.job /lockedfiles >[/color] < End of report > Extra.txt OTL Extras logfile created on: 15/11/2011 10:35:06 - Run 1 OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\A_3.XXX\Bureau Windows 2000 Professional Edition Service Pack 4 (Version = 5.0.2195) - Type = NTWorkstation Internet Explorer (Version = 6.0.2800.1106) Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy 509,99 Mb Total Physical Memory | 85,75 Mb Available Physical Memory | 16,81% Memory free 861,64 Mb Paging File | 453,98 Mb Available in Paging File | 52,69% Paging File free Paging file location(s): C:\pagefile.sys 384 768 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINNT | %ProgramFiles% = C:\Program Files Drive C: | 37,19 Gb Total Space | 21,73 Gb Free Space | 58,42% Space Free | Partition Type: FAT32 Drive E: | 930,50 Gb Total Space | 517,14 Gb Free Space | 55,58% Space Free | Partition Type: NTFS Drive F: | 930,50 Gb Total Space | 517,14 Gb Free Space | 55,58% Space Free | Partition Type: NTFS Drive G: | 930,50 Gb Total Space | 517,14 Gb Free Space | 55,58% Space Free | Partition Type: NTFS Drive H: | 930,50 Gb Total Space | 517,14 Gb Free Space | 55,58% Space Free | Partition Type: NTFS Computer Name: CAISSE3 | User Name: A_3 | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days [color=#E56717]========== Extra Registry (SafeList) ==========[/color] [color=#E56717]========== File Associations ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\] .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL %1,%* .url [@ = InternetShortcut] -- rundll32.exe shdocvw.dll,OpenURL %l [color=#E56717]========== Shell Spawning ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL %1,%* exefile [open] -- "%1" %* htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office\msohtmed.exe" %1 (Microsoft Corporation) htmlfile [print] -- "C:\Program Files\Microsoft Office\Office\msohtmed.exe" /p %1 (Microsoft Corporation) InternetShortcut [open] -- rundll32.exe shdocvw.dll,OpenURL %l piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- %1 scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\Winamp.exe" /BOOKMARK "%1" (Nullsoft) Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\Winamp.exe" /ADD "%1" (Nullsoft) Directory [Winamp.Play] -- "C:\Program Files\Winamp\Winamp.exe" "%1" (Nullsoft) Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [color=#E56717]========== Security Center Settings ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [color=#E56717]========== System Restore Settings ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore] [color=#E56717]========== Firewall Settings ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] [color=#E56717]========== Authorized Applications List ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] [color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{0003040C-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 SR-1 Small Business "{01A4AEDE-F219-49A2-B855-16A016EAF9A4}" = Intel(R) PROSet II "{11B569C2-4BF6-4ED0-9D17-A4273943CB24}" = Adobe Photoshop Album 2.0 Edition Découverte "{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer "{2c557f98-ef74-4a1e-a856-9df2f633b41f}" = Sophos confic-a Cleanup Tool "{3248F0A8-6813-11D6-A77B-00B0D0150020}" = J2SE Runtime Environment 5.0 Update 2 "{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6 "{3248F0A8-6813-11D6-A77B-00B0D0150100}" = J2SE Runtime Environment 5.0 Update 10 "{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java(TM) SE Runtime Environment 6 Update 1 "{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java(TM) 6 Update 2 "{4C701994-43D2-4B7B-A548-C6E6C224D9A9}" = Intel® PRO Network Adapters WMI Provider (2.0) "{5CD29180-A95E-11D3-A4EB-00C04F7BDB2C}" = Guide de l'utilisateur "{66B4F24C-BE5D-423A-B56B-4013481F6801}" = Intel® Pro Alerting Agent, Version 3.2.0 "{6F716DA0-398F-11D3-85E1-005004838609}" = WebFldrs "{7131646D-CD3C-40F4-97B9-CD9E4E6262EF}" = Microsoft .NET Framework 2.0 "{7148F0A8-6813-11D6-A77B-00B0D0142030}" = Java 2 Runtime Environment, SE v1.4.2_03 "{7148F0A8-6813-11D6-A77B-00B0D0142050}" = Java 2 Runtime Environment, SE v1.4.2_05 "{73F1BDB7-11E1-11D5-9DC6-00C04F2FC33B}" = OMCI "{7B63B2922B174135AFC0E1377DD81EC2}" = DivX "{7C72AAB5-8A7D-4882-950C-A1F26A949DA3}" = Kaspersky Network Agent "{7F831576-6246-42C7-B523-55B3F96509CC}" = LogMeIn "{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel(R) Extreme Graphics Driver "{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player "{90467142-F6B5-48B5-9A46-AFE61C4598CA}" = Kaspersky Anti-Virus for Workstation "{90AF040C-6000-11D3-8CFE-0150048383C9}" = Microsoft Office PowerPoint Viewer 2003 "{AC76BA86-7AD7-1036-7B44-A00000000001}" = Adobe Reader 6.0.1 - Français "{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1 "Adobe Acrobat 5.0" = Adobe Acrobat 5.0 "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "AdobeESD" = Adobe Download Manager 1.2 (Supprimer uniquement) "CCleaner" = CCleaner (remove only) "Exterminate It!" = Exterminate It! "FriendTool" = Outil de suppression Q9378B17 "HijackThis" = HijackThis 1.99.1 "HP LaserJet 5000 Printing System" = HP LaserJet 5000 Printing System "IE40" = Microsoft Internet Explorer 6 SP1 "InstallShield_{7C72AAB5-8A7D-4882-950C-A1F26A949DA3}" = Kaspersky Network Agent "InstallShield_{90467142-F6B5-48B5-9A46-AFE61C4598CA}" = Kaspersky Anti-Virus 5.0 for Windows Workstations "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.2.1300 "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1 "Microsoft .NET Framework 2.0" = Microsoft .NET Framework 2.0 "Mozilla (1.7.5) (fr)" = Mozilla (1.7.5) (fr) "Mozilla Firefox (3.6.24)" = Mozilla Firefox (3.6.24) "Mozilla Thunderbird (0.8)" = Mozilla Thunderbird (0.8) "Msvri" = MSVRI Ref:152365234 "Picasa 3" = Picasa 3 "PowerArchiver_is1" = PowerArchiver 2006 v9.63 "PROSet" = Intel(R) PRO Ethernet Adapter and Software "Q828026" = Correctif pour le Lecteur Windows Media [Voir Q828026 pour plus d'informations] "QuickTime" = QuickTime "RealPlayer 6.0" = RealPlayer "Update Rollup 1" = Correctif cumulatif 1 pour Windows 2000 SP4 "Winamp" = Winamp (remove only) "WinVNC_is1" = VNC 3.3.7 "WMP7" = Lecteur Windows Media 7.1 "Xerox Phaser 3150 PCL 6" = Xerox Phaser 3150 [color=#E56717]========== HKEY_CURRENT_USER Uninstall List ==========[/color] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] [color=#E56717]========== Last 10 Event Log Errors ==========[/color] [ System Events ] Error - 11/11/2011 09:57:38 | Computer Name = CAISSE3 | Source = DCOM | ID = 10005 Description = DCOM a reçu l'erreur "%1058" lors de la mise en route du service wuauserv avec les arguments "" pour démarrer le serveur : {E60687F7-01A1-40AA-86AC-DB1CBF673334} Error - 14/11/2011 10:00:06 | Computer Name = CAISSE3 | Source = DCOM | ID = 10005 Description = DCOM a reçu l'erreur "%1058" lors de la mise en route du service wuauserv avec l

Utilisateur anonyme · Answer

OK combien a tu d'antivirus sur le pc ? le problème avec les pc Windows 2000 c'est que peux d'outil passe 
la deuxième question a quoi sert le PC car le nom du domain me parait bizarre je regarde plus en détail

infomag · Answer

Au départ je n'avais que Kaspersky, et vu qu'il ne me résolvait pas mon problème, j'ai du en installer un autre, et je ne sais plus si je l'ai désinstallé ou pas ; je peux aller vérifier si besoin.
J'ai effectivement remplacé notre nom de domaine par "XXX", pour rester anonyme ;-). Le PC sert à de la bureautique.

Merci !!!!

Utilisateur anonyme · Answer

ok mais la prochaine fois mais des A ou B cela évitera de faire des erreurs 

Bon alors supprime les traces de norton 

ftp://ftp.symantec.com/public/francais/removal_tools/Norton_Removal_Tool.exe

ensuite celui desinstalle  antivir

pour savoir si tu est infecter par conficker utilise ceci 

clic sur ce lien si tout s'affiche c'est ok pas de ver tu me le dira dans ta prochaine réponse

http://consultaide.e-monsite.com/rubrique,conficker-simples-tests,355935.html

infomag · Answer

Alors :
- j'ai supprimé les traces de Norton avec l'outil indiqué,
- je n'ai pas supprimé Antivir car il l'était déjà,
- j'ai cliqué sur le lien indiqué après avoir désactivé le proxy, et j'ai vu toutes les images.

Tout laisse croire que je ne suis plus infectée, mais des tâches atxx se créent par dizaine tous les jours à l'insu de mon plein gré !!!!

Merci pour ton aide !!!!

Utilisateur anonyme · Answer

Re 

ok mais avira est toujours la  
C:\Documents and Settings\All Users\Application Data\Avira  

ceci desintalle aussi il ne sert a rien  

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 

fait ceci STP  le problème tu a un vieux système donc il faut y aller avec des pincettes sous peine de le planter  

Scan en ligne avec -> https://www.eset.com/ 

_->Cliquez sur le bouton vert Eset Online Scanner 
_->Accepter les conditions d'utilisation, pour cela, cochez la case « Oui, j'accepte les termes du contrat de licence » 
_->Cliquez ensuite sur le bouton Start 
_->Acceptez l'installation de l'ActiveX NOD32 
_->Le téléchargement des définitions virales s'effectuent, cela peut prendre du temps selon la vitesse de connexion. 
_->Cocher la case "Supprimer les menaces détectées" 
_->Clique sur le bouton Démarrer pour lancer le scan 
_->Le scan du PC se lance, les menaces détectées apparaissent dans la liste en dessous de la barre de progression. 
_->Laissez l'analyse s'effectuer entièrement 
_->Cliquer sur le bouton « liste des menaces » permettant d'exporter la liste dans un fichier texte 
_->Enregistrer celui-ci sur votre bureau par exemple 

Formateur HF :)

infomag · Answer

OK super, merci infiniment !
Je continuerai jeudi.

Merci encore !

infomag · Answer

Donc, j'ai supprimé les deux répertoires, celui d'Avira et celui de Spypot.

J'ai scanné avec nod32 une première fois, il m'a trouvé 3 infections :
_________________________
C:\WINNT\SYSTEM32\FRANCAIS.dll	Win32/VB.NZS trojan	cleaned by deleting - quarantined
C:\Recycled\Dc637.exe	a variant of Win32/SoftonicDownloader.A application	cleaned by deleting - quarantined
C:\Recycled\Dc642.exe	a variant of Win32/SoftonicDownloader.A application	cleaned by deleting - quarantined
_________________________

Je me suis dit "yesssss !", ai presque crié Victoire, mais la sagesse (et l'expérience) m'ont conseillée d'attendre un peu ; j'ai laissé passer 2 jours d'utilisation, suis revenue contrôler hier... et j'avais encore des tâches ATxx qui avaient été crées à l'insu de mon plein gré...

J'ai relancé un scan avec nod32, qui n'a rien trouvé...

Qu'est-ce que je peux faire d'autre ?

Merci !!!

infomag · Answer

Personne n'aurait une petite idée ?

Merciiiiiiiiiiiii !!

Utilisateur anonyme · Answer

Hello 

désoler du retard j'ai des petits soucis :) 

on va essayer ceci  

 Télécharges USBFIX (créé par El Desaparecido & C_XX) et enregistres-le sur ton bureau 

    tutoriel recherche 
    :!:  Ne fais pas la suppression tant que je ne te l'ai pas demandé  :!: 
 

    Double-cliques sur UsbFix présent sur ton bureau, l'installation se fera automatiquement 

  Branches tes sources de données externes à ton PC, (clé USB, disque dur externe, etc...) susceptibles d'avoir été infectés sans les ouvrir 
 
   Clique sur le bouton Recherche 
  Laisses travailler l'outil 
   Ensuite postes le rapport UsbFix.txt qui apparaîtra 

   Note : le rapport UsbFix.txt est sauvegardé à la racine du disque 


Formateur HF :)

infomag · Answer

Bonjour,
Désolée du retard (c'est peu dire !!).
Voilà le rapport usbfix, tout nouveau tout beau (enfin non, plein d'infections, en fait :-().

-------------------------------------------
############################## | UsbFix V 7.078 | [Recherche]

Utilisateur: AMAND_3 (Administrateur) # CAISSE3
Mis à jour le 06/01/2012 par El Desaparecido
Lancé à 14:47:28 | 07/02/2012

Site Web: https://www.sosvirus.net/
Fichier suspect ? : http://eldesaparecido.com/upload.html
Contact: contact@eldesaparecido.com

PC: Dell Computer Corporation (OptiPlex GX60                ) (X86-based PC) # Desktop Computer
CPU:                 Intel(R) Celeron(R) CPU 2.40GHz (2391)
RAM -> [ Total : 510 | Free : 277 ]
BIOS: Default System BIOS
BOOT: Normal

OS: Microsoft Windows 2000 Professionnel (5.0.2195 32-Bit) # Service Pack 4
WB: Windows Internet Explorer 6.0.2800.1106

SC: Security Center Service [ (!) Disabled ]
WU: Windows Update Service [ (!) Disabled ]
FW: Windows FireWall Service [ (!) Disabled ]

C:\ (%systemdrive%) -> Disque fixe # 37 Go (22 Go libre(s) - 59%) [] # FAT32
D:\ -> CD-ROM

################## | Processus Actif |

C:\WINNT\System32\smss.exe (144)
C:\WINNT\system32\winlogon.exe (164)
C:\WINNT\system32\services.exe (216)
C:\WINNT\system32\lsass.exe (228)
C:\WINNT\system32\svchost.exe (400)
C:\WINNT\system32\spoolsv.exe (428)
C:\WINNT\system32\svchost.exe (524)
C:\WINNT\system32\hidserv.exe (540)
C:\Program Files\Dell\OpenManage\Client\Iap.exe (572)
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus for Workstation 5\kavmm.exe (600)
C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe (620)
C:\Program Files\LogMeIn\x86\RaMaint.exe (728)
C:\Program Files\LogMeIn\x86\LogMeIn.exe (752)
C:\WINNT\System32\svchost.exe (836)
C:\WINNT\system32egsvc.exe (856)
C:\WINNT\system32\MSTask.exe (872)
C:\WINNT\system32\mspmspsv.exe (916)
C:\Program Files\Intel\ASF Agent\ASFAgent.exe (948)
C:\WINNT\System32\WBEM\WinMgmt.exe (884)
C:\WINNT\system32undll32.exe (772)
C:\WINNT\system32undll32.exe (720)
C:\WINNT\Explorer.EXE (1124)
C:\WINNT\system32\hkcmd.exe (640)
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe (1192)
C:\Program Files\Fichiers communs\Real\Update_OBealsched.exe (1116)
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe (672)
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus for Workstation 5\kwsprod.exe (1568)
C:\WINNT\system32\internat.exe (1492)
C:\UsbFix\Go.exe (900)

################## | Éléments infectieux |

Présent! C:\WINNT\system32	emp
Présent! F:\Recycler\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx
Présent! H:\Recycler\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx
Présent! F:\autorun.inf
Présent! F:\Recycler\S-5-3-42-2819952290-8240758988-879315005-3665
Présent! H:\autorun.inf
Présent! H:\Recycler\S-5-3-42-2819952290-8240758988-879315005-3665

################## | Registre |


################## | Mountpoints2 |

-----------------------------------------------------------------

Qu'est-ce qu'il faut-y donc que je fasse ?

Merci par avance !!!!

################## | Vaccin |

(!) Cet ordinateur n'est pas vacciné!

################## | E.O.F |

infomag · Answer

euh... j'ai écrit au milieu du rapport, je ne sais pas ce qui s'est passé, désolée !!

Et merciiiiiiiiii !!

Tâche ATxx qui se créent toutes seules

13 réponses

Discussions similaires