|
 Posté le 15/08/2010 @ 23:58 |
Petite astucienne
| Allo
J'aimerais que vous m'aidiez à me débarasser d,un virus que j'ai dans mon portable, j'ai plein de fenêtres qui ouvrent et mon anti virus me dit que cest un cheval de troie..J'ai windows vista
Merci
sebdou |
|
|
|
|
|
Posté le 16/08/2010 à 00:13 |
Petite astucienne
|
voici mon rapport hijack
Merci sebdou
ogfile of Trend Micro HijackThis v2.0.4
Scan saved at 18:08:29, on 2010-08-15
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18943)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\Lenovo\NPDIRECT\tpfnf7sp.exe
C:\Program Files\Lenovo\HOTKEY\TpWAudAp.exe
C:\Program Files\CONEXANT\SmartAudio\SmAudio.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Lenovo\LenovoCare\LPMGR.EXE
C:\Program Files\Lenovo\Drag-to-Disc\DrgToDsc.exe
C:\Program Files\ThinkVantage\AMSG\Amsg.exe
C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe
C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Users\proprietaire\AppData\Roaming\Microsoft\Live Search\Notification-LiveSearch.exe
C:\Users\proprietaire\AppData\Roaming\Microsoft\Live Search\Mise-a-jour-LiveSearch.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\ThinkPad\ConnectUtilities\ACGadgetWrapper.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10b.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
C:\Windows\system32\DllHost.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://lenovo.live.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://lenovo.live.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [PMHandler] C:\PROGRA~1\Lenovo\PMDriver\PMHandler.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [TPFNF7] C:\Program Files\Lenovo\NPDIRECT\TPFNF7SP.exe /r
O4 - HKLM\..\Run: [TPWAUDAP] C:\Program Files\Lenovo\HOTKEY\TpWAudAp.exe
O4 - HKLM\..\Run: [SmartAudio] C:\Program Files\CONEXANT\SMARTAUDIO\SMAUDIO.EXE /c
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [TVT Scheduler Proxy] C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
O4 - HKLM\..\Run: [LPManager] C:\PROGRA~1\Lenovo\LENOVO~2\LPMGR.exe
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe"
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Lenovo\Drag-to-Disc\DrgToDsc.exe"
O4 - HKLM\..\Run: [AMSG] C:\Program Files\ThinkVantage\AMSG\Amsg.exe /startup
O4 - HKLM\..\Run: [ACTray] C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe
O4 - HKLM\..\Run: [ACWlIcon] C:\Program Files\ThinkPad\ConnectUtilities\ACWlIcon.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [ZE18MW23GY] C:\Users\PROPRI~1\AppData\Local\Temp\Ykp.exe
O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe
O4 - Startup: Outil de notification Live Search.lnk = proprietaire\AppData\Roaming\Microsoft\Live Search\Notification-LiveSearch.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{3363EF41-3989-40B0-B210-635512D72160}: NameServer = 93.188.163.183,93.188.166.183
O17 - HKLM\System\CCS\Services\Tcpip\..\{68416413-A1F5-47E2-A19E-F470EE18D678}: NameServer = 93.188.163.183,93.188.166.183
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 93.188.163.183,93.188.166.183
O17 - HKLM\System\CS1\Services\Tcpip\..\{3363EF41-3989-40B0-B210-635512D72160}: NameServer = 93.188.163.183,93.188.166.183
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 93.188.163.183,93.188.166.183
O17 - HKLM\System\CS2\Services\Tcpip\..\{3363EF41-3989-40B0-B210-635512D72160}: NameServer = 93.188.163.183,93.188.166.183
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 93.188.163.183,93.188.166.183
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Ac Profile Manager Service (AcPrfMgrSvc) - Lenovo - C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
O23 - Service: Access Connections Main Service (AcSvc) - Lenovo - C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
O23 - Service: @%SystemRoot%\system32\aelupsvc.dll,-1 (AeLookupSvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe
O23 - Service: Avira AntiVir MailGuard (AntiVirMailService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avmailc.exe
O23 - Service: Avira AntiVir Planificateur (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Avira AntiVir WebGuard (AntiVirWebService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE
O23 - Service: @%systemroot%\system32\appinfo.dll,-100 (Appinfo) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: @%SystemRoot%\system32\audiosrv.dll,-204 (AudioEndpointBuilder) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\audiosrv.dll,-200 (Audiosrv) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\bfe.dll,-1001 (BFE) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\qmgr.dll,-1000 (BITS) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: @%systemroot%\system32\browser.dll,-100 (Browser) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\System32\certprop.dll,-11 (CertPropSvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\cryptsvc.dll,-1001 (CryptSvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @oleres.dll,-5012 (DcomLaunch) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe
O23 - Service: @%SystemRoot%\system32\dhcpcsvc.dll,-100 (Dhcp) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\System32\dnsapi.dll,-101 (Dnscache) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\dot3svc.dll,-1102 (dot3svc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\dps.dll,-500 (DPS) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%systemroot%\system32\eapsvc.dll,-1 (EapHost) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\emdmgmt.dll,-1000 (EMDMgmt) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\wevtsvc.dll,-200 (Eventlog) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @comres.dll,-2450 (EventSystem) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\fdPHost.dll,-100 (fdPHost) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\fdrespub.dll,-100 (FDResPub) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: Fn+F5 Service (FNF5SVC) - Lenovo. - C:\Program Files\LENOVO\HOTKEY\FNF5SVC.exe
O23 - Service: @%systemroot%\system32\FntCache.dll,-100 (FontCache) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @gpapi.dll,-112 (gpsvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\System32\hidserv.dll,-101 (hidserv) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\kmsvc.dll,-6 (hkmsvc) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: @%SystemRoot%\system32\ikeext.dll,-501 (IKEEXT) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\IPBusEnum.dll,-102 (IPBusEnum) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\iphlpsvc.dll,-200 (iphlpsvc) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe
O23 - Service: @comres.dll,-2946 (KtmRm) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%systemroot%\system32\srvsvc.dll,-100 (LanmanServer) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\wkssvc.dll,-100 (LanmanWorkstation) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\lltdres.dll,-1 (lltdsvc) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\lmhsvc.dll,-101 (lmhosts) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\mmcss.dll,-100 (MMCSS) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\FirewallAPI.dll,-23090 (MpsSvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe
O23 - Service: @%SystemRoot%\system32\iscsidsc.dll,-5000 (MSiSCSI) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\msimsg.dll,-27 (msiserver) - Unknown owner - C:\Windows\system32\msiexec.exe
O23 - Service: @%SystemRoot%\system32\qagentrt.dll,-6 (napagent) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe
O23 - Service: @%SystemRoot%\system32\netman.dll,-109 (Netman) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\netprof.dll,-246 (netprofm) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\System32\nlasvc.dll,-1 (NlaSvc) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\nsisvc.dll,-200 (nsi) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\p2psvc.dll,-8004 (p2pimsvc) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\p2psvc.dll,-8006 (p2psvc) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\pcasvc.dll,-1 (PcaSvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\pla.dll,-500 (pla) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\umpnpmgr.dll,-100 (PlugPlay) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: PMSveH - Lenovo - C:\Program Files\Lenovo\PMDriver\PMSveH.exe
O23 - Service: @%SystemRoot%\system32\p2psvc.dll,-8002 (PNRPAutoReg) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\p2psvc.dll,-8000 (PNRPsvc) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\System32\polstore.dll,-5010 (PolicyAgent) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\profsvc.dll,-300 (ProfSvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe
O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%Systemroot%\system32\rasauto.dll,-200 (RasAuto) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%Systemroot%\system32\rasmans.dll,-200 (RasMan) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @regsvc.dll,-1 (RemoteRegistry) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: Roxio UPnP Renderer 10 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe
O23 - Service: Roxio Upnp Server 10 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 10\RoxioUpnpService10.exe
O23 - Service: LiveShare P2P Server 10 (RoxLiveShare10) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe
O23 - Service: RoxMediaDB10 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe
O23 - Service: Roxio Hard Drive Watcher 10 (RoxWatch10) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe
O23 - Service: @oleres.dll,-5010 (RpcSs) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe
O23 - Service: @%SystemRoot%\System32\SCardSvr.dll,-1 (SCardSvr) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\schedsvc.dll,-100 (Schedule) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\System32\certprop.dll,-13 (SCPolicySvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\sdrsvc.dll,-107 (SDRSVC) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\Sens.dll,-200 (SENS) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\System32\SessEnv.dll,-1026 (SessionEnv) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: SessionLauncher - Unknown owner - C:\Users\ADMINI~1\AppData\Local\Temp\DX9\SessionLauncher.exe (file missing)
O23 - Service: @%SystemRoot%\System32\shsvcs.dll,-12288 (ShellHWDetection) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe
O23 - Service: @%SystemRoot%\system32\SLUINotify.dll,-103 (SLUINotify) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe
O23 - Service: @%systemroot%\system32\ssdpsrv.dll,-100 (SSDPSRV) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\sstpsvc.dll,-200 (SstpSvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\wiaservc.dll,-9 (stisvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: System Update (SUService) - Lenovo Group Limited - c:\Program Files\Lenovo\System Update\SUService.exe
O23 - Service: @%SystemRoot%\System32\swprv.dll,-103 (swprv) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\sysmain.dll,-1000 (SysMain) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\TabSvc.dll,-100 (TabletInputService) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\tapisrv.dll,-10100 (TapiSrv) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\tbssvc.dll,-100 (TBS) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\System32\termsrv.dll,-268 (TermService) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\System32\shsvcs.dll,-8192 (Themes) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: ThinkVantage Registry Monitor Service - Lenovo Group Limited - c:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
O23 - Service: @%systemroot%\system32\mmcss.dll,-102 (THREADORDER) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: Incrustation (TPHKSVC) - Lenovo Group Limited - C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe
O23 - Service: @%SystemRoot%\system32\trkwks.dll,-1 (TrkWks) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\servicing\TrustedInstaller.exe,-100 (TrustedInstaller) - Unknown owner - C:\Windows\servicing\TrustedInstaller.exe
O23 - Service: TVT Backup Protection Service - Unknown owner - C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe
O23 - Service: TVT Backup Service - Lenovo Group Limited - C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe
O23 - Service: TVT Scheduler - Lenovo Group Limited - c:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
O23 - Service: TVT Windows Update Monitor (TVT_UpdateMonitor) - Lenovo Group Limited - C:\Program Files\Lenovo\Rescue and Recovery\UpdateMonitor.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe
O23 - Service: @%systemroot%\system32\upnphost.dll,-213 (upnphost) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\dwm.exe,-2000 (UxSms) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe
O23 - Service: @%SystemRoot%\system32\w32time.dll,-200 (W32Time) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\wcncsvc.dll,-3 (wcncsvc) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\WcsPlugInService.dll,-200 (WcsPlugInService) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\wdi.dll,-502 (WdiServiceHost) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%systemroot%\system32\wdi.dll,-500 (WdiSystemHost) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%systemroot%\system32\webclnt.dll,-100 (WebClient) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\wecsvc.dll,-200 (Wecsvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\System32\wercplsupport.dll,-101 (wercplsupport) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\System32\wersvc.dll,-100 (WerSvc) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%ProgramFiles%\Windows Defender\MsMpRes.dll,-103 (WinDefend) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\winhttp.dll,-100 (WinHttpAutoProxySvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%Systemroot%\system32\wbem\wmisvc.dll,-205 (Winmgmt) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%Systemroot%\system32\wsmsvc.dll,-101 (WinRM) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\System32\wlansvc.dll,-257 (Wlansvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files\Windows Media Player\wmpnetwk.exe
O23 - Service: @%SystemRoot%\system32\wpcsvc.dll,-100 (WPCSvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\wpdbusenum.dll,-100 (WPDBusEnum) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe,-100 (WPFFontCache_v0400) - Unknown owner - C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
O23 - Service: @%SystemRoot%\System32\wscsvc.dll,-200 (wscsvc) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%systemroot%\system32\SearchIndexer.exe,-103 (WSearch) - Unknown owner - C:\Windows\system32\SearchIndexer.exe
O23 - Service: @%systemroot%\system32\wuaueng.dll,-105 (wuauserv) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\wudfsvc.dll,-1000 (wudfsvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
--
End of file - 23672 bytes |
|
Posté le 16/08/2010 à 06:03 |
 Maîtresse astucienne |  clique sur le triangle jaune et demande à te faire déplacer dans le forum sécurité, tu auras plus de chances !!!!!!!!!
|
|
Posté le 16/08/2010 à 20:21 |
| Salut,
On voit bien l'infection mais j'aime pas trop utiliser certains outils sur Vista donc fais ceci :
 Télécharge OTL sur ton Bureau
- Double-clique sur OTL.exe pour le lancer. (Pour Vista/7, clique-droit > Exécuter en tant qu'administrateur)
- Coche la case Tous les utilisateurs
- Sous le cadre Personnalisation, copie-colle le contenu suivant :
netsvcs
%SYSTEMDRIVE%\*.exe
/md5start
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
sceclt.dll
ntelogon.dll
logevent.dll
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
nvrd32.sys
/md5stop
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
CREATERESTOREPOINT
- Clique ensuite sur Analyse puis patiente pendant qu'il effectue son scan.
- Quand l'analyse est terminée, deux fenêtres du Bloc-notes vont s'ouvrir. OTL.Txt et Extras.Txt. Ces fichiers sont sauvegardés au même endroit que OTL.
- Copie-colle le dans ta prochaine réponse.
Note : Si le rapport est trop long, héberge-le sur
http://cjoint.com |
|
Posté le 17/08/2010 à 04:19 |
Petite astucienne
| |
|
Posté le 17/08/2010 à 04:21 |
Petite astucienne
| Et voici pour extra OTL
OTL Extras logfile created on: 2010-08-16 18:47:21 - Run 1
OTL by OldTimer - Version 3.2.10.0 Folder = C:\Users\proprietaire\Desktop
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18943)
Locale: 00000C0C | Country: Canada | Language: FRC | Date Format: yyyy-MM-dd
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 45,00% Memory free
4,00 Gb Paging File | 2,00 Gb Available in Paging File | 51,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 137,82 Gb Total Space | 51,98 Gb Free Space | 37,72% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive Q: | 9,77 Gb Total Space | 3,94 Gb Free Space | 40,40% Space Free | Partition Type: NTFS
Drive S: | 1,46 Gb Total Space | 0,65 Gb Free Space | 44,63% Space Free | Partition Type: NTFS
Computer Name: LYNDA
Current User Name: proprietaire
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard
[color=#E56717]========== Extra Registry (SafeList) ==========[/color]
[color=#E56717]========== File Associations ==========[/color]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
[HKEY_USERS\S-1-5-21-86015662-786674194-1776910773-1003\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- Reg Error: Key error. File not found
[color=#E56717]========== Shell Spawning ==========[/color]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office10\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office10\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[color=#E56717]========== Security Center Settings ==========[/color]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[color=#E56717]========== Authorized Applications List ==========[/color]
[color=#E56717]========== Vista Active Open Ports Exception List ==========[/color]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{02772086-4C69-4420-86EA-3AC9F167C792}" = lport=139 | protocol=6 | dir=in | app=system |
"{16DA409D-2D9D-432C-ABC3-1A0913640EEB}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{32807CCF-D470-4DD3-9B74-645DBF5AA8C8}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{45BFD3AA-C3F9-4DF9-AFF7-C1DC10B85CC3}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{56B80706-B79E-4738-826A-F7941A6334B7}" = lport=138 | protocol=17 | dir=in | app=system |
"{6436858A-7B30-4C94-9AA0-1BBC8E2A82A9}" = rport=139 | protocol=6 | dir=out | app=system |
"{6A1AF82A-B81C-4B47-B441-A31F483790C2}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{7927A4CC-1014-4C3E-A518-923BD184A306}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{79D159C6-CD1E-44BC-ADAD-DA34ADEF6D29}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{B763D821-E2CD-4715-A04C-BDB28543B85E}" = rport=137 | protocol=17 | dir=out | app=system |
"{B9DAFB6B-FDC4-4834-84FB-D3CBAC8CBFB2}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{C63830FE-8128-43EE-9C0C-74387DBC1FA8}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{D3A296F1-233C-4ABD-9F14-B1E3109D2413}" = lport=137 | protocol=17 | dir=in | app=system |
"{E3773DEE-80C3-41C6-9B83-69C36051DBB7}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{EAB06571-8537-43F4-8C8B-8B8389F2BF4F}" = rport=445 | protocol=6 | dir=out | app=system |
"{ED4093D3-0478-42D6-9B20-D97D5FAECD67}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{EF05E921-ED23-444E-8C2F-7B4FD3E5C9E4}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{EFE3E194-623A-4448-B3FA-BFDADCF64670}" = lport=445 | protocol=6 | dir=in | app=system |
"{F5364EB9-A36E-46BF-A81A-DB7FEAC411B8}" = rport=138 | protocol=17 | dir=out | app=system |
"{F9110CCF-0AF7-4E74-A8A4-40EF498B1CEA}" = lport=2869 | protocol=6 | dir=in | app=system |
[color=#E56717]========== Vista Active Application Exception List ==========[/color]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{254EA74A-5675-4B60-BFEC-EF0B78EF7ECA}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{3951CA61-7154-4739-BB19-5670E07159BF}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{4DC7E413-AD4F-476D-8943-A12EBD7D5999}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{799073A4-A0DC-4103-975E-C4A74EC77F37}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{79D7A5F2-47D4-4500-9ACF-D38A40E15807}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{8640E8FA-616C-46B1-9191-99AD58688635}" = protocol=17 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
"{8ACB8D2E-2949-4F11-82F5-B658F5C0C9CF}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{94DF101D-1CF4-459A-B604-2BE49782B685}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe |
"{A371425B-A6BE-454C-947B-66095B27B5B0}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{B236C301-5244-44A0-9D9F-F7CE0501C540}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{CAAD993D-550A-4D70-BD96-0C84D71D7445}" = protocol=6 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
"{DCD777EA-7F8C-4554-B8A0-25DF8A33B17B}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{E500700B-15F9-4833-BEA3-0C0239A8DF6A}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"TCP Query User{8853AB6E-AE08-4035-B22B-74EDBD7AB1C2}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{DF71A80E-ED79-4616-B2F2-07A0EF5087DF}C:\program files\limewire\limewire.exe" = protocol=6 | dir=in | app=c:\program files\limewire\limewire.exe |
"TCP Query User{FF60E145-B949-4377-8EF7-33AD6183C076}C:\program files\mirc\mirc.exe" = protocol=6 | dir=in | app=c:\program files\mirc\mirc.exe |
"UDP Query User{4E37212C-4B70-48EC-8408-71A13E331758}C:\program files\limewire\limewire.exe" = protocol=17 | dir=in | app=c:\program files\limewire\limewire.exe |
"UDP Query User{5412BB33-1E02-40DB-B047-5E51F26169B8}C:\program files\mirc\mirc.exe" = protocol=17 | dir=in | app=c:\program files\mirc\mirc.exe |
"UDP Query User{D3A237D3-B42D-4669-9035-FF2C4D354225}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
[color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Central Data
"{098122AB-C605-4853-B441-C0A4EB359B75}" = DirectXInstallService
"{0F5B4A82-9DAF-3D13-8CB8-AEB25E4A614E}" = Microsoft .NET Framework 4 Client Profile FRA Language Pack
"{1007F41F-7D69-468E-8017-3849A5A973C2}" = ThinkVantage Technologies Welcome Message
"{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Central Tools
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Outil de téléchargement Windows Live
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26604C7E-A313-4D12-867F-7C6E7820BE4C}" = JMicron JMB38X Flash Media Controller
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 17
"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
"{2BD2FA21-B51D-4F01-94A7-AC16737B2163}" = Adobe Flash Player 10 ActiveX
"{2F4C24E6-CBD4-4AAC-B56F-C9FD44DE5668}" = Drag-to-Disc
"{3380F354-C5F7-4E71-8F51-EEE6C3F06C62}" = Fichiers de prise en charge de l'installation de Microsoft SQL Server (Français)
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3E31821C-7917-367E-938E-E65FC413EA31}" = Microsoft .NET Framework 3.5 Language Pack SP1 - fra
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{46ABBC54-1872-4AA3-95E2-F2C063A63F31}" = Installation Windows Live
"{4AB5764A-3894-49A2-BAA8-C4665F74CD4C}" = Registry patch to improve USB device detection on resume from sleep for Windows Vista
"{4BD295B9-0190-4C54-B08E-33A6ECA922DF}" = ThinkVantage Access Connections
"{537BF16E-7412-448C-95D8-846E85A1D817}" = Roxio Creator Small Business Edition
"{5523092E-13AA-4EED-8E18-255860F6D9DC}" = ThinkVantage Status Gadget
"{553255F3-78FD-40F1-A6F8-6882140265FE}" = Apple Application Support
"{5DD76286-9BE7-4894-A990-E905E91AC818}" = Windows Live Mail
"{62715632-A555-4D9E-9CEC-4F84EB55B07B}" = PM Driver
"{6280149E-EFF3-4F1B-BD43-5B7EDD6F620A}" = Supplément à Lenovo Care
"{65706020-7B6F-41F2-8047-FC69579E386A}" = Gestionnaire de présentation
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Central Audio
"{75FF1600-6330-43FA-9022-E0835BF20778}" = Microsoft SQL Server VSS Writer
"{76BC2442-0002-47FA-9617-43BAD82BEF4C}" = Bonjour
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{770F1BEC-2871-4E70-B837-FB8525FFA3B1}" = Windows Live Messenger
"{7E4C16B8-8F76-4940-8505-98E93C00BF19}" = Rescue and Recovery
"{82C7B308-0BDD-49D8-8EA5-9CD3A3F9DF41}" = Windows Live Call
"{8675339C-128C-44DD-83BF-0A5D6ABD8297}" = System Update
"{8991E763-21F5-4DEA-A938-5D9D77DCB488}" = Broadcom WLAN
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8D337F77-BE7F-41A2-A7CB-D5A63FD7049B}" = Sonic CinePlayer Decoder Pack
"{90120000-0020-040C-0000-0000000FF1CE}" = Module de compatibilité pour Microsoft Office System 2007
"{9028040C-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional avec FrontPage
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{996A2FAA-7514-4628-9D12-A8FC34A0016E}" = iTunes
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9C7E944F-4502-40B8-A0AB-66B2FA9EE829}" = Microsoft SQL Server Native Client
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = ALPS Touch Pad Driver
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{AC76BA86-7AD7-1036-7B44-A91000000001}" = Adobe Reader 9.1 - Français
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{B1F625EB-9691-4889-A864-DA085739F3F0}" = Power Ux Customization
"{B334D9AE-1393-423E-97C0-3BDC3360E692}" = Sonic Icons for Lenovo
"{B5C3B892-0849-476C-9F46-B12F84819D57}" = Apple Mobile Device Support
"{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Central Copy
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CF52099A-3BEA-4C41-AEA8-1E190F04D737}" = Lenovo Care
"{DB71210F-8314-4AE3-B7A7-EBAF85BD30E9}" = Wallpapers
"{DCE8CD14-FBF5-4464-B9A4-E18E473546C7}" = Assistant de connexion Windows Live
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E7E836B8-4BDD-454F-82E6-5FEA17C83AD4}" = Message Center
"{E8A54984-9776-4283-ACE2-782BA850A1C0}" = Roxio Creator Small Business Edition
"{EC877639-07AB-495C-BFD1-D63AF9140810}" = Roxio Activation Module
"{ECA1A3B6-898F-4DCE-9F04-714CF3BA126B}" = Adobe Flash Player 10 Plugin
"{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Central Core
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{FA62B4C2-6CFD-462F-9B59-68A730001AB3}" = Product Recovery Disc Burning Utility
"{FC57FC53-104C-415C-98D7-B05E659461A9}" = Broadcom Gigabit Integrated Controller
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Avira AntiVir Desktop" = Avira AntiVir Premium
"CCleaner" = CCleaner (remove only)
"CloneDVD2" = CloneDVD2
"CNXT_AUDIO_HDA" = Conexant HD Audio
"CNXT_MODEM_HDA_HSF" = HDAUDIO Soft Data Fax Modem with SmartCP
"Dipmon" = Registry Patch of Enabling Device Initiated Power Management(DIPM) on SATA for Windows Vista
"DVD Decrypter 3.5.4.0 Fr" = DVD Decrypter 3.5.4.0 Fr
"EasyCapture3.0" = EasyCapture
"FPIRPOn" = Registry patch of Changing Timing of IDLE IRP by Finger Print Driver for Windows Vista
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"InstallShield_{62715632-A555-4D9E-9CEC-4F84EB55B07B}" = PM Driver
"Kyodai_is1" = Kyodai
"Lenovo Registration" = Lenovo Registration
"LENOVO.SMIIF" = Lenovo System Interface Driver
"LimeWire" = LimeWire 5.5.8
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 Language Pack SP1 - fra" = Module linguistique Microsoft .NET Framework 3.5 SP1- fra
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile FRA Language Pack" = Module linguistique Microsoft .NET Framework 4 Client Profile FRA
"mIRC" = mIRC
"OnScreenDisplay" = Incrustation
"PC-Doctor for Windows" = Lenovo System Toolbox
"Revo Uninstaller" = Revo Uninstaller 1.83
"USBPMon" = Registry patch for Windows Vista USB S3 PM Enablement
"VLC media player" = VLC media player 1.0.3
"WinLiveSuite_Wave3" = Installation Windows Live
"WinRAR archiver" = WinRAR archiver
[color=#E56717]========== HKEY_USERS Uninstall List ==========[/color]
[HKEY_USERS\S-1-5-21-86015662-786674194-1776910773-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"BitTorrent" = BitTorrent
"CopyTrans Suite" = CopyTrans Suite désinstallation uniquement
"Live Search" = Notification Live Search
[color=#E56717]========== Last 10 Event Log Errors ==========[/color]
[ Application Events ]
Error - 2010-08-16 00:00:20 | Computer Name = Lynda | Source = SPP | ID = 16387
Description =
Error - 2010-08-16 00:00:20 | Computer Name = Lynda | Source = System Restore | ID = 8193
Description =
Error - 2010-08-16 00:00:20 | Computer Name = Lynda | Source = System Restore | ID = 8210
Description =
Error - 2010-08-16 03:26:09 | Computer Name = Lynda | Source = Application Error | ID = 1000
Description = Application défaillante Ykp.exe, version 0.1.2.0, horodatage 0x4c5af888,
module défaillant unknown, version 0.0.0.0, horodatage 0x00000000, code d’exception
0xc0000005, décalage d’erreur 0x00000000, ID du processus 0x1654, heure de début
de l’application 0x01cb3d13bbb8bfa9.
Error - 2010-08-16 05:56:24 | Computer Name = Lynda | Source = Application Error | ID = 1000
Description = Application défaillante Ykp.exe, version 0.1.2.0, horodatage 0x4c5af888,
module défaillant unknown, version 0.0.0.0, horodatage 0x00000000, code d’exception
0xc0000005, décalage d’erreur 0x00000000, ID du processus 0x15e8, heure de début
de l’application 0x01cb3d26e65f8829.
Error - 2010-08-16 17:58:35 | Computer Name = Lynda | Source = Application Error | ID = 1000
Description = Application défaillante Ykp.exe, version 0.1.2.0, horodatage 0x4c5af888,
module défaillant unknown, version 0.0.0.0, horodatage 0x00000000, code d’exception
0xc0000005, décalage d’erreur 0x05cafbc2, ID du processus 0x15e0, heure de début
de l’application 0x01cb3d8bd171da29.
Error - 2010-08-16 18:43:06 | Computer Name = Lynda | Source = VSS | ID = 8194
Description =
Error - 2010-08-16 18:43:54 | Computer Name = Lynda | Source = SPP | ID = 16387
Description =
Error - 2010-08-16 18:43:54 | Computer Name = Lynda | Source = System Restore | ID = 8193
Description =
Error - 2010-08-16 18:48:41 | Computer Name = Lynda | Source = SPP | ID = 16387
Description =
[ System Events ]
Error - 2010-08-15 20:12:21 | Computer Name = Lynda | Source = Service Control Manager | ID = 7034
Description =
Error - 2010-08-15 20:14:32 | Computer Name = Lynda | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001
Description =
Error - 2010-08-15 20:15:09 | Computer Name = Lynda | Source = Service Control Manager | ID = 7011
Description =
Error - 2010-08-15 20:15:35 | Computer Name = Lynda | Source = Service Control Manager | ID = 7011
Description =
Error - 2010-08-15 20:16:11 | Computer Name = Lynda | Source = Service Control Manager | ID = 7011
Description =
Error - 2010-08-15 20:16:41 | Computer Name = Lynda | Source = Service Control Manager | ID = 7011
Description =
Error - 2010-08-15 20:17:11 | Computer Name = Lynda | Source = Service Control Manager | ID = 7011
Description =
Error - 2010-08-15 20:17:41 | Computer Name = Lynda | Source = Service Control Manager | ID = 7011
Description =
Error - 2010-08-15 20:18:22 | Computer Name = Lynda | Source = Service Control Manager | ID = 7011
Description =
Error - 2010-08-15 20:18:52 | Computer Name = Lynda | Source = Service Control Manager | ID = 7011
Description =
< End of report > |
|
Posté le 17/08/2010 à 08:11 |
Equipe PC Astuces
| Bonjour,
Le sujet a été déplacé par la modération dans un forum plus adéquat.
Vous pouvez continuer la discussion à la suite.
A bientôt. |
|
Posté le 17/08/2010 à 09:32 |
| Salut,
Finalement CF sera plus efficace 
Télécharge ComboFix sur ton Bureau ( et pas ailleurs)
- Prends connaissance de ce tutoriel : Tutoriel ComboFix Bleeping Computer
- Désactive ton antivirus
- Ferme toutes les fenêtres
- Double-clique sur ComboFix.exe (Pour Vista/7, clique-droit > Exécuter en tant qu'administrateur)
- Clique sur Oui/YES pour accepter la limitation de garantie !
--> Si ComboFix te demande d'installer la console de récupération, accepte ( YES, puis OUI), c'est TRÈS IMPORTANT !
- Lance le scan (ne clique pas sur la fenêtre qui s'ouvre).
- A la fin du scan (cela peut prendre du temps), un rapport sera créé.
- Copie-colle ce rapport dans ton prochain message (C:\Combofix.txt)
|
|
Posté le 17/08/2010 à 23:44 |
Petite astucienne
| Allo
J'ai installé sur le bureau combofix.exe mais je ne suis pas capable d'aller plus loin car quand je clique dessus ca me demande d'autoriser ce programme et après plus rien..mon ordinateur s'arrête car mon écran devient bleu et me donne des choix de restauration. ex: mode sans echec...etc...
et depuis ce temps mon système ouvre et se ferme automatiquement sans que je fasse rien...
que dois-je faire?? |
|
Posté le 17/08/2010 à 23:50 |
| Hum..
Je te propose de créer un CD bootable qui permettra de faire démarrer le PC dans un environnement spécial et d'effectuer une analyse du PC.
Ensuite il sera possible, à partir de cet environnement spécial, de nettoyer et réparer le PC.
Je te conseille d'imprimer la procédure puisque tu vas démarrer à partir d'un CD spécial.
Il faut exécuter toutes les étapes, sans interruption, dans l'ordre exact indiqué ci-dessous.
Si un élément te paraît obscur, demande des explications avant de commencer la procédure.
À partir d'un PC sain,
Télécharge OTLPENet.exe sur ton Bureau
- Insère un CD vierge dans ton graveur.
- Double-clique sur le fichier OTLPENet.exe (Une fenêtre va s'ouvrir pour te demander si tu souhaites graver le CD, clique sur le bouton Oui.)
- Un fichier .iso inclus dans le téléchargement sera gravé sur le disque vierge. Il s'agit d'un ReatoGo bootable, nommé OTLPE, qui te permettra d'avoir accès à tes fichiers sur la machine qui ne démarre plus.
- Démarre la machine infectée et insère rapidement le disque gravé, afin que le démarrage se fasse via ce disque. Si ça ne fonctionne pas du premier coup, redémarre la machine avec le disque dans le lecteur à nouveau. Si ça ne fonctionne toujours pas, il faudra vérifier l'ordre du boot dans le BIOS et mettre le lecteur optique en premier.
- Si tout va bien, tu démarreras sur l'environnement OTLPE
- En fonction de ta connexion Internet, tu es en mesure d'accéder à ce sujet.
- Double-clique sur l'icône OTLPE qui se trouvera sur le Bureau.
>> On te demandera : Do you wish to load the remote registry: clique Yes
>> On te demandera : Do you wish to load remote user profile(s) for scanning: clique Yes
>> Assure-toi que Automatically Load All Remaining Users soit coché, puis clique OK (Vérifie que c'est bien ta session de sélectionné)
- OTL se lance. Modifie l'option Drivers à All, puis Standard Registry à All.
- Copie-colle le texte suivant dans la fenêtre Custom Scans/Fixes (au bas de OTL)
/md5start
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
sceclt.dll
ntelogon.dll
logevent.dll
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
nvrd32.sys
userinit.exe
explorer.exe
ntoskrnl.exe
/md5stop
%SYSTEMDRIVE%\*.*
%systemroot%\*. /mp /s
%systemroot%\System32\config\*.sav
- Clique maintenant sur Run Scan (au haut, à gauche).
- Lorsque l'analyse sera terminée, un fichier texte sera créé : C:\OTL.txt
- Poste le contenu du rapport ici.
- Ceci n'est qu'une analyse, donc ne réparera rien, pour l'instant. Il s'agit d'identifier les intrus, on nettoie ensuite.
Note : Si ton rapport est trop long, utilise le site
http://www.ci-joint.fr
pour envoyer ton rapport, et poste le lien dans ta prochaine réponse. |
|
Posté le 18/08/2010 à 01:59 |
Petite astucienne
| Bon j'essai de rédémarrer avec le CD rebootable et non ca ne fonctionne pas .. alors comment fait on pour vérifier l'ordre du boot dans la bios et mettre le lecteur optique en premier...
Et Merci de m'aider, c'est très apprécié
Sebdou ;-) |
|
Posté le 18/08/2010 à 04:05 |
Petite astucienne
| bon jai réussi à mettre le disque mais quans tout est installé je clique sur OTLPE et jai une fenetre qui me demande d'aller trouver le fichier et je ne suis pas capable de me connecter à internet...
Il doit y avoir un moyen plus simple...
Et si on recommencait du début
Merci |
|
Posté le 18/08/2010 à 14:45 |
| Transfère tout via clé usb |
|
Posté le 18/08/2010 à 16:45 |
Petite astucienne
| Euhhhhh je transfère quoi sur ma clé usb???
Je suis novice mais j'apprend vite lollll
Merci |
|
Posté le 18/08/2010 à 17:24 |
| Tu démarres sur le CD, lances OTLPE et lances un scan. |
|
Posté le 18/08/2010 à 18:38 |
Petite astucienne
| Quand je lance le cd et sur mon bureau s'affiche plein d'icone dont le OTLPE et que je clique dessus, ca me demande de construire une connection internet et d'aller chercher le fichier dans mon ordinateur mais l,interface que jai sur mon bureau Nest pas à moi. il appartient à cellui qui a fait le .iso..
Alors si je fais le cd à partir de mon portable est ce que ca changerait qq chose?? |
|
Posté le 18/08/2010 à 18:40 |
| Tu cliques sur Run scan. Pas besoin de fichier |
|
Posté le 18/08/2010 à 23:43 |
Petite astucienne
| J'ai suivi les consignes du tutoriel que j'ai lu et suivi et quand je clique sur OTLPE qui se trouve sur mon bureau, il y a une fenêtre qui m'apparait.
Browse for folder
Choose windows directory
Ramdisk (B)
Service003 (C)
SW Preload (D)
Lenovo (E)
ReatogoPE (X)
Shared documents
Folder my computerr
et voilà je suis bloqué et de plus je nai plus aucune connection internet
|
|
Posté le 18/08/2010 à 23:56 |
Petite astucienne
| oubli le message précédent
Jai réussi tout mais quand j'arrive à l'endroit où il faut que je colle les données dans Customs all.. comment fais tu ??? jai mis les données sur ma clé usb mais quand je place ma clé dans le portable elle le détecte pas vu que le portable fonctionne sur le cd bootable... comment faire |
|
Posté le 19/08/2010 à 00:44 |
| Normalement ça doit détecter. Si ça détecte pas, c'est pas la peine d'aller plus loin t'en auras besoin
Clique juste sur Run scan pour l'instant, jute ça, sans coller le texte |
|
Posté le 19/08/2010 à 01:14 |
Petite astucienne
| |
|
Posté le 19/08/2010 à 18:31 |
| Salut,
Sauvegarde ta Base de Registre : Sauvegarde de la base de registre Relance OTL.exe.
- Copie-colle le code suivant dans la fenêtre Personnalisation
:OTL
PRC - [2010-08-14 19:57:22 | 000,188,416 | ---- | M] (ApexDC++ Development Team) -- C:\Users\PROPRI~1\AppData\Local\Temp\Ykp.exe
O4 - HKU\S-1-5-21-86015662-786674194-1776910773-1003..\Run: [Cnekicuhuhoneni] C:\Users\proprietaire\AppData\Local\ificepex.DLL (Systems Internals)
O4 - HKU\S-1-5-21-86015662-786674194-1776910773-1003..\Run: [Sxikacokuvomu] C:\Users\proprietaire\AppData\Local\sa01apn2.DLL (Dritek System Inc.)
O4 - HKU\S-1-5-21-86015662-786674194-1776910773-1003..\Run: [ZE18MW23GY] C:\Users\PROPRI~1\AppData\Local\Temp\Ykp.exe (ApexDC++ Development Team)
[2010-08-14 19:57:32 | 000,196,608 | ---- | C] (ApexDC++ Development Team) -- C:\Windows\Ydequa.exe
[2009-10-03 08:45:28 | 000,204,288 | ---- | C] (Systems Internals) -- C:\Users\proprietaire\AppData\Local\ificepex.dll
[2009-10-03 08:45:28 | 000,072,192 | ---- | C] (Dritek System Inc.) -- C:\Users\proprietaire\AppData\Local\sa01apn2.dll
[2010-08-16 18:41:32 | 000,000,000 | ---- | M] () -- C:\Users\proprietaire\AppData\Local\Smejokupujaxa.bin
[2010-08-16 18:41:31 | 000,000,120 | ---- | M] () -- C:\Users\proprietaire\AppData\Local\Hwitulukacegala.dat
[2010-08-16 18:39:47 | 000,000,020 | ---- | M] () -- C:\Users\proprietaire\AppData\Roaming\bawuho.dat
[2010-08-16 18:39:04 | 000,000,004 | ---- | M] () -- C:\Users\proprietaire\AppData\Roaming\avdrn.dat
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:5C321E34
@Alternate Data Stream - 110 bytes -> C:\ProgramData\TEMP:DFC5A2B2
:commands
[EmptyTemp]
[EmptyFlash]
[Purity]
[CREATERESTOREPOINT]
[ResetHosts]
[Reboot]
- Clique ensuite sur Correction et patiente pendant que l'outil travaille.
- Copie-colle le contenu du rapport qui s'ouvre (C\_OTL\MovedFiles) dans ta prochaine réponse.
|
|
Posté le 20/08/2010 à 01:19 |
Petite astucienne
| All processes killed
Error: Unable to interpret <OTL> in the current context!
Error: Unable to interpret <PRC - [2010-08-14 19:57:22 | 000,188,416 | ---- | M] (ApexDC++ Development Team) -- C:\Users\PROPRI~1\AppData\Local\Temp\Ykp.exe> in the current context!
Error: Unable to interpret <O4 - HKU\S-1-5-21-86015662-786674194-1776910773-1003..\Run: [Cnekicuhuhoneni] C:\Users\proprietaire\AppData\Local\ificepex.DLL (Systems Internals)> in the current context!
Error: Unable to interpret <O4 - HKU\S-1-5-21-86015662-786674194-1776910773-1003..\Run: [Sxikacokuvomu] C:\Users\proprietaire\AppData\Local\sa01apn2.DLL (Dritek System Inc.)> in the current context!
Error: Unable to interpret <O4 - HKU\S-1-5-21-86015662-786674194-1776910773-1003..\Run: [ZE18MW23GY] C:\Users\PROPRI~1\AppData\Local\Temp\Ykp.exe (ApexDC++ Development Team)> in the current context!
Error: Unable to interpret <[2010-08-14 19:57:32 | 000,196,608 | ---- | C] (ApexDC++ Development Team) -- C:\Windows\Ydequa.exe> in the current context!
Error: Unable to interpret <[2009-10-03 08:45:28 | 000,204,288 | ---- | C] (Systems Internals) -- C:\Users\proprietaire\AppData\Local\ificepex.dll> in the current context!
Error: Unable to interpret <[2009-10-03 08:45:28 | 000,072,192 | ---- | C] (Dritek System Inc.) -- C:\Users\proprietaire\AppData\Local\sa01apn2.dll> in the current context!
Error: Unable to interpret <[2010-08-16 18:41:32 | 000,000,000 | ---- | M] () -- C:\Users\proprietaire\AppData\Local\Smejokupujaxa.bin> in the current context!
Error: Unable to interpret <[2010-08-16 18:41:31 | 000,000,120 | ---- | M] () -- C:\Users\proprietaire\AppData\Local\Hwitulukacegala.dat> in the current context!
Error: Unable to interpret <[2010-08-16 18:39:47 | 000,000,020 | ---- | M] () -- C:\Users\proprietaire\AppData\Roaming\bawuho.dat> in the current context!
Error: Unable to interpret <[2010-08-16 18:39:04 | 000,000,004 | ---- | M] () -- C:\Users\proprietaire\AppData\Roaming\avdrn.dat> in the current context!
Error: Unable to interpret <@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:5C321E34> in the current context!
Error: Unable to interpret <@Alternate Data Stream - 110 bytes -> C:\ProgramData\TEMP:DFC5A2B2> in the current context!
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: proprietaire
->Temp folder emptied: 32768 bytes
->Temporary Internet Files folder emptied: 1896563 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 405 bytes
User: Public
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 31746 bytes
RecycleBin emptied: 23674 bytes
Total Files Cleaned = 2,00 mb
[EMPTYFLASH]
User: All Users
User: Default
User: Default User
User: proprietaire
->Flash cache emptied: 0 bytes
User: Public
Total Flash Files Cleaned = 0,00 mb
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
OTL by OldTimer - Version 3.2.10.0 log created on 08192010_211243
Files\Folders moved on Reboot...
C:\Users\proprietaire\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\QM4RIRST\ads[2].htm moved successfully.
C:\Users\proprietaire\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\78HTW76Q\ads[2].htm moved successfully.
C:\Users\proprietaire\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\78HTW76Q\cheval_de_troie-f25s56097[1].htm moved successfully.
C:\Users\proprietaire\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\57WN7RET\ads[1].htm moved successfully.
C:\Users\proprietaire\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\0EIIT8XR\ads[1].htm moved successfully.
C:\Users\proprietaire\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\0EIIT8XR\ads[2].htm moved successfully.
C:\Users\proprietaire\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\2CEDBFBC-DBA8-43AA-B1FD-CC8E6316E3E2.dat moved successfully.
Registry entries deleted on Reboot... |
|
Posté le 20/08/2010 à 02:06 |
| Tu peux recommencer, t'as oublié les : devant OTL => :OTL |
|
Posté le 20/08/2010 à 02:54 |
Petite astucienne
| All processes killed
========== OTL ==========
No active process named Ykp.exe was found!
Registry value HKEY_USERS\S-1-5-21-86015662-786674194-1776910773-1003\Software\Microsoft\Windows\CurrentVersion\Run\\Cnekicuhuhoneni not found.
File C:\Users\proprietaire\AppData\Local\ificepex.DLL not found.
Registry value HKEY_USERS\S-1-5-21-86015662-786674194-1776910773-1003\Software\Microsoft\Windows\CurrentVersion\Run\\Sxikacokuvomu not found.
File C:\Users\proprietaire\AppData\Local\sa01apn2.DLL not found.
Registry value HKEY_USERS\S-1-5-21-86015662-786674194-1776910773-1003\Software\Microsoft\Windows\CurrentVersion\Run\\ZE18MW23GY not found.
File C:\Users\PROPRI~1\AppData\Local\Temp\Ykp.exe not found.
File C:\Windows\Ydequa.exe not found.
File C:\Users\proprietaire\AppData\Local\ificepex.dll not found.
File C:\Users\proprietaire\AppData\Local\sa01apn2.dll not found.
File C:\Users\proprietaire\AppData\Local\Smejokupujaxa.bin not found.
File C:\Users\proprietaire\AppData\Local\Hwitulukacegala.dat not found.
File C:\Users\proprietaire\AppData\Roaming\bawuho.dat not found.
File C:\Users\proprietaire\AppData\Roaming\avdrn.dat not found.
Unable to delete ADS C:\ProgramData\TEMP:5C321E34 .
Unable to delete ADS C:\ProgramData\TEMP:DFC5A2B2 .
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: proprietaire
->Temp folder emptied: 32768 bytes
->Temporary Internet Files folder emptied: 48089756 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 1256 bytes
User: Public
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 31746 bytes
RecycleBin emptied: 153660 bytes
Total Files Cleaned = 46,00 mb
[EMPTYFLASH]
User: All Users
User: Default
User: Default User
User: proprietaire
->Flash cache emptied: 0 bytes
User: Public
Total Flash Files Cleaned = 0,00 mb
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
OTL by OldTimer - Version 3.2.10.0 log created on 08192010_204755
Files\Folders moved on Reboot...
C:\Users\proprietaire\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\TIY33PI0\ads[1].htm moved successfully.
C:\Users\proprietaire\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\TIY33PI0\ads[2].htm moved successfully.
C:\Users\proprietaire\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\OGKE3VKM\ads[2].htm moved successfully.
C:\Users\proprietaire\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\OGKE3VKM\cheval_de_troie-f25s56097[1].htm moved successfully.
C:\Users\proprietaire\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\H5C1I57U\ads[1].htm moved successfully.
C:\Users\proprietaire\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\H5C1I57U\ads[2].htm moved successfully.
C:\Users\proprietaire\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\BQAZWSYH\ads[2].htm moved successfully.
C:\Users\proprietaire\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\2CEDBFBC-DBA8-43AA-B1FD-CC8E6316E3E2.dat moved successfully.
Registry entries deleted on Reboot... |
|
Posté le 20/08/2010 à 12:55 |
| |
|
|
|
|
|
À LA UNE
PRATIQUE
LOGITHÈQUE
TABLETTE ET MOBILE
BONS PLANS
FONDS D'ÉCRAN
JEUX
FORUM
Cheval de troie
