[OK] Demande d'analyse de log OTL/MBAM

Sécurité et insécurité. Virus, Trojans, Spywares, Failles etc. …

Modérateur: Modérateurs et Modératrices

Règles du forum
Assiste.com a suspendu l'assistance à la décontamination après presque 15 ans sur l'ancien forum puis celui-ci. Voir :

Procédure de décontamination 1 - Anti-malware
Décontamination anti-malwares

Procédure de décontamination 2 - Anti-malware et antivirus (La Manip)
La Manip - Procédure standard de décontamination

Entretien périodique d'un PC sous Windows
Entretien périodique d'un PC sous Windows

Protection des navigateurs, de la navigation et de la vie privée
Protéger le navigateur, la navigation et la vie privée

[OK] Demande d'analyse de log OTL/MBAM

Messagede sergeK » 26 Aoû 2010, 21:45

Bonjour,

Ce fil fait suite à celui-ci dans lequel sont explicités les symptômes.

Précisions:
1) Le système est protégé par clamwin, qui ne dispose pas sauf erreur de ma part de module résident. J'ai appliqué la procédure dans cette optique.
2) Pour rédiger ces posts depuis la machine infectée, j'ai du modifier la config de Firefox qui était configuré pour utiliser un proxy (config qui fait partie de l'infection) . La modif est ultérieure à la création des rapports.

Voici le rapport Malwarebytes' Anti-Malware:
Code: Tout sélectionner
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Version de la base de données: 4483

Windows 5.1.2600 Service Pack 2
Internet Explorer 6.0.2900.2180

26/08/2010 04:14:29
mbam-log-2010-08-26 (04-14-29).txt

Type d'examen: Examen rapide
Elément(s) analysé(s): 130096
Temps écoulé: 6 minute(s), 0 seconde(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 1
Valeur(s) du Registre infectée(s): 4
Elément(s) de données du Registre infecté(s): 3
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 2

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\Invictus (Trojan.FakeAlert) -> No action taken.

Valeur(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\weewgoft (Rogue.SecuritySuite) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\weewgoft (Rogue.SecuritySuite) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\gfrjjuir (Rogue.SecuritySuite) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\gfrjjuir (Rogue.SecuritySuite) -> No action taken.

Elément(s) de données du Registre infecté(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
C:\Documents and Settings\Patrick\Local Settings\Application Data\praliayah\klgmyfdshdw.exe (Rogue.SecuritySuite) -> No action taken.
C:\Documents and Settings\Patrick\Local Settings\Application Data\ufikicmcb\kjeduhyshdw.exe (Rogue.SecuritySuite) -> No action taken.


note: le rapport se situe sur le bureau de l'utilisateur et non dans SystemDrive\Documents and Settings\<tonprofil>\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs comme indiqué dans la procédure.
sergeK
 
Messages: 171
Inscription: 20 Jan 2008, 00:20

Messagede sergeK » 26 Aoû 2010, 21:51

Rapport OTL.txt

OTL logfile created on: 26/08/2010 04:17:39 - Run 1
OTL by OldTimer - Version 3.2.10.0 Folder = C:\Documents and Settings\Patrick\Bureau
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy

1 023,00 Mb Total Physical Memory | 657,00 Mb Available Physical Memory | 64,00% Memory free
2,00 Gb Paging File | 2,00 Gb Available in Paging File | 90,00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 298,08 Gb Total Space | 143,13 Gb Free Space | 48,02% Space Free | Partition Type: NTFS
Drive D: | 9,27 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: AMPERES-9750556
Current User Name: Patrick
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/08/24 23:08:09 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Patrick\Bureau\OTL.exe
PRC - [2010/06/03 02:50:58 | 001,144,104 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
PRC - [2010/04/13 20:14:24 | 000,086,016 | ---- | M] (alch) -- C:\Program Files\ClamWin\bin\ClamTray.exe
PRC - [2009/10/15 10:53:54 | 000,959,808 | ---- | M] (SFR) -- C:\Program Files\SFR\Kit\9props.exe
PRC - [2009/08/27 17:05:04 | 000,247,144 | ---- | M] (TomTom) -- C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe
PRC - [2009/08/27 17:05:04 | 000,092,008 | ---- | M] (TomTom) -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
PRC - [2007/11/13 18:57:04 | 002,510,848 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 2.3\program\soffice.bin
PRC - [2007/11/13 18:57:02 | 002,359,296 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 2.3\program\soffice.exe
PRC - [2006/03/06 19:48:46 | 000,286,720 | ---- | M] () -- C:\Program Files\Lexmark 3400 Series\lxcymon.exe
PRC - [2006/03/02 14:00:00 | 001,036,288 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/02/20 21:23:08 | 000,495,616 | ---- | M] ( ) -- C:\WINDOWS\system32\lxcycoms.exe
PRC - [2006/02/07 07:10:34 | 000,098,304 | ---- | M] (Lexmark International Inc.) -- C:\Program Files\Lexmark 3400 Series\ezprint.exe
PRC - [2003/06/23 09:41:54 | 000,083,264 | R--- | M] () -- C:\WINDOWS\NsUpdate.exe


========== Modules (SafeList) ==========

MOD - [2010/08/24 23:08:09 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Patrick\Bureau\OTL.exe
MOD - [2006/03/02 14:00:00 | 001,050,624 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll
MOD - [2006/03/02 14:00:00 | 000,102,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- C:\WINDOWS\System32\appmgmts.dll -- (AppMgmt)
SRV - [2009/08/27 17:05:04 | 000,092,008 | ---- | M] (TomTom) [Auto | Running] -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService)
SRV - [2006/02/20 21:23:08 | 000,495,616 | ---- | M] ( ) [On_Demand | Running] -- C:\WINDOWS\System32\lxcycoms.exe -- (lxcy_device)


========== Driver Services (SafeList) ==========

DRV - [2007/03/01 11:27:00 | 004,484,608 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2006/12/12 04:28:26 | 000,052,224 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BrSerIf.sys -- (BrSerIf)
DRV - [2006/10/31 00:35:00 | 003,964,256 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2006/10/18 02:31:38 | 000,105,472 | R--- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\nvata.sys -- (nvata)
DRV - [2006/09/27 09:04:16 | 000,019,968 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2006/09/27 09:04:12 | 000,057,856 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
DRV - [2006/09/03 02:53:54 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BrUsbSer.sys -- (BrUsbSer)
DRV - [2005/11/19 03:13:18 | 000,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PCASp50.sys -- (PCASp50)
DRV - [2005/01/07 17:07:18 | 000,138,752 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Hdaudbus.sys -- (HDAudBus)
DRV - [2004/10/15 05:50:20 | 000,015,295 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BrScnUsb.sys -- (BrScnUsb)
DRV - [2004/08/11 18:00:00 | 000,005,810 | R--- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ASACPI.sys -- (MTsensor)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1645522239-1614895754-839522115-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://home.microsoft.com/access/allinone.asp
IE - HKU\S-1-5-21-1645522239-1614895754-839522115-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
IE - HKU\S-1-5-21-1645522239-1614895754-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\S-1-5-21-1645522239-1614895754-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKU\S-1-5-21-1645522239-1614895754-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:6522

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:1.9.9.97

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/08/22 18:05:48 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/07/24 13:52:40 | 000,000,000 | ---D | M]

[2010/05/06 15:58:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Patrick\Application Data\Mozilla\Extensions
[2009/09/16 11:46:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Patrick\Application Data\Mozilla\Extensions\home2@tomtom.com
[2010/08/23 05:57:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Patrick\Application Data\Mozilla\Firefox\Profiles\v7pjsid2.default\extensions
[2010/06/29 14:35:35 | 000,000,000 | ---D | M] (NoScript) -- C:\Documents and Settings\Patrick\Application Data\Mozilla\Firefox\Profiles\v7pjsid2.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
[2010/05/06 15:57:52 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/04/01 19:07:29 | 000,001,516 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-france.xml
[2010/04/01 19:07:29 | 000,001,822 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\cnrtl-tlfi-fr.xml
[2010/04/01 19:07:29 | 000,000,757 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-france.xml
[2010/04/01 19:07:29 | 000,001,426 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-fr.xml
[2010/04/01 19:07:29 | 000,000,956 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-france.xml

O1 HOSTS File: ([2006/03/02 14:00:00 | 000,000,790 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Aide pour le lien d'Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [ClamWin] C:\Program Files\ClamWin\bin\ClamTray.exe (alch)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [EzPrint] C:\Program Files\Lexmark 3400 Series\ezprint.exe (Lexmark International Inc.)
O4 - HKLM..\Run: [FaxCenterServer] C:\Program Files\Lexmark Fax Solutions\fm3032.exe ()
O4 - HKLM..\Run: [gfrjjuir] C:\Documents and Settings\Patrick\Local Settings\Application Data\ufikicmcb\kjeduhyshdw.exe ()
O4 - HKLM..\Run: [LXCYCATS] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCYtime.DLL ()
O4 - HKLM..\Run: [lxcymon.exe] C:\Program Files\Lexmark 3400 Series\lxcymon.exe ()
O4 - HKLM..\Run: [NsUpdate] C:\WINDOWS\NsUpdate.exe ()
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [SkyTel] C:\WINDOWS\SkyTel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [Sudoku] File not found
O4 - HKLM..\Run: [weewgoft] C:\Documents and Settings\Patrick\Local Settings\Application Data\praliayah\klgmyfdshdw.exe ()
O4 - HKU\S-1-5-21-1645522239-1614895754-839522115-1004..\Run: [Connexion SFR 9props.exe] C:\Program Files\SFR\Kit\9props.exe (SFR)
O4 - HKU\S-1-5-21-1645522239-1614895754-839522115-1004..\Run: [gfrjjuir] C:\Documents and Settings\Patrick\Local Settings\Application Data\ufikicmcb\kjeduhyshdw.exe ()
O4 - HKU\S-1-5-21-1645522239-1614895754-839522115-1004..\Run: [Sudoku] File not found
O4 - HKU\S-1-5-21-1645522239-1614895754-839522115-1004..\Run: [TomTomHOME.exe] C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe (TomTom)
O4 - HKU\S-1-5-21-1645522239-1614895754-839522115-1004..\Run: [weewgoft] C:\Documents and Settings\Patrick\Local Settings\Application Data\praliayah\klgmyfdshdw.exe ()
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\Patrick\Menu Démarrer\Programmes\Démarrage\OpenOffice.org 2.3.lnk = C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe ()
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1645522239-1614895754-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O16 - DPF: {31435657-9980-0010-8000-00AA00389B71} http://download.microsoft.com/download/ ... vc1dmo.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_15)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop Components:0 (Ma page d'accueil) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\Patrick\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Patrick\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/08/26 09:52:36 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{08314e9e-9221-11de-970b-806d6172696f}\Shell\AutoRun\command - "" = e2.cmd
O33 - MountPoints2\{08314e9e-9221-11de-970b-806d6172696f}\Shell\open\Command - "" = e2.cmd
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: AppMgmt - C:\WINDOWS\System32\appmgmts.dll File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: Wmi - C:\WINDOWS\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (54619756233228288)

========== Files/Folders - Created Within 30 Days ==========

[2010/08/26 04:00:14 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/08/26 03:58:39 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2010/08/26 03:57:59 | 000,791,393 | ---- | C] (Lars Hederer ) -- C:\Documents and Settings\Patrick\Bureau\erunt-setup.exe
[2010/08/26 03:38:24 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/08/26 03:38:23 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/08/26 03:23:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Patrick\Application Data\Malwarebytes
[2010/08/26 03:20:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/08/26 03:20:17 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/08/26 03:18:07 | 006,153,352 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Patrick\Bureau\mbam-setup.exe
[2010/08/26 03:16:45 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Patrick\Bureau\OTL.exe
[2010/08/24 16:14:42 | 000,000,000 | ---D | C] -- C:\WINDOWS\Minidump
[2010/08/23 14:22:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Patrick\Local Settings\Application Data\ufikicmcb
[2010/08/23 14:22:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Patrick\Local Settings\Application Data\praliayah
[2010/08/21 17:31:12 | 000,000,000 | ---D | C] -- C:\Program Files\YesMessenger
[2010/08/15 16:38:46 | 000,000,000 | ---D | C] -- C:\Program Files\Fichiers communs\Symantec Shared
[2010/08/15 16:33:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Symantec
[2010/08/15 16:33:15 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\NSS
[2010/08/15 16:33:15 | 000,000,000 | ---D | C] -- C:\Program Files\Norton Security Scan
[2010/08/15 16:33:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Norton
[2010/08/15 16:33:15 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\NSS\0207030.022
[2010/08/15 16:33:14 | 000,000,000 | ---D | C] -- C:\Program Files\NortonInstaller
[2010/08/15 16:33:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NortonInstaller
[2010/08/15 01:55:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Patrick\Mes documents\Downloads
[2010/08/15 01:53:52 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Patrick\Mes documents\Mes vidéos
[2010/08/15 01:53:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Patrick\Application Data\DivX
[2010/08/15 01:53:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Patrick\Mes documents\DivX Movies
[2010/08/15 01:53:36 | 002,120,176 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\pxsfs.dll
[2010/08/15 01:53:36 | 000,698,864 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\px.dll
[2010/08/15 01:53:36 | 000,567,792 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\pxdrv.dll
[2010/08/15 01:53:36 | 000,440,816 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\pxwave.dll
[2010/08/15 01:53:36 | 000,219,632 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\pxmas.dll
[2010/08/15 01:53:36 | 000,133,616 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\pxafs.dll
[2010/08/15 01:53:36 | 000,126,448 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\pxinsi64.exe
[2010/08/15 01:53:36 | 000,123,888 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\pxcpyi64.exe
[2010/08/15 01:53:36 | 000,100,848 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\vxblock.dll
[2010/08/15 01:53:36 | 000,072,176 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\pxhpinst.exe
[2010/08/15 01:53:36 | 000,068,592 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\pxinsa64.exe
[2010/08/15 01:53:36 | 000,068,080 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\pxcpya64.exe
[2010/08/15 01:53:36 | 000,009,200 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\drivers\cdralw2k.sys
[2010/08/15 01:53:36 | 000,009,072 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\drivers\cdr4_xp.sys
[2010/08/15 01:53:20 | 000,000,000 | ---D | C] -- C:\Program Files\Fichiers communs\DivX Shared
[2010/08/15 01:52:08 | 000,000,000 | ---D | C] -- C:\Program Files\DivX
[2010/08/15 01:51:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\DivX
[2010/08/04 16:27:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Patrick\Mes documents\Mes fichiers reçus
[2010/07/30 18:34:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NFS Underground
[2010/07/30 18:32:29 | 000,000,000 | ---D | C] -- C:\Program Files\Fichiers communs\DirectX
[2010/07/30 18:25:56 | 000,000,000 | ---D | C] -- C:\Program Files\EA GAMES
[2006/02/20 21:44:44 | 001,183,744 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcyserv.dll
[2006/02/20 21:36:06 | 000,421,888 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcycomm.dll
[2006/02/20 21:24:30 | 000,536,576 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcylmpm.dll
[2006/02/20 21:23:16 | 000,114,688 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcypplc.dll
[2006/02/20 21:22:16 | 000,610,304 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcycomc.dll
[2006/02/20 21:21:22 | 000,163,840 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcyprox.dll
[2006/02/20 21:21:12 | 000,696,320 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcyhbn3.dll
[2006/02/20 21:15:16 | 000,995,328 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcyusb1.dll
[2006/02/20 21:06:52 | 000,393,216 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcyiesc.dll
[2006/02/20 21:03:02 | 000,409,600 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcyinpa.dll
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/08/26 17:17:07 | 000,363,520 | ---- | M] () -- C:\Documents and Settings\Patrick\Bureau\rkill.exe
[2010/08/26 17:16:57 | 000,363,520 | ---- | M] () -- C:\Documents and Settings\Patrick\Bureau\rkill.com
[2010/08/26 17:16:42 | 000,363,520 | ---- | M] () -- C:\Documents and Settings\Patrick\Bureau\rkill.scr
[2010/08/26 03:58:39 | 000,000,611 | ---- | M] () -- C:\Documents and Settings\Patrick\Bureau\NTREGOPT.lnk
[2010/08/26 03:58:39 | 000,000,592 | ---- | M] () -- C:\Documents and Settings\Patrick\Bureau\ERUNT.lnk
[2010/08/26 03:38:26 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\Malwarebytes' Anti-Malware.lnk
[2010/08/26 03:32:07 | 000,081,496 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2010/08/26 03:31:59 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/08/26 03:31:58 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/08/26 03:31:17 | 003,670,016 | -H-- | M] () -- C:\Documents and Settings\Patrick\NTUSER.DAT
[2010/08/26 03:31:17 | 000,000,184 | -HS- | M] () -- C:\Documents and Settings\Patrick\ntuser.ini
[2010/08/26 03:30:18 | 000,001,154 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1645522239-1614895754-839522115-1004UA.job
[2010/08/25 18:34:23 | 004,322,716 | -H-- | M] () -- C:\Documents and Settings\Patrick\Local Settings\Application Data\IconCache.db
[2010/08/25 00:30:00 | 000,001,102 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1645522239-1614895754-839522115-1004Core.job
[2010/08/24 23:15:05 | 000,791,393 | ---- | M] (Lars Hederer ) -- C:\Documents and Settings\Patrick\Bureau\erunt-setup.exe
[2010/08/24 23:10:34 | 006,153,352 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Patrick\Bureau\mbam-setup.exe
[2010/08/24 23:08:09 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Patrick\Bureau\OTL.exe
[2010/08/24 21:39:44 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/08/24 16:26:44 | 000,000,478 | -H-- | M] () -- C:\WINDOWS\tasks\Norton Security Scan for Patrick.job
[2010/08/22 06:29:21 | 000,212,480 | ---- | M] () -- C:\Documents and Settings\Patrick\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/08/18 11:35:03 | 000,002,537 | ---- | M] () -- C:\Documents and Settings\Patrick\Bureau\UFO Extraterrestrials.lnk
[2010/08/18 11:34:25 | 000,000,251 | ---- | M] () -- C:\WINDOWS\Frog_Man.iix
[2010/08/17 13:15:47 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/08/15 16:33:16 | 000,000,979 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\Norton Security Scan.lnk
[2010/08/15 16:33:15 | 000,000,172 | ---- | M] () -- C:\WINDOWS\System32\drivers\NSS\0207030.022\isolate.ini
[2010/08/15 01:53:52 | 000,001,483 | ---- | M] () -- C:\Documents and Settings\Patrick\Bureau\DivX Movies.lnk
[2010/08/15 01:53:44 | 000,000,777 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\DivX Plus Player.lnk
[2010/08/15 01:53:33 | 000,000,817 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\DivX Plus Converter.lnk
[2010/07/30 18:32:22 | 000,001,721 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\NFS Underground.lnk
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/08/26 03:58:39 | 000,000,611 | ---- | C] () -- C:\Documents and Settings\Patrick\Bureau\NTREGOPT.lnk
[2010/08/26 03:58:39 | 000,000,592 | ---- | C] () -- C:\Documents and Settings\Patrick\Bureau\ERUNT.lnk
[2010/08/26 03:38:26 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\Malwarebytes' Anti-Malware.lnk
[2010/08/26 03:04:59 | 000,363,520 | ---- | C] () -- C:\Documents and Settings\Patrick\Bureau\rkill.scr
[2010/08/26 03:04:58 | 000,363,520 | ---- | C] () -- C:\Documents and Settings\Patrick\Bureau\rkill.exe
[2010/08/26 03:04:57 | 000,363,520 | ---- | C] () -- C:\Documents and Settings\Patrick\Bureau\rkill.com
[2010/08/15 16:33:17 | 000,000,478 | -H-- | C] () -- C:\WINDOWS\tasks\Norton Security Scan for Patrick.job
[2010/08/15 16:33:16 | 000,000,979 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\Norton Security Scan.lnk
[2010/08/15 16:33:15 | 000,000,172 | ---- | C] () -- C:\WINDOWS\System32\drivers\NSS\0207030.022\isolate.ini
[2010/08/15 01:53:52 | 000,001,483 | ---- | C] () -- C:\Documents and Settings\Patrick\Bureau\DivX Movies.lnk
[2010/08/15 01:53:44 | 000,000,777 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\DivX Plus Player.lnk
[2010/08/15 01:53:33 | 000,000,817 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\DivX Plus Converter.lnk
[2010/07/30 18:32:22 | 000,001,721 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\NFS Underground.lnk
[2010/06/30 17:32:00 | 000,000,083 | ---- | C] () -- C:\WINDOWS\galaxy.ini
[2010/05/06 23:46:36 | 000,076,776 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010/04/22 18:31:10 | 000,000,130 | ---- | C] () -- C:\Documents and Settings\Patrick\Local Settings\Application Data\fusioncache.dat
[2010/03/15 22:32:15 | 000,069,632 | R--- | C] () -- C:\WINDOWS\System32\xmltok.dll
[2010/03/15 22:32:15 | 000,036,864 | R--- | C] () -- C:\WINDOWS\System32\xmlparse.dll
[2009/09/19 18:11:10 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\cute2mon2k.dll
[2009/09/16 09:31:10 | 000,212,480 | ---- | C] () -- C:\Documents and Settings\Patrick\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/09/02 15:17:04 | 000,000,026 | ---- | C] () -- C:\WINDOWS\WD.INI
[2009/08/27 17:21:01 | 000,000,325 | ---- | C] () -- C:\WINDOWS\SWWATER.INI
[2009/08/27 16:24:59 | 000,193,024 | ---- | C] () -- C:\WINDOWS\System32\co2c40en.dll
[2009/08/27 16:24:58 | 000,078,922 | ---- | C] () -- C:\WINDOWS\System32\crtslv.dll
[2009/08/27 16:13:09 | 000,504,320 | ---- | C] () -- C:\WINDOWS\System32\ApiInt30.dll
[2009/08/27 16:13:09 | 000,478,208 | ---- | C] () -- C:\WINDOWS\System32\ApiSMS.dll
[2009/08/27 16:13:08 | 000,344,064 | ---- | C] () -- C:\WINDOWS\System32\Lffpx7.dll
[2009/08/27 16:13:08 | 000,122,880 | ---- | C] () -- C:\WINDOWS\System32\Lfkodak.dll
[2009/08/27 16:13:08 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\Dlsbar32.dll
[2009/08/27 16:13:08 | 000,092,672 | ---- | C] () -- C:\WINDOWS\System32\Lffpx90n.dll
[2009/08/27 16:13:08 | 000,060,848 | ---- | C] () -- C:\WINDOWS\System32\Dlsbar2.dll
[2009/08/27 16:13:07 | 000,139,776 | ---- | C] () -- C:\WINDOWS\System32\ApiOleSocket.dll
[2009/08/27 16:13:05 | 000,755,712 | ---- | C] () -- C:\WINDOWS\System32\ApiRes.dll
[2009/08/27 16:05:30 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\LXPRMON.DLL
[2009/08/27 16:05:30 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\LXPMONUI.DLL
[2009/08/27 16:03:38 | 000,233,472 | ---- | C] () -- C:\WINDOWS\System32\lxcyinst.dll
[2009/08/27 16:02:39 | 000,303,104 | R--- | C] () -- C:\WINDOWS\System32\lxcycoin.dll
[2009/08/27 15:21:56 | 000,000,416 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI
[2009/08/26 15:48:51 | 000,116,224 | ---- | C] () -- C:\WINDOWS\System32\pdfcmnnt.dll
[2009/08/26 10:52:14 | 000,014,696 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini
[2009/08/26 10:44:11 | 000,000,379 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2009/08/26 09:58:13 | 000,005,810 | R--- | C] () -- C:\WINDOWS\System32\drivers\ASACPI.sys
[2009/08/26 09:57:51 | 000,010,288 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS
[2008/10/07 10:13:30 | 000,197,912 | ---- | C] () -- C:\WINDOWS\System32\physxcudart_20.dll
[2008/10/07 10:13:22 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll
[2006/10/31 00:35:00 | 001,662,976 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2006/10/31 00:35:00 | 001,470,464 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2006/10/31 00:35:00 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2006/10/31 00:35:00 | 000,581,632 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll
[2006/10/31 00:35:00 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2006/10/31 00:35:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2006/10/31 00:35:00 | 000,196,608 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll
[2006/03/06 19:52:58 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\lxcycaps.dll
[2006/03/06 19:51:28 | 000,692,224 | ---- | C] () -- C:\WINDOWS\System32\lxcydrs.dll
[2006/03/02 14:00:00 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\ieencode.dll
[2006/01/26 00:11:04 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\lxcycnv4.dll
[2005/07/08 10:11:22 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\lxcyvs.dll
[2004/08/09 09:00:42 | 000,000,114 | ---- | C] () -- C:\WINDOWS\System32\BRLMW03A.INI
[1999/01/22 20:46:58 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL

========== LOP Check ==========

[2010/02/17 22:20:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\2DBoy
[2010/07/30 18:45:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NFS Underground
[2010/02/20 03:15:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\POP3Profiles
[2009/09/16 11:46:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TomTom
[2009/09/08 18:12:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{83C91755-2546-441D-AC40-9A6B4B860800}
[2010/05/09 01:39:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Patrick\Application Data\Facebook
[2010/03/15 22:36:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Patrick\Application Data\InterTrust
[2009/09/16 11:46:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Patrick\Application Data\TomTom

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< MD5 for: AGP440.SYS >
[2006/03/02 14:00:00 | 018,782,711 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys

< MD5 for: ATAPI.SYS >
[2006/03/02 14:00:00 | 018,782,711 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2006/03/02 14:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\drivers\atapi.sys
[2006/03/02 14:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0000\DriverFiles\i386\atapi.sys

< MD5 for: EVENTLOG.DLL >
[2006/03/02 14:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=49B1376885340BF9EA0D99F71557B59A -- C:\WINDOWS\system32\dllcache\eventlog.dll
[2006/03/02 14:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=49B1376885340BF9EA0D99F71557B59A -- C:\WINDOWS\system32\eventlog.dll

< MD5 for: NETLOGON.DLL >
[2006/03/02 14:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=D4CFAC76926C24E32B7F25A35C31BC6E -- C:\WINDOWS\system32\dllcache\netlogon.dll
[2006/03/02 14:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=D4CFAC76926C24E32B7F25A35C31BC6E -- C:\WINDOWS\system32\netlogon.dll

< MD5 for: NVATA.SYS >
[2006/10/18 02:31:38 | 000,105,472 | R--- | M] (NVIDIA Corporation) MD5=EF9941593B2E9B436F64A87DDB570D1A -- C:\WINDOWS\system32\drivers\nvata.sys

< MD5 for: SCECLI.DLL >
[2006/03/02 14:00:00 | 000,186,368 | ---- | M] (Microsoft Corporation) MD5=58D439F6EF73A2D9288B204E819F4BBD -- C:\WINDOWS\system32\dllcache\scecli.dll
[2006/03/02 14:00:00 | 000,186,368 | ---- | M] (Microsoft Corporation) MD5=58D439F6EF73A2D9288B204E819F4BBD -- C:\WINDOWS\system32\scecli.dll

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >
< End of report >
sergeK
 
Messages: 171
Inscription: 20 Jan 2008, 00:20

Messagede sergeK » 26 Aoû 2010, 21:56

Rapport Extras.txt

OTL Extras logfile created on: 26/08/2010 04:17:39 - Run 1
OTL by OldTimer - Version 3.2.10.0 Folder = C:\Documents and Settings\Patrick\Bureau
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy

1 023,00 Mb Total Physical Memory | 657,00 Mb Available Physical Memory | 64,00% Memory free
2,00 Gb Paging File | 2,00 Gb Available in Paging File | 90,00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 298,08 Gb Total Space | 143,13 Gb Free Space | 48,02% Space Free | Partition Type: NTFS
Drive D: | 9,27 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: AMPERES-9750556
Current User Name: Patrick
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_USERS\S-1-5-21-1645522239-1614895754-839522115-1004\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office\msohtmed.exe" /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 1
"FirewallDisableNotify" = 1
"UpdatesDisableNotify" = 1
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\gamigogames\LevelR\LevelR.bin" = C:\Program Files\gamigogames\LevelR\LevelR.bin:*:Enabled:Game -- (Invictus-Games Kft.)
"C:\gPotato.eu\Allods Online\bin\Launcher.exe" = C:\gPotato.eu\Allods Online\bin\Launcher.exe:*:Enabled:Allods Online launcher.exe -- (© 2008 - 2009 Astrum Nival, LLC)
"C:\gPotato.eu\Allods Online\bin\AOgame.exe" = C:\gPotato.eu\Allods Online\bin\AOgame.exe:*:Enabled:Allods Online AOgame.exe -- (© 2008 - 2009 Astrum Nival, LLC)
"C:\Alien Arena 7_32\crx.exe" = C:\Alien Arena 7_32\crx.exe:*:Enabled:crx -- (COR)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001040C-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 SR-1 Professional
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{0BD83598-C2EF-3343-847B-7D2E84599128}" = Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - FRA
"{1023383E-D9F6-478C-A965-23A4657B3C9A}" = Sacred 2
"{26A24AE4-039D-4CA4-87B4-2F83216015FF}" = Java(TM) 6 Update 15
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java(TM) 6 Update 3
"{350C940c-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3E31821C-7917-367E-938E-E65FC413EA31}" = Microsoft .NET Framework 3.5 Language Pack SP1 - fra
"{506DDFBE-983F-4BC3-84B8-65F423B2D798}" = NVIDIA PhysX
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{72AD53CC-CCC0-3757-8480-9EE176866A7C}" = Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - FRA
"{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules
"{96CA63AC-67E8-478F-A17E-9C939EDBC999}_is1" = FrankensteinDEMO
"{9AFC93C3-EEE0-497C-9341-27753FAC7233}" = Prince of Persia The Two Thrones
"{9DDC3A91-3230-42E2-A1BF-110F99C51A1D}" = Extension d'application APIBAT
"{A174402A-2EE6-4B86-A930-7BC85A9933BD}" = Tom Clancy's Splinter Cell
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A91FD297-006B-48D9-884A-E40E0A04B2F5}" = LevelR
"{A99968BE-C155-474C-0089-33239DEE1CE2}" = NFS Underground
"{AC76BA86-7AD7-1036-7B44-A81200000003}" = Adobe Reader 8.1.2 - Français
"{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint
"{B087B0C3-F595-485A-B86B-73326BA8693A}" = OpenOffice.org 2.3
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C9E270CC-AE42-4BD8-B9C6-1EB3A8657FF5}" = Just Cause 1.00.0000
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{DFFE2B1F-07E0-45A9-8801-CD8514CAA876}" = Prince of Persia T2T
"{E51B4CD9-A0A6-4324-B26A-31B3F2DE26CE}" = Black and White
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F7311566-7EA9-4213-A7F8-E0C237EFAD16}" = UFO Extraterrestrials
"1-2-3 Schéma" = 1-2-3 Schéma
"Activision_SLUninstallKey" = Street Legal
"Adobe Acrobat 5.0" = Adobe Acrobat 4.0, 5.0
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Alien Arena 7.32_is1" = Alien Arena 7.32
"APIBAT Comptabilité ENTREPRENEUR" = APIBAT Comptabilité ENTREPRENEUR
"APIBAT Financier ENTREPRENEUR" = APIBAT Financier ENTREPRENEUR
"AstrumNival Allods" = Allods Online 1.0.05.41
"Barrow Hill" = Barrow Hill
"Batigest ENTREPRENEUR 6" = Batigest ENTREPRENEUR 6
"ClamWin Free Antivirus_is1" = ClamWin Free Antivirus 0.96.0.1
"DivX Setup.divx.com" = Configuration DivX
"ElcomPdf Port Monitor" = ElcomPdf
"ERUNT_is1" = ERUNT 1.1j
"Flight Simulator 8.0" = Microsoft Flight Simulator 2002
"FrogMan - Demo Version_is1" = FrogMan - Demo Version
"German Classic FR_is1" = German Classic 1.0
"Installateurs - Electriciens" = Installateurs - Electriciens
"Kasparov Chessmate_is1" = Kasparov Chessmate
"Lexmark 3400 Series" = Lexmark 3400 Series
"Lexmark Fax Solutions" = Solutions de télécopie Lexmark
"LocationsAssistance_is1" = LocationsAssistance
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 Language Pack SP1 - fra" = Module linguistique Microsoft .NET Framework 3.5 SP1- fra
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.6.8)" = Mozilla Firefox (3.6.8)
"Neffy" = Neffy 1,3,29,0
"NSS" = Norton Security Scan
"NVIDIA Drivers" = NVIDIA Drivers
"OpenAL" = OpenAL
"Semiolog2" = Semiolog
"Sudoku_is1" = Sudoku 1.17
"TomTom HOME" = TomTom HOME 2.7.2.1825
"Underground Fighting_is1" = Underground Fighting
"WIC" = Windows Imaging Component
"XPSEPSCLP" = XML Paper Specification Shared Components Language Pack 1.0

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1645522239-1614895754-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Facebook Plug-In" = Facebook Plug-In
"Google Chrome" = Google Chrome

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 30/06/2010 11:15:58 | Computer Name = AMPERES-9750556 | Source = Application Error | ID = 1000
Description = Application défaillante setup(9).exe, version 12.0.0.58855, module
défaillant setup(9).exe, version 12.0.0.58855, adresse de défaillance 0x0001ec42.

Error - 30/06/2010 11:16:09 | Computer Name = AMPERES-9750556 | Source = Application Error | ID = 1001
Description = Détecteur d'erreurs 1480428328.

Error - 16/08/2010 10:28:12 | Computer Name = AMPERES-9750556 | Source = crypt32 | ID = 131083
Description = Échec de l'extraction de la liste racine tierce partie depuis le fichier
CAB de mise à jour automatique à : <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
avec l'erreur : Un certificat requis n'est pas dans sa période de validité selon
la vérification par rapport à l'horloge système en cours ou le tampon daté dans
le fichier signé.

Error - 16/08/2010 10:28:12 | Computer Name = AMPERES-9750556 | Source = crypt32 | ID = 131083
Description = Échec de l'extraction de la liste racine tierce partie depuis le fichier
CAB de mise à jour automatique à : <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
avec l'erreur : Un certificat requis n'est pas dans sa période de validité selon
la vérification par rapport à l'horloge système en cours ou le tampon daté dans
le fichier signé.

Error - 22/08/2010 11:56:36 | Computer Name = AMPERES-9750556 | Source = Application Hang | ID = 1002
Description = Application bloquée hl2.exe, version 0.0.0.0, module bloqué hungapp,
version 0.0.0.0, adresse de blocage 0x00000000.

Error - 23/08/2010 19:12:53 | Computer Name = AMPERES-9750556 | Source = Application Error | ID = 1000
Description = Application défaillante divxupdate.exe, version 1.0.1.10, module défaillant
msvcp80.dll, version 8.0.50727.4053, adresse de défaillance 0x000100b5.

Error - 24/08/2010 13:46:13 | Computer Name = AMPERES-9750556 | Source = Application Error | ID = 1000
Description = Application défaillante iexplore.exe, version 6.0.2900.2180, module
défaillant mshtml.dll, version 6.0.2900.2853, adresse de défaillance 0x0009d085.

Error - 24/08/2010 15:26:18 | Computer Name = AMPERES-9750556 | Source = Application Hang | ID = 1002
Description = Application bloquée firefox.exe, version 1.9.2.3855, module bloqué
hungapp, version 0.0.0.0, adresse de blocage 0x00000000.

Error - 24/08/2010 15:39:36 | Computer Name = AMPERES-9750556 | Source = Application Error | ID = 1000
Description = Application défaillante divxupdate.exe, version 1.0.1.10, module défaillant
msvcp80.dll, version 8.0.50727.4053, adresse de défaillance 0x000100b5.

Error - 25/08/2010 21:30:18 | Computer Name = AMPERES-9750556 | Source = Google Update | ID = 20
Description =

[ System Events ]
Error - 24/08/2010 15:38:31 | Computer Name = AMPERES-9750556 | Source = Service Control Manager | ID = 7001
Description = Le service Client DNS dépend du service Pilote du protocole TCP/IP
qui n'a pas pu démarrer en raison de l'erreur : %%31

Error - 24/08/2010 15:38:31 | Computer Name = AMPERES-9750556 | Source = Service Control Manager | ID = 7001
Description = Le service Assistance TCP/IP NetBIOS dépend du service AFD qui n'a
pas pu démarrer en raison de l'erreur : %%31

Error - 24/08/2010 15:38:31 | Computer Name = AMPERES-9750556 | Source = Service Control Manager | ID = 7001
Description = Le service Services IPSEC dépend du service Pilote IPSEC qui n'a pas
pu démarrer en raison de l'erreur : %%31

Error - 24/08/2010 15:38:31 | Computer Name = AMPERES-9750556 | Source = Service Control Manager | ID = 7026
Description = Le pilote de démarrage système ou d'amorçage suivant n'a pas pu se
charger : AFD Fips IPSec MRxSmb NetBIOS NetBT Processor RasAcd Rdbss Tcpip

Error - 24/08/2010 15:39:45 | Computer Name = AMPERES-9750556 | Source = DCOM | ID = 10005
Description = DCOM a reçu l'erreur "%1084" lors de la mise en route du service netman
avec les arguments "" pour démarrer le serveur : {BA126AE5-2166-11D1-B1D0-00805FC1270E}

Error - 24/08/2010 15:40:24 | Computer Name = AMPERES-9750556 | Source = DCOM | ID = 10005
Description = DCOM a reçu l'erreur "%1084" lors de la mise en route du service EventSystem
avec les arguments "" pour démarrer le serveur : {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 24/08/2010 15:41:36 | Computer Name = AMPERES-9750556 | Source = DCOM | ID = 10005
Description = DCOM a reçu l'erreur "%1084" lors de la mise en route du service EventSystem
avec les arguments "" pour démarrer le serveur : {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 24/08/2010 15:42:53 | Computer Name = AMPERES-9750556 | Source = Service Control Manager | ID = 7026
Description = Le pilote de démarrage système ou d'amorçage suivant n'a pas pu se
charger : Fips Processor

Error - 24/08/2010 15:43:19 | Computer Name = AMPERES-9750556 | Source = DCOM | ID = 10005
Description = DCOM a reçu l'erreur "%1084" lors de la mise en route du service EventSystem
avec les arguments "" pour démarrer le serveur : {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 24/08/2010 16:01:07 | Computer Name = AMPERES-9750556 | Source = System Error | ID = 1003
Description = Code erreur 1000008e, paramètre 1 c0000005, paramètre 2 805b0862,
paramètre 3 b9a52b98, paramètre 4 00000000.


< End of report >

Merci :)
sergeK
 
Messages: 171
Inscription: 20 Jan 2008, 00:20

Messagede sergeK » 27 Aoû 2010, 17:57

Bonjour nickW,

Par curiosité, je tente un pronostic sur ton diagnostic. :wink:
Je suppose qu'il faut commencer par désactiver le proxy dans IE puis lancer rkill (je ferais plutôt le contraire), ensuite faire un nettoyage avec MBAM et enfin un rapport OTL, l'ensemble correspondant à la procédure que tu indiques ici.

J'ai bon? :D
sergeK
 
Messages: 171
Inscription: 20 Jan 2008, 00:20

Messagede nickW » 27 Aoû 2010, 18:54

Bonjour,

Pas trop mal ...... ! :wink:

Premiers nettoyages:


Étape 1: Mode sans échec avec prise en charge réseau
Faire redémarrer le PC en mode sans échec avec prise en charge réseau en utilisant la méthode F8 (F5 sur certains PCs). Impératif: ne pas utiliser la méthode "msconfig"!
Voir http://assiste.com.free.fr/p/comment/co ... echec.html
et http://assiste.com.free.fr/p/comment/co ... ec.html#f8

Fermer le plus possible de fenêtres.


Étape 2: Proxy
Supprimer le faux proxy mis en place par le nuisible:

*- Lancer Internet Explorer
*- Menu Outils ----> Options Internet...
*- Ouvrir l'onglet Connexions
*- Dans le paragraphe "Paramètres du réseau local", cliquer sur le bouton Paramètres réseau
*- Dans la fenêtre "Paramètres du réseau local", dans le paragraphe "Serveur proxy", dé-cocher la case située devant "Utiliser un serveur proxy...".
*- Valider en cliquant sur OK (deux fois).


Étape 3: rkill (de Grinler), exécution
Faire un double clic sur le fichier rkill téléchargé pour lancer l'outil.

Une fenêtre à fond noir va apparaître brièvement, puis disparaître.
En fin d'exécution, enregistrer le fichier rkill.log

Si rien ne se passe, ou si l'outil ne se lance pas, télécharger l'outil depuis un autre des trois liens ci-dessus et faire une nouvelle tentative d'exécution.

Si aucun des outils téléchargés depuis les trois liens ci-dessus ne semble fonctionner, télécharger une version renommée de rkill depuis iExplore.exe ou eXplorer.exe et essayer de le lancer.

Ne pas faire redémarrer le PC.


Étape 4: Malwarebytes' Anti-Malware, nettoyage
Fermer toutes les fenêtres de programme ouvertes.
Lancer Malwarebytes' Anti-Malware via le Menu Démarrer.
Dans l'onglet Paramètres, vérifier que toutes les cases sont cochées sauf "Créer une option dans le menu contextuel pour analyser des fichiers (clic droit)".
Dans l'onglet Mise à jour, cliquer sur le bouton Recherche de mise à jour et installer toutes les mises à jour trouvées.
Dans l'onglet Recherche, cocher le bouton radio situé devant "Exécuter un examen rapide" puis cliquer sur le bouton Rechercher, comme ceci:

Image

Attendre sans rien faire d'autre la fin de la recherche; dans la fenêtre annonçant la fin de l'analyse, cliquer sur OK; puis cliquer sur le bouton "Afficher les résultats":
Image


Si des éléments nuisibles ont été détectés, cliquer sur le bouton "Supprimer la sélection": Image

Attendre patiemment sans rien faire d'autre la fin du nettoyage.
Un redémarrage est parfois nécessaire. Accepter.
Une fenêtre du Bloc-notes s'ouvre pour afficher le rapport. Fermer le Bloc-notes.
Cliquer sur le bouton "Quitter" pour fermer Malwarebytes' Anti-Malware.


Étape 5: TDSSKiller (de Kaspersky), installation
Télécharger tdsskiller.zip depuis le lien ci-dessous:
http://support.kaspersky.com/downloads/ ... killer.zip

Extraire de l'archive téléchargée le fichier TDSSKiller.exe et le placer sur le Bureau.


Étape 6: TDSSKiller (de Kaspersky), exécution
Faire un double clic sur TDSSKiller.exe pour le lancer.

L'écran de TDSSKiller s'affiche:
Image

Cliquer sur Start scan pour lancer l'analyse.

Lorsque l'outil a terminé son travail d'inspection,

Si des nuisibles ("Malicious objects") ont été détectés, le programme sélectionne automatiquement l'action à effectuer (Cure ou Delete).

Si des objects suspects ("Suspicious objects") ont été détectés, sur l'écran de demande de confirmation, modifier l'action à entreprendre et indiquer Quarantine (au lieu de Skip).

Puis cliquer sur le bouton Image (Continue),

Attendre l'affichage du fichier rapport.

Si l'outil a besoin d'un redémarrage pour finaliser le nettoyage, cliquer sur le bouton Image (Reboot computer)


Étape 7: OTL (de OldTimer), analyse rapide
Fermer toutes les fenêtres de programme ouvertes.

Faire un double clic sur OTL.exe pour lancer l'outil.

L'écran principal de OTL s'affiche:
Image

Cliquer sur le bouton Analyse rapide:
Image


Laisser l'outil travailler sans l'interrompre.
Lorsque l'outil a terminé, il y a ouverture d'une fenêtre du Bloc-notes contenant un rapport (log).
Fermer le Bloc-notes.
Fermer la fenêtre de OTL.


Étape 8: Résultats
Envoyer en réponse:
*- le rapport de Malwarebytes' Anti-Malware (contenu du fichier mbam-log-****-**-** (**-**-**).txt situé dans le dossier SystemDrive\Documents and Settings\<tonprofil>\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs où ****-** (**-**-**) représente la date [année-mois-jour] et l'heure [hh-mn-ss])
[SystemDrive représente la partition sur laquelle est installé le système, généralement C:]
*- le rapport de TDSSKiller (contenu du fichier SystemDrive\TDSSKiller.Version_Date_Heure_log.txt)
[SystemDrive représente la partition sur laquelle est installé le système, généralement C:]

Envoyer ensuite en réponse dans un message distinct (à cause de la longueur du fichier):
*- le rapport principal de OTL (contenu du fichier OTL.Txt situé sur le Bureau).
Le rapport envoyé sur le forum doit se terminer par une ligne contenant <End>. Si ce n'est pas le cas, il est incomplet, et doit alors être découpé en plusieurs messages.

Note importante: Pour l'envoi de ta(tes) réponse(s), il ne faut pas créer un nouveau sujet, mais cliquer sur le bouton "Répondre"
Image pour continuer dans ce fil de discussion.

A suivre,
nickW - Image
30/07/2012: Plus de désinfection de PC jusqu'à nouvel ordre.
Pas de demande d'analyse de log en MP (Message Privé)
Mes configs
Avatar de l’utilisateur
nickW
Modérateur
 
Messages: 21698
Inscription: 20 Mai 2004, 17:41
Localisation: Dordogne/Île de France

Messagede sergeK » 27 Aoû 2010, 23:05

Re bonjour,

En plus tu es gentille avec les débutants. :wink:

Bon, j'ai un Pb, je ne trouve que le premier rapport MBAM, une recherche sur tout le disque (mbam-log*) ne renvoie qu'une occurence. :? j'ai pourtant bien vu passer le notepad avant d'être prié de rebooter, ce que j'ai fait. De mémoire il avait trouvé 10 éléments infectés, correspondants à ce que l'on voyait dans le premier. Je comprends bien que le refaire maintenant ne présente pas forcément d'intérêt. Désolé. :(

Voici donc le rapport TDSSKiller qui n'a rien trouvé

Code: Tout sélectionner
2010/08/26 07:27:20.0843   TDSS rootkit removing tool 2.4.1.3 Aug 27 2010 08:53:42
2010/08/26 07:27:20.0843   ================================================================================
2010/08/26 07:27:20.0843   SystemInfo:
2010/08/26 07:27:20.0843   
2010/08/26 07:27:20.0843   OS Version: 5.1.2600 ServicePack: 2.0
2010/08/26 07:27:20.0843   Product type: Workstation
2010/08/26 07:27:20.0843   ComputerName: AMPERES-9750556
2010/08/26 07:27:20.0843   UserName: Patrick
2010/08/26 07:27:20.0843   Windows directory: C:\WINDOWS
2010/08/26 07:27:20.0843   System windows directory: C:\WINDOWS
2010/08/26 07:27:20.0843   Processor architecture: Intel x86
2010/08/26 07:27:20.0843   Number of processors: 2
2010/08/26 07:27:20.0843   Page size: 0x1000
2010/08/26 07:27:20.0843   Boot type: Safe boot with network
2010/08/26 07:27:20.0843   ================================================================================
2010/08/26 07:27:21.0046   Initialize success
2010/08/26 07:28:02.0281   ================================================================================
2010/08/26 07:28:02.0281   Scan started
2010/08/26 07:28:02.0281   Mode: Manual;
2010/08/26 07:28:02.0281   ================================================================================
2010/08/26 07:28:02.0765   ACPI            (0bd94fbfc14ea3606cd6ca4c0255baa3) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2010/08/26 07:28:02.0812   ACPIEC          (e4abc1212b70bb03d35e60681c447210) C:\WINDOWS\system32\drivers\ACPIEC.sys
2010/08/26 07:28:02.0890   aec             (841f385c6cfaf66b58fbd898722bb4f0) C:\WINDOWS\system32\drivers\aec.sys
2010/08/26 07:28:02.0953   AFD             (5ac495f4cb807b2b98ad2ad591e6d92e) C:\WINDOWS\System32\drivers\afd.sys
2010/08/26 07:28:03.0312   AsyncMac        (02000abf34af4c218c35d257024807d6) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2010/08/26 07:28:03.0328   atapi           (cdfe4411a69c224bd1d11b2da92dac51) C:\WINDOWS\system32\DRIVERS\atapi.sys
2010/08/26 07:28:03.0390   Atmarpc         (ec88da854ab7d7752ec8be11a741bb7f) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2010/08/26 07:28:03.0453   audstub         (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2010/08/26 07:28:03.0515   Beep            (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2010/08/26 07:28:03.0578   BrScnUsb        (92a964547b96d697e5e9ed43b4297f5a) C:\WINDOWS\system32\DRIVERS\BrScnUsb.sys
2010/08/26 07:28:03.0625   BrSerIf         (1a5fc78e41840edf79d65ec16eff2787) C:\WINDOWS\system32\Drivers\BrSerIf.sys
2010/08/26 07:28:03.0671   BrUsbSer        (a24c7b39602218f8dbdb2b6704325fc7) C:\WINDOWS\system32\Drivers\BrUsbSer.sys
2010/08/26 07:28:03.0718   cbidf2k         (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2010/08/26 07:28:03.0796   Cdaudio         (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2010/08/26 07:28:03.0812   Cdfs            (cd7d5152df32b47f4e36f710b35aae02) C:\WINDOWS\system32\drivers\Cdfs.sys
2010/08/26 07:28:03.0859   Cdrom           (af9c19b3100fe010496b1a27181fbf72) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2010/08/26 07:28:04.0125   Disk            (00ca44e4534865f8a3b64f7c0984bff0) C:\WINDOWS\system32\DRIVERS\disk.sys
2010/08/26 07:28:04.0171   dmboot          (e2d3b7620310fe56685f9b15a6b404b3) C:\WINDOWS\system32\drivers\dmboot.sys
2010/08/26 07:28:04.0218   dmio            (c77f5c20aa70197a69aa84baa9de43c8) C:\WINDOWS\system32\drivers\dmio.sys
2010/08/26 07:28:04.0250   dmload          (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2010/08/26 07:28:04.0312   DMusic          (a6f881284ac1150e37d9ae47ff601267) C:\WINDOWS\system32\drivers\DMusic.sys
2010/08/26 07:28:04.0390   drmkaud         (1ed4dbbae9f5d558dbba4cc450e3eb2e) C:\WINDOWS\system32\drivers\drmkaud.sys
2010/08/26 07:28:04.0468   Fastfat         (3117f595e9615e04f05a54fc15a03b20) C:\WINDOWS\system32\drivers\Fastfat.sys
2010/08/26 07:28:04.0500   Fdc             (ced2e8396a8838e59d8fd529c680e02c) C:\WINDOWS\system32\drivers\Fdc.sys
2010/08/26 07:28:04.0531   Fips            (8b121ff880683607ab2aef0340721718) C:\WINDOWS\system32\drivers\Fips.sys
2010/08/26 07:28:04.0562   Flpydisk        (0dd1de43115b93f4d85e889d7a86f548) C:\WINDOWS\system32\drivers\Flpydisk.sys
2010/08/26 07:28:04.0609   FltMgr          (157754f0df355a9e0a6f54721914f9c6) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
2010/08/26 07:28:04.0656   Fs_Rec          (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2010/08/26 07:28:04.0687   Ftdisk          (a86859b77b908c18c2657f284aa29fe3) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2010/08/26 07:28:04.0718   Gpc             (c0f1d4a21de5a415df8170616703debf) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2010/08/26 07:28:04.0750   HDAudBus        (3fcc124b6e08ee0e9351f717dd136939) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
2010/08/26 07:28:04.0812   HidUsb          (1de6783b918f540149aa69943bdfeba8) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2010/08/26 07:28:04.0906   HTTP            (c19b522a9ae0bbc3293397f3055e80a1) C:\WINDOWS\system32\Drivers\HTTP.sys
2010/08/26 07:28:05.0015   i8042prt        (d1efcbd693b5ba21314d06368c471070) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2010/08/26 07:28:05.0078   Imapi           (f8aa320c6a0409c0380e5d8a99d76ec6) C:\WINDOWS\system32\DRIVERS\imapi.sys
2010/08/26 07:28:05.0296   IntcAzAudAddService (41ef008d7b089ce6f5f2e4a61d5638e6) C:\WINDOWS\system32\drivers\RtkHDAud.sys
2010/08/26 07:28:05.0421   Ip6Fw           (4448006b6bc60e6c027932cfc38d6855) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
2010/08/26 07:28:05.0453   IpFilterDriver  (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2010/08/26 07:28:05.0484   IpInIp          (e1ec7f5da720b640cd8fb8424f1b14bb) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2010/08/26 07:28:05.0515   IpNat           (b5a8e215ac29d24d60b4d1250ef05ace) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2010/08/26 07:28:05.0546   IPSec           (64537aa5c003a6afeee1df819062d0d1) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2010/08/26 07:28:05.0593   IRENUM          (50708daa1b1cbb7d6ac1cf8f56a24410) C:\WINDOWS\system32\DRIVERS\irenum.sys
2010/08/26 07:28:05.0656   isapnp          (54632f1a7de61dc3615d756f2a90fa72) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2010/08/26 07:28:05.0718   Kbdclass        (e798705e8dc7fab596ef6bfdf167e007) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2010/08/26 07:28:05.0765   kmixer          (d93cad07c5683db066b0b2d2d3790ead) C:\WINDOWS\system32\drivers\kmixer.sys
2010/08/26 07:28:05.0796   KSecDD          (eb7ffe87fd367ea8fca0506f74a87fbb) C:\WINDOWS\system32\drivers\KSecDD.sys
2010/08/26 07:28:05.0921   mnmdd           (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2010/08/26 07:28:05.0984   Modem           (5ac7e16f5b40a6da14b5f2b3ada4693e) C:\WINDOWS\system32\drivers\Modem.sys
2010/08/26 07:28:06.0015   Mouclass        (7d4f19411bd941e1d432a99e24230386) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2010/08/26 07:28:06.0062   mouhid          (124d6846040c79b9c997f78ef4b2a4e5) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2010/08/26 07:28:06.0078   MountMgr        (65653f3b4477f3c63e68a9659f85ee2e) C:\WINDOWS\system32\drivers\MountMgr.sys
2010/08/26 07:28:06.0140   MRxDAV          (46edcc8f2db2f322c24f48785cb46366) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2010/08/26 07:28:06.0187   MRxSmb          (1fd607fc67f7f7c633c3da65bfc53d18) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2010/08/26 07:28:06.0234   Msfs            (561b3a4333ca2dbdba28b5b956822519) C:\WINDOWS\system32\drivers\Msfs.sys
2010/08/26 07:28:06.0296   MSKSSRV         (ae431a8dd3c1d0d0610cdbac16057ad0) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2010/08/26 07:28:06.0328   MSPCLOCK        (13e75fef9dfeb08eeded9d0246e1f448) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2010/08/26 07:28:06.0359   MSPQM           (1988a33ff19242576c3d0ef9ce785da7) C:\WINDOWS\system32\drivers\MSPQM.sys
2010/08/26 07:28:06.0390   mssmbios        (469541f8bfd2b32659d5d463a6714bce) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2010/08/26 07:28:06.0437   MTsensor        (d48659bb24c48345d926ecb45c1ebdf5) C:\WINDOWS\system32\DRIVERS\ASACPI.sys
2010/08/26 07:28:06.0453   Mup             (82035e0f41c2dd05ae41d27fe6cf7de1) C:\WINDOWS\system32\drivers\Mup.sys
2010/08/26 07:28:06.0500   NDIS            (558635d3af1c7546d26067d5d9b6959e) C:\WINDOWS\system32\drivers\NDIS.sys
2010/08/26 07:28:06.0515   NdisTapi        (08d43bbdacdf23f34d79e44ed35c1b4c) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2010/08/26 07:28:06.0562   Ndisuio         (34d6cd56409da9a7ed573e1c90a308bf) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2010/08/26 07:28:06.0578   NdisWan         (0b90e255a9490166ab368cd55a529893) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2010/08/26 07:28:06.0609   NDProxy         (59fc3fb44d2669bc144fd87826bb571f) C:\WINDOWS\system32\drivers\NDProxy.sys
2010/08/26 07:28:06.0640   NetBIOS         (3a2aca8fc1d7786902ca434998d7ceb4) C:\WINDOWS\system32\DRIVERS\netbios.sys
2010/08/26 07:28:06.0687   NetBT           (0c80e410cd2f47134407ee7dd19cc86b) C:\WINDOWS\system32\DRIVERS\netbt.sys
2010/08/26 07:28:06.0781   Npfs            (4f601bcb8f64ea3ac0994f98fed03f8e) C:\WINDOWS\system32\drivers\Npfs.sys
2010/08/26 07:28:06.0828   Ntfs            (b78be402c3f63dd55521f73876951cdd) C:\WINDOWS\system32\drivers\Ntfs.sys
2010/08/26 07:28:06.0890   Null            (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2010/08/26 07:28:07.0015   nv              (eb2858f920b8135b807b5ccaa3ed73dc) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
2010/08/26 07:28:07.0109   nvata           (ef9941593b2e9b436f64a87ddb570d1a) C:\WINDOWS\system32\DRIVERS\nvata.sys
2010/08/26 07:28:07.0140   NVENETFD        (d8151977e2a20df13c3d30146fd4e542) C:\WINDOWS\system32\DRIVERS\NVENETFD.sys
2010/08/26 07:28:07.0187   nvnetbus        (13a6ccf5f60a55f2ed2658b736d65c8b) C:\WINDOWS\system32\DRIVERS\nvnetbus.sys
2010/08/26 07:28:07.0234   NwlnkFlt        (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2010/08/26 07:28:07.0250   NwlnkFwd        (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2010/08/26 07:28:07.0296   Parport         (318696359ac7df48d1e51974ec527dd2) C:\WINDOWS\system32\DRIVERS\parport.sys
2010/08/26 07:28:07.0328   PartMgr         (3334430c29dc338092f79c38ef7b4cd0) C:\WINDOWS\system32\drivers\PartMgr.sys
2010/08/26 07:28:07.0375   ParVdm          (9575c5630db8fb804649a6959737154c) C:\WINDOWS\system32\drivers\ParVdm.sys
2010/08/26 07:28:07.0437   PCASp50         (07c02c892e8e1a72d6bf35004f0e9c5e) C:\WINDOWS\system32\Drivers\PCASp50.sys
2010/08/26 07:28:07.0468   PCI             (7c5da5c1ed801ad8b0309d5514f0b75e) C:\WINDOWS\system32\DRIVERS\pci.sys
2010/08/26 07:28:07.0531   PCIIde          (f4bfde7209c14a07aaa61e4d6ae69eac) C:\WINDOWS\system32\DRIVERS\pciide.sys
2010/08/26 07:28:07.0578   Pcmcia          (641da274e163617ea7a33506bc6da8e3) C:\WINDOWS\system32\drivers\Pcmcia.sys
2010/08/26 07:28:07.0843   PptpMiniport    (1c5cc65aac0783c344f16353e60b72ac) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2010/08/26 07:28:07.0875   Processor       (f480712b761e538bc8e44ede60f3a3c3) C:\WINDOWS\system32\DRIVERS\processr.sys
2010/08/26 07:28:07.0921   PSched          (48671f327553dcf1d27f6197f622a668) C:\WINDOWS\system32\DRIVERS\psched.sys
2010/08/26 07:28:07.0953   Ptilink         (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2010/08/26 07:28:08.0000   PxHelp20        (e42e3433dbb4cffe8fdd91eab29aea8e) C:\WINDOWS\system32\Drivers\PxHelp20.sys
2010/08/26 07:28:08.0187   RasAcd          (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2010/08/26 07:28:08.0218   Rasl2tp         (98faeb4a4dcf812ba1c6fca4aa3e115c) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2010/08/26 07:28:08.0250   RasPppoe        (7306eeed8895454cbed4669be9f79faa) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2010/08/26 07:28:08.0296   Raspti          (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2010/08/26 07:28:08.0328   Rdbss           (29d66245adba878fff574cd66abd2884) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2010/08/26 07:28:08.0359   RDPCDD          (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2010/08/26 07:28:08.0453   RDPWD           (d4f5643d7714ef499ae9527fdcd50894) C:\WINDOWS\system32\drivers\RDPWD.sys
2010/08/26 07:28:08.0484   redbook         (2cc30b68dd62b73d444a41322cd7fc4c) C:\WINDOWS\system32\DRIVERS\redbook.sys
2010/08/26 07:28:08.0546   ROOTMODEM       (d8b0b4ade32574b2d9c5cc34dc0dbbe7) C:\WINDOWS\system32\Drivers\RootMdm.sys
2010/08/26 07:28:08.0656   Secdrv          (ba0d892d2f786bcebdf03b0a252b47f3) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2010/08/26 07:28:08.0687   serenum         (a2d868aeeff612e70e213c451a70cafb) C:\WINDOWS\system32\DRIVERS\serenum.sys
2010/08/26 07:28:08.0718   Serial          (653201755ca96ab4aaa4131daf6da356) C:\WINDOWS\system32\DRIVERS\serial.sys
2010/08/26 07:28:08.0781   Sfloppy         (0d13b6df6e9e101013a7afb0ce629fe0) C:\WINDOWS\system32\drivers\Sfloppy.sys
2010/08/26 07:28:08.0968   splitter        (8e186b8f23295d1e42c573b82b80d548) C:\WINDOWS\system32\drivers\splitter.sys
2010/08/26 07:28:09.0031   sr              (b52181023b827acda36c1b76751ebffd) C:\WINDOWS\system32\DRIVERS\sr.sys
2010/08/26 07:28:09.0062   Srv             (20b7e396720353e4117d64d9dcb926ca) C:\WINDOWS\system32\DRIVERS\srv.sys
2010/08/26 07:28:09.0109   swenum          (03c1bae4766e2450219d20b993d6e046) C:\WINDOWS\system32\DRIVERS\swenum.sys
2010/08/26 07:28:09.0156   swmidi          (94abc808fc4b6d7d2bbf42b85e25bb4d) C:\WINDOWS\system32\drivers\swmidi.sys
2010/08/26 07:28:09.0328   sysaudio        (650ad082d46bac0e64c9c0e0928492fd) C:\WINDOWS\system32\drivers\sysaudio.sys
2010/08/26 07:28:09.0390   Tcpip           (9f4b36614a0fc234525ba224957de55c) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2010/08/26 07:28:09.0437   TDPIPE          (38d437cf2d98965f239b0abcd66dcb0f) C:\WINDOWS\system32\drivers\TDPIPE.sys
2010/08/26 07:28:09.0453   TDTCP           (ed0580af02502d00ad8c4c066b156be9) C:\WINDOWS\system32\drivers\TDTCP.sys
2010/08/26 07:28:09.0484   TermDD          (a540a99c281d933f3d69d55e48727f47) C:\WINDOWS\system32\DRIVERS\termdd.sys
2010/08/26 07:28:09.0656   Udfs            (12f70256f140cd7d52c58c7048fde657) C:\WINDOWS\system32\drivers\Udfs.sys
2010/08/26 07:28:09.0718   Update          (aff2e5045961bbc0a602bb6f95eb1345) C:\WINDOWS\system32\DRIVERS\update.sys
2010/08/26 07:28:09.0796   usbccgp         (bffd9f120cc63bcbaa3d840f3eef9f79) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2010/08/26 07:28:09.0843   usbehci         (15e993ba2f6946b2bfbbfcd30398621e) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2010/08/26 07:28:09.0859   usbhub          (c72f40947f92cea56a8fb532edf025f1) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2010/08/26 07:28:09.0890   usbohci         (bdfe799a8531bad8a5a985821fe78760) C:\WINDOWS\system32\DRIVERS\usbohci.sys
2010/08/26 07:28:09.0921   usbprint        (a42369b7cd8886cd7c70f33da6fcbcf5) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2010/08/26 07:28:09.0953   usbscan         (a6bc71402f4f7dd5b77fd7f4a8ddba85) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2010/08/26 07:28:09.0984   USBSTOR         (6cd7b22193718f1d17a47a1cd6d37e75) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2010/08/26 07:28:10.0015   VgaSave         (8a60edd72b4ea5aea8202daf0e427925) C:\WINDOWS\System32\drivers\vga.sys
2010/08/26 07:28:10.0078   VolSnap         (313b1a0d5db26dfe1c34a6c13b2ce0a7) C:\WINDOWS\system32\drivers\VolSnap.sys
2010/08/26 07:28:10.0140   Wanarp          (984ef0b9788abf89974cfed4bfbaacbc) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2010/08/26 07:28:10.0203   wdmaud          (2797f33ebf50466020c430ee4f037933) C:\WINDOWS\system32\drivers\wdmaud.sys
2010/08/26 07:28:10.0421   ================================================================================
2010/08/26 07:28:10.0421   Scan finished
2010/08/26 07:28:10.0421   ================================================================================
2010/08/26 07:28:52.0546   Deinitialize success
sergeK
 
Messages: 171
Inscription: 20 Jan 2008, 00:20

Messagede sergeK » 27 Aoû 2010, 23:12

et le OTL.txt

Code: Tout sélectionner
OTL logfile created on: 26/08/2010 07:29:31 - Run 2
OTL by OldTimer - Version 3.2.10.0     Folder = C:\Documents and Settings\Patrick\Bureau
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy
 
1 023,00 Mb Total Physical Memory | 837,00 Mb Available Physical Memory | 82,00% Memory free
2,00 Gb Paging File | 2,00 Gb Available in Paging File | 97,00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 298,08 Gb Total Space | 143,06 Gb Free Space | 47,99% Space Free | Partition Type: NTFS
Drive D: | 1,51 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: AMPERES-9750556
Current User Name: Patrick
Logged in as Administrator.
 
Current Boot Mode: SafeMode with Networking
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan
 
[color=#E56717]========== Processes (SafeList) ==========[/color]
 
PRC - [2010/08/24 23:08:09 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Patrick\Bureau\OTL.exe
PRC - [2006/03/02 14:00:00 | 001,036,288 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
 
 
[color=#E56717]========== Modules (SafeList) ==========[/color]
 
MOD - [2010/08/24 23:08:09 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Patrick\Bureau\OTL.exe
MOD - [2006/03/02 14:00:00 | 001,050,624 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll
MOD - [2006/03/02 14:00:00 | 000,102,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx
 
 
[color=#E56717]========== Win32 Services (SafeList) ==========[/color]
 
SRV - File not found [On_Demand | Stopped] -- C:\WINDOWS\System32\appmgmts.dll -- (AppMgmt)
SRV - [2009/08/27 17:05:04 | 000,092,008 | ---- | M] (TomTom) [Auto | Stopped] -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService)
SRV - [2006/02/20 21:23:08 | 000,495,616 | ---- | M] ( ) [On_Demand | Stopped] -- C:\WINDOWS\System32\lxcycoms.exe -- (lxcy_device)
 
 
[color=#E56717]========== Driver Services (SafeList) ==========[/color]
 
DRV - [2007/03/01 11:27:00 | 004,484,608 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2006/12/12 04:28:26 | 000,052,224 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BrSerIf.sys -- (BrSerIf)
DRV - [2006/10/31 00:35:00 | 003,964,256 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2006/10/18 02:31:38 | 000,105,472 | R--- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\nvata.sys -- (nvata)
DRV - [2006/09/27 09:04:16 | 000,019,968 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2006/09/27 09:04:12 | 000,057,856 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
DRV - [2006/09/03 02:53:54 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BrUsbSer.sys -- (BrUsbSer)
DRV - [2005/11/19 03:13:18 | 000,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PCASp50.sys -- (PCASp50)
DRV - [2005/01/07 17:07:18 | 000,138,752 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Hdaudbus.sys -- (HDAudBus)
DRV - [2004/10/15 05:50:20 | 000,015,295 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BrScnUsb.sys -- (BrScnUsb)
DRV - [2004/08/11 18:00:00 | 000,005,810 | R--- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ASACPI.sys -- (MTsensor)
 
 
[color=#E56717]========== Standard Registry (SafeList) ==========[/color]
 
 
[color=#E56717]========== Internet Explorer ==========[/color]
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://home.microsoft.com/access/allinone.asp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:6522
 
[color=#E56717]========== FireFox ==========[/color]
 
FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:1.9.9.97
FF - prefs.js..network.proxy.type: 0
 
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/08/22 18:05:48 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/07/24 13:52:40 | 000,000,000 | ---D | M]
 
[2010/05/06 15:58:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Patrick\Application Data\Mozilla\Extensions
[2009/09/16 11:46:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Patrick\Application Data\Mozilla\Extensions\home2@tomtom.com
[2010/08/26 05:14:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Patrick\Application Data\Mozilla\Firefox\Profiles\v7pjsid2.default\extensions
[2010/06/29 14:35:35 | 000,000,000 | ---D | M] (NoScript) -- C:\Documents and Settings\Patrick\Application Data\Mozilla\Firefox\Profiles\v7pjsid2.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
[2010/05/06 15:57:52 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/04/01 19:07:29 | 000,001,516 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-france.xml
[2010/04/01 19:07:29 | 000,001,822 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\cnrtl-tlfi-fr.xml
[2010/04/01 19:07:29 | 000,000,757 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-france.xml
[2010/04/01 19:07:29 | 000,001,426 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-fr.xml
[2010/04/01 19:07:29 | 000,000,956 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-france.xml
 
O1 HOSTS File: ([2006/03/02 14:00:00 | 000,000,790 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (Aide pour le lien d'Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [ClamWin] C:\Program Files\ClamWin\bin\ClamTray.exe (alch)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [EzPrint] C:\Program Files\Lexmark 3400 Series\ezprint.exe (Lexmark International Inc.)
O4 - HKLM..\Run: [FaxCenterServer] C:\Program Files\Lexmark Fax Solutions\fm3032.exe ()
O4 - HKLM..\Run: [LXCYCATS] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCYtime.DLL ()
O4 - HKLM..\Run: [lxcymon.exe] C:\Program Files\Lexmark 3400 Series\lxcymon.exe ()
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NsUpdate] C:\WINDOWS\NsUpdate.exe ()
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [SkyTel] C:\WINDOWS\SkyTel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [Sudoku]  File not found
O4 - HKCU..\Run: [Connexion SFR 9props.exe] C:\Program Files\SFR\Kit\9props.exe (SFR)
O4 - HKCU..\Run: [Sudoku]  File not found
O4 - HKCU..\Run: [TomTomHOME.exe] C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe (TomTom)
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\Patrick\Menu Démarrer\Programmes\Démarrage\OpenOffice.org 2.3.lnk = C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe ()
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O16 - DPF: {31435657-9980-0010-8000-00AA00389B71} http://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop Components:0 (Ma page d'accueil) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\Patrick\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Patrick\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/08/26 09:52:36 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{08314e9e-9221-11de-970b-806d6172696f}\Shell\AutoRun\command - "" = e2.cmd
O33 - MountPoints2\{08314e9e-9221-11de-970b-806d6172696f}\Shell\open\Command - "" = e2.cmd
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
[color=#E56717]========== Files/Folders - Created Within 90 Days ==========[/color]
 
[2010/08/26 07:26:59 | 001,207,120 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Patrick\Bureau\TDSSKiller.exe
[2010/08/26 07:13:49 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/08/26 07:13:48 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/08/26 07:13:48 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/08/26 04:00:14 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/08/26 03:58:39 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2010/08/26 03:57:59 | 000,791,393 | ---- | C] (Lars Hederer                                                ) -- C:\Documents and Settings\Patrick\Bureau\erunt-setup.exe
[2010/08/26 03:23:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Patrick\Application Data\Malwarebytes
[2010/08/26 03:20:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/08/26 03:18:07 | 006,153,352 | ---- | C] (Malwarebytes Corporation                                    ) -- C:\Documents and Settings\Patrick\Bureau\mbam-setup.exe
[2010/08/26 03:16:45 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Patrick\Bureau\OTL.exe
[2010/08/24 16:14:42 | 000,000,000 | ---D | C] -- C:\WINDOWS\Minidump
[2010/08/23 14:22:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Patrick\Local Settings\Application Data\ufikicmcb
[2010/08/23 14:22:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Patrick\Local Settings\Application Data\praliayah
[2010/08/21 17:31:12 | 000,000,000 | ---D | C] -- C:\Program Files\YesMessenger
[2010/08/15 16:38:46 | 000,000,000 | ---D | C] -- C:\Program Files\Fichiers communs\Symantec Shared
[2010/08/15 16:33:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Symantec
[2010/08/15 16:33:15 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\NSS
[2010/08/15 16:33:15 | 000,000,000 | ---D | C] -- C:\Program Files\Norton Security Scan
[2010/08/15 16:33:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Norton
[2010/08/15 16:33:15 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\NSS\0207030.022
[2010/08/15 16:33:14 | 000,000,000 | ---D | C] -- C:\Program Files\NortonInstaller
[2010/08/15 16:33:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NortonInstaller
[2010/08/15 01:55:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Patrick\Mes documents\Downloads
[2010/08/15 01:53:52 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Patrick\Mes documents\Mes vidéos
[2010/08/15 01:53:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Patrick\Application Data\DivX
[2010/08/15 01:53:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Patrick\Mes documents\DivX Movies
[2010/08/15 01:53:20 | 000,000,000 | ---D | C] -- C:\Program Files\Fichiers communs\DivX Shared
[2010/08/15 01:52:08 | 000,000,000 | ---D | C] -- C:\Program Files\DivX
[2010/08/15 01:51:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\DivX
[2010/08/04 16:27:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Patrick\Mes documents\Mes fichiers reçus
[2010/07/30 18:34:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NFS Underground
[2010/07/30 18:32:29 | 000,000,000 | ---D | C] -- C:\Program Files\Fichiers communs\DirectX
[2010/07/30 18:25:56 | 000,000,000 | ---D | C] -- C:\Program Files\EA GAMES
[2010/07/13 21:24:27 | 000,000,000 | ---D | C] -- C:\Program Files\Barrow Hill
[2010/07/13 20:29:15 | 000,000,000 | ---D | C] -- C:\Program Files\Activision Value
[2010/06/30 17:32:01 | 000,000,000 | ---D | C] -- C:\Program Files\OpenAL
[2010/06/30 17:30:56 | 000,000,000 | ---D | C] -- C:\Alien Arena 7_32
[2010/06/27 18:02:32 | 000,000,000 | ---D | C] -- C:\gPotato.eu
[2010/06/22 22:42:25 | 000,000,000 | ---D | C] -- C:\Program Files\Neffy
[2010/06/09 07:29:08 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\LogFiles
[2010/06/01 22:51:40 | 000,000,000 | ---D | C] -- C:\NVIDIA
[2010/05/30 00:08:57 | 000,000,000 | ---D | C] -- C:\virus t
[2006/02/20 21:44:44 | 001,183,744 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcyserv.dll
[2006/02/20 21:36:06 | 000,421,888 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcycomm.dll
[2006/02/20 21:24:30 | 000,536,576 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcylmpm.dll
[2006/02/20 21:23:16 | 000,114,688 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcypplc.dll
[2006/02/20 21:22:16 | 000,610,304 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcycomc.dll
[2006/02/20 21:21:22 | 000,163,840 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcyprox.dll
[2006/02/20 21:21:12 | 000,696,320 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcyhbn3.dll
[2006/02/20 21:15:16 | 000,995,328 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcyusb1.dll
[2006/02/20 21:06:52 | 000,393,216 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcyiesc.dll
[2006/02/20 21:03:02 | 000,409,600 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcyinpa.dll
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
 
[color=#E56717]========== Files - Modified Within 90 Days ==========[/color]
 
[2010/08/27 08:54:52 | 001,207,120 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Patrick\Bureau\TDSSKiller.exe
[2010/08/26 17:17:07 | 000,363,520 | ---- | M] () -- C:\Documents and Settings\Patrick\Bureau\rkill.exe
[2010/08/26 17:16:57 | 000,363,520 | ---- | M] () -- C:\Documents and Settings\Patrick\Bureau\rkill.com
[2010/08/26 17:16:42 | 000,363,520 | ---- | M] () -- C:\Documents and Settings\Patrick\Bureau\rkill.scr
[2010/08/26 07:26:19 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/08/26 07:25:35 | 003,670,016 | -H-- | M] () -- C:\Documents and Settings\Patrick\NTUSER.DAT
[2010/08/26 07:25:35 | 000,000,184 | -HS- | M] () -- C:\Documents and Settings\Patrick\ntuser.ini
[2010/08/26 07:13:51 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\Malwarebytes' Anti-Malware.lnk
[2010/08/26 06:48:03 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/08/26 06:30:00 | 000,001,154 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1645522239-1614895754-839522115-1004UA.job
[2010/08/26 04:59:21 | 000,081,496 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2010/08/26 03:58:39 | 000,000,611 | ---- | M] () -- C:\Documents and Settings\Patrick\Bureau\NTREGOPT.lnk
[2010/08/26 03:58:39 | 000,000,592 | ---- | M] () -- C:\Documents and Settings\Patrick\Bureau\ERUNT.lnk
[2010/08/25 18:34:23 | 004,322,716 | -H-- | M] () -- C:\Documents and Settings\Patrick\Local Settings\Application Data\IconCache.db
[2010/08/25 00:30:00 | 000,001,102 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1645522239-1614895754-839522115-1004Core.job
[2010/08/24 23:15:05 | 000,791,393 | ---- | M] (Lars Hederer                                                ) -- C:\Documents and Settings\Patrick\Bureau\erunt-setup.exe
[2010/08/24 23:10:34 | 006,153,352 | ---- | M] (Malwarebytes Corporation                                    ) -- C:\Documents and Settings\Patrick\Bureau\mbam-setup.exe
[2010/08/24 23:08:09 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Patrick\Bureau\OTL.exe
[2010/08/24 21:39:44 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/08/24 16:26:44 | 000,000,478 | -H-- | M] () -- C:\WINDOWS\tasks\Norton Security Scan for Patrick.job
[2010/08/22 06:29:21 | 000,212,480 | ---- | M] () -- C:\Documents and Settings\Patrick\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/08/18 11:35:03 | 000,002,537 | ---- | M] () -- C:\Documents and Settings\Patrick\Bureau\UFO Extraterrestrials.lnk
[2010/08/18 11:34:25 | 000,000,251 | ---- | M] () -- C:\WINDOWS\Frog_Man.iix
[2010/08/17 13:15:47 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/08/15 16:33:16 | 000,000,979 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\Norton Security Scan.lnk
[2010/08/15 16:33:15 | 000,000,172 | ---- | M] () -- C:\WINDOWS\System32\drivers\NSS\0207030.022\isolate.ini
[2010/08/15 01:53:52 | 000,001,483 | ---- | M] () -- C:\Documents and Settings\Patrick\Bureau\DivX Movies.lnk
[2010/08/15 01:53:44 | 000,000,777 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\DivX Plus Player.lnk
[2010/08/15 01:53:33 | 000,000,817 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\DivX Plus Converter.lnk
[2010/07/30 18:32:22 | 000,001,721 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\NFS Underground.lnk
[2010/06/30 17:34:04 | 000,000,083 | ---- | M] () -- C:\WINDOWS\galaxy.ini
[2010/06/30 17:32:01 | 000,444,952 | ---- | M] (Creative Labs) -- C:\WINDOWS\System32\wrap_oal.dll
[2010/06/30 17:32:01 | 000,109,080 | ---- | M] (Portions (C) Creative Labs Inc. and NVIDIA Corp.) -- C:\WINDOWS\System32\OpenAL32.dll
[2010/06/30 17:32:00 | 000,001,410 | ---- | M] () -- C:\Documents and Settings\Patrick\Bureau\Alien Arena 7.32.lnk
[2010/06/30 17:32:00 | 000,001,391 | ---- | M] () -- C:\Documents and Settings\Patrick\Bureau\Alien Arena Quickplay.lnk
[2010/06/27 18:05:17 | 000,001,628 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\Allods Online.lnk
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
 
[color=#E56717]========== Files Created - No Company Name ==========[/color]
 
[2010/08/26 07:13:51 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\Malwarebytes' Anti-Malware.lnk
[2010/08/26 03:58:39 | 000,000,611 | ---- | C] () -- C:\Documents and Settings\Patrick\Bureau\NTREGOPT.lnk
[2010/08/26 03:58:39 | 000,000,592 | ---- | C] () -- C:\Documents and Settings\Patrick\Bureau\ERUNT.lnk
[2010/08/26 03:04:59 | 000,363,520 | ---- | C] () -- C:\Documents and Settings\Patrick\Bureau\rkill.scr
[2010/08/26 03:04:58 | 000,363,520 | ---- | C] () -- C:\Documents and Settings\Patrick\Bureau\rkill.exe
[2010/08/26 03:04:57 | 000,363,520 | ---- | C] () -- C:\Documents and Settings\Patrick\Bureau\rkill.com
[2010/08/15 16:33:17 | 000,000,478 | -H-- | C] () -- C:\WINDOWS\tasks\Norton Security Scan for Patrick.job
[2010/08/15 16:33:16 | 000,000,979 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\Norton Security Scan.lnk
[2010/08/15 16:33:15 | 000,000,172 | ---- | C] () -- C:\WINDOWS\System32\drivers\NSS\0207030.022\isolate.ini
[2010/08/15 01:53:52 | 000,001,483 | ---- | C] () -- C:\Documents and Settings\Patrick\Bureau\DivX Movies.lnk
[2010/08/15 01:53:44 | 000,000,777 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\DivX Plus Player.lnk
[2010/08/15 01:53:33 | 000,000,817 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\DivX Plus Converter.lnk
[2010/07/30 18:32:22 | 000,001,721 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\NFS Underground.lnk
[2010/06/30 17:32:00 | 000,001,410 | ---- | C] () -- C:\Documents and Settings\Patrick\Bureau\Alien Arena 7.32.lnk
[2010/06/30 17:32:00 | 000,001,391 | ---- | C] () -- C:\Documents and Settings\Patrick\Bureau\Alien Arena Quickplay.lnk
[2010/06/30 17:32:00 | 000,000,083 | ---- | C] () -- C:\WINDOWS\galaxy.ini
[2010/06/28 19:43:06 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/06/27 18:05:17 | 000,001,628 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\Allods Online.lnk
[2010/05/06 23:46:36 | 000,076,776 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010/04/22 18:31:10 | 000,000,130 | ---- | C] () -- C:\Documents and Settings\Patrick\Local Settings\Application Data\fusioncache.dat
[2010/03/15 22:32:15 | 000,069,632 | R--- | C] () -- C:\WINDOWS\System32\xmltok.dll
[2010/03/15 22:32:15 | 000,036,864 | R--- | C] () -- C:\WINDOWS\System32\xmlparse.dll
[2009/09/19 18:11:10 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\cute2mon2k.dll
[2009/09/16 09:31:10 | 000,212,480 | ---- | C] () -- C:\Documents and Settings\Patrick\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/09/02 15:17:04 | 000,000,026 | ---- | C] () -- C:\WINDOWS\WD.INI
[2009/08/27 17:21:01 | 000,000,325 | ---- | C] () -- C:\WINDOWS\SWWATER.INI
[2009/08/27 16:24:59 | 000,193,024 | ---- | C] () -- C:\WINDOWS\System32\co2c40en.dll
[2009/08/27 16:24:58 | 000,078,922 | ---- | C] () -- C:\WINDOWS\System32\crtslv.dll
[2009/08/27 16:13:09 | 000,504,320 | ---- | C] () -- C:\WINDOWS\System32\ApiInt30.dll
[2009/08/27 16:13:09 | 000,478,208 | ---- | C] () -- C:\WINDOWS\System32\ApiSMS.dll
[2009/08/27 16:13:08 | 000,344,064 | ---- | C] () -- C:\WINDOWS\System32\Lffpx7.dll
[2009/08/27 16:13:08 | 000,122,880 | ---- | C] () -- C:\WINDOWS\System32\Lfkodak.dll
[2009/08/27 16:13:08 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\Dlsbar32.dll
[2009/08/27 16:13:08 | 000,092,672 | ---- | C] () -- C:\WINDOWS\System32\Lffpx90n.dll
[2009/08/27 16:13:08 | 000,060,848 | ---- | C] () -- C:\WINDOWS\System32\Dlsbar2.dll
[2009/08/27 16:13:07 | 000,139,776 | ---- | C] () -- C:\WINDOWS\System32\ApiOleSocket.dll
[2009/08/27 16:13:05 | 000,755,712 | ---- | C] () -- C:\WINDOWS\System32\ApiRes.dll
[2009/08/27 16:05:30 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\LXPRMON.DLL
[2009/08/27 16:05:30 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\LXPMONUI.DLL
[2009/08/27 16:03:38 | 000,233,472 | ---- | C] () -- C:\WINDOWS\System32\lxcyinst.dll
[2009/08/27 16:02:39 | 000,303,104 | R--- | C] () -- C:\WINDOWS\System32\lxcycoin.dll
[2009/08/27 15:21:56 | 000,000,416 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI
[2009/08/26 15:48:51 | 000,116,224 | ---- | C] () -- C:\WINDOWS\System32\pdfcmnnt.dll
[2009/08/26 10:52:14 | 000,014,696 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini
[2009/08/26 10:44:11 | 000,000,379 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2009/08/26 09:58:13 | 000,005,810 | R--- | C] () -- C:\WINDOWS\System32\drivers\ASACPI.sys
[2009/08/26 09:57:51 | 000,010,288 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS
[2008/10/07 10:13:30 | 000,197,912 | ---- | C] () -- C:\WINDOWS\System32\physxcudart_20.dll
[2008/10/07 10:13:22 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll
[2006/10/31 00:35:00 | 001,662,976 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2006/10/31 00:35:00 | 001,470,464 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2006/10/31 00:35:00 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2006/10/31 00:35:00 | 000,581,632 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll
[2006/10/31 00:35:00 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2006/10/31 00:35:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2006/10/31 00:35:00 | 000,196,608 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll
[2006/03/06 19:52:58 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\lxcycaps.dll
[2006/03/06 19:51:28 | 000,692,224 | ---- | C] () -- C:\WINDOWS\System32\lxcydrs.dll
[2006/03/02 14:00:00 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\ieencode.dll
[2006/01/26 00:11:04 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\lxcycnv4.dll
[2005/07/08 10:11:22 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\lxcyvs.dll
[2004/08/09 09:00:42 | 000,000,114 | ---- | C] () -- C:\WINDOWS\System32\BRLMW03A.INI
[1999/01/22 20:46:58 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL
 
[color=#E56717]========== LOP Check ==========[/color]
 
[2010/02/17 22:20:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\2DBoy
[2010/07/30 18:45:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NFS Underground
[2010/02/20 03:15:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\POP3Profiles
[2009/09/16 11:46:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TomTom
[2009/09/08 18:12:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{83C91755-2546-441D-AC40-9A6B4B860800}
[2010/05/09 01:39:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Patrick\Application Data\Facebook
[2010/03/15 22:36:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Patrick\Application Data\InterTrust
[2009/09/16 11:46:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Patrick\Application Data\TomTom
 
[color=#E56717]========== Purity Check ==========[/color]
 
 
< End of report >


Je reboote en mode normal pour voir ce que ça donne.
Merci. :)

Edit: Au redémarrage, le Centre de Sécurité m'informe que les mises à jour automatiques sont désactivées.
J'ai de nouvelles icônes (centre de sécurité, messenger...) dans la partie droite de la barre des tâches, le bouclier précédent à quand à lui disparu.Il y a aussi une fenêtre d'un logiciel "divx plus" qui me propose de mettre à jour vers une nouvelle version.

Le système semble se comporter normalement. Pour le moment je n'ai rien modifié, j'attends tes instructions. Je prévois de créer un utilisateur non-privilégié et de réactiver NoScript, je suis à l'écoute de tout conseil.

encore Merci :D
sergeK
 
Messages: 171
Inscription: 20 Jan 2008, 00:20

Messagede nickW » 29 Aoû 2010, 00:37

Bonsoir,

C'est MBAM qui a réactivé les alertes du Centre de Sécurité ... qui n'auraient pas dû avoir été désactivées.


Encore un peu de nettoyage:


Étape 1: OTL (de OldTimer), préparation de la correction
Ouvrir une fenêtre du Bloc-notes, via Démarrer---->Exécuter, taper notepad puis cliquer sur OK

Sélectionner toutes les lignes de la zone blanche située sous "Code:" ci-dessous, puis appuyer simultanément sur les touches Ctrl et C

Code: Tout sélectionner
rien

:otl
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:6522
IE - HKU\S-1-5-21-1645522239-1614895754-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\S-1-5-21-1645522239-1614895754-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKU\S-1-5-21-1645522239-1614895754-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:6522
O33 - MountPoints2\{08314e9e-9221-11de-970b-806d6172696f}\Shell\AutoRun\command - "" = e2.cmd
O33 - MountPoints2\{08314e9e-9221-11de-970b-806d6172696f}\Shell\open\Command - "" = e2.cmd

:Files
C:\Documents and Settings\Patrick\Local Settings\Application Data\ufikicmcb
C:\Documents and Settings\Patrick\Local Settings\Application Data\praliayah

:Commands
[emptytemp]



Retourner dans la fenêtre du Bloc-notes, faire un clic droit dans la fenêtre et choisir Coller
Vérifier dans le menu Format (en haut) que "Retour automatique à ligne" n'est pas actif (pas coché).
Enregistrer le fichier sous le nom fix.txt <---- ne pas modifier le nom du fichier
Fermer le Bloc-notes.

Note: Les lignes de la zone Code ci-dessus ont été créées exclusivement pour CET utilisateur: sergeK.
Si vous n'êtes pas CET utilisateur, il ne faut pas les utiliser: elles pourraient endommager votre système.



Étape 2: OTL (de OldTimer), correction

Faire un double clic sur OTL.exe pour lancer l'outil.

L'écran principal de OTL s'affiche:
Image

Cliquer sur le bouton Correction: Image

Il y a ouverture d'une petite fenêtre "OTL": Image

Cliquer sur le bouton Ok.

A partir de la nouvelle fenêtre "Ouvrir", naviguer jusqu'au dossier de sauvegarde du fichier fix.txt puis cliquer sur le bouton Ouvrir.

Le contenu du fichier fix.txt est ainsi inséré dans le panneau "Personnalisation" Image

Fermer toutes les fenêtres de programme ouvertes autres que OTL (navigateur, traitement de texte, etc...): un redémarrage du PC va se produire.

Cliquer de nouveau sur le bouton Correction: Image

Note: Lorsque le redémarrage est demandé, cliquer sur Ok

Lorsque l'outil a terminé son travail, il y a affichage dans une petite fenêtre du message "Correction terminée! Cliquez sur Ok pour afficher le rapport.". Cliquer sur Ok puis fermer OTL.


Étape 3: OTL (de OldTimer), analyse
Fermer toutes les fenêtres de programme ouvertes.

Faire un double clic sur OTL.exe pour lancer l'outil.

L'écran principal de OTL s'affiche:
Image

Cocher (en haut) la case située devant Tous les utilisateurs: Image

Puis cliquer sur le bouton Analyse: Image

Laisser l'outil travailler sans l'interrompre.
Lorsque l'outil a terminé, il y a ouverture d'une fenêtre du Bloc-notes contenant un rapport (log).
Fermer le Bloc-notes.
Fermer la fenêtre de OTL.


Étape 4: Résultats
Envoyer en réponse:
*- le rapport de correction de OTL (contenu du fichier SystemDrive\_OTL\MovedFiles\********_******.log - les *** sont des chiffres représentant la date [moisjourannée] et l'heure)
[SystemDrive représente la partition sur laquelle est installé le système, généralement C:]

Envoyer ensuite en réponse dans un message distinct (à cause de la longueur du fichier):
*- le rapport principal de OTL (contenu du fichier OTL.txt situé sur le Bureau).
Le rapport envoyé sur le forum doit se terminer par une ligne contenant <End>. Si ce n'est pas le cas, il est incomplet, et doit alors être découpé en plusieurs messages.

Note importante: Pour l'envoi de ta(tes) réponse(s), il ne faut pas créer un nouveau sujet, mais cliquer sur le bouton "Répondre"
Image pour continuer dans ce fil de discussion.

A suivre,
nickW - Image
30/07/2012: Plus de désinfection de PC jusqu'à nouvel ordre.
Pas de demande d'analyse de log en MP (Message Privé)
Mes configs
Avatar de l’utilisateur
nickW
Modérateur
 
Messages: 21698
Inscription: 20 Mai 2004, 17:41
Localisation: Dordogne/Île de France

Messagede sergeK » 29 Aoû 2010, 02:10

Bonsoir nickW,

Voici le rapport de correction OTL
(edit: la date et l'heure sont fausses sur ce système, je sais :wink: )

All processes killed
Error: Unable to interpret <rien> in the current context!
========== OTL ==========
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!
HKU\S-1-5-21-1645522239-1614895754-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
HKU\S-1-5-21-1645522239-1614895754-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
HKU\S-1-5-21-1645522239-1614895754-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{08314e9e-9221-11de-970b-806d6172696f}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{08314e9e-9221-11de-970b-806d6172696f}\ not found.
File e2.cmd not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{08314e9e-9221-11de-970b-806d6172696f}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{08314e9e-9221-11de-970b-806d6172696f}\ not found.
File e2.cmd not found.
========== FILES ==========
C:\Documents and Settings\Patrick\Local Settings\Application Data\ufikicmcb folder moved successfully.
C:\Documents and Settings\Patrick\Local Settings\Application Data\praliayah folder moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrateur
->Temp folder emptied: 587748 bytes
->Temporary Internet Files folder emptied: 798397 bytes
->Flash cache emptied: 434 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: LocalService
->Temp folder emptied: 65984 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Patrick
->Temp folder emptied: 74470448 bytes
->Temporary Internet Files folder emptied: 449239365 bytes
->Java cache emptied: 60401875 bytes
->FireFox cache emptied: 44855027 bytes
->Google Chrome cache emptied: 6934549 bytes
->Flash cache emptied: 33004 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 2128586 bytes
%systemroot%\System32 .tmp files removed: 3072 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 13988352 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 623,00 mb


OTL by OldTimer - Version 3.2.10.0 log created on 08262010_132710

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...
sergeK
 
Messages: 171
Inscription: 20 Jan 2008, 00:20

Messagede sergeK » 29 Aoû 2010, 02:13

et le OTL.txt

OTL logfile created on: 26/08/2010 13:30:45 - Run 3
OTL by OldTimer - Version 3.2.10.0 Folder = C:\Documents and Settings\Patrick\Bureau
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy

1 023,00 Mb Total Physical Memory | 640,00 Mb Available Physical Memory | 62,00% Memory free
2,00 Gb Paging File | 2,00 Gb Available in Paging File | 89,00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 298,08 Gb Total Space | 143,63 Gb Free Space | 48,18% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: AMPERES-9750556
Current User Name: Patrick
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/08/24 23:08:09 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Patrick\Bureau\OTL.exe
PRC - [2010/07/24 13:52:37 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010/06/03 02:50:58 | 001,144,104 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
PRC - [2010/04/13 20:14:24 | 000,086,016 | ---- | M] (alch) -- C:\Program Files\ClamWin\bin\ClamTray.exe
PRC - [2009/10/15 10:53:54 | 000,959,808 | ---- | M] (SFR) -- C:\Program Files\SFR\Kit\9props.exe
PRC - [2009/08/27 17:05:04 | 000,247,144 | ---- | M] (TomTom) -- C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe
PRC - [2009/08/27 17:05:04 | 000,092,008 | ---- | M] (TomTom) -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
PRC - [2008/01/11 22:16:38 | 000,039,792 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
PRC - [2007/11/13 18:57:04 | 002,510,848 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 2.3\program\soffice.bin
PRC - [2007/11/13 18:57:02 | 002,359,296 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 2.3\program\soffice.exe
PRC - [2006/03/06 19:48:46 | 000,286,720 | ---- | M] () -- C:\Program Files\Lexmark 3400 Series\lxcymon.exe
PRC - [2006/03/02 14:00:00 | 001,036,288 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/02/20 21:23:08 | 000,495,616 | ---- | M] ( ) -- C:\WINDOWS\system32\lxcycoms.exe
PRC - [2006/02/07 07:10:34 | 000,098,304 | ---- | M] (Lexmark International Inc.) -- C:\Program Files\Lexmark 3400 Series\ezprint.exe
PRC - [2003/06/23 09:41:54 | 000,083,264 | R--- | M] () -- C:\WINDOWS\NsUpdate.exe


========== Modules (SafeList) ==========

MOD - [2010/08/24 23:08:09 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Patrick\Bureau\OTL.exe
MOD - [2006/03/02 14:00:00 | 001,050,624 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll
MOD - [2006/03/02 14:00:00 | 000,102,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- C:\WINDOWS\System32\appmgmts.dll -- (AppMgmt)
SRV - [2009/08/27 17:05:04 | 000,092,008 | ---- | M] (TomTom) [Auto | Running] -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService)
SRV - [2006/02/20 21:23:08 | 000,495,616 | ---- | M] ( ) [On_Demand | Running] -- C:\WINDOWS\System32\lxcycoms.exe -- (lxcy_device)


========== Driver Services (SafeList) ==========

DRV - [2007/03/01 11:27:00 | 004,484,608 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2006/12/12 04:28:26 | 000,052,224 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BrSerIf.sys -- (BrSerIf)
DRV - [2006/10/31 00:35:00 | 003,964,256 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2006/10/18 02:31:38 | 000,105,472 | R--- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\nvata.sys -- (nvata)
DRV - [2006/09/27 09:04:16 | 000,019,968 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2006/09/27 09:04:12 | 000,057,856 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
DRV - [2006/09/03 02:53:54 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BrUsbSer.sys -- (BrUsbSer)
DRV - [2005/11/19 03:13:18 | 000,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PCASp50.sys -- (PCASp50)
DRV - [2005/01/07 17:07:18 | 000,138,752 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Hdaudbus.sys -- (HDAudBus)
DRV - [2004/10/15 05:50:20 | 000,015,295 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BrScnUsb.sys -- (BrScnUsb)
DRV - [2004/08/11 18:00:00 | 000,005,810 | R--- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ASACPI.sys -- (MTsensor)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1645522239-1614895754-839522115-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://home.microsoft.com/access/allinone.asp
IE - HKU\S-1-5-21-1645522239-1614895754-839522115-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
IE - HKU\S-1-5-21-1645522239-1614895754-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:1.9.9.97
FF - prefs.js..network.proxy.type: 0

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/08/22 18:05:48 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/07/24 13:52:40 | 000,000,000 | ---D | M]

[2010/05/06 15:58:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Patrick\Application Data\Mozilla\Extensions
[2009/09/16 11:46:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Patrick\Application Data\Mozilla\Extensions\home2@tomtom.com
[2010/08/26 05:14:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Patrick\Application Data\Mozilla\Firefox\Profiles\v7pjsid2.default\extensions
[2010/06/29 14:35:35 | 000,000,000 | ---D | M] (NoScript) -- C:\Documents and Settings\Patrick\Application Data\Mozilla\Firefox\Profiles\v7pjsid2.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
[2010/05/06 15:57:52 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/04/01 19:07:29 | 000,001,516 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-france.xml
[2010/04/01 19:07:29 | 000,001,822 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\cnrtl-tlfi-fr.xml
[2010/04/01 19:07:29 | 000,000,757 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-france.xml
[2010/04/01 19:07:29 | 000,001,426 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-fr.xml
[2010/04/01 19:07:29 | 000,000,956 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-france.xml

O1 HOSTS File: ([2006/03/02 14:00:00 | 000,000,790 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Aide pour le lien d'Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [ClamWin] C:\Program Files\ClamWin\bin\ClamTray.exe (alch)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [EzPrint] C:\Program Files\Lexmark 3400 Series\ezprint.exe (Lexmark International Inc.)
O4 - HKLM..\Run: [FaxCenterServer] C:\Program Files\Lexmark Fax Solutions\fm3032.exe ()
O4 - HKLM..\Run: [LXCYCATS] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCYtime.DLL ()
O4 - HKLM..\Run: [lxcymon.exe] C:\Program Files\Lexmark 3400 Series\lxcymon.exe ()
O4 - HKLM..\Run: [NsUpdate] C:\WINDOWS\NsUpdate.exe ()
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [SkyTel] C:\WINDOWS\SkyTel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [Sudoku] File not found
O4 - HKU\S-1-5-21-1645522239-1614895754-839522115-1004..\Run: [Connexion SFR 9props.exe] C:\Program Files\SFR\Kit\9props.exe (SFR)
O4 - HKU\S-1-5-21-1645522239-1614895754-839522115-1004..\Run: [Sudoku] File not found
O4 - HKU\S-1-5-21-1645522239-1614895754-839522115-1004..\Run: [TomTomHOME.exe] C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe (TomTom)
O4 - Startup: C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\Patrick\Menu Démarrer\Programmes\Démarrage\OpenOffice.org 2.3.lnk = C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe ()
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1645522239-1614895754-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O16 - DPF: {31435657-9980-0010-8000-00AA00389B71} http://download.microsoft.com/download/ ... vc1dmo.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_15)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop Components:0 (Ma page d'accueil) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\Patrick\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Patrick\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/08/26 09:52:36 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/08/26 13:27:10 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/08/26 07:26:59 | 001,207,120 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Patrick\Bureau\TDSSKiller.exe
[2010/08/26 07:13:49 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/08/26 07:13:48 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/08/26 07:13:48 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/08/26 04:00:14 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/08/26 03:58:39 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2010/08/26 03:57:59 | 000,791,393 | ---- | C] (Lars Hederer ) -- C:\Documents and Settings\Patrick\Bureau\erunt-setup.exe
[2010/08/26 03:23:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Patrick\Application Data\Malwarebytes
[2010/08/26 03:20:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/08/26 03:18:07 | 006,153,352 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Patrick\Bureau\mbam-setup.exe
[2010/08/26 03:16:45 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Patrick\Bureau\OTL.exe
[2010/08/24 16:14:42 | 000,000,000 | ---D | C] -- C:\WINDOWS\Minidump
[2010/08/21 17:31:12 | 000,000,000 | ---D | C] -- C:\Program Files\YesMessenger
[2010/08/15 16:38:46 | 000,000,000 | ---D | C] -- C:\Program Files\Fichiers communs\Symantec Shared
[2010/08/15 16:33:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Symantec
[2010/08/15 16:33:15 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\NSS
[2010/08/15 16:33:15 | 000,000,000 | ---D | C] -- C:\Program Files\Norton Security Scan
[2010/08/15 16:33:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Norton
[2010/08/15 16:33:15 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\NSS\0207030.022
[2010/08/15 16:33:14 | 000,000,000 | ---D | C] -- C:\Program Files\NortonInstaller
[2010/08/15 16:33:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NortonInstaller
[2010/08/15 01:55:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Patrick\Mes documents\Downloads
[2010/08/15 01:53:52 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Patrick\Mes documents\Mes vidéos
[2010/08/15 01:53:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Patrick\Application Data\DivX
[2010/08/15 01:53:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Patrick\Mes documents\DivX Movies
[2010/08/15 01:53:36 | 002,120,176 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\pxsfs.dll
[2010/08/15 01:53:36 | 000,698,864 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\px.dll
[2010/08/15 01:53:36 | 000,567,792 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\pxdrv.dll
[2010/08/15 01:53:36 | 000,440,816 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\pxwave.dll
[2010/08/15 01:53:36 | 000,219,632 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\pxmas.dll
[2010/08/15 01:53:36 | 000,133,616 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\pxafs.dll
[2010/08/15 01:53:36 | 000,126,448 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\pxinsi64.exe
[2010/08/15 01:53:36 | 000,123,888 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\pxcpyi64.exe
[2010/08/15 01:53:36 | 000,100,848 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\vxblock.dll
[2010/08/15 01:53:36 | 000,072,176 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\pxhpinst.exe
[2010/08/15 01:53:36 | 000,068,592 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\pxinsa64.exe
[2010/08/15 01:53:36 | 000,068,080 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\pxcpya64.exe
[2010/08/15 01:53:36 | 000,009,200 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\drivers\cdralw2k.sys
[2010/08/15 01:53:36 | 000,009,072 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\drivers\cdr4_xp.sys
[2010/08/15 01:53:20 | 000,000,000 | ---D | C] -- C:\Program Files\Fichiers communs\DivX Shared
[2010/08/15 01:52:08 | 000,000,000 | ---D | C] -- C:\Program Files\DivX
[2010/08/15 01:51:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\DivX
[2010/08/04 16:27:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Patrick\Mes documents\Mes fichiers reçus
[2010/07/30 18:34:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NFS Underground
[2010/07/30 18:32:29 | 000,000,000 | ---D | C] -- C:\Program Files\Fichiers communs\DirectX
[2010/07/30 18:25:56 | 000,000,000 | ---D | C] -- C:\Program Files\EA GAMES
[2006/02/20 21:44:44 | 001,183,744 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcyserv.dll
[2006/02/20 21:36:06 | 000,421,888 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcycomm.dll
[2006/02/20 21:24:30 | 000,536,576 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcylmpm.dll
[2006/02/20 21:23:16 | 000,114,688 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcypplc.dll
[2006/02/20 21:22:16 | 000,610,304 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcycomc.dll
[2006/02/20 21:21:22 | 000,163,840 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcyprox.dll
[2006/02/20 21:21:12 | 000,696,320 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcyhbn3.dll
[2006/02/20 21:15:16 | 000,995,328 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcyusb1.dll
[2006/02/20 21:06:52 | 000,393,216 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcyiesc.dll
[2006/02/20 21:03:02 | 000,409,600 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcyinpa.dll

========== Files - Modified Within 30 Days ==========

[2010/08/27 08:54:52 | 001,207,120 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Patrick\Bureau\TDSSKiller.exe
[2010/08/26 17:17:07 | 000,363,520 | ---- | M] () -- C:\Documents and Settings\Patrick\Bureau\rkill.exe
[2010/08/26 17:16:57 | 000,363,520 | ---- | M] () -- C:\Documents and Settings\Patrick\Bureau\rkill.com
[2010/08/26 17:16:42 | 000,363,520 | ---- | M] () -- C:\Documents and Settings\Patrick\Bureau\rkill.scr
[2010/08/26 13:30:00 | 000,001,154 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1645522239-1614895754-839522115-1004UA.job
[2010/08/26 13:28:33 | 000,081,496 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2010/08/26 13:28:27 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/08/26 13:28:26 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/08/26 13:27:50 | 003,670,016 | -H-- | M] () -- C:\Documents and Settings\Patrick\NTUSER.DAT
[2010/08/26 13:27:50 | 000,000,184 | -HS- | M] () -- C:\Documents and Settings\Patrick\ntuser.ini
[2010/08/26 07:13:51 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\Malwarebytes' Anti-Malware.lnk
[2010/08/26 03:58:39 | 000,000,611 | ---- | M] () -- C:\Documents and Settings\Patrick\Bureau\NTREGOPT.lnk
[2010/08/26 03:58:39 | 000,000,592 | ---- | M] () -- C:\Documents and Settings\Patrick\Bureau\ERUNT.lnk
[2010/08/25 18:34:23 | 004,322,716 | -H-- | M] () -- C:\Documents and Settings\Patrick\Local Settings\Application Data\IconCache.db
[2010/08/25 00:30:00 | 000,001,102 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1645522239-1614895754-839522115-1004Core.job
[2010/08/24 23:15:05 | 000,791,393 | ---- | M] (Lars Hederer ) -- C:\Documents and Settings\Patrick\Bureau\erunt-setup.exe
[2010/08/24 23:10:34 | 006,153,352 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Patrick\Bureau\mbam-setup.exe
[2010/08/24 23:08:09 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Patrick\Bureau\OTL.exe
[2010/08/24 21:39:44 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/08/24 16:26:44 | 000,000,478 | -H-- | M] () -- C:\WINDOWS\tasks\Norton Security Scan for Patrick.job
[2010/08/22 06:29:21 | 000,212,480 | ---- | M] () -- C:\Documents and Settings\Patrick\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/08/18 11:35:03 | 000,002,537 | ---- | M] () -- C:\Documents and Settings\Patrick\Bureau\UFO Extraterrestrials.lnk
[2010/08/18 11:34:25 | 000,000,251 | ---- | M] () -- C:\WINDOWS\Frog_Man.iix
[2010/08/17 13:15:47 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/08/15 16:33:16 | 000,000,979 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\Norton Security Scan.lnk
[2010/08/15 16:33:15 | 000,000,172 | ---- | M] () -- C:\WINDOWS\System32\drivers\NSS\0207030.022\isolate.ini
[2010/08/15 01:53:52 | 000,001,483 | ---- | M] () -- C:\Documents and Settings\Patrick\Bureau\DivX Movies.lnk
[2010/08/15 01:53:44 | 000,000,777 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\DivX Plus Player.lnk
[2010/08/15 01:53:33 | 000,000,817 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\DivX Plus Converter.lnk
[2010/07/30 18:32:22 | 000,001,721 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\NFS Underground.lnk

========== Files Created - No Company Name ==========

[2010/08/26 07:13:51 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\Malwarebytes' Anti-Malware.lnk
[2010/08/26 03:58:39 | 000,000,611 | ---- | C] () -- C:\Documents and Settings\Patrick\Bureau\NTREGOPT.lnk
[2010/08/26 03:58:39 | 000,000,592 | ---- | C] () -- C:\Documents and Settings\Patrick\Bureau\ERUNT.lnk
[2010/08/26 03:04:59 | 000,363,520 | ---- | C] () -- C:\Documents and Settings\Patrick\Bureau\rkill.scr
[2010/08/26 03:04:58 | 000,363,520 | ---- | C] () -- C:\Documents and Settings\Patrick\Bureau\rkill.exe
[2010/08/26 03:04:57 | 000,363,520 | ---- | C] () -- C:\Documents and Settings\Patrick\Bureau\rkill.com
[2010/08/15 16:33:17 | 000,000,478 | -H-- | C] () -- C:\WINDOWS\tasks\Norton Security Scan for Patrick.job
[2010/08/15 16:33:16 | 000,000,979 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\Norton Security Scan.lnk
[2010/08/15 16:33:15 | 000,000,172 | ---- | C] () -- C:\WINDOWS\System32\drivers\NSS\0207030.022\isolate.ini
[2010/08/15 01:53:52 | 000,001,483 | ---- | C] () -- C:\Documents and Settings\Patrick\Bureau\DivX Movies.lnk
[2010/08/15 01:53:44 | 000,000,777 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\DivX Plus Player.lnk
[2010/08/15 01:53:33 | 000,000,817 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\DivX Plus Converter.lnk
[2010/07/30 18:32:22 | 000,001,721 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\NFS Underground.lnk
[2010/06/30 17:32:00 | 000,000,083 | ---- | C] () -- C:\WINDOWS\galaxy.ini
[2010/05/06 23:46:36 | 000,076,776 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010/04/22 18:31:10 | 000,000,130 | ---- | C] () -- C:\Documents and Settings\Patrick\Local Settings\Application Data\fusioncache.dat
[2010/03/15 22:32:15 | 000,069,632 | R--- | C] () -- C:\WINDOWS\System32\xmltok.dll
[2010/03/15 22:32:15 | 000,036,864 | R--- | C] () -- C:\WINDOWS\System32\xmlparse.dll
[2009/09/19 18:11:10 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\cute2mon2k.dll
[2009/09/16 09:31:10 | 000,212,480 | ---- | C] () -- C:\Documents and Settings\Patrick\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/09/02 15:17:04 | 000,000,026 | ---- | C] () -- C:\WINDOWS\WD.INI
[2009/08/27 17:21:01 | 000,000,325 | ---- | C] () -- C:\WINDOWS\SWWATER.INI
[2009/08/27 16:24:59 | 000,193,024 | ---- | C] () -- C:\WINDOWS\System32\co2c40en.dll
[2009/08/27 16:24:58 | 000,078,922 | ---- | C] () -- C:\WINDOWS\System32\crtslv.dll
[2009/08/27 16:13:09 | 000,504,320 | ---- | C] () -- C:\WINDOWS\System32\ApiInt30.dll
[2009/08/27 16:13:09 | 000,478,208 | ---- | C] () -- C:\WINDOWS\System32\ApiSMS.dll
[2009/08/27 16:13:08 | 000,344,064 | ---- | C] () -- C:\WINDOWS\System32\Lffpx7.dll
[2009/08/27 16:13:08 | 000,122,880 | ---- | C] () -- C:\WINDOWS\System32\Lfkodak.dll
[2009/08/27 16:13:08 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\Dlsbar32.dll
[2009/08/27 16:13:08 | 000,092,672 | ---- | C] () -- C:\WINDOWS\System32\Lffpx90n.dll
[2009/08/27 16:13:08 | 000,060,848 | ---- | C] () -- C:\WINDOWS\System32\Dlsbar2.dll
[2009/08/27 16:13:07 | 000,139,776 | ---- | C] () -- C:\WINDOWS\System32\ApiOleSocket.dll
[2009/08/27 16:13:05 | 000,755,712 | ---- | C] () -- C:\WINDOWS\System32\ApiRes.dll
[2009/08/27 16:05:30 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\LXPRMON.DLL
[2009/08/27 16:05:30 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\LXPMONUI.DLL
[2009/08/27 16:03:38 | 000,233,472 | ---- | C] () -- C:\WINDOWS\System32\lxcyinst.dll
[2009/08/27 16:02:39 | 000,303,104 | R--- | C] () -- C:\WINDOWS\System32\lxcycoin.dll
[2009/08/27 15:21:56 | 000,000,416 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI
[2009/08/26 15:48:51 | 000,116,224 | ---- | C] () -- C:\WINDOWS\System32\pdfcmnnt.dll
[2009/08/26 10:52:14 | 000,014,696 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini
[2009/08/26 10:44:11 | 000,000,379 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2009/08/26 09:58:13 | 000,005,810 | R--- | C] () -- C:\WINDOWS\System32\drivers\ASACPI.sys
[2009/08/26 09:57:51 | 000,010,288 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS
[2008/10/07 10:13:30 | 000,197,912 | ---- | C] () -- C:\WINDOWS\System32\physxcudart_20.dll
[2008/10/07 10:13:22 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll
[2006/10/31 00:35:00 | 001,662,976 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2006/10/31 00:35:00 | 001,470,464 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2006/10/31 00:35:00 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2006/10/31 00:35:00 | 000,581,632 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll
[2006/10/31 00:35:00 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2006/10/31 00:35:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2006/10/31 00:35:00 | 000,196,608 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll
[2006/03/06 19:52:58 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\lxcycaps.dll
[2006/03/06 19:51:28 | 000,692,224 | ---- | C] () -- C:\WINDOWS\System32\lxcydrs.dll
[2006/03/02 14:00:00 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\ieencode.dll
[2006/01/26 00:11:04 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\lxcycnv4.dll
[2005/07/08 10:11:22 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\lxcyvs.dll
[2004/08/09 09:00:42 | 000,000,114 | ---- | C] () -- C:\WINDOWS\System32\BRLMW03A.INI
[1999/01/22 20:46:58 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL
< End of report >


que dire... merci ? :D
sergeK
 
Messages: 171
Inscription: 20 Jan 2008, 00:20

Suivante

Retourner vers Sécurité (Contamination - Décontamination)

Qui est en ligne

Utilisateurs parcourant ce forum: Aucun utilisateur enregistré et 56 invités

cron