suite problème U36vrsflg6

Sécurité et insécurité. Virus, Trojans, Spywares, Failles etc. …

Modérateur: Modérateurs et Modératrices

Règles du forum
Assiste.com a suspendu l'assistance à la décontamination après presque 15 ans sur l'ancien forum puis celui-ci. Voir :

Procédure de décontamination 1 - Anti-malware
Décontamination anti-malwares

Procédure de décontamination 2 - Anti-malware et antivirus (La Manip)
La Manip - Procédure standard de décontamination

Entretien périodique d'un PC sous Windows
Entretien périodique d'un PC sous Windows

Protection des navigateurs, de la navigation et de la vie privée
Protéger le navigateur, la navigation et la vie privée

suite problème U36vrsflg6

Messagede lolorob » 17 Nov 2010, 12:07

Bon voilà les rapports demandés :

celui de Malwaresbytes :

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Version de la base de données: 5132

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

17/11/2010 10:16:48
mbam-log-2010-11-17 (10-16-48).txt

Type d'examen: Examen rapide
Elément(s) analysé(s): 171073
Temps écoulé: 12 minute(s), 59 seconde(s)

Processus mémoire infecté(s): 3
Module(s) mémoire infecté(s): 1
Clé(s) du Registre infectée(s): 5
Valeur(s) du Registre infectée(s): 2
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 28

Processus mémoire infecté(s):
C:\Documents and Settings\kine\Local Settings\Temp\Adn.exe (Trojan.Agent) -> No action taken.
C:\WINDOWS\Afetib.exe (Trojan.Agent) -> No action taken.
C:\Documents and Settings\kine\Local Settings\Temp\Adm.exe (Trojan.Agent) -> No action taken.

Module(s) mémoire infecté(s):
c:\WINDOWS\system32\sshnas21.dll (Trojan.Agent) -> No action taken.

Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sshnas (Trojan.Agent) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Handle (Malware.Trace) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\NtWqIVLZEWZU (Trojan.FakeAlert) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\U36VRSFLG6 (Trojan.FakeAlert) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> No action taken.

Valeur(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mntk1k67yo (Trojan.Agent) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\u36vrsflg6 (Trojan.Agent) -> No action taken.

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
c:\WINDOWS\system32\sshnas21.dll (Trojan.Agent) -> No action taken.
C:\Documents and Settings\kine\Local Settings\Temp\Adn.exe (Trojan.Agent) -> No action taken.
C:\WINDOWS\Afetib.exe (Trojan.Agent) -> No action taken.
C:\Documents and Settings\kine\Local Settings\Temp\Adm.exe (Trojan.Agent) -> No action taken.
C:\Documents and Settings\kine\Local Settings\Temp\Adu.exe (Trojan.Agent) -> No action taken.
C:\Documents and Settings\kine\Local Settings\Temp\Adv.exe (Trojan.Agent) -> No action taken.
C:\Documents and Settings\kine\Local Settings\Temp\Adw.exe (Trojan.Agent) -> No action taken.
C:\Documents and Settings\kine\Local Settings\Temp\Adx.exe (Trojan.Agent) -> No action taken.
C:\Documents and Settings\kine\Local Settings\Temp\Ady.exe (Trojan.Agent) -> No action taken.
C:\Documents and Settings\kine\Local Settings\Temp\Adz.exe (Trojan.Agent) -> No action taken.
C:\Documents and Settings\kine\Local Settings\Temp\m7wQMNIa.exe.part (Trojan.Agent) -> No action taken.
C:\Documents and Settings\kine\Local Settings\Temp\sshnas21.dll (Trojan.Agent) -> No action taken.
C:\Documents and Settings\kine\Local Settings\Temp\_PmzfYS9.exe.part (Trojan.Agent) -> No action taken.
C:\Documents and Settings\kine\Local Settings\Temp\Ad0.exe (Trojan.Agent) -> No action taken.
C:\Documents and Settings\kine\Local Settings\Temp\Ad1.exe (Trojan.Agent) -> No action taken.
C:\Documents and Settings\kine\Local Settings\Temp\Ad2.exe (Trojan.Agent) -> No action taken.
C:\Documents and Settings\kine\Local Settings\Temp\Adj.exe (Trojan.Agent) -> No action taken.
C:\Documents and Settings\kine\Local Settings\Temp\Adk.exe (Trojan.Agent) -> No action taken.
C:\Documents and Settings\kine\Local Settings\Temp\Adl.exe (Trojan.Agent) -> No action taken.
C:\Documents and Settings\kine\Local Settings\Temp\Ado.exe (Trojan.Agent) -> No action taken.
C:\Documents and Settings\kine\Local Settings\Temp\Adp.exe (Trojan.Agent) -> No action taken.
C:\Documents and Settings\kine\Local Settings\Temp\Adq.exe (Trojan.Agent) -> No action taken.
C:\Documents and Settings\kine\Local Settings\Temp\Adr.exe (Trojan.Agent) -> No action taken.
C:\Documents and Settings\kine\Local Settings\Temp\Ads.exe (Trojan.Agent) -> No action taken.
C:\Documents and Settings\kine\Local Settings\Temp\Adt.exe (Trojan.Agent) -> No action taken.
C:\WINDOWS\Afetia.exe (Trojan.Agent) -> No action taken.
C:\WINDOWS\Tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job (Trojan.Downloader) -> No action taken.
C:\WINDOWS\Tasks\{62C40AA6-4406-467a-A5A5-DFDF1B559B7A}.job (Trojan.FakeAlert) -> No action taken.


J'envoie le reste en suivant
lolorob
 
Messages: 86
Inscription: 16 Jan 2007, 12:55

Messagede lolorob » 17 Nov 2010, 12:09

ensuite OTL.text

OTL logfile created on: 17/11/2010 10:32:12 - Run 1
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Documents and Settings\kine\Bureau
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy

503,00 Mb Total Physical Memory | 186,00 Mb Available Physical Memory | 37,00% Memory free
1,00 Gb Paging File | 1,00 Gb Available in Paging File | 46,00% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74,52 Gb Total Space | 52,78 Gb Free Space | 70,83% Space Free | Partition Type: NTFS

Computer Name: PKINE | User Name: kine | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2010/11/17 09:37:32 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\kine\Bureau\OTL.exe
PRC - [2010/11/15 14:26:54 | 000,208,896 | ---- | M] (Opera Software) -- C:\WINDOWS\Afetib.exe
PRC - [2010/11/15 14:22:40 | 000,204,800 | ---- | M] (Opera Software) -- C:\Documents and Settings\kine\Local Settings\Temp\Adn.exe
PRC - [2010/11/15 14:22:35 | 000,204,800 | ---- | M] (Opera Software) -- C:\Documents and Settings\kine\Local Settings\Temp\Adm.exe
PRC - [2009/09/22 17:15:44 | 000,125,736 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\VPTray.exe
PRC - [2009/09/22 17:15:08 | 000,120,104 | ---- | M] (symantec) -- C:\Program Files\Symantec AntiVirus\SavRoam.exe
PRC - [2009/09/22 17:14:50 | 001,987,880 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\Rtvscan.exe
PRC - [2009/09/22 17:14:12 | 000,031,528 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\DefWatch.exe
PRC - [2009/08/03 13:23:34 | 000,169,320 | ---- | M] (Symantec Corporation) -- C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
PRC - [2009/08/03 13:23:30 | 000,191,848 | ---- | M] (Symantec Corporation) -- C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
PRC - [2009/08/03 13:23:30 | 000,053,096 | ---- | M] (Symantec Corporation) -- C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
PRC - [2008/10/20 11:50:07 | 000,185,872 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
PRC - [2008/07/22 19:42:12 | 000,116,040 | ---- | M] (Apple Inc.) -- C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2008/04/14 03:34:03 | 001,037,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2002/09/20 14:50:10 | 000,045,056 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe


========== Modules (SafeList) ==========

MOD - [2010/11/17 09:37:32 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\kine\Bureau\OTL.exe
MOD - [2010/08/23 17:12:39 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
MOD - [2008/04/14 03:33:36 | 000,044,032 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ntlanman.dll
MOD - [2008/04/14 03:33:35 | 000,245,760 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\netui1.dll
MOD - [2008/04/14 03:33:35 | 000,083,456 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\netui0.dll
MOD - [2008/04/14 03:33:34 | 000,011,776 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\netrap.dll
MOD - [2008/04/14 03:33:23 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drprov.dll
MOD - [2008/04/14 03:33:22 | 000,025,600 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\davclnt.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- C:\WINDOWS\System32\hidserv.dll -- (HidServ)
SRV - [2010/11/15 14:22:24 | 000,258,048 | ---- | M] (Opera Software) [Auto | Running] -- C:\WINDOWS\system32\sshnas21.dll -- (SSHNAS)
SRV - [2009/09/22 17:15:08 | 000,120,104 | ---- | M] (symantec) [Auto | Running] -- C:\Program Files\Symantec AntiVirus\SavRoam.exe -- (SavRoam)
SRV - [2009/09/22 17:14:50 | 001,987,880 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec AntiVirus\Rtvscan.exe -- (Symantec AntiVirus)
SRV - [2009/09/22 17:14:12 | 000,031,528 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec AntiVirus\DefWatch.exe -- (DefWatch)
SRV - [2009/08/03 13:23:34 | 000,169,320 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe -- (ccSetMgr)
SRV - [2009/08/03 13:23:30 | 000,191,848 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe -- (ccEvtMgr)
SRV - [2009/05/12 15:45:35 | 003,093,880 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_3.EXE -- (LiveUpdate)
SRV - [2008/12/17 15:21:08 | 000,214,408 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe -- (SNDSrvc)
SRV - [2008/07/22 19:42:12 | 000,116,040 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2007/07/26 19:25:20 | 001,181,016 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe -- (SPBBCSvc)
SRV - [2004/10/22 02:24:18 | 000,073,728 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT)
SRV - [2003/07/28 19:28:22 | 000,089,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2002/09/20 14:50:10 | 000,045,056 | ---- | M] (Analog Devices, Inc.) [Auto | Running] -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe -- (SoundMAX Agent Service (default))


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\kine\LOCALS~1\Temp\catchme.sys -- (catchme)
DRV - [2010/11/15 08:53:16 | 001,371,184 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Fichiers communs\Symantec Shared\VirusDefs\20101113.003\navex15.sys -- (NAVEX15)
DRV - [2010/11/15 08:53:12 | 000,086,064 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Fichiers communs\Symantec Shared\VirusDefs\20101113.003\naveng.sys -- (NAVENG)
DRV - [2010/05/31 07:55:37 | 000,371,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Fichiers communs\Symantec Shared\eengine\eeCtrl.sys -- (eeCtrl)
DRV - [2010/05/31 07:55:37 | 000,102,448 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Fichiers communs\Symantec Shared\eengine\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2010/03/09 10:08:11 | 000,123,952 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2009/06/14 10:47:12 | 000,055,168 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Symantec AntiVirus\Savrtpel.sys -- (SAVRTPEL)
DRV - [2009/06/14 10:47:10 | 000,339,328 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Symantec AntiVirus\savrt.sys -- (SAVRT)
DRV - [2008/12/17 15:20:40 | 000,188,808 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\SYMTDI.SYS -- (SYMTDI)
DRV - [2008/12/17 15:20:34 | 000,023,944 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\SYMREDRV.SYS -- (SYMREDRV)
DRV - [2007/07/26 19:25:18 | 000,400,216 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv)
DRV - [2004/11/16 14:46:38 | 000,190,592 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
DRV - [2004/08/03 18:29:50 | 000,019,455 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wVchNTxx.sys -- (iAimFP4)
DRV - [2004/08/03 18:29:48 | 000,012,063 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wSiINTxx.sys -- (iAimFP3)
DRV - [2004/08/03 18:29:46 | 000,025,471 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wATV10nt.sys -- (iAimTV5)
DRV - [2004/08/03 18:29:46 | 000,023,615 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wCh7xxNT.sys -- (iAimTV4)
DRV - [2004/08/03 18:29:46 | 000,022,271 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wATV06nt.sys -- (iAimTV6)
DRV - [2004/08/03 18:29:44 | 000,033,599 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wATV04nt.sys -- (iAimTV3)
DRV - [2004/08/03 18:29:44 | 000,019,551 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wATV02NT.sys -- (iAimTV1)
DRV - [2004/08/03 18:29:42 | 000,029,311 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wATV01nt.sys -- (iAimTV0)
DRV - [2004/08/03 18:29:42 | 000,011,871 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wADV09NT.sys -- (iAimFP7)
DRV - [2004/08/03 18:29:40 | 000,011,807 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wADV07nt.sys -- (iAimFP5)
DRV - [2004/08/03 18:29:40 | 000,011,295 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wADV08NT.sys -- (iAimFP6)
DRV - [2004/08/03 18:29:38 | 000,161,020 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\i81xnt5.sys -- (i81x)
DRV - [2004/08/03 18:29:38 | 000,012,415 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wADV01nt.sys -- (iAimFP0)
DRV - [2004/08/03 18:29:38 | 000,012,127 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wADV02NT.sys -- (iAimFP1)
DRV - [2004/08/03 18:29:38 | 000,011,775 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wADV05NT.sys -- (iAimFP2)
DRV - [2004/02/04 10:34:16 | 000,051,584 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\baspxp32.sys -- (Blfp)
DRV - [2002/05/08 19:44:42 | 000,105,472 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\adpu320.sys -- (adpu320)
DRV - [2002/04/04 07:32:06 | 000,028,416 | R--- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symmpi.sys -- (Symmpi)
DRV - [2001/08/17 16:20:04 | 000,096,256 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ac97intc.sys -- (ac97intc) Service d'installation du pilote audio Intel(r) 82801 (WDM)
DRV - [2001/08/17 16:07:42 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3)
DRV - [2001/08/17 16:07:40 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi)
DRV - [2001/08/17 16:07:36 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx)
DRV - [2001/08/17 16:07:34 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.hp.com
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.hp.com
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.hp.com

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.hp.com

IE - HKU\S-1-5-21-2737289284-4215095796-1596818785-1130\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-2737289284-4215095796-1596818785-1130\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKU\S-1-5-21-2737289284-4215095796-1596818785-1130\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE - HKU\S-1-5-21-2737289284-4215095796-1596818785-1130\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
IE - HKU\S-1-5-21-2737289284-4215095796-1596818785-1130\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-2737289284-4215095796-1596818785-1130\..\URLSearchHook: {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files\Freecorder\tbFre2.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-2737289284-4215095796-1596818785-1130\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found
IE - HKU\S-1-5-21-2737289284-4215095796-1596818785-1130\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultthis.engineName: "Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT1060933&SearchSource=3&q="
FF - prefs.js..browser.search.selectedEngine: "Web Search"
FF - prefs.js..browser.startup.homepage: "http://www.google.fr/"
FF - prefs.js..extensions.enabledItems: {1392b8d2-5c05-419f-a8f6-b9f15a596612}:2.7.2.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21

FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Program Files\Real\RealPlayer\browserrecord [2008/10/20 11:50:40 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/10/29 07:45:55 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/10/29 07:45:55 | 000,000,000 | ---D | M]

[2008/08/26 08:24:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\kine\Application Data\Mozilla\Extensions
[2010/11/17 09:53:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\kine\Application Data\Mozilla\Firefox\Profiles\2j1ub01t.default\extensions
[2010/10/08 14:33:30 | 000,000,000 | ---D | M] (Freecorder Toolbar) -- C:\Documents and Settings\kine\Application Data\Mozilla\Firefox\Profiles\2j1ub01t.default\extensions\{1392b8d2-5c05-419f-a8f6-b9f15a596612}
[2010/11/17 09:53:14 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/04/22 08:33:29 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/10/05 12:51:24 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/07/17 04:00:04 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2005/04/27 21:10:49 | 000,102,400 | ---- | M] (RealNetworks) -- C:\Program Files\Mozilla Firefox\plugins\npracplug.dll
[2010/07/16 08:11:44 | 000,001,516 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-france.xml
[2010/07/16 08:11:44 | 000,001,822 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\cnrtl-tlfi-fr.xml
[2008/06/19 17:53:24 | 000,000,912 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\conduit.xml
[2010/07/16 08:11:44 | 000,000,757 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-france.xml
[2008/09/30 14:16:02 | 000,000,748 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\MediaDICO-fr.xml
[2010/07/16 08:11:45 | 000,001,426 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-fr.xml
[2010/07/16 08:11:45 | 000,000,956 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-france.xml

O1 HOSTS File: ([2004/08/05 03:00:00 | 000,000,790 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Freecorder Toolbar) - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files\Freecorder\tbFre2.dll (Conduit Ltd.)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Freecorder Toolbar) - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files\Freecorder\tbFre2.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-2737289284-4215095796-1596818785-1130\..\Toolbar\ShellBrowser: (Freecorder Toolbar) - {1392B8D2-5C05-419F-A8F6-B9F15A596612} - C:\Program Files\Freecorder\tbFre2.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-2737289284-4215095796-1596818785-1130\..\Toolbar\WebBrowser: (Freecorder Toolbar) - {1392B8D2-5C05-419F-A8F6-B9F15A596612} - C:\Program Files\Freecorder\tbFre2.dll (Conduit Ltd.)
O4 - HKLM..\Run: [ccApp] C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [vptray] C:\Program Files\Symantec AntiVirus\VPTray.exe (Symantec Corporation)
O4 - HKU\S-1-5-21-2737289284-4215095796-1596818785-1130..\Run: [MNTK1K67YO] C:\WINDOWS\Afetib.exe (Opera Software)
O4 - HKU\S-1-5-21-2737289284-4215095796-1596818785-1130..\Run: [U36VRSFLG6] C:\Documents and Settings\kine\Local Settings\Temp\Adm.exe (Opera Software)
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - Startup: C:\Documents and Settings\kine\Menu Démarrer\Programmes\Démarrage\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2737289284-4215095796-1596818785-1130\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/pub/sh ... wflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 172.16.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = rva.intranet
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Fichiers communs\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Fichiers communs\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O20 - Winlogon\Notify\NavLogon: DllName - C:\WINDOWS\system32\NavLogon.dll - C:\WINDOWS\system32\NavLogon.dll (Symantec Corporation)
O24 - Desktop Components:0 (Ma page d'accueil) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\kine\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\kine\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{bdb03384-de67-11dd-9288-000ffe3fcf10}\Shell - "" = AutoRun
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: HidServ - C:\WINDOWS\System32\hidserv.dll File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: SSHNAS - C:\WINDOWS\system32\sshnas21.dll (Opera Software)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (17183584330711040)

========== Files/Folders - Created Within 30 Days ==========

[2010/11/17 09:54:08 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/11/17 09:48:41 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2010/11/17 09:37:09 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\kine\Bureau\OTL.exe
[2010/11/16 10:40:46 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/11/16 10:40:44 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/11/16 10:40:44 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/11/15 16:34:45 | 000,208,896 | ---- | C] (Opera Software) -- C:\WINDOWS\Afetib.exe
[2010/11/15 16:23:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\kine\Application Data\PriceGong
[2010/11/15 14:37:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\kine\Local Settings\Application Data\ConduitEngine
[2010/11/15 14:37:42 | 000,000,000 | ---D | C] -- C:\Program Files\ConduitEngine
[2010/11/15 14:22:47 | 000,208,896 | ---- | C] (Opera Software) -- C:\WINDOWS\Afetia.exe
[2010/11/15 14:22:24 | 000,258,048 | ---- | C] (Opera Software) -- C:\WINDOWS\System32\sshnas21.dll
[2010/11/05 17:51:22 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\kine\Recent
[2010/10/27 09:43:42 | 000,000,000 | ---D | C] -- \\serveur\Bureautique\MEDICAL\Aides Techniques
[2008/10/21 13:15:14 | 000,774,144 | ---- | C] (RealNetworks, Inc.) -- C:\Program Files\RngInterstitial.dll
[8 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/11/17 11:32:18 | 000,000,244 | -H-- | M] () -- C:\WINDOWS\tasks\{62C40AA6-4406-467a-A5A5-DFDF1B559B7A}.job
[2010/11/17 10:44:40 | 000,000,278 | -H-- | M] () -- C:\WINDOWS\tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job
[2010/11/17 09:50:49 | 000,000,767 | ---- | M] () -- C:\Documents and Settings\kine\Menu Démarrer\Programmes\Démarrage\ERUNT AutoBackup.lnk
[2010/11/17 09:50:32 | 000,000,611 | ---- | M] () -- C:\Documents and Settings\kine\Bureau\NTREGOPT.lnk
[2010/11/17 09:50:32 | 000,000,592 | ---- | M] () -- C:\Documents and Settings\kine\Bureau\ERUNT.lnk
[2010/11/17 09:37:32 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\kine\Bureau\OTL.exe
[2010/11/16 10:40:49 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\Malwarebytes' Anti-Malware.lnk
[2010/11/16 10:36:36 | 000,445,016 | ---- | M] () -- C:\WINDOWS\System32\perfh00C.dat
[2010/11/16 10:36:35 | 000,380,350 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/11/16 10:36:35 | 000,063,614 | ---- | M] () -- C:\WINDOWS\System32\perfc00C.dat
[2010/11/16 10:36:35 | 000,052,764 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/11/16 10:34:46 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\CCleaner.lnk
[2010/11/16 10:33:41 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/11/16 10:32:50 | 000,000,082 | ---- | M] () -- C:\WINDOWS\bureau
[2010/11/16 10:32:30 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/11/16 10:32:26 | 527,962,112 | -HS- | M] () -- C:\hiberfil.sys
[2010/11/15 14:26:54 | 000,208,896 | ---- | M] (Opera Software) -- C:\WINDOWS\Afetib.exe
[2010/11/15 14:22:33 | 000,208,896 | ---- | M] (Opera Software) -- C:\WINDOWS\Afetia.exe
[2010/11/15 14:22:24 | 000,258,048 | ---- | M] (Opera Software) -- C:\WINDOWS\System32\sshnas21.dll
[2010/11/15 13:03:28 | 000,002,573 | ---- | M] () -- C:\Documents and Settings\kine\Bureau\Word.lnk
[8 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/11/17 09:50:49 | 000,000,767 | ---- | C] () -- C:\Documents and Settings\kine\Menu Démarrer\Programmes\Démarrage\ERUNT AutoBackup.lnk
[2010/11/17 09:50:32 | 000,000,611 | ---- | C] () -- C:\Documents and Settings\kine\Bureau\NTREGOPT.lnk
[2010/11/17 09:50:32 | 000,000,592 | ---- | C] () -- C:\Documents and Settings\kine\Bureau\ERUNT.lnk
[2010/11/17 03:18:47 | 000,000,244 | -H-- | C] () -- C:\WINDOWS\tasks\{62C40AA6-4406-467a-A5A5-DFDF1B559B7A}.job
[2010/11/16 10:40:49 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\Malwarebytes' Anti-Malware.lnk
[2010/11/15 14:22:39 | 000,000,278 | -H-- | C] () -- C:\WINDOWS\tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job
[2010/10/29 14:48:06 | 000,000,682 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\CCleaner.lnk
[2010/08/31 14:22:54 | 000,000,053 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2010/03/05 18:45:44 | 000,010,392 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2008/04/25 13:07:20 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\vidalhelper.dll
[2007/11/16 12:34:05 | 000,001,751 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2007/03/14 14:08:47 | 000,000,000 | ---- | C] () -- C:\WINDOWS\VPC32.INI
[2006/07/26 12:30:43 | 000,210,944 | ---- | C] () -- C:\WINDOWS\System32\MSVCRT10.DLL
[2006/07/26 12:30:42 | 000,000,149 | ---- | C] () -- C:\WINDOWS\KPCMS.INI
[2006/06/27 13:14:26 | 001,683,871 | ---- | C] () -- C:\Program Files\pf-setup.exe
[2006/06/27 12:00:34 | 000,069,120 | ---- | C] () -- C:\Documents and Settings\kine\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/06/26 14:56:51 | 000,008,704 | ---- | C] () -- C:\WINDOWS\System32\CNMVS78.DLL
[2006/06/22 16:18:43 | 000,000,497 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/06/22 16:12:10 | 000,000,127 | ---- | C] () -- C:\Documents and Settings\kine\Local Settings\Application Data\fusioncache.dat
[2006/04/25 02:07:42 | 000,000,854 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2006/04/24 17:28:27 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/04/24 17:19:59 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2006/04/24 17:19:59 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2006/04/24 17:19:59 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2006/04/24 17:19:59 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2006/04/24 17:19:59 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2006/04/24 17:19:59 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2006/04/24 17:18:31 | 000,000,044 | ---- | C] () -- C:\WINDOWS\System32\msssc.dll
[2004/08/16 04:25:10 | 000,004,205 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[1999/01/22 19:46:58 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL

========== LOP Check ==========

[2009/07/16 07:52:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Avery
[2006/06/26 14:56:37 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonBJ
[2007/10/10 15:46:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Grisoft
[2010/11/16 10:34:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2007/11/09 10:23:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2006/06/28 14:56:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\kine\Application Data\InterVideo
[2009/03/26 10:47:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\kine\Application Data\Podmailing
[2010/11/17 06:33:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\kine\Application Data\PriceGong
[2010/11/17 10:44:40 | 000,000,278 | -H-- | M] () -- C:\WINDOWS\Tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job
[2010/11/17 11:32:18 | 000,000,244 | -H-- | M] () -- C:\WINDOWS\Tasks\{62C40AA6-4406-467a-A5A5-DFDF1B559B7A}.job

========== Purity Check ==========



========== Custom Scans ==========


<SYSTEMDRIVE>


<MD5>
[2004/08/05 08:00:00 | 018,779,217 | R--- | M] () .cab file -- C:\i386\sp2.cab:AGP440.sys
[2004/08/05 03:00:00 | 018,779,217 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2008/05/09 11:43:42 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2008/05/09 11:43:42 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008/04/13 19:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 19:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys

<MD5>
[2004/08/05 08:00:00 | 018,779,217 | R--- | M] () .cab file -- C:\i386\sp2.cab:atapi.sys
[2004/08/05 03:00:00 | 018,779,217 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2008/05/09 11:43:42 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2008/05/09 11:43:42 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008/04/13 19:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 19:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/03 21:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
[2004/08/03 16:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0003\DriverFiles\i386\atapi.sys
[2004/08/03 21:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0011\DriverFiles\i386\atapi.sys

<MD5>
[2004/08/05 03:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=21E83876A6287F15538EF187D286FE11 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll
[2008/04/14 03:33:24 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=4EC800BDF80521B0207BD2301DFC7D14 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/14 03:33:24 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=4EC800BDF80521B0207BD2301DFC7D14 -- C:\WINDOWS\system32\eventlog.dll

<MD5>
[2008/04/14 03:33:34 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=04821179C3171554C1BD1F9888A113E2 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/14 03:33:34 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=04821179C3171554C1BD1F9888A113E2 -- C:\WINDOWS\system32\netlogon.dll
[2004/08/05 03:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=FAF07FDCDE76000621A28D19F8E2E8EB -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

<MD5>
[2008/04/14 03:33:40 | 000,187,392 | ---- | M] (Microsoft Corporation) MD5=973B36634C544948C663E8269AA1B3A3 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/14 03:33:40 | 000,187,392 | ---- | M] (Microsoft Corporation) MD5=973B36634C544948C663E8269AA1B3A3 -- C:\WINDOWS\system32\scecli.dll
[2004/08/05 03:00:00 | 000,186,368 | ---- | M] (Microsoft Corporation) MD5=DEC0397F35D027874804EC72979D03CC -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll

<systemroot>

<systemroot>
[2009/03/08 03:31:44 | 000,348,160 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\dxtmsft.dll
[2009/03/08 03:31:38 | 000,216,064 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\dxtrans.dll
[2010/09/10 06:50:13 | 000,184,320 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\iepeers.dll
[8 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

<systemroot>

========== Alternate Data Streams ==========

@Alternate Data Stream - 95 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34

<End>
lolorob
 
Messages: 86
Inscription: 16 Jan 2007, 12:55

Messagede lolorob » 17 Nov 2010, 12:11

enfin Extras.txt


OTL Extras logfile created on: 17/11/2010 10:32:12 - Run 1
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Documents and Settings\kine\Bureau
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy

503,00 Mb Total Physical Memory | 186,00 Mb Available Physical Memory | 37,00% Memory free
1,00 Gb Paging File | 1,00 Gb Available in Paging File | 46,00% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74,52 Gb Total Space | 52,78 Gb Free Space | 70,83% Space Free | Partition Type: NTFS

Computer Name: PKINE | User Name: kine | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"FirewallDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\MSN Messenger\msncall.exe" = C:\Program Files\MSN Messenger\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone) -- File not found
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Program Files\Real\RealPlayer\realplay.exe" = C:\Program Files\Real\RealPlayer\realplay.exe:*:Enabled:RealPlayer -- (RealNetworks, Inc.)
"C:\Program Files\TmNationsForever\TmForever.exe" = C:\Program Files\TmNationsForever\TmForever.exe:*:Enabled:TmForever -- File not found
"C:\Program Files\Podmailing\podmailing.exe" = C:\Program Files\Podmailing\podmailing.exe:*:Enabled:Podmailing Beta -- File not found

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\MSN Messenger\msncall.exe" = C:\Program Files\MSN Messenger\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone) -- File not found


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001040C-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Professional
"{0004040C-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 CD-ROM 2
"{02DFF6B1-1654-411C-8D7B-FD6052EF016F}" = Apple Software Update
"{08CA9554-B5FE-4313-938F-D4A417B81175}" = QuickTime
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 21
"{350C940c-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3DE0053C-FD9A-483E-B7C9-B06E4392206E}" = iTunes
"{47BF1BD6-DCAC-468F-A0AD-E5DECC2211C3}" = Bonjour
"{49C88E44-1B38-4FC6-824E-2BDA3063B0E3}" = Apple Mobile Device Support
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{64A77F14-0E08-4A97-A859-E93CFF428756}" = Broadcom Management Programs
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel(R) Graphics Media Accelerator Driver
"{90120000-0020-040C-0000-0000000FF1CE}" = Module de compatibilité pour Microsoft Office System 2007
"{90850409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Word Viewer 2003
"{9113040C-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Basic Edition 2003
"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD
"{9A394342-4A68-4EBA-85A6-55B559F4E700}" = Microsoft .NET Framework 1.1 French Language Pack
"{9F91B6C4-E892-4978-A571-B5A32BC2082C}" = Symantec AntiVirus
"{A93C4E94-1005-489D-BEAA-B873C1AA6CFC}" = HP Help and Support
"{AAC4426A-42CD-4B4E-8057-9738C96F2C8F}" = HP Safety and Comfort Guide
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F6326B60-1B1D-4ABF-BFCD-7B7404F44411}" = Windows Live Messenger
"{F82C6574-AD88-4B40-A432-970BC77F1BD2}" = DesignPro 5
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Photoshop 5.0 Limited Edition" = Adobe Photoshop 5.0 Limited Edition
"Adobe SVG Viewer" = Adobe SVG Viewer 3.0
"CANONBJ_Deinstall_CNMCP78.DLL" = Canon iP4200
"CCleaner" = CCleaner
"ERUNT_is1" = ERUNT 1.1j
"Foxit Reader" = Foxit Reader
"Freecorder Toolbar" = Freecorder Toolbar
"Freecorder Toolbar3.02" = Freecorder Toolbar 3.02 Application
"Freecorder_1.0" = Freecorder 2.3 (with Skype Call Recording)
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InstallShield_{64A77F14-0E08-4A97-A859-E93CFF428756}" = Broadcom Management Programs
"InstallShield_{F82C6574-AD88-4B40-A432-970BC77F1BD2}" = DesignPro 5
"LiveUpdate" = LiveUpdate 3.3 (Symantec Corporation)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Mozilla Firefox (3.6.12)" = Mozilla Firefox (3.6.12)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"PhotoFiltre" = PhotoFiltre
"RealPlayer 6.0" = RealPlayer
"Software Setup" = Software Setup
"SpywareBlaster_is1" = SpywareBlaster 4.4
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Lecteur Windows Media 11
"Windows XP Service" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 15/11/2010 12:22:04 | Computer Name = PKINE | Source = MsiInstaller | ID = 11706
Description = Produit : Microsoft Office 2000 Professional -- Erreur 1706. Aucune
source valide détectée pour le produit Microsoft Office 2000 Professional. Le programme
d'installation de Windows ne peut pas continuer.

Error - 16/11/2010 04:41:47 | Computer Name = PKINE | Source = MsiInstaller | ID = 11706
Description = Produit : Microsoft Office 2000 Professional -- Erreur 1706. Aucune
source valide détectée pour le produit Microsoft Office 2000 Professional. Le programme
d'installation de Windows ne peut pas continuer.

Error - 16/11/2010 04:42:55 | Computer Name = PKINE | Source = MsiInstaller | ID = 11706
Description = Produit : Microsoft Office 2000 Professional -- Erreur 1706. Aucune
source valide détectée pour le produit Microsoft Office 2000 Professional. Le programme
d'installation de Windows ne peut pas continuer.

Error - 16/11/2010 23:26:57 | Computer Name = PKINE | Source = MsiInstaller | ID = 11706
Description = Produit : Microsoft Office 2000 Professional -- Erreur 1706. Aucune
source valide détectée pour le produit Microsoft Office 2000 Professional. Le programme
d'installation de Windows ne peut pas continuer.

Error - 17/11/2010 04:40:13 | Computer Name = PKINE | Source = Application Hang | ID = 1002
Description = Application bloquée firefox.exe, version 1.9.2.3951, module bloqué
hungapp, version 0.0.0.0, adresse de blocage 0x00000000.

Error - 17/11/2010 04:40:23 | Computer Name = PKINE | Source = Application Hang | ID = 1002
Description = Application bloquée firefox.exe, version 1.9.2.3951, module bloqué
hungapp, version 0.0.0.0, adresse de blocage 0x00000000.

Error - 17/11/2010 04:40:23 | Computer Name = PKINE | Source = Application Hang | ID = 1002
Description = Application bloquée firefox.exe, version 1.9.2.3951, module bloqué
hungapp, version 0.0.0.0, adresse de blocage 0x00000000.

Error - 17/11/2010 05:01:15 | Computer Name = PKINE | Source = Application Hang | ID = 1002
Description = Application bloquée mbam.exe, version 1.46.0.1, module bloqué hungapp,
version 0.0.0.0, adresse de blocage 0x00000000.

Error - 17/11/2010 05:29:32 | Computer Name = PKINE | Source = Application Hang | ID = 1002
Description = Application bloquée firefox.exe, version 1.9.2.3951, module bloqué
hungapp, version 0.0.0.0, adresse de blocage 0x00000000.

Error - 17/11/2010 06:47:05 | Computer Name = PKINE | Source = Application Error | ID = 1000
Description = Application défaillante adm.exe, version 7.117.757.0, module défaillant
adm.exe, version 7.117.757.0, adresse de défaillance 0x0000f5e0.

[ System Events ]
Error - 11/08/2010 09:48:30 | Computer Name = PKINE | Source = Print | ID = 6161
Description = Impossible d'imprimer le document La kora appartenant à kine sur l'imprimante
Canon iP4200 (Copie 1). Type de données : NT EMF 1.008. Taille du fichier spoule
en octets : 5084300. Nombre d'octets imprimés : 3456328. Nombre de pages dans le
document : 8. Nombre de pages imprimées : 0. Ordinateur client : \\PKINE. Le code
d'erreur Win32 renvoyé par le processeur d'impression était : 0 (0x0).

Error - 20/09/2010 05:49:15 | Computer Name = PKINE | Source = Print | ID = 6161
Description = Impossible d'imprimer le document 2-4-semaine du 13 au 19-9-10.xls
appartenant à kine sur l'imprimante Canon iP4200 (Copie 1). Type de données : NT
EMF 1.008. Taille du fichier spoule en octets : 458752. Nombre d'octets imprimés
: 411020. Nombre de pages dans le document : 19. Nombre de pages imprimées : 0.
Ordinateur client : \\PKINE. Le code d'erreur Win32 renvoyé par le processeur d'impression
était : 13 (0xd).

Error - 21/09/2010 09:21:02 | Computer Name = PKINE | Source = Print | ID = 6161
Description = Impossible d'imprimer le document C:\DOCUME~1\kine\LOCALS~1\Temp\24762.pdf
appartenant à kine sur l'imprimante Canon iP4200 (Copie 1). Type de données : NT
EMF 1.008. Taille du fichier spoule en octets : 36920740. Nombre d'octets imprimés
: 28328432. Nombre de pages dans le document : 2. Nombre de pages imprimées : 0.
Ordinateur client : \\PKINE. Le code d'erreur Win32 renvoyé par le processeur d'impression
était : 8 (0x8).

Error - 29/09/2010 09:38:20 | Computer Name = PKINE | Source = Print | ID = 6161
Description = Impossible d'imprimer le document Microsoft Word - DESVERGNE Boris.doc
appartenant à kine sur l'imprimante Canon iP4200 (Copie 1). Type de données : NT
EMF 1.008. Taille du fichier spoule en octets : 166832. Nombre d'octets imprimés
: 40592. Nombre de pages dans le document : 4. Nombre de pages imprimées : 0. Ordinateur
client : \\PKINE. Le code d'erreur Win32 renvoyé par le processeur d'impression
était : 13 (0xd).

Error - 29/09/2010 09:38:46 | Computer Name = PKINE | Source = Print | ID = 6161
Description = Impossible d'imprimer le document Microsoft Word - DESVERGNE Boris.doc
appartenant à kine sur l'imprimante Canon iP4200 (Copie 1). Type de données : NT
EMF 1.008. Taille du fichier spoule en octets : 166832. Nombre d'octets imprimés
: 31532. Nombre de pages dans le document : 4. Nombre de pages imprimées : 0. Ordinateur
client : \\PKINE. Le code d'erreur Win32 renvoyé par le processeur d'impression
était : 13 (0xd).

Error - 09/11/2010 04:57:26 | Computer Name = PKINE | Source = Print | ID = 6161
Description = Impossible d'imprimer le document Microsoft Word - LISTE Cadhoc noel
2010.doc appartenant à kine sur l'imprimante Canon iP4200 (Copie 1). Type de données
: NT EMF 1.008. Taille du fichier spoule en octets : 419432. Nombre d'octets imprimés
: 196932. Nombre de pages dans le document : 2. Nombre de pages imprimées : 0.
Ordinateur client : \\PKINE. Le code d'erreur Win32 renvoyé par le processeur d'impression
était : 6 (0x6).

Error - 16/11/2010 06:23:17 | Computer Name = PKINE | Source = DCOM | ID = 10010
Description = Le serveur {D5E8041D-920F-45E9-B8FB-B1DEB82C6E5E} ne s'est pas enregistré
sur DCOM avant la fin du temps imparti.


<End>



Voilà je crois c'est tout.
Merci d'avance
lolorob
 
Messages: 86
Inscription: 16 Jan 2007, 12:55

Messagede nickW » 19 Nov 2010, 00:25

Bonsoir,

Premiers nettoyages:


Étape 1: rkill (de Grinler), téléchargement
Remarque importante:
rkill est parfois, à tort, détecté comme nuisible. Si nécessaire, désactiver l'antivirus lors de son téléchargement.

Télécharger rkill via un clic droit suivi de Enregistrer la cible du lien sous ... depuis l'un des liens ci-dessous:

Lien 1
Lien 2
Lien 3

Enregistrer le fichier sur le Bureau.


Étape 2: OTL (de OldTimer), préparation de la correction
Ouvrir une fenêtre du Bloc-notes, via Démarrer---->Exécuter, taper notepad puis cliquer sur OK

Sélectionner toutes les lignes de la zone blanche située sous "Code:" ci-dessous, puis appuyer simultanément sur les touches Ctrl et C

Code: Tout sélectionner
rien

:otl
SRV - [2010/11/15 14:22:24 | 000,258,048 | ---- | M] (Opera Software) [Auto | Running] -- C:\WINDOWS\system32\sshnas21.dll -- (SSHNAS)
FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT1060933&SearchSource=3&q="
O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O4 - HKU\S-1-5-21-2737289284-4215095796-1596818785-1130..\Run: [MNTK1K67YO] C:\WINDOWS\Afetib.exe (Opera Software)
O4 - HKU\S-1-5-21-2737289284-4215095796-1596818785-1130..\Run: [U36VRSFLG6] C:\Documents and Settings\kine\Local Settings\Temp\Adm.exe (Opera Software)
NetSvcs: SSHNAS - C:\WINDOWS\system32\sshnas21.dll (Opera Software)

:Files
C:\WINDOWS\Afeti?.exe
C:\Documents and Settings\kine\Local Settings\Temp\Ad?.exe
C:\WINDOWS\system32\sshnas21.dll
C:\WINDOWS\tasks\{62C40AA6-4406-467a-A5A5-DFDF1B559B7A}.job
C:\WINDOWS\tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job
C:\Program Files\ConduitEngine
C:\Documents and Settings\kine\Local Settings\Application Data\ConduitEngine

:Commands
[emptytemp]



Retourner dans la fenêtre du Bloc-notes, faire un clic droit dans la fenêtre et choisir Coller
Vérifier dans le menu Format (en haut) que "Retour automatique à ligne" n'est pas actif (pas coché).
Enregistrer le fichier sous le nom fix.txt <---- ne pas modifier le nom du fichier
Fermer le Bloc-notes.

Note: Les lignes de la zone Code ci-dessus ont été créées exclusivement pour CET utilisateur: lolorob.
Si vous n'êtes pas CET utilisateur, il ne faut pas les utiliser: elles pourraient endommager votre système.



Étape 3: Pas de processus de contrôle en temps réel
Désactiver le module résident de l'antivirus.
Image Norton Antivirus: clic droit sur l'icône dans la SysBarre (à coté de l'horloge), choisir "Désactiver Auto-Protect"


Étape 4: rkill (de Grinler), exécution
Faire un double clic sur le fichier rkill téléchargé pour lancer l'outil.

Une fenêtre à fond noir va apparaître brièvement, puis disparaître.
En fin d'exécution, enregistrer le fichier rkill.log

Si rien ne se passe, ou si l'outil ne se lance pas, télécharger l'outil depuis un autre des trois liens ci-dessus et faire une nouvelle tentative d'exécution.

Si aucun des outils téléchargés depuis les trois liens ci-dessus ne semble fonctionner, télécharger une version renommée de rkill depuis iExplore.exe ou eXplorer.exe et essayer de le lancer.

Si aucun des cinq outils téléchargés ne semble fonctionner, ne pas continuer le nettoyage, et me prévenir sur le forum.

Ne pas faire redémarrer le PC.


Étape 5: Malwarebytes' Anti-Malware, nettoyage
Fermer toutes les fenêtres de programme ouvertes.
Lancer Malwarebytes' Anti-Malware via le Menu Démarrer.
Dans l'onglet Paramètres, vérifier que toutes les cases sont cochées sauf "Créer une option dans le menu contextuel pour analyser des fichiers (clic droit)".
Dans l'onglet Mise à jour, cliquer sur le bouton Recherche de mise à jour et installer toutes les mises à jour trouvées.
Dans l'onglet Recherche, cocher le bouton radio situé devant "Exécuter un examen rapide" puis cliquer sur le bouton Rechercher, comme ceci:

Image

Attendre sans rien faire d'autre la fin de la recherche; dans la fenêtre annonçant la fin de l'analyse, cliquer sur OK; puis cliquer sur le bouton "Afficher les résultats":
Image


Si des éléments nuisibles ont été détectés, cliquer sur le bouton "Supprimer la sélection": Image

Attendre patiemment sans rien faire d'autre la fin du nettoyage.
Un redémarrage est parfois nécessaire. Accepter.
Une fenêtre du Bloc-notes s'ouvre pour afficher le rapport. Fermer le Bloc-notes.
Cliquer sur le bouton "Quitter" pour fermer Malwarebytes' Anti-Malware.


Un dysfonctionnement des serveurs de free et/ou du forum m'empêche d'envoyer de "gros" messages. La suite est donc dans le message suivant.
nickW - Image
30/07/2012: Plus de désinfection de PC jusqu'à nouvel ordre.
Pas de demande d'analyse de log en MP (Message Privé)
Mes configs
Avatar de l’utilisateur
nickW
Modérateur
 
Messages: 21698
Inscription: 20 Mai 2004, 17:41
Localisation: Dordogne/Île de France

Messagede nickW » 19 Nov 2010, 00:26

Un dysfonctionnement des serveurs de free et/ou du forum m'empêche d'envoyer de "gros" messages. Ceci est la suite du message précédent.


Étape 6: Pas de processus de contrôle en temps réel
Si le PC a redémarré, et si l'antivirus a été réactivé, il faut de nouveau le désactiver.


Étape 7: OTL (de OldTimer), correction

Faire un double clic sur OTL.exe pour lancer l'outil.

L'écran principal de OTL s'affiche:
Image

Cliquer sur le bouton Correction: Image

Il y a ouverture d'une petite fenêtre "OTL": Image

Cliquer sur le bouton Ok.

A partir de la nouvelle fenêtre "Ouvrir", naviguer jusqu'au dossier de sauvegarde du fichier fix.txt puis cliquer sur le bouton Ouvrir.

Le contenu du fichier fix.txt est ainsi inséré dans le panneau "Personnalisation" Image

Fermer toutes les fenêtres de programme ouvertes autres que OTL (navigateur, traitement de texte, etc...): un redémarrage du PC va se produire.

Cliquer de nouveau sur le bouton Correction: Image

Note: Lorsque le redémarrage est demandé, cliquer sur Ok

Lorsque l'outil a terminé son travail, il y a affichage dans une petite fenêtre du message "Correction terminée! Cliquez sur Ok pour afficher le rapport.". Cliquer sur Ok puis fermer OTL.


Étape 8: Processus de contrôle en temps réel
Important: Réactiver le module résident de l'antivirus.


Étape 9: OTL (de OldTimer), analyse rapide
Fermer toutes les fenêtres de programme ouvertes.

Faire un double clic sur OTL.exe pour lancer l'outil.

L'écran principal de OTL s'affiche:
Image

Cliquer sur le bouton Analyse rapide:
Image


Laisser l'outil travailler sans l'interrompre.
Lorsque l'outil a terminé, il y a ouverture d'une fenêtre du Bloc-notes contenant un rapport (log).
Fermer le Bloc-notes.
Fermer la fenêtre de OTL.


Étape 10: Résultats
Envoyer en réponse:
*- le rapport de rkill (contenu du fichier rkill.log situé dans le dossier %SystemDrive%\)
[%SystemDrive% représente la partition sur laquelle est installé le système, généralement C:]
*- le rapport de correction de OTL (contenu du fichier %SystemDrive%\_OTL\MovedFiles\********_******.log - les *** sont des chiffres représentant la date [moisjourannée] et l'heure)
[%SystemDrive% représente la partition sur laquelle est installé le système, généralement C:]
*- le rapport de Malwarebytes' Anti-Malware (contenu du fichier mbam-log-****-**-** (**-**-**).txt situé dans le dossier %SystemDrive%\Documents and Settings\<tonprofil>\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs où ****-** (**-**-**) représente la date [année-mois-jour] et l'heure [hh-mn-ss])
[%SystemDrive% représente la partition sur laquelle est installé le système, généralement C:]

Envoyer ensuite en réponse dans un message distinct (à cause de la longueur du fichier):
*- le rapport principal de OTL (contenu du fichier OTL.txt situé sur le Bureau).
Le rapport envoyé sur le forum doit se terminer par une ligne contenant <End>. Si ce n'est pas le cas, il est incomplet, et doit alors être découpé en plusieurs messages.

Note importante: Pour l'envoi de ta(tes) réponse(s), il ne faut pas créer un nouveau sujet, mais cliquer sur le bouton "Répondre"
Image pour continuer dans ce fil de discussion.

A suivre,
nickW - Image
30/07/2012: Plus de désinfection de PC jusqu'à nouvel ordre.
Pas de demande d'analyse de log en MP (Message Privé)
Mes configs
Avatar de l’utilisateur
nickW
Modérateur
 
Messages: 21698
Inscription: 20 Mai 2004, 17:41
Localisation: Dordogne/Île de France

Messagede lolorob » 19 Nov 2010, 10:21

Bonjour,

je vous envoie les différents rapports demandés :

celui de rkill :


This log file is located at C:\rkill.log.
Please post this only if requested to by the person helping you.
Otherwise you can close this log when you wish.
Ran as kine on 19/11/2010 at 9:37:08.


Services Stopped:


Processes terminated by Rkill or while it was running:


C:\DOCUME~1\kine\LOCALS~1\Temp\Adm.exe
C:\Documents and Settings\kine\Bureau\rkill.scr


Rkill completed on 19/11/2010 at 9:37:12.



celui de correction OTL

All processes killed
Error: Unable to interpret <rien> in the current context!
========== OTL ==========
Error: No service named SSHNAS was found to stop!
Service\Driver key SSHNAS not found.
File C:\WINDOWS\system32\sshnas21.dll not found.
Prefs.js: "http://search.conduit.com/ResultsExt.aspx?ctid=CT1060933&SearchSource=3&q=" removed from browser.search.defaulturl
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}\ deleted successfully.
C:\Program Files\ConduitEngine\ConduitEngine.dll moved successfully.
Registry value HKEY_USERS\S-1-5-21-2737289284-4215095796-1596818785-1130\Software\Microsoft\Windows\CurrentVersion\Run\\MNTK1K67YO not found.
File C:\WINDOWS\Afetib.exe not found.
Registry value HKEY_USERS\S-1-5-21-2737289284-4215095796-1596818785-1130\Software\Microsoft\Windows\CurrentVersion\Run\\U36VRSFLG6 not found.
File C:\Documents and Settings\kine\Local Settings\Temp\Adm.exe not found.
SSHNAS removed from NetSvcs value successfully!
File C:\WINDOWS\system32\sshnas21.dll not found.
========== FILES ==========
File\Folder C:\WINDOWS\Afeti?.exe not found.
File\Folder C:\Documents and Settings\kine\Local Settings\Temp\Ad?.exe not found.
File\Folder C:\WINDOWS\system32\sshnas21.dll not found.
File\Folder C:\WINDOWS\tasks\{62C40AA6-4406-467a-A5A5-DFDF1B559B7A}.job not found.
File\Folder C:\WINDOWS\tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job not found.
C:\Program Files\ConduitEngine folder moved successfully.
C:\Documents and Settings\kine\Local Settings\Application Data\ConduitEngine\MyStuffApps folder moved successfully.
C:\Documents and Settings\kine\Local Settings\Application Data\ConduitEngine\Logs folder moved successfully.
C:\Documents and Settings\kine\Local Settings\Application Data\ConduitEngine\ExternalComponent folder moved successfully.
C:\Documents and Settings\kine\Local Settings\Application Data\ConduitEngine\CacheIcons folder moved successfully.
C:\Documents and Settings\kine\Local Settings\Application Data\ConduitEngine folder moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrateur
->Temp folder emptied: 3152897 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Administrateur.RVA
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: kine
->Temp folder emptied: 10484538 bytes
->Temporary Internet Files folder emptied: 83815029 bytes
->Java cache emptied: 3662 bytes
->FireFox cache emptied: 50966351 bytes
->Flash cache emptied: 14034 bytes

User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 112094 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 2134506 bytes
%systemroot%\System32 .tmp files removed: 4532736 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 16869 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 13829536 bytes

Total Files Cleaned = 161,00 mb


OTL by OldTimer - Version 3.2.17.3 log created on 11192010_100540

Files\Folders moved on Reboot...
File\Folder C:\Documents and Settings\kine\Local Settings\Temp\récépissé d'envoi en recommandé avec AR de Mr HOSTEKIND.jpg not found!

Registry entries deleted on Reboot...


celui de Malwarebytes

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Version de la base de données: 5150

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

19/11/2010 09:57:10
mbam-log-2010-11-19 (09-57-10).txt

Type d'examen: Examen rapide
Elément(s) analysé(s): 161233
Temps écoulé: 8 minute(s), 53 seconde(s)

Processus mémoire infecté(s): 1
Module(s) mémoire infecté(s): 1
Clé(s) du Registre infectée(s): 7
Valeur(s) du Registre infectée(s): 2
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 9

Processus mémoire infecté(s):
C:\WINDOWS\Afetib.exe (Trojan.Agent) -> Unloaded process successfully.

Module(s) mémoire infecté(s):
c:\WINDOWS\system32\sshnas21.dll (Trojan.Agent) -> Delete on reboot.

Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sshnas (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\MNTK1K67YO (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Handle (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\NtWqIVLZEWZU (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\U36VRSFLG6 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\ (Hijack.Zones) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mntk1k67yo (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\u36vrsflg6 (Trojan.Agent) -> Quarantined and deleted successfully.

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
c:\WINDOWS\system32\sshnas21.dll (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\Afetib.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\kine\Local Settings\Temp\Adm.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\kine\Local Settings\Temp\sshnas21.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\kine\Local Settings\Temp\_PmzfYS9.exe.part (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\kine\Local Settings\Temp\m7wQMNIa.exe.part (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Afetia.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\Tasks\{62C40AA6-4406-467a-A5A5-DFDF1B559B7A}.job (Trojan.FakeAlert) -> Quarantined and deleted successfully.


la suite dans le message suivant
lolorob
 
Messages: 86
Inscription: 16 Jan 2007, 12:55

Messagede lolorob » 19 Nov 2010, 10:23

et donc le rapport principal OTL :


OTL logfile created on: 19/11/2010 10:10:45 - Run 2
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Documents and Settings\kine\Bureau
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy

503,00 Mb Total Physical Memory | 62,00 Mb Available Physical Memory | 12,00% Memory free
1,00 Gb Paging File | 1,00 Gb Available in Paging File | 79,00% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74,52 Gb Total Space | 53,05 Gb Free Space | 71,19% Space Free | Partition Type: NTFS

Computer Name: PKINE | User Name: kine | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2010/11/17 09:37:32 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\kine\Bureau\OTL.exe
PRC - [2009/09/22 17:15:44 | 000,125,736 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\VPTray.exe
PRC - [2009/09/22 17:15:08 | 000,120,104 | ---- | M] (symantec) -- C:\Program Files\Symantec AntiVirus\SavRoam.exe
PRC - [2009/09/22 17:14:50 | 001,987,880 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\Rtvscan.exe
PRC - [2009/09/22 17:14:12 | 000,031,528 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\DefWatch.exe
PRC - [2009/08/03 13:23:34 | 000,169,320 | ---- | M] (Symantec Corporation) -- C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
PRC - [2009/08/03 13:23:30 | 000,191,848 | ---- | M] (Symantec Corporation) -- C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
PRC - [2009/08/03 13:23:30 | 000,053,096 | ---- | M] (Symantec Corporation) -- C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
PRC - [2008/10/20 11:50:07 | 000,185,872 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
PRC - [2008/07/22 19:42:12 | 000,116,040 | ---- | M] (Apple Inc.) -- C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2008/04/14 03:34:03 | 001,037,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2002/09/20 14:50:10 | 000,045,056 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe


========== Modules (SafeList) ==========

MOD - [2010/11/17 09:37:32 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\kine\Bureau\OTL.exe
MOD - [2010/08/23 17:12:39 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- C:\WINDOWS\System32\hidserv.dll -- (HidServ)
SRV - [2009/09/22 17:15:08 | 000,120,104 | ---- | M] (symantec) [Auto | Running] -- C:\Program Files\Symantec AntiVirus\SavRoam.exe -- (SavRoam)
SRV - [2009/09/22 17:14:50 | 001,987,880 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec AntiVirus\Rtvscan.exe -- (Symantec AntiVirus)
SRV - [2009/09/22 17:14:12 | 000,031,528 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec AntiVirus\DefWatch.exe -- (DefWatch)
SRV - [2009/08/03 13:23:34 | 000,169,320 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe -- (ccSetMgr)
SRV - [2009/08/03 13:23:30 | 000,191,848 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe -- (ccEvtMgr)
SRV - [2009/05/12 15:45:35 | 003,093,880 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_3.EXE -- (LiveUpdate)
SRV - [2008/12/17 15:21:08 | 000,214,408 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe -- (SNDSrvc)
SRV - [2008/07/22 19:42:12 | 000,116,040 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2007/07/26 19:25:20 | 001,181,016 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe -- (SPBBCSvc)
SRV - [2004/10/22 02:24:18 | 000,073,728 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT)
SRV - [2003/07/28 19:28:22 | 000,089,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2002/09/20 14:50:10 | 000,045,056 | ---- | M] (Analog Devices, Inc.) [Auto | Running] -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe -- (SoundMAX Agent Service (default))


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\kine\LOCALS~1\Temp\catchme.sys -- (catchme)
DRV - [2010/11/15 08:53:16 | 001,371,184 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Fichiers communs\Symantec Shared\VirusDefs\20101113.003\navex15.sys -- (NAVEX15)
DRV - [2010/11/15 08:53:12 | 000,086,064 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Fichiers communs\Symantec Shared\VirusDefs\20101113.003\naveng.sys -- (NAVENG)
DRV - [2010/05/31 07:55:37 | 000,371,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Fichiers communs\Symantec Shared\eengine\eeCtrl.sys -- (eeCtrl)
DRV - [2010/05/31 07:55:37 | 000,102,448 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Fichiers communs\Symantec Shared\eengine\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2010/03/09 10:08:11 | 000,123,952 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2009/06/14 10:47:12 | 000,055,168 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Symantec AntiVirus\Savrtpel.sys -- (SAVRTPEL)
DRV - [2009/06/14 10:47:10 | 000,339,328 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Symantec AntiVirus\savrt.sys -- (SAVRT)
DRV - [2008/12/17 15:20:40 | 000,188,808 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\SYMTDI.SYS -- (SYMTDI)
DRV - [2008/12/17 15:20:34 | 000,023,944 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\SYMREDRV.SYS -- (SYMREDRV)
DRV - [2007/07/26 19:25:18 | 000,400,216 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv)
DRV - [2004/11/16 14:46:38 | 000,190,592 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
DRV - [2004/08/03 18:29:50 | 000,019,455 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wVchNTxx.sys -- (iAimFP4)
DRV - [2004/08/03 18:29:48 | 000,012,063 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wSiINTxx.sys -- (iAimFP3)
DRV - [2004/08/03 18:29:46 | 000,025,471 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wATV10nt.sys -- (iAimTV5)
DRV - [2004/08/03 18:29:46 | 000,023,615 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wCh7xxNT.sys -- (iAimTV4)
DRV - [2004/08/03 18:29:46 | 000,022,271 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wATV06nt.sys -- (iAimTV6)
DRV - [2004/08/03 18:29:44 | 000,033,599 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wATV04nt.sys -- (iAimTV3)
DRV - [2004/08/03 18:29:44 | 000,019,551 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wATV02NT.sys -- (iAimTV1)
DRV - [2004/08/03 18:29:42 | 000,029,311 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wATV01nt.sys -- (iAimTV0)
DRV - [2004/08/03 18:29:42 | 000,011,871 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wADV09NT.sys -- (iAimFP7)
DRV - [2004/08/03 18:29:40 | 000,011,807 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wADV07nt.sys -- (iAimFP5)
DRV - [2004/08/03 18:29:40 | 000,011,295 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wADV08NT.sys -- (iAimFP6)
DRV - [2004/08/03 18:29:38 | 000,161,020 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\i81xnt5.sys -- (i81x)
DRV - [2004/08/03 18:29:38 | 000,012,415 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wADV01nt.sys -- (iAimFP0)
DRV - [2004/08/03 18:29:38 | 000,012,127 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wADV02NT.sys -- (iAimFP1)
DRV - [2004/08/03 18:29:38 | 000,011,775 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wADV05NT.sys -- (iAimFP2)
DRV - [2004/02/04 10:34:16 | 000,051,584 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\baspxp32.sys -- (Blfp)
DRV - [2002/05/08 19:44:42 | 000,105,472 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\adpu320.sys -- (adpu320)
DRV - [2002/04/04 07:32:06 | 000,028,416 | R--- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symmpi.sys -- (Symmpi)
DRV - [2001/08/17 16:20:04 | 000,096,256 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ac97intc.sys -- (ac97intc) Service d'installation du pilote audio Intel(r) 82801 (WDM)
DRV - [2001/08/17 16:07:42 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3)
DRV - [2001/08/17 16:07:40 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi)
DRV - [2001/08/17 16:07:36 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx)
DRV - [2001/08/17 16:07:34 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\..\URLSearchHook: {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files\Freecorder\tbFre2.dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultthis.engineName: "Web Search"
FF - prefs.js..browser.search.defaulturl: ""
FF - prefs.js..browser.search.selectedEngine: "Web Search"
FF - prefs.js..browser.startup.homepage: "http://www.google.fr/"
FF - prefs.js..extensions.enabledItems: {1392b8d2-5c05-419f-a8f6-b9f15a596612}:2.7.2.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21

FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Program Files\Real\RealPlayer\browserrecord [2008/10/20 11:50:40 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/10/29 07:45:55 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/10/29 07:45:55 | 000,000,000 | ---D | M]

[2008/08/26 08:24:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\kine\Application Data\Mozilla\Extensions
[2010/11/18 10:03:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\kine\Application Data\Mozilla\Firefox\Profiles\2j1ub01t.default\extensions
[2010/10/08 14:33:30 | 000,000,000 | ---D | M] (Freecorder Toolbar) -- C:\Documents and Settings\kine\Application Data\Mozilla\Firefox\Profiles\2j1ub01t.default\extensions\{1392b8d2-5c05-419f-a8f6-b9f15a596612}
[2010/11/18 10:03:37 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/04/22 08:33:29 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/10/05 12:51:24 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/07/17 04:00:04 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2005/04/27 21:10:49 | 000,102,400 | ---- | M] (RealNetworks) -- C:\Program Files\Mozilla Firefox\plugins\npracplug.dll
[2010/07/16 08:11:44 | 000,001,516 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-france.xml
[2010/07/16 08:11:44 | 000,001,822 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\cnrtl-tlfi-fr.xml
[2008/06/19 17:53:24 | 000,000,912 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\conduit.xml
[2010/07/16 08:11:44 | 000,000,757 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-france.xml
[2008/09/30 14:16:02 | 000,000,748 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\MediaDICO-fr.xml
[2010/07/16 08:11:45 | 000,001,426 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-fr.xml
[2010/07/16 08:11:45 | 000,000,956 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-france.xml

O1 HOSTS File: ([2004/08/05 03:00:00 | 000,000,790 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Freecorder Toolbar) - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files\Freecorder\tbFre2.dll (Conduit Ltd.)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Freecorder Toolbar) - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files\Freecorder\tbFre2.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\ShellBrowser: (Freecorder Toolbar) - {1392B8D2-5C05-419F-A8F6-B9F15A596612} - C:\Program Files\Freecorder\tbFre2.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (Freecorder Toolbar) - {1392B8D2-5C05-419F-A8F6-B9F15A596612} - C:\Program Files\Freecorder\tbFre2.dll (Conduit Ltd.)
O4 - HKLM..\Run: [ccApp] C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [vptray] C:\Program Files\Symantec AntiVirus\VPTray.exe (Symantec Corporation)
O4 - Startup: C:\Documents and Settings\kine\Menu Démarrer\Programmes\Démarrage\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/pub/sh ... wflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 172.16.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = rva.intranet
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Fichiers communs\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Fichiers communs\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O20 - Winlogon\Notify\NavLogon: DllName - C:\WINDOWS\system32\NavLogon.dll - C:\WINDOWS\system32\NavLogon.dll (Symantec Corporation)
O24 - Desktop Components:0 (Ma page d'accueil) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\kine\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\kine\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{bdb03384-de67-11dd-9288-000ffe3fcf10}\Shell - "" = AutoRun
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/11/19 10:05:40 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/11/17 16:08:47 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\kine\IECompatCache
[2010/11/17 09:54:08 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/11/17 09:48:41 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2010/11/17 09:37:09 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\kine\Bureau\OTL.exe
[2010/11/16 10:40:46 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/11/16 10:40:44 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/11/16 10:40:44 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/11/15 16:23:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\kine\Application Data\PriceGong
[2010/11/05 17:51:22 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\kine\Recent
[2010/10/27 09:43:42 | 000,000,000 | ---D | C] -- \\serveur\Bureautique\MEDICAL\Aides Techniques
[2008/10/21 13:15:14 | 000,774,144 | ---- | C] (RealNetworks, Inc.) -- C:\Program Files\RngInterstitial.dll

========== Files - Modified Within 30 Days ==========

[2010/11/19 10:12:41 | 000,445,016 | ---- | M] () -- C:\WINDOWS\System32\perfh00C.dat
[2010/11/19 10:12:41 | 000,380,350 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/11/19 10:12:41 | 000,063,614 | ---- | M] () -- C:\WINDOWS\System32\perfc00C.dat
[2010/11/19 10:12:41 | 000,052,764 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/11/19 10:08:41 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/11/19 10:08:35 | 000,000,082 | ---- | M] () -- C:\WINDOWS\bureau
[2010/11/19 10:08:21 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/11/19 10:08:16 | 527,962,112 | -HS- | M] () -- C:\hiberfil.sys
[2010/11/19 09:30:14 | 000,364,032 | ---- | M] () -- C:\Documents and Settings\kine\Bureau\rkill.scr
[2010/11/18 09:14:05 | 000,002,573 | ---- | M] () -- C:\Documents and Settings\kine\Bureau\Word.lnk
[2010/11/17 09:50:49 | 000,000,767 | ---- | M] () -- C:\Documents and Settings\kine\Menu Démarrer\Programmes\Démarrage\ERUNT AutoBackup.lnk
[2010/11/17 09:50:32 | 000,000,611 | ---- | M] () -- C:\Documents and Settings\kine\Bureau\NTREGOPT.lnk
[2010/11/17 09:50:32 | 000,000,592 | ---- | M] () -- C:\Documents and Settings\kine\Bureau\ERUNT.lnk
[2010/11/17 09:37:32 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\kine\Bureau\OTL.exe
[2010/11/16 10:40:49 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\Malwarebytes' Anti-Malware.lnk
[2010/11/16 10:34:46 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\CCleaner.lnk

========== Files Created - No Company Name ==========

[2010/11/19 09:30:12 | 000,364,032 | ---- | C] () -- C:\Documents and Settings\kine\Bureau\rkill.scr
[2010/11/17 09:50:49 | 000,000,767 | ---- | C] () -- C:\Documents and Settings\kine\Menu Démarrer\Programmes\Démarrage\ERUNT AutoBackup.lnk
[2010/11/17 09:50:32 | 000,000,611 | ---- | C] () -- C:\Documents and Settings\kine\Bureau\NTREGOPT.lnk
[2010/11/17 09:50:32 | 000,000,592 | ---- | C] () -- C:\Documents and Settings\kine\Bureau\ERUNT.lnk
[2010/11/16 10:40:49 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\Malwarebytes' Anti-Malware.lnk
[2010/10/29 14:48:06 | 000,000,682 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\CCleaner.lnk
[2010/08/31 14:22:54 | 000,000,053 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2010/03/05 18:45:44 | 000,010,392 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2008/04/25 13:07:20 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\vidalhelper.dll
[2007/11/16 12:34:05 | 000,001,751 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2007/03/14 14:08:47 | 000,000,000 | ---- | C] () -- C:\WINDOWS\VPC32.INI
[2006/07/26 12:30:43 | 000,210,944 | ---- | C] () -- C:\WINDOWS\System32\MSVCRT10.DLL
[2006/07/26 12:30:42 | 000,000,149 | ---- | C] () -- C:\WINDOWS\KPCMS.INI
[2006/06/27 13:14:26 | 001,683,871 | ---- | C] () -- C:\Program Files\pf-setup.exe
[2006/06/27 12:00:34 | 000,069,120 | ---- | C] () -- C:\Documents and Settings\kine\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/06/26 14:56:51 | 000,008,704 | ---- | C] () -- C:\WINDOWS\System32\CNMVS78.DLL
[2006/06/22 16:18:43 | 000,000,497 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/06/22 16:12:10 | 000,000,127 | ---- | C] () -- C:\Documents and Settings\kine\Local Settings\Application Data\fusioncache.dat
[2006/04/25 02:07:42 | 000,000,854 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2006/04/24 17:28:27 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/04/24 17:19:59 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2006/04/24 17:19:59 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2006/04/24 17:19:59 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2006/04/24 17:19:59 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2006/04/24 17:19:59 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2006/04/24 17:19:59 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2006/04/24 17:18:31 | 000,000,044 | ---- | C] () -- C:\WINDOWS\System32\msssc.dll
[2004/08/16 04:25:10 | 000,004,205 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[1999/01/22 19:46:58 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL

========== LOP Check ==========

[2009/07/16 07:52:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Avery
[2006/06/26 14:56:37 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonBJ
[2007/10/10 15:46:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Grisoft
[2010/11/16 10:34:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2007/11/09 10:23:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2006/06/28 14:56:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\kine\Application Data\InterVideo
[2009/03/26 10:47:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\kine\Application Data\Podmailing
[2010/11/19 09:36:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\kine\Application Data\PriceGong

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 95 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34

<End>



Voilà, je pense avoir tout fait correctement mais je m'excuse à l'avance si j'ai raté quelque chose...
lolorob
 
Messages: 86
Inscription: 16 Jan 2007, 12:55

Messagede nickW » 20 Nov 2010, 19:39

Bonsoir,

Après ce premier nettoyage, peux-tu me dire précisément comment se comporte le PC?

A suivre,
nickW - Image
30/07/2012: Plus de désinfection de PC jusqu'à nouvel ordre.
Pas de demande d'analyse de log en MP (Message Privé)
Mes configs
Avatar de l’utilisateur
nickW
Modérateur
 
Messages: 21698
Inscription: 20 Mai 2004, 17:41
Localisation: Dordogne/Île de France

Messagede lolorob » 22 Nov 2010, 09:38

Bonjour,

après ce nettoyage, le PC semble fonctionner correctement. Pas de fenêtres intempestives qui s'ouvrent par Internet. Le 1er jour, Norton m'a ouvert une fenêtre me signalant qu'il avait détecté un programme (mais je ne l'ai pas noté sur le coup et il ne m'a plus rien signalé). C'est étonnant car jusqu'à présent Norton n'avait jamais rien signalé à ma connaissance !
Sinon plus de ventilateur qui tourne sans arrêt. Par contre le PC est très long à l'ouverture mais ça fait longtemps qu'il est comme ça.
C'est tout ce qui me vient à l'esprit à ce jour.
lolorob
 
Messages: 86
Inscription: 16 Jan 2007, 12:55

Messagede nickW » 23 Nov 2010, 00:16

Bonsoir,

As-tu réglé le problème d'installation de Microsoft Office 2000 Professional qui a été signalé les 15 et 16/11?
(messages de l'Observateur d'événements)

A suivre,
nickW - Image
30/07/2012: Plus de désinfection de PC jusqu'à nouvel ordre.
Pas de demande d'analyse de log en MP (Message Privé)
Mes configs
Avatar de l’utilisateur
nickW
Modérateur
 
Messages: 21698
Inscription: 20 Mai 2004, 17:41
Localisation: Dordogne/Île de France

Suivante

Retourner vers Sécurité (Contamination - Décontamination)

Qui est en ligne

Utilisateurs parcourant ce forum: Aucun utilisateur enregistré et 30 invités