Bonjour,
suite à l'introduction d'un clé infectée par Win32/FlyStudio.NQC et à l'utilisation du logiciel USBfix, mon Windows a été sévèrement endommagé (démarrage difficile, Firefox et Thunderbird impossible a démarrer AV désactivé). J'ai peut être réussi a le remettre en état en utilisant la restauration système et en réinstallant FF et TH.
Je voudrais avoir confirmation de la bonne santé de mon PC.
Les rapports demandés:
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org
Version de la base de données: 4739
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702
04/10/2010 14:13:55
mbam-log-2010-10-04 (14-13-55).txt
Type d'examen: Examen rapide
Elément(s) analysé(s): 126990
Temps écoulé: 3 minute(s), 15 seconde(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 0
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)
Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)
Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)
Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)
Dossier(s) infecté(s):
(Aucun élément nuisible détecté)
Fichier(s) infecté(s):
(Aucun élément nuisible détecté)
Demande de vérification suite à crash Windows [résolu]
Modérateur: Modérateurs et Modératrices
5 messages
• Page 1 sur 1
Demande de vérification suite à crash Windows [résolu]
de polo » 04 10 2010
Dernière édition par polo le 14 11 2010, édité 1 fois.
polo
- polo
- Messages: 236
- Inscription: 10 09 2005
de polo » 04 10 2010
OTL logfile created on: 04/10/2010 14:16:26 - Run 1
OTL by OldTimer - Version 3.2.14.1 Folder = C:\Documents and Settings\ADMIN\Bureau
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 70,00% Memory free
3,00 Gb Paging File | 3,00 Gb Available in Paging File | 89,00% Paging File free
Paging file location(s): C:\pagefile.sys 1512 3024 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 149,05 Gb Total Space | 139,93 Gb Free Space | 93,88% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: P-##
Current User Name: ADMIN
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard
========== Processes (SafeList) ==========
PRC - [2010/10/04 14:07:15 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\ADMIN\Bureau\OTL.exe
PRC - [2010/09/27 18:24:28 | 000,949,376 | ---- | M] (Eset ) -- C:\Program Files\ESET\nod32kui.exe
PRC - [2010/09/27 18:24:28 | 000,552,064 | ---- | M] (Eset ) -- C:\Program Files\ESET\nod32krn.exe
PRC - [2010/09/15 01:04:16 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010/09/15 01:04:16 | 000,014,808 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\plugin-container.exe
PRC - [2008/04/13 19:34:04 | 001,037,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/04/10 20:07:20 | 000,413,696 | ---- | M] (IDT, Inc.) -- C:\Program Files\IDT\WDM\sttray.exe
========== Modules (SafeList) ==========
MOD - [2010/10/04 14:07:15 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\ADMIN\Bureau\OTL.exe
MOD - [2008/04/13 19:32:04 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx
MOD - [2008/04/13 11:36:48 | 002,986,496 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\xpsp2res.dll
========== Win32 Services (SafeList) ==========
SRV - File not found [Auto | Stopped] -- c:\windows\softwaredistribution\download\install\STacSV.exe -- (STacSV)
SRV - File not found [On_Demand | Stopped] -- C:\WINDOWS\System32\appmgmts.dll -- (AppMgmt)
SRV - [2010/09/27 18:24:28 | 000,552,064 | ---- | M] (Eset ) [Auto | Running] -- C:\Program Files\Eset\nod32krn.exe -- (NOD32krn)
========== Driver Services (SafeList) ==========
DRV - [2010/09/27 18:24:29 | 000,512,096 | ---- | M] (Eset ) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\amon.sys -- (AMON)
DRV - [2010/09/27 18:24:28 | 000,015,424 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\nod32drv.sys -- (nod32drv)
DRV - [2008/04/13 09:36:06 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2008/04/10 20:10:10 | 001,271,032 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2007/12/05 01:41:00 | 007,435,392 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2007/04/05 07:49:29 | 000,254,872 | R--- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\e1e5132.sys -- (e1express) Intel(R)
DRV - [2007/04/05 07:47:14 | 000,041,728 | ---- | M] (Sonic Focus, Inc) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sfng32.sys -- (sfng32)
DRV - [2007/03/13 13:05:30 | 000,044,672 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HECI.sys -- (HECI) Intel(R)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/
IE - HKU\S-1-5-21-790525478-115176313-839522115-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/
IE - HKU\S-1-5-21-790525478-115176313-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "https://www.google.com/"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2.2
FF - prefs.js..extensions.enabledItems: firefox@ghostery.com:2.3.1
FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:2.0.3.2
FF - prefs.js..extensions.enabledItems: elemhidehelper@adblockplus.org:1.0.6
FF - prefs.js..extensions.enabledItems: tineye@ideeinc.com:1.0
FF - prefs.js..extensions.enabledItems: {3e9bb2a7-62ca-4efa-a4e6-f6f6168a652d}:0.8.19
FF - prefs.js..network.proxy.no_proxies_on: "localhost,127.0.0.1"
FF - prefs.js..network.proxy.socks_version: 0
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/10/04 13:09:07 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/10/04 12:07:01 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.4\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2010/10/04 12:33:19 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.4\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
[2010/09/27 19:40:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ADMIN\Application Data\Mozilla\Extensions
[2010/09/27 19:40:17 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\ADMIN\Application Data\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2010/10/04 12:15:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ADMIN\Application Data\Mozilla\Firefox\Profiles\lohj9mkn.default\extensions
[2010/10/04 12:14:18 | 000,000,000 | ---D | M] (ShowIP) -- C:\Documents and Settings\ADMIN\Application Data\Mozilla\Firefox\Profiles\lohj9mkn.default\extensions\{3e9bb2a7-62ca-4efa-a4e6-f6f6168a652d}
[2010/10/04 12:15:04 | 000,000,000 | ---D | M] (NoScript) -- C:\Documents and Settings\ADMIN\Application Data\Mozilla\Firefox\Profiles\lohj9mkn.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
[2010/10/04 12:15:02 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\ADMIN\Application Data\Mozilla\Firefox\Profiles\lohj9mkn.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010/10/04 12:14:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ADMIN\Application Data\Mozilla\Firefox\Profiles\lohj9mkn.default\extensions\elemhidehelper@adblockplus.org
[2010/10/04 12:15:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ADMIN\Application Data\Mozilla\Firefox\Profiles\lohj9mkn.default\extensions\firefox@ghostery.com
[2010/10/04 12:15:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ADMIN\Application Data\Mozilla\Firefox\Profiles\lohj9mkn.default\extensions\staged-xpis
[2010/10/04 12:15:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ADMIN\Application Data\Mozilla\Firefox\Profiles\lohj9mkn.default\extensions\tineye@ideeinc.com
[2010/10/04 12:14:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ADMIN\Application Data\Mozilla\Firefox\Profiles\lohj9mkn.default\extensions\staged-xpis\webaddon3d_assoftware-ch@extensions.assoftware.ch
[2009/11/20 23:17:40 | 000,001,496 | ---- | M] () -- C:\Documents and Settings\ADMIN\Application Data\Mozilla\Firefox\Profiles\lohj9mkn.default\searchplugins\geo-ip-tool.xml
[2009/04/10 19:26:10 | 000,001,482 | ---- | M] () -- C:\Documents and Settings\ADMIN\Application Data\Mozilla\Firefox\Profiles\lohj9mkn.default\searchplugins\ixquick---francais.xml
[2010/09/27 18:20:24 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/09/14 23:32:19 | 000,001,516 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-france.xml
[2010/09/14 23:32:19 | 000,001,822 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\cnrtl-tlfi-fr.xml
[2010/09/14 23:32:19 | 000,000,757 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-france.xml
[2010/09/14 23:32:19 | 000,001,426 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-fr.xml
[2010/09/14 23:32:19 | 000,000,956 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-france.xml
O1 HOSTS File: ([2006/03/02 14:00:00 | 000,000,790 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O4 - HKLM..\Run: [LanguageShortcut] C:\Program Files\CyberLink\PowerDVD\Language\Language.exe ()
O4 - HKLM..\Run: [nod32kui] C:\Program Files\Eset\nod32kui.exe (Eset )
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray.exe (IDT, Inc.)
O4 - Startup: C:\Documents and Settings\ADMIN\Menu Démarrer\Programmes\Démarrage\PrintKey 2000 Fr.lnk = C:\Program Files\PrintKey 2000 Fr\Printkey 2000 Fr.exe (Fred's Software)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-790525478-115176313-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\System32\imon.dll (Eset )
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\System32\imon.dll (Eset )
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\System32\imon.dll (Eset )
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\System32\imon.dll (Eset )
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\System32\imon.dll (Eset )
O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - C:\WINDOWS\System32\imon.dll (Eset )
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microso ... 0408465156 (MUWebControl Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 212.27.40.241 212.27.40.240
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop Components:0 (Ma page d'accueil) - About:Home
O24 - Desktop WallPaper: C:\WINDOWS\tecsoft.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\tecsoft.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/10/04 10:25:35 | 000,000,000 | -HSD | M] - C:\Autorun(2).inf -- [ NTFS ]
O32 - AutoRun File - [2010/10/04 12:19:45 | 000,000,000 | RHSD | M] - C:\Autorun.inf -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
NetSvcs: 6to4 - File not found
NetSvcs: AppMgmt - C:\WINDOWS\System32\appmgmts.dll File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: Wmi - C:\WINDOWS\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found
CREATERESTOREPOINT
Restore point Set: OTL Restore Point (16902109354000384)
========== Files/Folders - Created Within 30 Days ==========
[2010/10/04 14:07:12 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\ADMIN\Bureau\OTL.exe
[2010/10/04 12:30:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ADMIN\Application Data\Malwarebytes
[2010/10/04 12:19:45 | 000,000,000 | RHSD | C] -- C:\Autorun.inf
[2010/10/04 12:17:36 | 000,000,000 | ---D | C] -- C:\UsbFix
[2010/10/04 11:49:08 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\ADMIN\Recent
[2010/10/04 11:48:57 | 000,000,000 | ---D | C] -- C:\Program Files\Ad-Remover
[2010/10/04 11:48:41 | 000,000,000 | ---D | C] -- C:\Program Files\7-Zip
[2010/10/04 10:25:35 | 000,000,000 | -HSD | C] -- C:\Autorun(2).inf
[2010/10/02 21:23:19 | 000,000,000 | ---D | C] -- C:\Program Files\SEAF
[2010/10/02 20:31:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ADMIN\Application Data\WinRAR
[2010/10/02 20:31:11 | 000,000,000 | ---D | C] -- C:\Program Files\WinRAR
[2010/10/02 13:53:16 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\Mes vidéos
[2010/10/02 13:53:16 | 000,000,000 | R--D | C] -- C:\Documents and Settings\ADMIN\Mes documents\Mes vidéos
[2010/10/02 13:06:58 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss
[2010/09/28 05:05:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ADMIN\Bureau\modération
[2010/09/27 21:07:48 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2010/09/27 20:03:42 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office
[2010/09/27 20:03:34 | 000,000,000 | ---D | C] -- C:\Program Files\MSECache
[2010/09/27 19:50:32 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010/09/27 19:42:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ADMIN\Application Data\Macromedia
[2010/09/27 19:42:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ADMIN\Application Data\Adobe
[2010/09/27 19:40:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ADMIN\Local Settings\Application Data\Thunderbird
[2010/09/27 19:40:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ADMIN\Application Data\Thunderbird
[2010/09/27 19:40:06 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Thunderbird
[2010/09/27 19:31:56 | 000,000,000 | ---D | C] -- C:\8a53d548a404423ba4d4c4
[2010/09/27 19:18:26 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/09/27 19:18:25 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/09/27 19:18:25 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/09/27 19:18:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/09/27 19:03:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ADMIN\Application Data\vlc
[2010/09/27 19:02:55 | 000,000,000 | ---D | C] -- C:\Program Files\VideoLAN
[2010/09/27 18:46:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ADMIN\Application Data\Foxit Software
[2010/09/27 18:46:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ADMIN\Application Data\Foxit
[2010/09/27 18:44:59 | 000,000,000 | ---D | C] -- C:\Program Files\Foxit Software
[2010/09/27 18:35:34 | 000,000,000 | ---D | C] -- C:\Program Files\PrintKey 2000 Fr
[2010/09/27 18:33:07 | 000,000,000 | ---D | C] -- C:\Program Files\MozBackup
[2010/09/27 18:31:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ADMIN\Mes documents\Téléchargements
[2010/09/27 18:25:46 | 000,512,096 | ---- | C] (Eset ) -- C:\WINDOWS\System32\drivers\amon.sys
[2010/09/27 18:25:46 | 000,298,104 | ---- | C] (Eset ) -- C:\WINDOWS\System32\imon.dll
[2010/09/27 18:24:26 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2010/09/27 18:20:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ADMIN\Local Settings\Application Data\Mozilla
[2010/09/27 18:20:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ADMIN\Application Data\Mozilla
[2010/09/27 18:20:24 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2010/09/27 18:18:11 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\ADMIN\PrivacIE
[2010/09/27 18:17:55 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\ADMIN\IETldCache
[2010/09/27 18:14:18 | 000,000,000 | ---D | C] -- C:\WINDOWS\ie8updates
[2010/09/27 18:14:13 | 000,743,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iedvtool.dll
[2010/09/27 18:12:40 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2010/09/27 17:27:25 | 000,119,808 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\t2embed.dll
[2010/09/27 17:27:25 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fontsub.dll
[2010/09/27 17:27:24 | 000,293,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\browserchoice.exe
[2010/09/27 17:27:11 | 000,354,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\srv.sys
[2010/09/27 17:27:07 | 000,331,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msadce.dll
[2010/09/27 17:27:02 | 002,192,000 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntoskrnl.exe
[2010/09/27 17:27:02 | 002,148,352 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrnlmp.exe
[2010/09/27 17:27:02 | 002,068,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrnlpa.exe
[2010/09/27 17:27:02 | 002,026,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrpamp.exe
[2010/09/27 17:26:29 | 000,455,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mrxsmb.sys
[2010/09/27 17:25:56 | 000,744,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\helpsvc.exe
[2010/09/27 17:24:51 | 000,471,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\aclayers.dll
[2010/09/27 17:23:49 | 003,558,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\moviemk.exe
[2010/09/27 17:23:48 | 000,354,816 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winhttp.dll
[2010/09/27 17:23:40 | 000,337,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\netapi32.dll
[2010/09/27 17:23:15 | 000,726,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\jscript.dll
[2010/09/27 17:18:33 | 000,026,368 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbstor.sys
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2010/10/04 14:07:49 | 000,000,383 | ---- | M] () -- C:\Documents and Settings\ADMIN\Bureau\scan.zip
[2010/10/04 14:07:15 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\ADMIN\Bureau\OTL.exe
[2010/10/04 12:42:21 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/10/04 12:42:20 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/10/04 12:37:41 | 001,572,864 | ---- | M] () -- C:\Documents and Settings\ADMIN\ntuser.dat
[2010/10/04 12:37:41 | 000,000,184 | -HS- | M] () -- C:\Documents and Settings\ADMIN\ntuser.ini
[2010/10/04 12:33:21 | 000,001,686 | ---- | M] () -- C:\Documents and Settings\ADMIN\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Thunderbird.lnk
[2010/10/04 12:33:21 | 000,001,668 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\Mozilla Thunderbird.lnk
[2010/10/04 12:30:45 | 000,000,714 | ---- | M] () -- C:\Documents and Settings\ADMIN\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk
[2010/10/04 12:30:45 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\Malwarebytes' Anti-Malware.lnk
[2010/10/04 12:07:05 | 000,001,620 | ---- | M] () -- C:\Documents and Settings\ADMIN\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2010/10/04 12:07:05 | 000,001,602 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\Mozilla Firefox.lnk
[2010/10/04 11:50:12 | 000,012,598 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/10/04 11:35:10 | 006,941,088 | -H-- | M] () -- C:\Documents and Settings\ADMIN\Local Settings\Application Data\IconCache.db
[2010/10/02 05:04:28 | 000,016,992 | ---- | M] () -- C:\Documents and Settings\ADMIN\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010/09/29 04:28:17 | 001,121,724 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/09/29 04:28:17 | 000,510,742 | ---- | M] () -- C:\WINDOWS\System32\perfh00C.dat
[2010/09/29 04:28:17 | 000,441,260 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/09/29 04:28:17 | 000,084,766 | ---- | M] () -- C:\WINDOWS\System32\perfc00C.dat
[2010/09/29 04:28:17 | 000,071,196 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/09/29 04:08:37 | 000,114,176 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/09/27 21:07:48 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\ADMIN\Bureau\CCleaner.lnk
[2010/09/27 20:19:29 | 000,001,941 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\Installation MSN.lnk
[2010/09/27 19:48:46 | 000,001,554 | ---- | M] () -- C:\Documents and Settings\ADMIN\Bureau\AD-R.lnk
[2010/09/27 19:31:22 | 000,003,584 | ---- | M] () -- C:\Documents and Settings\ADMIN\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/09/27 19:03:12 | 000,000,719 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\VLC media player.lnk
[2010/09/27 18:46:31 | 000,000,883 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\Foxit Reader.lnk
[2010/09/27 18:35:40 | 000,000,790 | ---- | M] () -- C:\Documents and Settings\ADMIN\Menu Démarrer\Programmes\Démarrage\PrintKey 2000 Fr.lnk
[2010/09/27 18:33:08 | 000,000,702 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\MozBackup.lnk
[2010/09/27 18:24:29 | 000,512,096 | ---- | M] (Eset ) -- C:\WINDOWS\System32\drivers\amon.sys
[2010/09/27 18:24:29 | 000,298,104 | ---- | M] (Eset ) -- C:\WINDOWS\System32\imon.dll
[2010/09/27 18:24:28 | 000,015,424 | ---- | M] () -- C:\WINDOWS\System32\drivers\nod32drv.sys
[2010/09/27 18:20:30 | 000,000,000 | ---- | M] () -- C:\WINDOWS\nsreg.dat
[2010/09/27 18:17:59 | 000,000,815 | ---- | M] () -- C:\Documents and Settings\ADMIN\Application Data\Microsoft\Internet Explorer\Quick Launch\Démarrer Internet Explorer.lnk
[2010/09/27 18:17:56 | 000,001,503 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\Choix de navigateur .lnk
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
========== Files Created - No Company Name ==========
[2010/10/04 14:07:49 | 000,000,383 | ---- | C] () -- C:\Documents and Settings\ADMIN\Bureau\scan.zip
[2010/10/04 12:30:45 | 000,000,714 | ---- | C] () -- C:\Documents and Settings\ADMIN\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk
[2010/10/01 03:01:39 | 001,572,864 | ---- | C] () -- C:\Documents and Settings\ADMIN\ntuser.dat
[2010/09/27 21:07:48 | 000,000,682 | ---- | C] () -- C:\Documents and Settings\ADMIN\Bureau\CCleaner.lnk
[2010/09/27 20:19:29 | 000,001,941 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\Installation MSN.lnk
[2010/09/27 19:48:46 | 000,001,554 | ---- | C] () -- C:\Documents and Settings\ADMIN\Bureau\AD-R.lnk
[2010/09/27 19:40:11 | 000,001,686 | ---- | C] () -- C:\Documents and Settings\ADMIN\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Thunderbird.lnk
[2010/09/27 19:40:11 | 000,001,668 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\Mozilla Thunderbird.lnk
[2010/09/27 19:31:22 | 000,003,584 | ---- | C] () -- C:\Documents and Settings\ADMIN\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/09/27 19:18:28 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\Malwarebytes' Anti-Malware.lnk
[2010/09/27 19:03:12 | 000,000,719 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\VLC media player.lnk
[2010/09/27 18:46:31 | 000,000,883 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\Foxit Reader.lnk
[2010/09/27 18:35:40 | 000,000,790 | ---- | C] () -- C:\Documents and Settings\ADMIN\Menu Démarrer\Programmes\Démarrage\PrintKey 2000 Fr.lnk
[2010/09/27 18:33:08 | 000,000,702 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\MozBackup.lnk
[2010/09/27 18:25:46 | 000,015,424 | ---- | C] () -- C:\WINDOWS\System32\drivers\nod32drv.sys
[2010/09/27 18:20:30 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2010/09/27 18:20:25 | 000,001,620 | ---- | C] () -- C:\Documents and Settings\ADMIN\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2010/09/27 18:20:25 | 000,001,602 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\Mozilla Firefox.lnk
[2010/09/27 18:17:56 | 000,001,503 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\Choix de navigateur .lnk
[2007/08/02 09:43:16 | 000,000,128 | ---- | C] () -- C:\Documents and Settings\ADMIN\Local Settings\Application Data\fusioncache.dat
[2007/06/29 00:43:00 | 001,703,936 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2007/06/29 00:43:00 | 001,474,560 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2007/06/29 00:43:00 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2007/06/29 00:43:00 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2007/06/29 00:43:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
========== LOP Check ==========
[2010/09/27 18:46:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ADMIN\Application Data\Foxit
[2010/09/27 18:46:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ADMIN\Application Data\Foxit Software
[2010/09/27 19:40:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ADMIN\Application Data\Thunderbird
========== Purity Check ==========
========== Custom Scans ==========
<SYSTEMDRIVE>
<MD5>
[2006/03/02 14:00:00 | 018,782,711 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2008/04/13 19:47:24 | 020,102,028 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2008/04/13 19:47:24 | 020,102,028 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008/04/13 11:36:40 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 11:36:40 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys
<MD5>
[2006/03/02 14:00:00 | 018,782,711 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2008/04/13 19:47:24 | 020,102,028 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2008/04/13 19:47:24 | 020,102,028 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008/04/13 11:40:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 11:40:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
[2006/03/02 14:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0008\DriverFiles\i386\atapi.sys
[2004/08/03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0009\DriverFiles\i386\atapi.sys
<MD5>
[2006/03/02 14:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=49B1376885340BF9EA0D99F71557B59A -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll
[2008/04/13 19:33:26 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=4EC800BDF80521B0207BD2301DFC7D14 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/13 19:33:26 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=4EC800BDF80521B0207BD2301DFC7D14 -- C:\WINDOWS\system32\eventlog.dll
<MD5>
[2008/04/13 19:33:36 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=04821179C3171554C1BD1F9888A113E2 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/13 19:33:36 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=04821179C3171554C1BD1F9888A113E2 -- C:\WINDOWS\system32\netlogon.dll
[2006/03/02 14:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=D4CFAC76926C24E32B7F25A35C31BC6E -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll
<MD5>
[2006/03/02 14:00:00 | 000,186,368 | ---- | M] (Microsoft Corporation) MD5=58D439F6EF73A2D9288B204E819F4BBD -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008/04/13 19:33:42 | 000,187,392 | ---- | M] (Microsoft Corporation) MD5=973B36634C544948C663E8269AA1B3A3 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/13 19:33:42 | 000,187,392 | ---- | M] (Microsoft Corporation) MD5=973B36634C544948C663E8269AA1B3A3 -- C:\WINDOWS\system32\scecli.dll
<systemroot>
<systemroot>
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]
<systemroot>
<End>
OTL by OldTimer - Version 3.2.14.1 Folder = C:\Documents and Settings\ADMIN\Bureau
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 70,00% Memory free
3,00 Gb Paging File | 3,00 Gb Available in Paging File | 89,00% Paging File free
Paging file location(s): C:\pagefile.sys 1512 3024 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 149,05 Gb Total Space | 139,93 Gb Free Space | 93,88% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: P-##
Current User Name: ADMIN
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard
========== Processes (SafeList) ==========
PRC - [2010/10/04 14:07:15 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\ADMIN\Bureau\OTL.exe
PRC - [2010/09/27 18:24:28 | 000,949,376 | ---- | M] (Eset ) -- C:\Program Files\ESET\nod32kui.exe
PRC - [2010/09/27 18:24:28 | 000,552,064 | ---- | M] (Eset ) -- C:\Program Files\ESET\nod32krn.exe
PRC - [2010/09/15 01:04:16 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010/09/15 01:04:16 | 000,014,808 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\plugin-container.exe
PRC - [2008/04/13 19:34:04 | 001,037,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/04/10 20:07:20 | 000,413,696 | ---- | M] (IDT, Inc.) -- C:\Program Files\IDT\WDM\sttray.exe
========== Modules (SafeList) ==========
MOD - [2010/10/04 14:07:15 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\ADMIN\Bureau\OTL.exe
MOD - [2008/04/13 19:32:04 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx
MOD - [2008/04/13 11:36:48 | 002,986,496 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\xpsp2res.dll
========== Win32 Services (SafeList) ==========
SRV - File not found [Auto | Stopped] -- c:\windows\softwaredistribution\download\install\STacSV.exe -- (STacSV)
SRV - File not found [On_Demand | Stopped] -- C:\WINDOWS\System32\appmgmts.dll -- (AppMgmt)
SRV - [2010/09/27 18:24:28 | 000,552,064 | ---- | M] (Eset ) [Auto | Running] -- C:\Program Files\Eset\nod32krn.exe -- (NOD32krn)
========== Driver Services (SafeList) ==========
DRV - [2010/09/27 18:24:29 | 000,512,096 | ---- | M] (Eset ) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\amon.sys -- (AMON)
DRV - [2010/09/27 18:24:28 | 000,015,424 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\nod32drv.sys -- (nod32drv)
DRV - [2008/04/13 09:36:06 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2008/04/10 20:10:10 | 001,271,032 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2007/12/05 01:41:00 | 007,435,392 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2007/04/05 07:49:29 | 000,254,872 | R--- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\e1e5132.sys -- (e1express) Intel(R)
DRV - [2007/04/05 07:47:14 | 000,041,728 | ---- | M] (Sonic Focus, Inc) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sfng32.sys -- (sfng32)
DRV - [2007/03/13 13:05:30 | 000,044,672 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HECI.sys -- (HECI) Intel(R)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/
IE - HKU\S-1-5-21-790525478-115176313-839522115-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/
IE - HKU\S-1-5-21-790525478-115176313-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "https://www.google.com/"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2.2
FF - prefs.js..extensions.enabledItems: firefox@ghostery.com:2.3.1
FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:2.0.3.2
FF - prefs.js..extensions.enabledItems: elemhidehelper@adblockplus.org:1.0.6
FF - prefs.js..extensions.enabledItems: tineye@ideeinc.com:1.0
FF - prefs.js..extensions.enabledItems: {3e9bb2a7-62ca-4efa-a4e6-f6f6168a652d}:0.8.19
FF - prefs.js..network.proxy.no_proxies_on: "localhost,127.0.0.1"
FF - prefs.js..network.proxy.socks_version: 0
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/10/04 13:09:07 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/10/04 12:07:01 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.4\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2010/10/04 12:33:19 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.4\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
[2010/09/27 19:40:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ADMIN\Application Data\Mozilla\Extensions
[2010/09/27 19:40:17 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\ADMIN\Application Data\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2010/10/04 12:15:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ADMIN\Application Data\Mozilla\Firefox\Profiles\lohj9mkn.default\extensions
[2010/10/04 12:14:18 | 000,000,000 | ---D | M] (ShowIP) -- C:\Documents and Settings\ADMIN\Application Data\Mozilla\Firefox\Profiles\lohj9mkn.default\extensions\{3e9bb2a7-62ca-4efa-a4e6-f6f6168a652d}
[2010/10/04 12:15:04 | 000,000,000 | ---D | M] (NoScript) -- C:\Documents and Settings\ADMIN\Application Data\Mozilla\Firefox\Profiles\lohj9mkn.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
[2010/10/04 12:15:02 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\ADMIN\Application Data\Mozilla\Firefox\Profiles\lohj9mkn.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010/10/04 12:14:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ADMIN\Application Data\Mozilla\Firefox\Profiles\lohj9mkn.default\extensions\elemhidehelper@adblockplus.org
[2010/10/04 12:15:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ADMIN\Application Data\Mozilla\Firefox\Profiles\lohj9mkn.default\extensions\firefox@ghostery.com
[2010/10/04 12:15:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ADMIN\Application Data\Mozilla\Firefox\Profiles\lohj9mkn.default\extensions\staged-xpis
[2010/10/04 12:15:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ADMIN\Application Data\Mozilla\Firefox\Profiles\lohj9mkn.default\extensions\tineye@ideeinc.com
[2010/10/04 12:14:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ADMIN\Application Data\Mozilla\Firefox\Profiles\lohj9mkn.default\extensions\staged-xpis\webaddon3d_assoftware-ch@extensions.assoftware.ch
[2009/11/20 23:17:40 | 000,001,496 | ---- | M] () -- C:\Documents and Settings\ADMIN\Application Data\Mozilla\Firefox\Profiles\lohj9mkn.default\searchplugins\geo-ip-tool.xml
[2009/04/10 19:26:10 | 000,001,482 | ---- | M] () -- C:\Documents and Settings\ADMIN\Application Data\Mozilla\Firefox\Profiles\lohj9mkn.default\searchplugins\ixquick---francais.xml
[2010/09/27 18:20:24 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/09/14 23:32:19 | 000,001,516 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-france.xml
[2010/09/14 23:32:19 | 000,001,822 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\cnrtl-tlfi-fr.xml
[2010/09/14 23:32:19 | 000,000,757 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-france.xml
[2010/09/14 23:32:19 | 000,001,426 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-fr.xml
[2010/09/14 23:32:19 | 000,000,956 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-france.xml
O1 HOSTS File: ([2006/03/02 14:00:00 | 000,000,790 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O4 - HKLM..\Run: [LanguageShortcut] C:\Program Files\CyberLink\PowerDVD\Language\Language.exe ()
O4 - HKLM..\Run: [nod32kui] C:\Program Files\Eset\nod32kui.exe (Eset )
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray.exe (IDT, Inc.)
O4 - Startup: C:\Documents and Settings\ADMIN\Menu Démarrer\Programmes\Démarrage\PrintKey 2000 Fr.lnk = C:\Program Files\PrintKey 2000 Fr\Printkey 2000 Fr.exe (Fred's Software)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-790525478-115176313-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\System32\imon.dll (Eset )
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\System32\imon.dll (Eset )
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\System32\imon.dll (Eset )
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\System32\imon.dll (Eset )
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\System32\imon.dll (Eset )
O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - C:\WINDOWS\System32\imon.dll (Eset )
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microso ... 0408465156 (MUWebControl Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 212.27.40.241 212.27.40.240
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop Components:0 (Ma page d'accueil) - About:Home
O24 - Desktop WallPaper: C:\WINDOWS\tecsoft.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\tecsoft.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/10/04 10:25:35 | 000,000,000 | -HSD | M] - C:\Autorun(2).inf -- [ NTFS ]
O32 - AutoRun File - [2010/10/04 12:19:45 | 000,000,000 | RHSD | M] - C:\Autorun.inf -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
NetSvcs: 6to4 - File not found
NetSvcs: AppMgmt - C:\WINDOWS\System32\appmgmts.dll File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: Wmi - C:\WINDOWS\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found
CREATERESTOREPOINT
Restore point Set: OTL Restore Point (16902109354000384)
========== Files/Folders - Created Within 30 Days ==========
[2010/10/04 14:07:12 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\ADMIN\Bureau\OTL.exe
[2010/10/04 12:30:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ADMIN\Application Data\Malwarebytes
[2010/10/04 12:19:45 | 000,000,000 | RHSD | C] -- C:\Autorun.inf
[2010/10/04 12:17:36 | 000,000,000 | ---D | C] -- C:\UsbFix
[2010/10/04 11:49:08 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\ADMIN\Recent
[2010/10/04 11:48:57 | 000,000,000 | ---D | C] -- C:\Program Files\Ad-Remover
[2010/10/04 11:48:41 | 000,000,000 | ---D | C] -- C:\Program Files\7-Zip
[2010/10/04 10:25:35 | 000,000,000 | -HSD | C] -- C:\Autorun(2).inf
[2010/10/02 21:23:19 | 000,000,000 | ---D | C] -- C:\Program Files\SEAF
[2010/10/02 20:31:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ADMIN\Application Data\WinRAR
[2010/10/02 20:31:11 | 000,000,000 | ---D | C] -- C:\Program Files\WinRAR
[2010/10/02 13:53:16 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\Mes vidéos
[2010/10/02 13:53:16 | 000,000,000 | R--D | C] -- C:\Documents and Settings\ADMIN\Mes documents\Mes vidéos
[2010/10/02 13:06:58 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss
[2010/09/28 05:05:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ADMIN\Bureau\modération
[2010/09/27 21:07:48 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2010/09/27 20:03:42 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office
[2010/09/27 20:03:34 | 000,000,000 | ---D | C] -- C:\Program Files\MSECache
[2010/09/27 19:50:32 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010/09/27 19:42:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ADMIN\Application Data\Macromedia
[2010/09/27 19:42:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ADMIN\Application Data\Adobe
[2010/09/27 19:40:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ADMIN\Local Settings\Application Data\Thunderbird
[2010/09/27 19:40:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ADMIN\Application Data\Thunderbird
[2010/09/27 19:40:06 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Thunderbird
[2010/09/27 19:31:56 | 000,000,000 | ---D | C] -- C:\8a53d548a404423ba4d4c4
[2010/09/27 19:18:26 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/09/27 19:18:25 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/09/27 19:18:25 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/09/27 19:18:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/09/27 19:03:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ADMIN\Application Data\vlc
[2010/09/27 19:02:55 | 000,000,000 | ---D | C] -- C:\Program Files\VideoLAN
[2010/09/27 18:46:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ADMIN\Application Data\Foxit Software
[2010/09/27 18:46:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ADMIN\Application Data\Foxit
[2010/09/27 18:44:59 | 000,000,000 | ---D | C] -- C:\Program Files\Foxit Software
[2010/09/27 18:35:34 | 000,000,000 | ---D | C] -- C:\Program Files\PrintKey 2000 Fr
[2010/09/27 18:33:07 | 000,000,000 | ---D | C] -- C:\Program Files\MozBackup
[2010/09/27 18:31:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ADMIN\Mes documents\Téléchargements
[2010/09/27 18:25:46 | 000,512,096 | ---- | C] (Eset ) -- C:\WINDOWS\System32\drivers\amon.sys
[2010/09/27 18:25:46 | 000,298,104 | ---- | C] (Eset ) -- C:\WINDOWS\System32\imon.dll
[2010/09/27 18:24:26 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2010/09/27 18:20:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ADMIN\Local Settings\Application Data\Mozilla
[2010/09/27 18:20:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ADMIN\Application Data\Mozilla
[2010/09/27 18:20:24 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2010/09/27 18:18:11 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\ADMIN\PrivacIE
[2010/09/27 18:17:55 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\ADMIN\IETldCache
[2010/09/27 18:14:18 | 000,000,000 | ---D | C] -- C:\WINDOWS\ie8updates
[2010/09/27 18:14:13 | 000,743,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iedvtool.dll
[2010/09/27 18:12:40 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2010/09/27 17:27:25 | 000,119,808 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\t2embed.dll
[2010/09/27 17:27:25 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fontsub.dll
[2010/09/27 17:27:24 | 000,293,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\browserchoice.exe
[2010/09/27 17:27:11 | 000,354,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\srv.sys
[2010/09/27 17:27:07 | 000,331,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msadce.dll
[2010/09/27 17:27:02 | 002,192,000 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntoskrnl.exe
[2010/09/27 17:27:02 | 002,148,352 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrnlmp.exe
[2010/09/27 17:27:02 | 002,068,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrnlpa.exe
[2010/09/27 17:27:02 | 002,026,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrpamp.exe
[2010/09/27 17:26:29 | 000,455,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mrxsmb.sys
[2010/09/27 17:25:56 | 000,744,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\helpsvc.exe
[2010/09/27 17:24:51 | 000,471,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\aclayers.dll
[2010/09/27 17:23:49 | 003,558,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\moviemk.exe
[2010/09/27 17:23:48 | 000,354,816 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winhttp.dll
[2010/09/27 17:23:40 | 000,337,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\netapi32.dll
[2010/09/27 17:23:15 | 000,726,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\jscript.dll
[2010/09/27 17:18:33 | 000,026,368 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbstor.sys
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2010/10/04 14:07:49 | 000,000,383 | ---- | M] () -- C:\Documents and Settings\ADMIN\Bureau\scan.zip
[2010/10/04 14:07:15 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\ADMIN\Bureau\OTL.exe
[2010/10/04 12:42:21 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/10/04 12:42:20 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/10/04 12:37:41 | 001,572,864 | ---- | M] () -- C:\Documents and Settings\ADMIN\ntuser.dat
[2010/10/04 12:37:41 | 000,000,184 | -HS- | M] () -- C:\Documents and Settings\ADMIN\ntuser.ini
[2010/10/04 12:33:21 | 000,001,686 | ---- | M] () -- C:\Documents and Settings\ADMIN\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Thunderbird.lnk
[2010/10/04 12:33:21 | 000,001,668 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\Mozilla Thunderbird.lnk
[2010/10/04 12:30:45 | 000,000,714 | ---- | M] () -- C:\Documents and Settings\ADMIN\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk
[2010/10/04 12:30:45 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\Malwarebytes' Anti-Malware.lnk
[2010/10/04 12:07:05 | 000,001,620 | ---- | M] () -- C:\Documents and Settings\ADMIN\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2010/10/04 12:07:05 | 000,001,602 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\Mozilla Firefox.lnk
[2010/10/04 11:50:12 | 000,012,598 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/10/04 11:35:10 | 006,941,088 | -H-- | M] () -- C:\Documents and Settings\ADMIN\Local Settings\Application Data\IconCache.db
[2010/10/02 05:04:28 | 000,016,992 | ---- | M] () -- C:\Documents and Settings\ADMIN\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010/09/29 04:28:17 | 001,121,724 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/09/29 04:28:17 | 000,510,742 | ---- | M] () -- C:\WINDOWS\System32\perfh00C.dat
[2010/09/29 04:28:17 | 000,441,260 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/09/29 04:28:17 | 000,084,766 | ---- | M] () -- C:\WINDOWS\System32\perfc00C.dat
[2010/09/29 04:28:17 | 000,071,196 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/09/29 04:08:37 | 000,114,176 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/09/27 21:07:48 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\ADMIN\Bureau\CCleaner.lnk
[2010/09/27 20:19:29 | 000,001,941 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\Installation MSN.lnk
[2010/09/27 19:48:46 | 000,001,554 | ---- | M] () -- C:\Documents and Settings\ADMIN\Bureau\AD-R.lnk
[2010/09/27 19:31:22 | 000,003,584 | ---- | M] () -- C:\Documents and Settings\ADMIN\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/09/27 19:03:12 | 000,000,719 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\VLC media player.lnk
[2010/09/27 18:46:31 | 000,000,883 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\Foxit Reader.lnk
[2010/09/27 18:35:40 | 000,000,790 | ---- | M] () -- C:\Documents and Settings\ADMIN\Menu Démarrer\Programmes\Démarrage\PrintKey 2000 Fr.lnk
[2010/09/27 18:33:08 | 000,000,702 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\MozBackup.lnk
[2010/09/27 18:24:29 | 000,512,096 | ---- | M] (Eset ) -- C:\WINDOWS\System32\drivers\amon.sys
[2010/09/27 18:24:29 | 000,298,104 | ---- | M] (Eset ) -- C:\WINDOWS\System32\imon.dll
[2010/09/27 18:24:28 | 000,015,424 | ---- | M] () -- C:\WINDOWS\System32\drivers\nod32drv.sys
[2010/09/27 18:20:30 | 000,000,000 | ---- | M] () -- C:\WINDOWS\nsreg.dat
[2010/09/27 18:17:59 | 000,000,815 | ---- | M] () -- C:\Documents and Settings\ADMIN\Application Data\Microsoft\Internet Explorer\Quick Launch\Démarrer Internet Explorer.lnk
[2010/09/27 18:17:56 | 000,001,503 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\Choix de navigateur .lnk
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
========== Files Created - No Company Name ==========
[2010/10/04 14:07:49 | 000,000,383 | ---- | C] () -- C:\Documents and Settings\ADMIN\Bureau\scan.zip
[2010/10/04 12:30:45 | 000,000,714 | ---- | C] () -- C:\Documents and Settings\ADMIN\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk
[2010/10/01 03:01:39 | 001,572,864 | ---- | C] () -- C:\Documents and Settings\ADMIN\ntuser.dat
[2010/09/27 21:07:48 | 000,000,682 | ---- | C] () -- C:\Documents and Settings\ADMIN\Bureau\CCleaner.lnk
[2010/09/27 20:19:29 | 000,001,941 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\Installation MSN.lnk
[2010/09/27 19:48:46 | 000,001,554 | ---- | C] () -- C:\Documents and Settings\ADMIN\Bureau\AD-R.lnk
[2010/09/27 19:40:11 | 000,001,686 | ---- | C] () -- C:\Documents and Settings\ADMIN\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Thunderbird.lnk
[2010/09/27 19:40:11 | 000,001,668 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\Mozilla Thunderbird.lnk
[2010/09/27 19:31:22 | 000,003,584 | ---- | C] () -- C:\Documents and Settings\ADMIN\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/09/27 19:18:28 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\Malwarebytes' Anti-Malware.lnk
[2010/09/27 19:03:12 | 000,000,719 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\VLC media player.lnk
[2010/09/27 18:46:31 | 000,000,883 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\Foxit Reader.lnk
[2010/09/27 18:35:40 | 000,000,790 | ---- | C] () -- C:\Documents and Settings\ADMIN\Menu Démarrer\Programmes\Démarrage\PrintKey 2000 Fr.lnk
[2010/09/27 18:33:08 | 000,000,702 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\MozBackup.lnk
[2010/09/27 18:25:46 | 000,015,424 | ---- | C] () -- C:\WINDOWS\System32\drivers\nod32drv.sys
[2010/09/27 18:20:30 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2010/09/27 18:20:25 | 000,001,620 | ---- | C] () -- C:\Documents and Settings\ADMIN\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2010/09/27 18:20:25 | 000,001,602 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\Mozilla Firefox.lnk
[2010/09/27 18:17:56 | 000,001,503 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\Choix de navigateur .lnk
[2007/08/02 09:43:16 | 000,000,128 | ---- | C] () -- C:\Documents and Settings\ADMIN\Local Settings\Application Data\fusioncache.dat
[2007/06/29 00:43:00 | 001,703,936 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2007/06/29 00:43:00 | 001,474,560 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2007/06/29 00:43:00 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2007/06/29 00:43:00 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2007/06/29 00:43:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
========== LOP Check ==========
[2010/09/27 18:46:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ADMIN\Application Data\Foxit
[2010/09/27 18:46:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ADMIN\Application Data\Foxit Software
[2010/09/27 19:40:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ADMIN\Application Data\Thunderbird
========== Purity Check ==========
========== Custom Scans ==========
<SYSTEMDRIVE>
<MD5>
[2006/03/02 14:00:00 | 018,782,711 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2008/04/13 19:47:24 | 020,102,028 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2008/04/13 19:47:24 | 020,102,028 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008/04/13 11:36:40 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 11:36:40 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys
<MD5>
[2006/03/02 14:00:00 | 018,782,711 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2008/04/13 19:47:24 | 020,102,028 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2008/04/13 19:47:24 | 020,102,028 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008/04/13 11:40:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 11:40:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
[2006/03/02 14:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0008\DriverFiles\i386\atapi.sys
[2004/08/03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0009\DriverFiles\i386\atapi.sys
<MD5>
[2006/03/02 14:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=49B1376885340BF9EA0D99F71557B59A -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll
[2008/04/13 19:33:26 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=4EC800BDF80521B0207BD2301DFC7D14 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/13 19:33:26 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=4EC800BDF80521B0207BD2301DFC7D14 -- C:\WINDOWS\system32\eventlog.dll
<MD5>
[2008/04/13 19:33:36 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=04821179C3171554C1BD1F9888A113E2 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/13 19:33:36 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=04821179C3171554C1BD1F9888A113E2 -- C:\WINDOWS\system32\netlogon.dll
[2006/03/02 14:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=D4CFAC76926C24E32B7F25A35C31BC6E -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll
<MD5>
[2006/03/02 14:00:00 | 000,186,368 | ---- | M] (Microsoft Corporation) MD5=58D439F6EF73A2D9288B204E819F4BBD -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008/04/13 19:33:42 | 000,187,392 | ---- | M] (Microsoft Corporation) MD5=973B36634C544948C663E8269AA1B3A3 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/13 19:33:42 | 000,187,392 | ---- | M] (Microsoft Corporation) MD5=973B36634C544948C663E8269AA1B3A3 -- C:\WINDOWS\system32\scecli.dll
<systemroot>
<systemroot>
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]
<systemroot>
<End>
Dernière édition par polo le 04 10 2010, édité 1 fois.
polo
- polo
- Messages: 236
- Inscription: 10 09 2005
de polo » 04 10 2010
OTL Extras logfile created on: 04/10/2010 14:16:26 - Run 1
OTL by OldTimer - Version 3.2.14.1 Folder = C:\Documents and Settings\ADMIN\Bureau
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 70,00% Memory free
3,00 Gb Paging File | 3,00 Gb Available in Paging File | 89,00% Paging File free
Paging file location(s): C:\pagefile.sys 1512 3024 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 149,05 Gb Total Space | 139,93 Gb Free Space | 93,88% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: P####
Current User Name: ADMIN
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
[HKEY_USERS\S-1-5-21-790525478-115176313-839522115-1004\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{350C940c-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{6901DD22-527A-41EF-9059-E81FEDE9E494}" = Windows Presentation Foundation Language Pack (FRA)
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{777CA40C-0206-4EF6-A0FC-618BF06BF8D0}" = Intel(R) PRO Network Connections 12.1.2.9
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{95120000-00AF-040C-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (French)
"{9A394342-4A68-4EBA-85A6-55B559F4E700}" = Microsoft .NET Framework 1.1 French Language Pack
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{B168C59D-5FCF-4EEC-B464-BFA7A8266150}" = Windows Communication Foundation Language Pack - FRA
"{B84C141C-9A13-44BE-9A69-301D7B11D836}" = Windows Workflow Foundation FR Language Pack
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{E3C080B0-23F5-49AF-89F8-8E8DBC89E659}" = Microsoft .NET Framework 3.0 French Language Pack
"{F196AC50-7C95-42E1-9947-BDAB18BF3C8C}" = Microsoft .NET Framework 2.0 Language Pack - FRA
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Ad-Remover" = Ad-Remover By C_XX
"CCleaner" = CCleaner
"Foxit Reader" = Foxit Reader
"HECI" = Intel(R) Management Engine Interface
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 2.0 Language Pack - FRA" = Module de prise en charge linguistique de Microsoft .NET Framework 2.0 - FRA
"Microsoft .NET Framework 3.0 French Language Pack" = Module de prise en charge linguistique du français de Microsoft .NET Framework 3.0
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MozBackup" = MozBackup 1.4.10
"Mozilla Firefox (3.6.10)" = Mozilla Firefox (3.6.10)
"Mozilla Thunderbird (3.1.4)" = Mozilla Thunderbird (3.1.4)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MSNINST" = MSN
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NOD32" = NOD32 Antivirus System
"NVIDIA Drivers" = NVIDIA Drivers
"PrintKey 2000 Fr" = PrintKey 2000 Fr
"VLC media player" = VLC media player 1.1.4
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Lecteur Windows Media 11
"Windows XP Service" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"XPSEPSCLP" = XML Paper Specification Shared Components Language Pack 1.0
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 06/11/2007 05:16:28 | Computer Name = WINDOWS-56AFE87 | Source = Windows Product Activation | ID = 1012
Description = Vous aurez besoin de réactiver votre produit Windows en raison des
modifications matérielles effectuées sur cet ordinateur.
Error - 10/05/2008 05:00:05 | Computer Name = WINDOWS-56AFE87 | Source = Windows Product Activation | ID = 1012
Description = Vous aurez besoin de réactiver votre produit Windows en raison des
modifications matérielles effectuées sur cet ordinateur.
Error - 21/06/2008 03:41:54 | Computer Name = WINDOWS-56AFE87 | Source = Windows Product Activation | ID = 1012
Description = Vous aurez besoin de réactiver votre produit Windows en raison des
modifications matérielles effectuées sur cet ordinateur.
Error - 02/10/2010 13:40:39 | Computer Name = P-## | Source = Application Error | ID = 1000
Description = Application défaillante lkappsvcheck.exe, version 1.3.0.148, module
défaillant kernel32.dll, version 5.1.2600.5781, adresse de défaillance 0x00012afb.
[ System Events ]
Error - 27/09/2010 13:24:57 | Computer Name = P-## | Source = Service Control Manager | ID = 7023
Description = Le service Gestion d'applications s'est arrêté avec l'erreur : %%126
Error - 27/09/2010 13:24:57 | Computer Name = P-## | Source = Service Control Manager | ID = 7023
Description = Le service Gestion d'applications s'est arrêté avec l'erreur : %%126
Error - 27/09/2010 13:24:58 | Computer Name = P-## | Source = Service Control Manager | ID = 7023
Description = Le service Gestion d'applications s'est arrêté avec l'erreur : %%126
Error - 27/09/2010 13:24:58 | Computer Name = P-## | Source = Service Control Manager | ID = 7023
Description = Le service Gestion d'applications s'est arrêté avec l'erreur : %%126
Error - 27/09/2010 13:24:58 | Computer Name = P-## | Source = Service Control Manager | ID = 7023
Description = Le service Gestion d'applications s'est arrêté avec l'erreur : %%126
Error - 27/09/2010 13:24:58 | Computer Name = P## | Source = Service Control Manager | ID = 7023
Description = Le service Gestion d'applications s'est arrêté avec l'erreur : %%126
Error - 27/09/2010 13:24:58 | Computer Name = P-## | Source = Service Control Manager | ID = 7023
Description = Le service Gestion d'applications s'est arrêté avec l'erreur : %%126
Error - 27/09/2010 13:24:58 | Computer Name = P-## | Source = Service Control Manager | ID = 7023
Description = Le service Gestion d'applications s'est arrêté avec l'erreur : %%126
Error - 27/09/2010 13:24:58 | Computer Name = P-## | Source = Service Control Manager | ID = 7023
Description = Le service Gestion d'applications s'est arrêté avec l'erreur : %%126
Error - 27/09/2010 13:24:58 | Computer Name = P-## | Source = Service Control Manager | ID = 7023
Description = Le service Gestion d'applications s'est arrêté avec l'erreur : %%126
<End>
Merci d'avance.
OTL by OldTimer - Version 3.2.14.1 Folder = C:\Documents and Settings\ADMIN\Bureau
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 70,00% Memory free
3,00 Gb Paging File | 3,00 Gb Available in Paging File | 89,00% Paging File free
Paging file location(s): C:\pagefile.sys 1512 3024 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 149,05 Gb Total Space | 139,93 Gb Free Space | 93,88% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: P####
Current User Name: ADMIN
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
[HKEY_USERS\S-1-5-21-790525478-115176313-839522115-1004\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{350C940c-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{6901DD22-527A-41EF-9059-E81FEDE9E494}" = Windows Presentation Foundation Language Pack (FRA)
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{777CA40C-0206-4EF6-A0FC-618BF06BF8D0}" = Intel(R) PRO Network Connections 12.1.2.9
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{95120000-00AF-040C-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (French)
"{9A394342-4A68-4EBA-85A6-55B559F4E700}" = Microsoft .NET Framework 1.1 French Language Pack
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{B168C59D-5FCF-4EEC-B464-BFA7A8266150}" = Windows Communication Foundation Language Pack - FRA
"{B84C141C-9A13-44BE-9A69-301D7B11D836}" = Windows Workflow Foundation FR Language Pack
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{E3C080B0-23F5-49AF-89F8-8E8DBC89E659}" = Microsoft .NET Framework 3.0 French Language Pack
"{F196AC50-7C95-42E1-9947-BDAB18BF3C8C}" = Microsoft .NET Framework 2.0 Language Pack - FRA
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Ad-Remover" = Ad-Remover By C_XX
"CCleaner" = CCleaner
"Foxit Reader" = Foxit Reader
"HECI" = Intel(R) Management Engine Interface
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 2.0 Language Pack - FRA" = Module de prise en charge linguistique de Microsoft .NET Framework 2.0 - FRA
"Microsoft .NET Framework 3.0 French Language Pack" = Module de prise en charge linguistique du français de Microsoft .NET Framework 3.0
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MozBackup" = MozBackup 1.4.10
"Mozilla Firefox (3.6.10)" = Mozilla Firefox (3.6.10)
"Mozilla Thunderbird (3.1.4)" = Mozilla Thunderbird (3.1.4)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MSNINST" = MSN
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NOD32" = NOD32 Antivirus System
"NVIDIA Drivers" = NVIDIA Drivers
"PrintKey 2000 Fr" = PrintKey 2000 Fr
"VLC media player" = VLC media player 1.1.4
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Lecteur Windows Media 11
"Windows XP Service" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"XPSEPSCLP" = XML Paper Specification Shared Components Language Pack 1.0
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 06/11/2007 05:16:28 | Computer Name = WINDOWS-56AFE87 | Source = Windows Product Activation | ID = 1012
Description = Vous aurez besoin de réactiver votre produit Windows en raison des
modifications matérielles effectuées sur cet ordinateur.
Error - 10/05/2008 05:00:05 | Computer Name = WINDOWS-56AFE87 | Source = Windows Product Activation | ID = 1012
Description = Vous aurez besoin de réactiver votre produit Windows en raison des
modifications matérielles effectuées sur cet ordinateur.
Error - 21/06/2008 03:41:54 | Computer Name = WINDOWS-56AFE87 | Source = Windows Product Activation | ID = 1012
Description = Vous aurez besoin de réactiver votre produit Windows en raison des
modifications matérielles effectuées sur cet ordinateur.
Error - 02/10/2010 13:40:39 | Computer Name = P-## | Source = Application Error | ID = 1000
Description = Application défaillante lkappsvcheck.exe, version 1.3.0.148, module
défaillant kernel32.dll, version 5.1.2600.5781, adresse de défaillance 0x00012afb.
[ System Events ]
Error - 27/09/2010 13:24:57 | Computer Name = P-## | Source = Service Control Manager | ID = 7023
Description = Le service Gestion d'applications s'est arrêté avec l'erreur : %%126
Error - 27/09/2010 13:24:57 | Computer Name = P-## | Source = Service Control Manager | ID = 7023
Description = Le service Gestion d'applications s'est arrêté avec l'erreur : %%126
Error - 27/09/2010 13:24:58 | Computer Name = P-## | Source = Service Control Manager | ID = 7023
Description = Le service Gestion d'applications s'est arrêté avec l'erreur : %%126
Error - 27/09/2010 13:24:58 | Computer Name = P-## | Source = Service Control Manager | ID = 7023
Description = Le service Gestion d'applications s'est arrêté avec l'erreur : %%126
Error - 27/09/2010 13:24:58 | Computer Name = P-## | Source = Service Control Manager | ID = 7023
Description = Le service Gestion d'applications s'est arrêté avec l'erreur : %%126
Error - 27/09/2010 13:24:58 | Computer Name = P## | Source = Service Control Manager | ID = 7023
Description = Le service Gestion d'applications s'est arrêté avec l'erreur : %%126
Error - 27/09/2010 13:24:58 | Computer Name = P-## | Source = Service Control Manager | ID = 7023
Description = Le service Gestion d'applications s'est arrêté avec l'erreur : %%126
Error - 27/09/2010 13:24:58 | Computer Name = P-## | Source = Service Control Manager | ID = 7023
Description = Le service Gestion d'applications s'est arrêté avec l'erreur : %%126
Error - 27/09/2010 13:24:58 | Computer Name = P-## | Source = Service Control Manager | ID = 7023
Description = Le service Gestion d'applications s'est arrêté avec l'erreur : %%126
Error - 27/09/2010 13:24:58 | Computer Name = P-## | Source = Service Control Manager | ID = 7023
Description = Le service Gestion d'applications s'est arrêté avec l'erreur : %%126
<End>
Merci d'avance.
polo
- polo
- Messages: 236
- Inscription: 10 09 2005
de nickW » 05 10 2010
Bonsoir,
Je ne vois plus rien d'infectieux dans ces rapports d'analyse.
Par contre, il reste un élément susceptible de devenir dangereux: La fonction "Autorun" (exécution automatique) est restée activée sur les périphériques amovibles.
Pour y remédier, voir ce sujet de Gof:
Guide sécurisation Windows face aux menaces infectieuses USB
http://assiste.forum.free.fr/viewtopic.php?t=25228
Note: dans le guide, le paragraphe 3.a.2 devrait t'intéresser
Le fichier de désactivation est téléchargeable depuis ce lien:
http://pagesperso-orange.fr/-Gof/DL/autorun_off.reg
Salut,
Je ne vois plus rien d'infectieux dans ces rapports d'analyse.
Par contre, il reste un élément susceptible de devenir dangereux: La fonction "Autorun" (exécution automatique) est restée activée sur les périphériques amovibles.
Pour y remédier, voir ce sujet de Gof:
Guide sécurisation Windows face aux menaces infectieuses USB
http://assiste.forum.free.fr/viewtopic.php?t=25228
Note: dans le guide, le paragraphe 3.a.2 devrait t'intéresser
Le fichier de désactivation est téléchargeable depuis ce lien:
http://pagesperso-orange.fr/-Gof/DL/autorun_off.reg
Salut,
nickW - 
30/07/2012: Plus de désinfection de PC jusqu'à nouvel ordre.
Pas de demande d'analyse de log en MP (Message Privé)
Mes configs
30/07/2012: Plus de désinfection de PC jusqu'à nouvel ordre.
Pas de demande d'analyse de log en MP (Message Privé)
Mes configs
-
nickW - Modérateur
- Messages: 20538
- Inscription: 20 05 2004
- Localisation: Île de France/Dordogne
5 messages
• Page 1 sur 1
Retourner vers Demandes d'étude de rapports d'analyse
Qui est en ligne
Utilisateurs parcourant ce forum: Aucun utilisateur enregistré et 1 invité