voici les rapport j'en ai fait deux car je pensé que le premier n'avait pas fonctionné
otl txtOTL logfile created on: 15/03/2010 17:27:10 - Run 2
OTL by OldTimer - Version 3.1.37.1 Folder = C:\Documents and Settings\fabien\Bureau
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy
511,00 Mb Total Physical Memory | 101,00 Mb Available Physical Memory | 20,00% Memory free
1,00 Gb Paging File | 1,00 Gb Available in Paging File | 63,00% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 39,06 Gb Total Space | 28,42 Gb Free Space | 72,77% Space Free | Partition Type: NTFS
Drive D: | 75,42 Gb Total Space | 73,39 Gb Free Space | 97,30% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: JOUBERT
Current User Name: fabien
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
========== Processes (SafeList) ========== PRC - C:\Documents and Settings\fabien\Bureau\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Pack Securite\ORSP Client\fsorsp.exe (F-Secure Corporation)
PRC - C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\Pack Securite\Anti-Virus\fssm32.exe (F-Secure Corporation)
PRC - C:\Program Files\Pack Securite\Anti-Virus\fsgk32.exe (F-Secure Corporation)
PRC - C:\Program Files\Pack Securite\Common\FSM32.EXE (F-Secure Corporation)
PRC - C:\Program Files\Pack Securite\Common\FSMA32.EXE (F-Secure Corporation)
PRC - C:\Program Files\Pack Securite\Common\FSHDLL32.EXE (F-Secure Corporation)
PRC - C:\Program Files\Pack Securite\FWES\program\fsdfwd.exe (F-Secure Corporation)
PRC - C:\Program Files\Pack Securite\Anti-Virus\fsgk32st.exe (F-Secure Corporation)
PRC - C:\Program Files\Pack Securite\Anti-Virus\fsav32.exe (F-Secure Corporation)
PRC - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
PRC - C:\WINDOWS\system32\slserv.exe (Smart Link)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\WINDOWS\system32\HPZipm12.exe (HP)
PRC - C:\Program Files\HP Wireless Printer Adapter\ConnectMgr.exe ()
PRC - C:\Program Files\HP Wireless Adapter\HPWLan.exe (3G Corp.)
========== Modules (SafeList) ========== MOD - C:\Documents and Settings\fabien\Bureau\OTL.exe (OldTimer Tools)
MOD - C:\Program Files\Pack Securite\Spam Control\fsscoepl.dll (F-Secure Corporation)
MOD - C:\WINDOWS\system32\framedyn.dll (Microsoft Corporation)
========== Win32 Services (SafeList) ========== SRV - (FSORSPClient) -- C:\Program Files\Pack Securite\ORSP Client\fsorsp.exe (F-Secure Corporation)
SRV - (FSMA) -- C:\Program Files\Pack Securite\Common\FSMA32.EXE (F-Secure Corporation)
SRV - (FSDFWD) -- C:\Program Files\Pack Securite\FWES\Program\fsdfwd.exe (F-Secure Corporation)
SRV - (F-Secure Gatekeeper Handler Starter) -- C:\Program Files\Pack Securite\Anti-Virus\fsgk32st.exe (F-Secure Corporation)
SRV - (SLService) -- C:\WINDOWS\System32\slserv.exe (Smart Link)
SRV - (Pml Driver HPZ12) -- C:\WINDOWS\system32\HPZipm12.exe (HP)
SRV - (zypnbwiw) -- C:\WINDOWS\system32\jyhaxzm.dll (Microsoft Corporation)
SRV - (ose) -- C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
========== Driver Services (SafeList) ========== DRV - (F-Secure Gatekeeper) -- C:\Program Files\Pack Securite\Anti-Virus\minifilter\fsgk.sys ()
DRV - (fsbts) -- C:\WINDOWS\system32\Drivers\fsbts.sys ()
DRV - (F-Secure HIPS) -- C:\Program Files\Pack Securite\HIPS\drivers\fshs.sys (F-Secure Corporation)
DRV - (FSFW) -- C:\WINDOWS\System32\drivers\fsdfw.sys (F-Secure Corporation)
DRV - (F-Secure Filter) -- C:\Program Files\Pack Securite\Anti-Virus\win2k\fsfilter.sys ()
DRV - (F-Secure Recognizer) -- C:\Program Files\Pack Securite\Anti-Virus\win2k\fsrec.sys ()
DRV - (StarOpen) -- C:\WINDOWS\system32\drivers\StarOpen.sys ()
DRV - (sscdmdm) -- C:\WINDOWS\system32\drivers\sscdmdm.sys (MCCI Corporation)
DRV - (sscdmdfl) -- C:\WINDOWS\system32\drivers\sscdmdfl.sys (MCCI Corporation)
DRV - (sscdbus) SAMSUNG USB Composite Device driver (WDM) -- C:\WINDOWS\system32\drivers\sscdbus.sys (MCCI Corporation)
DRV - (hpnuhst) -- C:\WINDOWS\system32\drivers\hpnuhst.sys (Hewlett-Packard Development Company)
DRV - (HPNUCMP) -- C:\WINDOWS\system32\drivers\hpnucmp.sys (Hewlett-Packard Development Company)
DRV - (HPNUHUB) -- C:\WINDOWS\system32\drivers\hpnuhub.sys (Hewlett-Packard Development Company)
DRV - (RTLWUSB) -- C:\WINDOWS\system32\drivers\HPL8187.SYS (Realtek Semiconductor Corporation )
DRV - (HPEAPPkt) Realtek EAPPkt Protocol(HP) -- C:\WINDOWS\system32\drivers\HPEAPPkt.sys (Windows (R) 2000 DDK provider)
DRV - (bxvyxtfv) -- C:\WINDOWS\system32\drivers\bxvyxtfv.sys (MCCI Corporation)
DRV - (PCASp50) -- C:\WINDOWS\system32\drivers\PCASp50.sys (Printing Communications Assoc., Inc. (PCAUSA))
DRV - (SG760_XP) -- C:\WINDOWS\system32\drivers\WlanUZXP.sys (ZyDAS Technology Corporation)
DRV - (SlNtHal) -- C:\WINDOWS\system32\drivers\slnthal.sys (Smart Link)
DRV - (SlWdmSup) -- C:\WINDOWS\system32\drivers\slwdmsup.sys (Smart Link)
DRV - (Slntamr) -- C:\WINDOWS\system32\drivers\slntamr.sys (Smart Link)
DRV - (NtMtlFax) -- C:\WINDOWS\system32\drivers\ntmtlfax.sys (Smart Link)
DRV - (Mtlmnt5) -- C:\WINDOWS\system32\drivers\mtlmnt5.sys (Smart Link)
DRV - (RecAgent) -- C:\WINDOWS\system32\DRIVERS\RecAgent.sys (Smart Link)
DRV - (Mtlstrm) -- C:\WINDOWS\system32\drivers\mtlstrm.sys (Smart Link)
DRV - (rtl8139) Pilote NT de carte Realtek PCI Fast Ethernet à base RTL8139(A/B/C) -- C:\WINDOWS\system32\drivers\RTL8139.sys (Realtek Semiconductor Corporation)
DRV - (nv) -- C:\WINDOWS\system32\drivers\nv4_mini.sys (NVIDIA Corporation)
DRV - (V0010bVd) -- C:\WINDOWS\system32\drivers\V0010bVd.sys (Creative Technology Ltd.)
DRV - (SjyPkt) -- C:\WINDOWS\system32\drivers\SjyPkt.sys (Windows (R) 2000 DDK provider)
DRV - (STAC97NH) -- C:\WINDOWS\system32\drivers\stac97nh.sys (SigmaTel Inc.)
DRV - (STAC97NA) -- C:\WINDOWS\system32\drivers\stac97na.sys (SigmaTel Inc.)
DRV - (sisagp) -- C:\WINDOWS\system32\DRIVERS\sisagp.sys (Silicon Integrated Systems Corporation)
DRV - (MODEMCSA) -- C:\WINDOWS\system32\drivers\MODEMCSA.sys (Microsoft Corporation)
========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
http://www.neufportail.fr/IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 71 96 09 14 08 26 CD 4D B1 EB FF 12 64 47 00 F1 [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ========== FF - prefs.js..browser.startup.homepage: "http://www.neufportail.fr/"
FF - prefs.js..extensions.enabledItems:
litmus-ff@f-secure.com:1.10
FF - prefs.js..extensions.enabledItems: {6cff2a34-3b7b-4a3b-9477-0a7f70ba41f6}:1.0
FF - prefs.js..extensions.enabledItems:
jqs@sun.com:1.0
FF - HKLM\software\mozilla\Firefox\Extensions\\litmus-ff@f-secure.com: C:\Program Files\Pack Securite\NRS\litmus-ff@f-secure.com [2010/02/01 11:52:20 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/03/14 19:43:34 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/03/15 11:22:07 | 000,000,000 | ---D | M]
[2010/03/13 14:53:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\fabien\Application Data\Mozilla\Extensions
[2010/03/15 11:23:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\fabien\Application Data\Mozilla\Firefox\Profiles\amylm2er.default\extensions
[2010/03/14 21:27:26 | 000,000,000 | ---D | M] (XUL Cache) -- C:\Documents and Settings\fabien\Application Data\Mozilla\Firefox\Profiles\amylm2er.default\extensions\{6cff2a34-3b7b-4a3b-9477-0a7f70ba41f6}
[2010/03/15 11:23:42 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/03/14 19:43:25 | 000,001,516 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-france.xml
[2010/03/14 19:43:25 | 000,001,822 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\cnrtl-tlfi-fr.xml
[2010/03/14 19:43:25 | 000,000,757 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-france.xml
[2010/03/14 19:43:26 | 000,001,426 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-fr.xml
[2010/03/14 19:43:26 | 000,000,652 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-france.xml
O1 HOSTS File: ([2006/03/02 13:00:00 | 000,000,790 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: () - {2CE7E8CF-3385-4FE9-8721-C04D57D02023} - C:\WINDOWS\system32\jyhaxzm.dll (Microsoft Corporation)
O2 - BHO: (iFinger plugin / Browser helper object) - {A114D52B-870C-4F15-8021-B6D7F91A054B} - C:\Program Files\iFinger\plugins\IE.ifp (iFinger Ltd)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll (Google Inc.)
O2 - BHO: (Browsing Protection Class) - {C6867EB7-8350-4856-877F-93CF8AE3DC9C} - C:\Program Files\Pack Securite\NRS\iescript\baselitmus.dll (F-Secure Corporation)
O3 - HKLM\..\Toolbar: (Browsing Protection Toolbar) - {265EEE8E-3228-44D3-AEA5-F7FDF5860049} - C:\Program Files\Pack Securite\NRS\iescript\baselitmus.dll (F-Secure Corporation)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [F-Secure Manager] C:\Program Files\Pack Securite\Common\FSM32.EXE (F-Secure Corporation)
O4 - HKLM..\Run: [F-Secure TNB] C:\Program Files\Pack Securite\FSGUI\TNBUtil.exe (F-Secure Corporation)
O4 - HKLM..\Run: [HPWireless] C:\Program Files\HP Wireless Adapter\HPWLAN.exe (3G Corp.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Redémarrer le gestionnaire de connexion.lnk = C:\Program Files\HP Wireless Printer Adapter\ConnectMgr.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Pack Securite\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Pack Securite\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Pack Securite\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\Program Files\Pack Securite\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93}
http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}
http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_18)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Fichiers communs\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Fichiers communs\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop Components:0 (Ma page d'accueil) - About:Home
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Colline verdoyante.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Colline verdoyante.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/11/26 16:54:28 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2008/11/26 16:53:49 | 000,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: zypnbwiw - C:\WINDOWS\system32\jyhaxzm.dll (Microsoft Corporation)
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found
========== Files/Folders - Created Within 30 Days ========== [2010/03/15 16:42:29 | 000,555,008 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\fabien\Bureau\OTL.exe
[2010/03/15 11:23:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
[2010/03/15 11:22:30 | 000,000,000 | ---D | C] -- C:\Program Files\Fichiers communs\Java
[2010/03/15 11:22:07 | 000,411,368 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deploytk.dll
[2010/03/15 11:22:07 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2010/03/15 11:22:07 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2010/03/15 11:22:07 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2010/03/15 11:22:07 | 000,073,728 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2010/03/15 11:21:25 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2010/03/15 11:20:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\fabien\Application Data\Sun
[2010/03/15 07:54:42 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/03/15 07:54:38 | 000,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/03/15 07:54:38 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/03/14 23:13:18 | 000,401,720 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\fabien\Bureau\BAT.exe.exe
[2010/03/14 22:59:40 | 000,000,000 | ---D | C] -- C:\Program Files\PersonSecurity
[2010/03/14 21:13:59 | 000,000,000 | ---D | C] -- C:\Program Files\RegCleaner
[2010/03/14 21:10:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss
[2010/03/14 21:08:36 | 000,000,000 | ---D | C] -- C:\WINDOWS\Temp
[2010/03/14 21:08:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\fabien\Recent
[2010/03/14 21:02:28 | 000,000,000 | ---D | C] -- C:\Program Files\ToniArts
[2010/03/14 20:46:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Google
[2010/03/14 20:34:28 | 000,293,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\browserchoice.exe
[2010/03/14 15:26:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\fabien\Bureau\backups
[2010/03/13 20:41:44 | 000,000,000 | ---D | C] -- C:\Program Files\trend micro
[2010/03/13 17:11:51 | 000,000,000 | ---D | C] -- D:\Mes documents\Téléchargements
[2010/03/13 17:06:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVS4YOU
[2010/03/13 17:06:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\fabien\Application Data\AVS4YOU
[2010/03/13 17:05:42 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msxml3a.dll
[2010/03/13 17:05:42 | 000,000,000 | ---D | C] -- C:\Program Files\Fichiers communs\AVSMedia
[2010/03/13 17:05:24 | 000,000,000 | ---D | C] -- C:\Program Files\AVS4YOU
[2010/03/13 14:55:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\fabien\Application Data\Malwarebytes
[2010/03/13 14:55:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/03/13 14:53:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\fabien\Local Settings\Application Data\Mozilla
[2010/03/13 14:53:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\fabien\Application Data\Mozilla
[2010/03/13 14:53:21 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2010/03/12 09:08:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2010/03/12 09:08:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2010/03/12 09:08:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2010/03/11 08:51:21 | 003,558,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\moviemk.exe
[2010/03/10 20:21:27 | 000,086,016 | RHS- | C] (Qo) -- C:\WINDOWS\msnmgr.exe
[2010/02/25 21:17:14 | 000,000,000 | ---D | C] -- C:\Program Files\VirginMega
[2010/02/13 21:41:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\fabien\Application Data\skypePM
[2010/02/13 21:36:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\fabien\Application Data\Skype
[2010/02/13 21:36:41 | 000,000,000 | ---D | C] -- C:\Program Files\Fichiers communs\Skype
[2010/02/13 21:36:31 | 000,000,000 | R--D | C] -- C:\Program Files\Skype
[2010/02/13 21:36:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Skype
[2010/02/12 10:45:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Google
[2010/02/11 13:36:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Google
[2009/01/24 14:23:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\F-Secure
[2008/11/27 09:24:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2008/11/26 16:54:19 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2008/11/26 16:54:19 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2006/02/19 03:28:56 | 000,012,288 | ---- | C] (Hewlett-Packard Development Company, L.P.) -- C:\WINDOWS\Fonts\RandFont.dll
[1 D:\Mes documents\*.tmp files -> D:\Mes documents\*.tmp -> ]
[1 C:\WINDOWS\System32\drivers\*.tmp files -> C:\WINDOWS\System32\drivers\*.tmp -> ]
========== Files - Modified Within 30 Days ========== [2010/03/15 17:18:02 | 000,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2010/03/15 17:18:01 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/03/15 17:17:51 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/03/15 17:17:46 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/03/15 17:17:44 | 536,399,872 | -HS- | M] () -- C:\hiberfil.sys
[2010/03/15 17:16:31 | 005,505,024 | -H-- | M] () -- C:\Documents and Settings\fabien\NTUSER.DAT
[2010/03/15 17:16:19 | 000,000,284 | -HS- | M] () -- C:\Documents and Settings\fabien\ntuser.ini
[2010/03/15 16:41:32 | 000,555,008 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\fabien\Bureau\OTL.exe
[2010/03/15 14:05:31 | 000,000,434 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{5AF6D8A3-9F68-41B6-BB48-5E84CF2969FB}.job
[2010/03/15 11:21:39 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2010/03/15 11:21:38 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2010/03/15 11:21:38 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2010/03/15 11:21:38 | 000,073,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2010/03/15 11:21:35 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deploytk.dll
[2010/03/15 11:10:18 | 000,977,596 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/03/15 11:10:18 | 000,454,462 | ---- | M] () -- C:\WINDOWS\System32\perfh00C.dat
[2010/03/15 11:10:18 | 000,389,944 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/03/15 11:10:18 | 000,067,476 | ---- | M] () -- C:\WINDOWS\System32\perfc00C.dat
[2010/03/15 11:10:18 | 000,056,592 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/03/15 07:54:46 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\Malwarebytes' Anti-Malware.lnk
[2010/03/14 21:51:04 | 000,004,566 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/03/14 21:27:07 | 000,000,841 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/03/14 21:27:07 | 000,000,243 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/03/14 21:27:07 | 000,000,212 | -HS- | M] () -- C:\boot.ini
[2010/03/14 21:14:02 | 000,000,645 | ---- | M] () -- C:\Documents and Settings\fabien\Bureau\RegCleaner.lnk
[2010/03/14 18:54:05 | 000,002,235 | ---- | M] () -- C:\Documents and Settings\fabien\intlname.ols
[2010/03/14 15:32:58 | 000,199,344 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/03/14 15:21:29 | 000,000,164 | ---- | M] () -- D:\Mes documents\cc_20100314_152127.reg
[2010/03/14 15:20:49 | 000,000,850 | ---- | M] () -- D:\Mes documents\cc_20100314_152017.reg
[2010/03/14 15:19:35 | 000,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2010/03/14 15:19:35 | 000,001,409 | ---- | M] () -- C:\WINDOWS\QTFont.for
[2010/03/14 15:19:33 | 000,075,194 | ---- | M] () -- D:\Mes documents\cc_20100314_151910.reg
[2010/03/13 14:53:41 | 000,000,000 | ---- | M] () -- C:\WINDOWS\nsreg.dat
[2010/03/13 14:53:27 | 000,001,602 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\Mozilla Firefox.lnk
[2010/03/13 14:31:10 | 000,401,720 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\fabien\Bureau\BAT.exe.exe
[2010/03/11 19:40:09 | 000,024,064 | ---- | M] () -- D:\Mes documents\LE Giradile.doc
[2010/03/11 19:37:30 | 000,002,265 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\Skype.lnk
[2010/03/10 21:29:23 | 000,070,457 | ---- | M] () -- C:\Documents and Settings\fabien\Bureau\LettreTypeAssuranceEmprunteurImmo.rtf
[2010/03/10 20:21:11 | 000,086,016 | RHS- | M] (Qo) -- C:\WINDOWS\msnmgr.exe
[2010/03/04 18:41:25 | 000,016,384 | ---- | M] () -- D:\Mes documents\le serpenthére.wps
[2010/03/02 08:32:47 | 001,459,248 | ---- | M] () -- D:\Mes documents\vente vêtements 002.jpg
[2010/03/01 17:39:07 | 000,000,162 | -H-- | M] () -- C:\Documents and Settings\fabien\Bureau\~$IL zacharion2009[1].doc
[2010/02/28 22:23:20 | 008,236,064 | ---- | M] () -- C:\Documents and Settings\fabien\Bureau\p.jpg
[2010/02/28 21:55:58 | 000,000,162 | -H-- | M] () -- D:\Mes documents\~$1.doc
[2010/02/28 21:52:51 | 000,012,288 | ---- | M] () -- C:\Documents and Settings\fabien\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/02/27 13:58:13 | 000,065,024 | ---- | M] () -- D:\Mes documents\Camille Joubert.doc
[2010/02/25 21:17:15 | 000,001,829 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\VirginMega Premium.lnk
[2010/02/13 21:41:12 | 000,000,056 | -H-- | M] () -- C:\WINDOWS\System32\ezsidmv.dat
[1 D:\Mes documents\*.tmp files -> D:\Mes documents\*.tmp -> ]
[1 C:\WINDOWS\System32\drivers\*.tmp files -> C:\WINDOWS\System32\drivers\*.tmp -> ]
========== Files Created - No Company Name ========== [2010/03/15 07:54:46 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\Malwarebytes' Anti-Malware.lnk
[2010/03/14 21:42:54 | 000,004,566 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2010/03/14 21:14:02 | 000,000,645 | ---- | C] () -- C:\Documents and Settings\fabien\Bureau\RegCleaner.lnk
[2010/03/14 15:21:28 | 000,000,164 | ---- | C] () -- D:\Mes documents\cc_20100314_152127.reg
[2010/03/14 15:20:20 | 000,000,850 | ---- | C] () -- D:\Mes documents\cc_20100314_152017.reg
[2010/03/14 15:19:14 | 000,075,194 | ---- | C] () -- D:\Mes documents\cc_20100314_151910.reg
[2010/03/13 14:53:41 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2010/03/13 14:53:27 | 000,001,602 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\Mozilla Firefox.lnk
[2010/03/12 17:29:47 | 000,004,174 | ---- | C] () -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\2CE7E8CF-3385-4FE9-8721-C04D57D02023.txt
[2010/03/12 16:10:54 | 000,005,846 | ---- | C] () -- C:\Documents and Settings\fabien\Local Settings\Application Data\2CE7E8CF-3385-4FE9-8721-C04D57D02023.txt
[2010/03/10 20:31:25 | 000,070,457 | ---- | C] () -- C:\Documents and Settings\fabien\Bureau\LettreTypeAssuranceEmprunteurImmo.rtf
[2010/03/09 17:46:22 | 000,024,064 | ---- | C] () -- D:\Mes documents\LE Giradile.doc
[2010/03/04 18:30:40 | 000,016,384 | ---- | C] () -- D:\Mes documents\le serpenthére.wps
[2010/03/02 08:56:33 | 001,459,248 | ---- | C] () -- D:\Mes documents\vente vêtements 002.jpg
[2010/03/01 17:39:07 | 000,000,162 | -H-- | C] () -- C:\Documents and Settings\fabien\Bureau\~$IL zacharion2009[1].doc
[2010/02/28 22:17:33 | 008,236,064 | ---- | C] () -- C:\Documents and Settings\fabien\Bureau\p.jpg
[2010/02/28 21:55:58 | 000,000,162 | -H-- | C] () -- D:\Mes documents\~$1.doc
[2010/02/28 21:51:33 | 000,018,432 | ---- | C] () -- D:\Mes documents\BAIL zacharion2009[1].doc
[2010/02/28 21:51:26 | 001,692,766 | ---- | C] () -- D:\Mes documents\Guide_de_Voyage_SFR.pdf
[2010/02/25 21:17:15 | 000,001,829 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\VirginMega Premium.lnk
[2010/02/13 21:41:12 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2010/02/13 21:36:41 | 000,002,265 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\Skype.lnk
[2009/05/07 18:29:30 | 000,012,288 | ---- | C] () -- C:\Documents and Settings\fabien\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/01/25 17:09:52 | 000,033,920 | ---- | C] () -- C:\WINDOWS\System32\drivers\fsbts.sys
[2008/12/08 20:32:09 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\LauncherAccess.dt
[2008/12/08 20:29:07 | 000,005,632 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys
[2008/11/27 20:23:37 | 000,000,129 | ---- | C] () -- C:\Documents and Settings\fabien\Local Settings\Application Data\fusioncache.dat
[2008/11/27 16:06:30 | 000,000,313 | ---- | C] () -- C:\WINDOWS\hpntwksetup.ini
[2008/11/27 09:42:30 | 000,003,052 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2008/11/27 09:41:32 | 000,077,824 | R--- | C] () -- C:\WINDOWS\System32\HPZIDS01.dll
[2008/11/26 21:43:49 | 000,022,229 | ---- | C] () -- C:\Documents and Settings\fabien\Application Data\Valeurs séparées par des virgules (Windows).ADR
[2008/11/26 21:36:21 | 000,038,399 | ---- | C] () -- C:\Documents and Settings\fabien\Application Data\Microsoft Excel.ADR
[2008/11/26 20:19:13 | 000,000,385 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/03/02 13:00:00 | 000,136,192 | ---- | C] () -- C:\WINDOWS\System32\jxtbmcno.dll
[2003/04/01 10:58:02 | 000,005,260 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2001/07/07 03:00:00 | 000,003,279 | ---- | C] () -- C:\WINDOWS\System32\HPTCPMON.INI
========== Custom Scans ========== < %SYSTEMDRIVE%\*.exe > < MD5 for: AGP440.SYS >[2006/03/02 13:00:00 | 018,782,711 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2008/11/27 09:00:24 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2008/11/27 09:00:24 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008/04/13 19:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 19:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys
< MD5 for: ATAPI.SYS >[2006/03/02 13:00:00 | 018,782,711 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2008/11/27 09:00:24 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2008/11/27 09:00:24 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008/04/13 19:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2010/03/15 17:16:26 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2006/03/02 13:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
< MD5 for: EVENTLOG.DLL >[2006/03/02 13:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=49B1376885340BF9EA0D99F71557B59A -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll
[2008/04/14 03:33:24 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=4EC800BDF80521B0207BD2301DFC7D14 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/14 03:33:24 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=4EC800BDF80521B0207BD2301DFC7D14 -- C:\WINDOWS\system32\eventlog.dll
< MD5 for: NETLOGON.DLL >[2008/04/14 03:33:34 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=04821179C3171554C1BD1F9888A113E2 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/14 03:33:34 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=04821179C3171554C1BD1F9888A113E2 -- C:\WINDOWS\system32\netlogon.dll
[2006/03/02 13:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=D4CFAC76926C24E32B7F25A35C31BC6E -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll
< MD5 for: SCECLI.DLL >[2006/03/02 13:00:00 | 000,186,368 | ---- | M] (Microsoft Corporation) MD5=58D439F6EF73A2D9288B204E819F4BBD -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008/04/14 03:33:40 | 000,187,392 | ---- | M] (Microsoft Corporation) MD5=973B36634C544948C663E8269AA1B3A3 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/14 03:33:40 | 000,187,392 | ---- | M] (Microsoft Corporation) MD5=973B36634C544948C663E8269AA1B3A3 -- C:\WINDOWS\system32\scecli.dll
< %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles >[2006/03/02 13:00:00 | 000,136,192 | ---- | M] ()
Unable to obtain MD5 -- C:\WINDOWS\system32\jxtbmcno.dll
< %systemroot%\Tasks\*.job /lockedfiles > ========== Alternate Data Streams ========== @Alternate Data Stream - 37 bytes -> C:\Documents and Settings\fabien\Bureau\OTL.exe:FS_dl_url
< End of report >
extras txtOTL Extras logfile created on: 15/03/2010 16:43:40 - Run 1
OTL by OldTimer - Version 3.1.37.1 Folder = C:\Documents and Settings\fabien\Bureau
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy
511,00 Mb Total Physical Memory | 99,00 Mb Available Physical Memory | 19,00% Memory free
1,00 Gb Paging File | 1,00 Gb Available in Paging File | 48,00% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 39,06 Gb Total Space | 28,42 Gb Free Space | 72,75% Space Free | Partition Type: NTFS
Drive D: | 75,42 Gb Total Space | 73,39 Gb Free Space | 97,30% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: JOUBERT
Current User Name: fabien
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
http [open] -- Reg Error: Key error.
https [open] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"F:\setup\HPZnet01.exe" = F:\setup\HPZnet01.exe:*:Enabled:hpznet01.exe -- File not found
"F:\setup\HPONICIFS01.EXE" = F:\setup\HPONICIFS01.EXE:*:Enabled:hponicifs01.exe -- File not found
"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe" = C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe -- (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe" = C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe -- (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe" = C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe -- ( )
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Development Company, L.P.)
"D:\Mes documents\Downloads\PICT10038010.JPG-www-facebook-com.scr" = D:\Mes documents\Downloads\PICT10038010.JPG-www-facebook-com.scr:*:Enabled:Userinit -- File not found
"C:\DOCUME~1\fabien\LOCALS~1\Temp\65.jpg" = NVIDIA Monitoring:*:Enabled:(null)
"C:\Program Files\SFR\Media Center\httpd\httpd.exe" = C:\Program Files\SFR\Media Center\httpd\httpd.exe:172.16.255.0/255.255.255.0,192.168.1.0/255.255.255.0:Enabled:Serveur de partage Media Center (Player SFR) -- (Apache Software Foundation)
========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
""Coeur"_is1" = Coeur
"{0A65A3BD-54B5-4d0d-B084-7688507813F5}" = SlideShow
"{0B568EF0-5280-4E27-BE21-74D15F0BD8AF}" = Samsung PC Studio 3
"{15C0AF59-4877-49B6-B8C6-A61CE54515F5}" = cp_OnlineProjectsConfig
"{1A9DEF19-760C-4e01-958F-D9B8E6C61B90}" = c5100_Help
"{2376813B-2E5A-4641-B7B3-A0D5ADB55229}" = HPPhotoSmartExpress
"{26A24AE4-039D-4CA4-87B4-2F83216018FF}" = Java(TM) 6 Update 18
"{2F58D60D-2BFD-4467-9B4D-64E7355C329D}" = Sonic_PrimoSDK
"{33BF0960-DBA3-4187-B6CC-C969FCFA2D25}" = SkinsHP1
"{350C940c-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{363790D2-DA98-41DD-9C9F-69FA36B169DE}" = PanoStandAlone
"{36FDBE6E-6684-462B-AE98-9A39A1B200CC}" = HP Product Assistant
"{382C8FD4-3BB0-41C9-89C2-54172F31F01B}" = VirginMega.Fr Premium
"{41E776A5-9B12-416D-9A12-B4F7B044EBED}" = CP_Package_Basic1
"{45B8A76B-57EC-4242-B019-066400CD8428}" = BufferChm
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4EA684E9-5C81-4033-A696-3019EC57AC3A}" = HPProductAssistant
"{53EE9E42-CECB-4C92-BF76-9CA65DAF8F1C}" = FullDPAppQFolder
"{64D114CE-4234-45C2-B60A-2B07D5A48F72}" = Microsoft Works 7.0
"{66910000-8B30-4973-A159-6371345AFFA5}" = WebReg
"{6696D9A4-28A8-4F5A-8E9A-2E8974C8C39C}" = RandMap
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{68763C27-235D-4165-A961-FDEA228CE504}" = AiOSoftwareNPI
"{6909F917-5499-482e-9AA1-FAD06A99F231}" = Toolbox
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{736C803C-DD3B-4015-BC51-AFB9E67B9076}" = Readme
"{74DC0593-6BC6-4001-AD5F-D810AFB68D86}" = HP Update
"{7C03270C-4FAB-4F5C-B10D-52FEDA190790}" = DocumentViewerQFolder
"{7E7B7865-6C80-4373-8BC1-C2EB9431F9DE}" = ProductContextNPI
"{8331C3EA-0C91-43AA-A4D4-27221C631139}" = Status
"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
"{8A4CE7FD-9657-4B06-9943-E1819F3D5D67}" = DocProc
"{8CE4E6E9-9D55-43FB-9DDB-688C976BFC05}" = Unload
"{9011040C-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-040C-0000-0000000FF1CE}" = Module de compatibilité pour Microsoft Office System 2007
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{991C5595-5151-4D70-B6CC-90633AC69076}" = HP Wireless Printer Adapter
"{996512CF-F35B-48DE-9291-557FA5316967}" = ScannerCopy
"{9A394342-4A68-4EBA-85A6-55B559F4E700}" = Microsoft .NET Framework 1.1 French Language Pack
"{A29800BA-0BF1-4E63-9F31-DF05A87F4104}" = InstantShareDevices
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-7AD7-1036-7B44-A90000000001}" = Adobe Reader 9 - Français
"{B2157760-AA3C-4E2E-BFE6-D20BC52495D9}" = cp_PosterPrintConfig
"{B3B9BC18-2A09-4728-9B46-12E85FF3F628}" = C5100
"{B3F1E526-180B-4480-9FEC-3E2DCB8EA9CE}" = F-Secure PSC Prerequisites
"{B6286A44-7505-471A-A72B-04EC2DB2F442}" = CueTour
"{B69CFE29-FD03-4E0A-87A7-6ED97F98E5B3}" = CP_Panorama1Config
"{BDBE2F3E-42DB-4d4a-8CB1-19BA765DBC6C}" = HP Photosmart, Officejet and Deskjet 7.0.A
"{C1C6767D-B395-43CB-BF99-051B58B86DA6}" = PhotoGallery
"{C4A4722E-79F9-417C-BD72-8D359A090C97}" = Samsung PC Studio 3
"{C7F54CF8-D6FB-4E0A-93A3-E68AE0D6C476}" = SolutionCenter
"{C8753E28-2680-49BF-BD48-DD38FD086EFE}" = AiO_Scan_CDA
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1
"{D1DDE912-03B9-4C1C-A7EB-C60693820E18}" = HP Wireless Adapter
"{DBC20735-34E6-4E97-A9E5-2066B66B243D}" = TrayApp
"{E1B80DEE-A795-4258-8445-074C06AE3AB8}" = MarketResearch
"{ED2C557E-9C18-41FF-B58E-A05EEF0B3B5F}" = CP_CalendarTemplates1
"{F157460F-720E-482f-8625-AD7843891E5F}" = InstantShareDevicesMFC
"{F3760724-B29D-465B-BC53-E5D72095BCC4}" = Scan
"{F5346614-B7C4-4E94-826A-E2363155233D}" = EasyCleaner
"{F6076EF9-08E1-442F-B6A2-BFB61B295A14}" = Fax_CDA
"{FB15E224-67C3-491F-9F5C-F257BC418412}" = Destinations
"{FBB980B0-63F8-4B48-8D65-90F1D9F81D9F}" = NewCopy_CDA
"{FE7E1DD7-EBCE-4696-ADE2-22BDBF2372DA}" = DocumentViewer
"6194C28A8F62DD817EA1B918E6E46E806A21B452" = Package de pilotes Windows - MobileTop (sshpmdm) Modem (02/23/2007 2.5.0.0)
"65B6FE5418CE28F4D72543FB2D964C3CEC83F161" = Package de pilotes Windows - MobileTop (sshpusb) USB (02/23/2007 2.5.0.0)
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Creative VF0010b" = Creative WebCam Vista Driver (1.04.05.0421)
"Creative WebCam Control" = Creative WebCam Control
"Creative WebCam Monitor" = Creative WebCam Monitor
"Encyclopédie Hachette Multimédia" = Encyclopédie Hachette Multimédia
"F-Secure Product 444" = Pack Sécurité SFR
"Google Updater" = Outil de mise à jour Google
"HijackThis" = HijackThis 2.0.2
"HP Document Viewer" = HP Document Viewer 7.0
"HP Imaging Device Functions" = HP Imaging Device Functions 7.0
"HP Photo & Imaging" = HP Photosmart Premier Software 6.5
"HP Solution Center & Imaging Support Tools" = HP Solution Center 7.0
"HPExtendedCapabilities" = HP Customer Participation Program 7.0
"HPOCR" = OCR Software by I.R.I.S 7.0
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"iFinger 2.0" = iFinger 2.0
"JRE 1.1" = Java Runtime Environment 1.1
"La respiration_is1" = "La respiration" version 1.2a
"L'oeil et la vision_is1" = L'oeil et la vision version 1.06a.
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Manuel d'utilisation de Creative WebCam Vista French" = Manuel d'utilisation de Creative WebCam Vista (Français)
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Mozilla Firefox (3.6)" = Mozilla Firefox (3.6)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"QuickTime" = QuickTime
"SAMSUNG Mobile Composite Device" = SAMSUNG Mobile Composite Device Software
"SAMSUNG Mobile Modem" = SAMSUNG Mobile Modem Driver Set
"Samsung Mobile phone USB driver" = Samsung Mobile phone USB driver Software
"SAMSUNG Mobile USB Modem" = SAMSUNG Mobile USB Modem Software
"SAMSUNG Mobile USB Modem 1.0" = SAMSUNG Mobile USB Modem 1.0 Software
"SFR_Media Center" = SFR - Media Center
"SigmaTel C-Major" = SigmaTel C-Major Audio
"ViewpointMediaPlayer" = Viewpoint Media Player (Remove Only)
"Widget SFR" = Widget SFR 2.4
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Lecteur Windows Media 11
"Windows XP Service" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
========== Last 10 Event Log Errors ========== [ Application Events ]
Error - 15/03/2010 02:29:42 | Computer Name = JOUBERT | Source = F-Secure Anti-Virus | ID = 103
Description = 650 2010-03-15 07:29:42+02:00 joubert JOUBERT\fabien F-Secure
Anti-Virus Malicious code found in file C:\WINDOWS\system32\drivers\atapi.sys.
Infection: Rootkit.Patched.TDSS.Gen
Error - 15/03/2010 02:29:49 | Computer Name = JOUBERT | Source = F-Secure Anti-Virus | ID = 103
Description = 651 2010-03-15 07:29:49+02:00 joubert JOUBERT\fabien F-Secure
Anti-Virus Malicious code found in file C:\WINDOWS\system32\drivers\atapi.sys.
Infection: Rootkit.Patched.TDSS.Gen
Error - 15/03/2010 02:29:55 | Computer Name = JOUBERT | Source = F-Secure Anti-Virus | ID = 103
Description = 652 2010-03-15 07:29:55+02:00 joubert JOUBERT\fabien F-Secure
Anti-Virus Malicious code found in file C:\WINDOWS\system32\drivers\atapi.sys.
Infection: Rootkit.Patched.TDSS.Gen
Error - 15/03/2010 02:29:58 | Computer Name = JOUBERT | Source = F-Secure Anti-Virus | ID = 103
Description = 653 2010-03-15 07:29:58+02:00 joubert JOUBERT\fabien F-Secure
Anti-Virus Malicious code found in file C:\WINDOWS\system32\drivers\atapi.sys.
Infection: Rootkit.Patched.TDSS.Gen
Error - 15/03/2010 02:30:04 | Computer Name = JOUBERT | Source = F-Secure Anti-Virus | ID = 103
Description = 654 2010-03-15 07:30:04+02:00 joubert JOUBERT\fabien F-Secure
Anti-Virus Malicious code found in file C:\WINDOWS\system32\drivers\atapi.sys.
Infection: Rootkit.Patched.TDSS.Gen
Error - 15/03/2010 02:30:10 | Computer Name = JOUBERT | Source = F-Secure Anti-Virus | ID = 103
Description = 655 2010-03-15 07:30:10+02:00 joubert JOUBERT\fabien F-Secure
Anti-Virus Malicious code found in file C:\WINDOWS\system32\drivers\atapi.sys.
Infection: Rootkit.Patched.TDSS.Gen
Error - 15/03/2010 02:30:16 | Computer Name = JOUBERT | Source = F-Secure Anti-Virus | ID = 103
Description = 656 2010-03-15 07:30:16+02:00 joubert JOUBERT\fabien F-Secure
Anti-Virus Malicious code found in file C:\WINDOWS\system32\drivers\atapi.sys.
Infection: Rootkit.Patched.TDSS.Gen
Error - 15/03/2010 02:30:23 | Computer Name = JOUBERT | Source = F-Secure Anti-Virus | ID = 103
Description = 657 2010-03-15 07:30:23+02:00 joubert JOUBERT\fabien F-Secure
Anti-Virus Malicious code found in file C:\WINDOWS\system32\drivers\atapi.sys.
Infection: Rootkit.Patched.TDSS.Gen
Error - 15/03/2010 02:30:29 | Computer Name = JOUBERT | Source = F-Secure Anti-Virus | ID = 103
Description = 658 2010-03-15 07:30:29+02:00 joubert JOUBERT\fabien F-Secure
Anti-Virus Malicious code found in file C:\WINDOWS\system32\drivers\atapi.sys.
Infection: Rootkit.Patched.TDSS.Gen
Error - 15/03/2010 02:30:35 | Computer Name = JOUBERT | Source = F-Secure Anti-Virus | ID = 103
Description = 659 2010-03-15 07:30:35+02:00 joubert JOUBERT\fabien F-Secure
Anti-Virus Malicious code found in file C:\WINDOWS\system32\drivers\atapi.sys.
Infection: Rootkit.Patched.TDSS.Gen
[ System Events ]
Error - 14/03/2010 07:43:20 | Computer Name = JOUBERT | Source = PlugPlayManager | ID = 12
Description = Le périphérique 'Périphérique de stockage de masse USB' (USB\Vid_03f0&Pid_5811&MI_03\3&7d3ca4f&2&0003)
a disparu du système sans que sa suppression ait tout d'abord été préparée.
Error - 14/03/2010 07:43:20 | Computer Name = JOUBERT | Source = PlugPlayManager | ID = 12
Description = Le périphérique 'HP Photosmart C5180 USB Device' (USBSTOR\Disk&Ven_HP&Prod_Photosmart_C5180&Rev_1.00\4&2c02d9ee&0&MY79IQ634204MK&0)
a disparu du système sans que sa suppression ait tout d'abord été préparée.
Error - 14/03/2010 07:43:20 | Computer Name = JOUBERT | Source = PlugPlayManager | ID = 12
Description = Le périphérique 'Volume générique' (STORAGE\RemovableMedia\5&31531914&0&RM)
a disparu du système sans que sa suppression ait tout d'abord été préparée.
Error - 14/03/2010 08:02:24 | Computer Name = JOUBERT | Source = W32Time | ID = 39452689
Description = Fournisseur de temps NtpClient : une erreur s'est produite lors de
la recherche DNS de l'homologue manuellement configuré 'time.windows.com,0x1'. NtpClient
va essayer à nouveau la recherche DNS dans 15 minutes. L'erreur était : Une opération
a été tentée sur un hôte impossible à atteindre. (0x80072751)
Error - 14/03/2010 08:02:24 | Computer Name = JOUBERT | Source = W32Time | ID = 39452701
Description = Le fournisseur de temps NtpClient est configuré pour acquérir le temps
à partir d'une ou plusieurs sources de temps, cependant aucune source n'est actuellement
accessible. Aucune tentative pour en contacter une ne sera effectuée d'ici 14 minutes.
NtpClient
n'a pas de source de temps précis.
Error - 14/03/2010 15:19:10 | Computer Name = JOUBERT | Source = PlugPlayManager | ID = 12
Description = Le périphérique 'Wireless_Print_Server' (USB\Vid_03f0&Pid_5811\MY79IQ634204MK_HPNU)
a disparu du système sans que sa suppression ait tout d'abord été préparée.
Error - 14/03/2010 15:19:10 | Computer Name = JOUBERT | Source = PlugPlayManager | ID = 12
Description = Le périphérique 'HP Photosmart C5100 series (DOT4USB)' (USB\Vid_03f0&Pid_5811&MI_02\3&7d3ca4f&2&0002)
a disparu du système sans que sa suppression ait tout d'abord été préparée.
Error - 14/03/2010 15:19:10 | Computer Name = JOUBERT | Source = PlugPlayManager | ID = 12
Description = Le périphérique 'Périphérique de stockage de masse USB' (USB\Vid_03f0&Pid_5811&MI_03\3&7d3ca4f&2&0003)
a disparu du système sans que sa suppression ait tout d'abord été préparée.
Error - 14/03/2010 15:19:10 | Computer Name = JOUBERT | Source = PlugPlayManager | ID = 12
Description = Le périphérique 'HP Photosmart C5180 USB Device' (USBSTOR\Disk&Ven_HP&Prod_Photosmart_C5180&Rev_1.00\4&2c02d9ee&0&MY79IQ634204MK&0)
a disparu du système sans que sa suppression ait tout d'abord été préparée.
Error - 14/03/2010 15:19:10 | Computer Name = JOUBERT | Source = PlugPlayManager | ID = 12
Description = Le périphérique 'Volume générique' (STORAGE\RemovableMedia\5&31531914&0&RM)
a disparu du système sans que sa suppression ait tout d'abord été préparée.
< End of report >