alors j'ai 2 soucis :
1er : lorsque je fais f8 démarrage sans échec j'ai un superbe écran bleu alors qu'en démarrage normal aucun souci !!
2ème : j'ai quand même dézipper sdfix, et j'ai lancé en mode normal mais je n'ai pas de y à saisir des chiffres et de 1 à 4 puis des lettres de a, b, c , d , h, r, u .. mais pas de y ...
donc je ne sais que faire ...
Il y a actuellement 509 visiteurs
Lundi 25 Novembre 2024
       |
[Réglé]Un problème avec Security tools.. • page 2
Règles du forum
Pour afficher un rapport d'analyse ou un rapport d'infection (HijackThis, OTL, AdwCleaner etc...), veuillez utiliser le système de fichiers joints interne au forum. Seuls les formats les .txt et .log de moins de 1Mo sont acceptés. Pour obtenir de l'aide pour insérer vos fichiers joints, veuillez consulter ce tutoriel
Pour afficher un rapport d'analyse ou un rapport d'infection (HijackThis, OTL, AdwCleaner etc...), veuillez utiliser le système de fichiers joints interne au forum. Seuls les formats les .txt et .log de moins de 1Mo sont acceptés. Pour obtenir de l'aide pour insérer vos fichiers joints, veuillez consulter ce tutoriel
Re: Un problème avec Security tools..
le 23 Nov 2009 09:15
- Murielle la puce
- Apprenti(e) Expert(e)
- Messages: 421
- Inscription: 28 Juil 2002 21:04
- Localisation: Derrière mon ordi
Re: Un problème avec Security tools..
le 23 Nov 2009 09:46
Bonjour,comment tu n'as pas de touche Y sur ton clavier??regarde en image
http://www.site-naheulbeuk.com/sdfix.php
A+
http://www.site-naheulbeuk.com/sdfix.php
A+
-
Jypalou - Expert(e)
- Messages: 1583
- Inscription: 06 Oct 2009 20:56
- Localisation: Narbonne
Re: Un problème avec Security tools..
le 23 Nov 2009 12:09
j'ai bien sur un Y sur mon clavier LOL !!
mais comme je te le disais je n'arrive pas à démarrer en mode f8 car pantage avec bel écran bleu et lorsque je lance sdfix sans le F8 il ne demande pas la même chose
donc je ne sais pas comment faire
mais comme je te le disais je n'arrive pas à démarrer en mode f8 car pantage avec bel écran bleu et lorsque je lance sdfix sans le F8 il ne demande pas la même chose
donc je ne sais pas comment faire
- Murielle la puce
- Apprenti(e) Expert(e)
- Messages: 421
- Inscription: 28 Juil 2002 21:04
- Localisation: Derrière mon ordi
Re: Un problème avec Security tools..
le 23 Nov 2009 14:50
Bon fait ceci:
Ferme toutes les applications actives et relance HijackThis 
Clique sur 
Coche 
les lignes suivantes :
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [PromoReg] C:\WINDOWS\Temp\_ex-08.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: mgjwin32.exe
O4 - Global Startup: Démarrage d'Office.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
Clique sur 
Valide par oui (Yes) au message qui va s'afficher.
Puis fait un scan avec Malwarebytes
A+
Ferme toutes les applications actives et relance HijackThis Clique sur Coche les lignes suivantes : O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [PromoReg] C:\WINDOWS\Temp\_ex-08.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: mgjwin32.exe
O4 - Global Startup: Démarrage d'Office.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
Clique sur Valide par oui (Yes) au message qui va s'afficher.Puis fait un scan avec Malwarebytes
A+
-
Jypalou - Expert(e)
- Messages: 1583
- Inscription: 06 Oct 2009 20:56
- Localisation: Narbonne
Re: Un problème avec Security tools..
le 23 Nov 2009 18:00
Fait ceci
> crée un nouveau document texte sur ton bureau
> pour cela clic droit sur le bureau > Nouveau > document texte > copie et colle le contenu de la citation ci-dessous à l'intérieur
Respecte à la lettre la procédure d'enregistrement suivante,c'est très important
> ensuite clic sur fichier > enregistrer sous...
> dans la fenêtre d'enregistrement choisie le [g]bureau[/g] comme destination > dans type choisie tous les fichiers > et dans nom du fichier tape CFScript.txt >> ensuite clic sur enregistrer et ferme le document texte.
> fait un glisser/déposer(clic-gauche enfoncer sur CFScrit.txt et tu fait glisser) de ce fichier CFScript.txt sur le fichier ComboFix.exe comme sur cette capture.
> une fenêtre bleue va apparaître >> suis les instructions indiquées
patiente le temps du scan. Le bureau va disparaître à plusieurs reprises,c'est normal!
> Ne touche à rien tant que le scan n'est pas terminé
> Vers la fin du scan, cette fenêtre va apparaître, cliques sur "ok" et patiente jusqu'à la fin du scan
> Une fois le scan achevé, un rapport va s'afficher, ferme le...
Ensuite très important...
Redémarre ton pc une nouvelle fois... et postes le rapport qui se trouve à cet emplacement C:\ComboFix.txt
A+
> crée un nouveau document texte sur ton bureau
> pour cela clic droit sur le bureau > Nouveau > document texte > copie et colle le contenu de la citation ci-dessous à l'intérieur
KillAll::
Collect::
c:\windows\system32\339929948.dat
c:\windows\system32\339929948eg.exe
c:\windows\system32\339929948ex.exe
c:\windows\system32\activedsp.exe
c:\windows\system32\AF201datc.exe
c:\documents and settings\isabelle\Menu Démarrer\Programmes\Démarrage\mgjwin32.exe
Fcopy::
c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys | c:\windows\system32\dllcache\tcpip.sys
c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys | c:\windows\system32\dllcache\tcpip.sys
c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys | c:\windows\system32\drivers\tcpip.sys
c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys | c:\windows\$NtServicePackUninstall$\tcpip.sys
c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys | c:\windows\ServicePackFiles\i386\tcpip.sys
c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys | c:\windows\$NtUninstallKB951748_0$\tcpip.sys
c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys | c:\windows\$hf_mig$\KB941644\SP2QFE\tcpip.sys
c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys | c:\windows\$hf_mig$\KB917953\SP2QFE\tcpip.sys
c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys | c:\windows\$NtUninstallKB941644$\tcpip.sys
Respecte à la lettre la procédure d'enregistrement suivante,c'est très important
> ensuite clic sur fichier > enregistrer sous...
> dans la fenêtre d'enregistrement choisie le [g]bureau[/g] comme destination > dans type choisie tous les fichiers > et dans nom du fichier tape CFScript.txt >> ensuite clic sur enregistrer et ferme le document texte.
> fait un glisser/déposer(clic-gauche enfoncer sur CFScrit.txt et tu fait glisser) de ce fichier CFScript.txt sur le fichier ComboFix.exe comme sur cette capture.
> une fenêtre bleue va apparaître >> suis les instructions indiquées
patiente le temps du scan. Le bureau va disparaître à plusieurs reprises,c'est normal!
> Ne touche à rien tant que le scan n'est pas terminé
> Vers la fin du scan, cette fenêtre va apparaître, cliques sur "ok" et patiente jusqu'à la fin du scan
> Une fois le scan achevé, un rapport va s'afficher, ferme le...
Ensuite très important...
Redémarre ton pc une nouvelle fois... et postes le rapport qui se trouve à cet emplacement C:\ComboFix.txt
A+
-
Jypalou - Expert(e)
- Messages: 1583
- Inscription: 06 Oct 2009 20:56
- Localisation: Narbonne
Re: Un problème avec Security tools..
le 24 Nov 2009 12:28
alors dans l'ordre :
le message d'erreur en démarrage mode sans échec est le blabla habituel plus le code
STOP: 0x0000007E (0xC0000005, 0x80537009, 0xF789E2BC, 0F769DFB8)..
J'ai fais hijack et j'ai tout "fixed" sauf la ligne
O4 - HKLM\..\Run: [PromoReg] C:\WINDOWS\Temp\_ex-08.exe
qui n'apparaissait pas
je m'en vais maintenant faire la manip sur combo et ensuite je reviens..
merci encore...
le message d'erreur en démarrage mode sans échec est le blabla habituel plus le code
STOP: 0x0000007E (0xC0000005, 0x80537009, 0xF789E2BC, 0F769DFB8)..
J'ai fais hijack et j'ai tout "fixed" sauf la ligne
O4 - HKLM\..\Run: [PromoReg] C:\WINDOWS\Temp\_ex-08.exe
qui n'apparaissait pas
je m'en vais maintenant faire la manip sur combo et ensuite je reviens..
merci encore...
- Murielle la puce
- Apprenti(e) Expert(e)
- Messages: 421
- Inscription: 28 Juil 2002 21:04
- Localisation: Derrière mon ordi
Re: Un problème avec Security tools..
le 24 Nov 2009 13:21
voici le rapport combo
ComboFix 09-11-23.04 - isabelle 24/11/2009 12:39.6.2 - x86
Microsoft Windows XP Professionnel 5.1.2600.3.1252.33.1036.18.2046.1642 [GMT 1:00]
Lancé depuis: c:\documents and settings\isabelle\Bureau\ComboFix.exe
Commutateurs utilisés :: c:\documents and settings\isabelle\Bureau\CFScript.txt.txt
AV: Antivirus BitDefender *On-access scanning disabled* (Updated) {6C4BB89C-B0ED-4F41-A29C-4373888923BB}
FW: Pare-feu BitDefender *enabled* {4055920F-2E99-48A8-A270-4243D2B8F242}
file zipped: c:\windows\system32\339929948.dat
file zipped: c:\windows\system32\339929948eg.exe
file zipped: c:\windows\system32\339929948ex.exe
file zipped: c:\windows\system32\activedsp.exe
file zipped: c:\windows\system32\AF201datc.exe
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\system32\339929948.dat
c:\windows\system32\339929948eg.exe
c:\windows\system32\339929948ex.exe
c:\windows\system32\activedsp.exe
c:\windows\system32\AF201datc.exe
.
--------------- FCopy ---------------
c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys --> c:\windows\system32\dllcache\tcpip.sys
c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys --> c:\windows\system32\dllcache\tcpip.sys
c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys --> c:\windows\system32\drivers\tcpip.sys
c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys --> c:\windows\$NtServicePackUninstall$\tcpip.sys
c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys --> c:\windows\ServicePackFiles\i386\tcpip.sys
c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys --> c:\windows\$NtUninstallKB951748_0$\tcpip.sys
c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys --> c:\windows\$hf_mig$\KB941644\SP2QFE\tcpip.sys
c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys --> c:\windows\$hf_mig$\KB917953\SP2QFE\tcpip.sys
c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys --> c:\windows\$NtUninstallKB941644$\tcpip.sys
.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_SHELLHWDETECTIONSSDPSRV
-------\Service_ShellHWDetectionSSDPSRV
-------\Legacy_HTTPFilterPlugPlay
-------\Legacy_srserviceRpcLocator
-------\Service_HTTPFilterPlugPlay
-------\Service_srserviceRpcLocator
((((((((((((((((((((((((((((( Fichiers créés du 2009-10-24 au 2009-11-24 ))))))))))))))))))))))))))))))))))))
.
2009-11-23 08:09 . 2009-11-23 11:04 -------- d-----w- C:\SDFix
2009-11-19 15:14 . 2009-11-19 15:14 -------- d-----w- C:\_OTM
2009-11-18 20:48 . 2009-11-18 20:48 -------- d-----w- c:\program files\CCleaner
2009-11-18 12:56 . 2009-11-18 12:56 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-11-24 11:49 . 2007-06-18 07:50 81984 ----a-w- c:\windows\system32\bdod.bin
2009-11-22 10:44 . 2007-04-21 11:11 246784 ----a-w- c:\windows\system32\drivers\iaStor.sys
2009-11-04 08:51 . 2007-04-26 11:00 -------- d-----w- c:\program files\PowerArchiver
2009-10-25 14:55 . 2004-08-19 12:03 85396 ----a-w- c:\windows\system32\perfc00C.dat
2009-10-25 14:55 . 2004-08-19 12:03 511874 ----a-w- c:\windows\system32\perfh00C.dat
2009-10-23 15:46 . 2009-07-09 07:20 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-10-23 14:42 . 2009-10-23 14:42 4045528 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2009-09-11 14:18 . 2009-02-27 15:32 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-10 12:54 . 2009-07-09 07:20 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-10 12:53 . 2009-07-09 07:20 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-09-04 21:04 . 2004-08-19 12:03 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-08-29 07:56 . 2004-08-19 12:03 916480 ------w- c:\windows\system32\wininet.dll
.
((((((((((((((((((((((((((((( SnapShot@2009-10-23_16.11.34 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-11-24 11:50 . 2009-11-24 11:50 16384 c:\windows\Temp\Perflib_Perfdata_140.dat
- 2004-08-19 12:03 . 2009-10-14 06:51 71732 c:\windows\system32\perfc009.dat
+ 2004-08-19 12:03 . 2009-10-25 14:55 71732 c:\windows\system32\perfc009.dat
+ 2009-11-19 16:18 . 2009-11-24 11:50 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2007-04-26 07:51 . 2009-10-23 14:33 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2007-04-26 07:51 . 2009-10-23 14:33 32768 c:\windows\system32\config\systemprofile\Local Settings\Historique\History.IE5\index.dat
+ 2007-04-26 07:51 . 2009-11-24 11:50 32768 c:\windows\system32\config\systemprofile\Local Settings\Historique\History.IE5\index.dat
- 2007-04-26 07:51 . 2009-10-23 14:33 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2009-11-18 18:51 . 2009-11-24 11:50 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
- 2004-08-19 12:03 . 2009-10-14 06:51 442466 c:\windows\system32\perfh009.dat
+ 2004-08-19 12:03 . 2009-10-25 14:55 442466 c:\windows\system32\perfh009.dat
- 2004-08-19 12:09 . 2009-08-16 15:09 119744 c:\windows\system32\FNTCACHE.DAT
+ 2004-08-19 12:09 . 2009-11-12 16:13 119744 c:\windows\system32\FNTCACHE.DAT
+ 2004-08-19 12:03 . 2008-04-14 02:33 701440 c:\windows\system32\dllcache\msxml2.dll
+ 2009-10-23 12:38 . 2009-11-24 11:50 245760 c:\windows\system32\config\systemprofile\IETldCache\index.dat
- 2009-10-23 12:38 . 2009-10-23 14:33 245760 c:\windows\system32\config\systemprofile\IETldCache\index.dat
+ 2009-11-04 16:00 . 2008-07-08 13:04 406392 c:\windows\ie8updates\KB976749-IE8\spuninst\updspapi.dll
+ 2009-11-04 16:00 . 2008-07-08 13:03 234872 c:\windows\ie8updates\KB976749-IE8\spuninst\spuninst.exe
+ 2008-07-09 15:00 . 2008-06-20 11:59 361600 c:\windows\$NtUninstallKB951748_0$\tcpip.sys
+ 2008-01-09 16:00 . 2008-06-20 11:59 361600 c:\windows\$NtUninstallKB941644$\tcpip.sys
+ 2009-03-02 07:50 . 2008-06-20 11:59 361600 c:\windows\$NtServicePackUninstall$\tcpip.sys
+ 2007-10-30 16:53 . 2008-06-20 11:59 361600 c:\windows\$hf_mig$\KB941644\SP2QFE\tcpip.sys
+ 2006-04-20 12:18 . 2008-06-20 11:59 361600 c:\windows\$hf_mig$\KB917953\SP2QFE\tcpip.sys
+ 2009-02-27 15:32 . 2009-08-14 15:13 1850752 c:\windows\system32\win32k.sys
+ 2004-08-19 12:03 . 2009-10-22 09:17 5939712 c:\windows\system32\mshtml.dll
+ 2008-10-15 07:29 . 2009-08-14 15:13 1850752 c:\windows\system32\dllcache\win32k.sys
+ 2006-07-28 03:28 . 2009-10-22 09:17 5939712 c:\windows\system32\dllcache\mshtml.dll
+ 2009-11-04 16:00 . 2009-08-29 07:56 5940224 c:\windows\ie8updates\KB976749-IE8\mshtml.dll
+ 2007-04-26 09:50 . 2009-11-05 17:36 26768832 c:\windows\system32\MRT.exe
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PowerArchiver Tray"="c:\program files\PowerArchiver\PASTARTER.EXE" [2008-11-30 148800]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-03-21 7204864]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2006-04-26 143360]
"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-12-09 49152]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-09-08 122940]
"MoneyStartUp10.0"="c:\program files\Microsoft Money\System\Activation.exe" [2001-07-25 245810]
"VadeRetro Desktop"="c:\program files\Goto Software\Vade Retro\Vaderetro_Mgr.exe" [2008-05-26 1078272]
"BDAgent"="c:\program files\BitDefender\BitDefender 2009\bdagent.exe" [2009-11-16 782336]
"BitDefender Antiphishing Helper"="c:\program files\BitDefender\BitDefender 2009\IEShow.exe" [2009-02-23 69632]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]
c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Microsoft Recherche acc‚l‚r‚e.lnk - c:\program files\Microsoft Office\Office\FINDFAST.EXE [1997-8-28 111376]
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
R2 ASFIPmon;Broadcom ASF IP Monitor;c:\program files\Broadcom\ASFIPMon\AsfIpMon.exe [17/03/2006 17:25 65536]
R2 BDVEDISK;BDVEDISK;c:\program files\BitDefender\BitDefender 2009\BDVEDISK.sys [06/10/2008 17:16 82696]
R3 bdfm;BDFM;c:\windows\system32\drivers\bdfm.sys [18/09/2008 11:09 111112]
R3 Bdfndisf;BitDefender Firewall NDIS Filter Service;c:\windows\system32\drivers\bdfndisf.sys [12/02/2009 15:52 104456]
S3 Arrakis3;BitDefender Arrakis Server;c:\program files\Fichiers communs\BitDefender\BitDefender Arrakis Server\bin\Arrakis3.exe [20/01/2009 18:16 172032]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bdx REG_MULTI_SZ scan
.
Contenu du dossier 'Tâches planifiées'
2009-11-24 c:\windows\Tasks\User_Feed_Synchronization-{C921B3AE-39A4-4E2E-ACF9-A0E581D2557A}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 02:31]
.
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.google.com/
TCP: {E396DADF-478E-43B8-94F6-5228AE293B91} = 80.10.246.2,80.10.246.129
.
- - - - ORPHELINS SUPPRIMES - - - -
AddRemove-NVIDIA Drivers - c:\windows\system32\nvudisp.exe UninstallGUI
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-11-24 12:52
Windows 5.1.2600 Service Pack 3 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net
device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x89DA02F6]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xba0ecf28
\Driver\ACPI -> ACPI.sys @ 0xb9f7ecb8
\Driver\atapi -> atapi.sys @ 0xb9f10852
\Driver\iaStor -> iaStor.sys @ 0xb9e5bf80
IoDeviceObjectType -> DeleteProcedure -> ntkrnlpa.exe @ 0x805836a8
ParseProcedure -> ntkrnlpa.exe @ 0x805827e8
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntkrnlpa.exe @ 0x805836a8
ParseProcedure -> ntkrnlpa.exe @ 0x805827e8
NDIS: Broadcom NetXtreme 57xx Gigabit Controller -> SendCompleteHandler -> NDIS.sys @ 0xb9d4fbb0
PacketIndicateHandler -> NDIS.sys @ 0xb9d5ca21
SendHandler -> NDIS.sys @ 0xb9d3a87b
user & kernel MBR OK
**************************************************************************
.
--------------------- DLLs chargées dans les processus actifs ---------------------
- - - - - - - > 'explorer.exe'(1688)
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\windows\system32\eappprxy.dll
.
------------------------ Autres processus actifs ------------------------
.
c:\program files\Intel\Intel Matrix Storage Manager\iaantmon.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Heure de fin: 2009-11-24 13:00 - La machine a redémarré
ComboFix-quarantined-files.txt 2009-11-24 12:00
ComboFix2.txt 2009-11-23 07:34
ComboFix3.txt 2009-11-18 19:21
ComboFix4.txt 2009-10-23 16:14
Avant-CF: 63 880 400 896 octets libres
Après-CF: 63 847 038 976 octets libres
- - End Of File - - 2FE13EC02EE2683CB15D6EB71E9D7E2E
ComboFix 09-11-23.04 - isabelle 24/11/2009 12:39.6.2 - x86
Microsoft Windows XP Professionnel 5.1.2600.3.1252.33.1036.18.2046.1642 [GMT 1:00]
Lancé depuis: c:\documents and settings\isabelle\Bureau\ComboFix.exe
Commutateurs utilisés :: c:\documents and settings\isabelle\Bureau\CFScript.txt.txt
AV: Antivirus BitDefender *On-access scanning disabled* (Updated) {6C4BB89C-B0ED-4F41-A29C-4373888923BB}
FW: Pare-feu BitDefender *enabled* {4055920F-2E99-48A8-A270-4243D2B8F242}
file zipped: c:\windows\system32\339929948.dat
file zipped: c:\windows\system32\339929948eg.exe
file zipped: c:\windows\system32\339929948ex.exe
file zipped: c:\windows\system32\activedsp.exe
file zipped: c:\windows\system32\AF201datc.exe
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\system32\339929948.dat
c:\windows\system32\339929948eg.exe
c:\windows\system32\339929948ex.exe
c:\windows\system32\activedsp.exe
c:\windows\system32\AF201datc.exe
.
--------------- FCopy ---------------
c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys --> c:\windows\system32\dllcache\tcpip.sys
c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys --> c:\windows\system32\dllcache\tcpip.sys
c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys --> c:\windows\system32\drivers\tcpip.sys
c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys --> c:\windows\$NtServicePackUninstall$\tcpip.sys
c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys --> c:\windows\ServicePackFiles\i386\tcpip.sys
c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys --> c:\windows\$NtUninstallKB951748_0$\tcpip.sys
c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys --> c:\windows\$hf_mig$\KB941644\SP2QFE\tcpip.sys
c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys --> c:\windows\$hf_mig$\KB917953\SP2QFE\tcpip.sys
c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys --> c:\windows\$NtUninstallKB941644$\tcpip.sys
.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_SHELLHWDETECTIONSSDPSRV
-------\Service_ShellHWDetectionSSDPSRV
-------\Legacy_HTTPFilterPlugPlay
-------\Legacy_srserviceRpcLocator
-------\Service_HTTPFilterPlugPlay
-------\Service_srserviceRpcLocator
((((((((((((((((((((((((((((( Fichiers créés du 2009-10-24 au 2009-11-24 ))))))))))))))))))))))))))))))))))))
.
2009-11-23 08:09 . 2009-11-23 11:04 -------- d-----w- C:\SDFix
2009-11-19 15:14 . 2009-11-19 15:14 -------- d-----w- C:\_OTM
2009-11-18 20:48 . 2009-11-18 20:48 -------- d-----w- c:\program files\CCleaner
2009-11-18 12:56 . 2009-11-18 12:56 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-11-24 11:49 . 2007-06-18 07:50 81984 ----a-w- c:\windows\system32\bdod.bin
2009-11-22 10:44 . 2007-04-21 11:11 246784 ----a-w- c:\windows\system32\drivers\iaStor.sys
2009-11-04 08:51 . 2007-04-26 11:00 -------- d-----w- c:\program files\PowerArchiver
2009-10-25 14:55 . 2004-08-19 12:03 85396 ----a-w- c:\windows\system32\perfc00C.dat
2009-10-25 14:55 . 2004-08-19 12:03 511874 ----a-w- c:\windows\system32\perfh00C.dat
2009-10-23 15:46 . 2009-07-09 07:20 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-10-23 14:42 . 2009-10-23 14:42 4045528 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2009-09-11 14:18 . 2009-02-27 15:32 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-10 12:54 . 2009-07-09 07:20 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-10 12:53 . 2009-07-09 07:20 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-09-04 21:04 . 2004-08-19 12:03 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-08-29 07:56 . 2004-08-19 12:03 916480 ------w- c:\windows\system32\wininet.dll
.
((((((((((((((((((((((((((((( SnapShot@2009-10-23_16.11.34 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-11-24 11:50 . 2009-11-24 11:50 16384 c:\windows\Temp\Perflib_Perfdata_140.dat
- 2004-08-19 12:03 . 2009-10-14 06:51 71732 c:\windows\system32\perfc009.dat
+ 2004-08-19 12:03 . 2009-10-25 14:55 71732 c:\windows\system32\perfc009.dat
+ 2009-11-19 16:18 . 2009-11-24 11:50 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2007-04-26 07:51 . 2009-10-23 14:33 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2007-04-26 07:51 . 2009-10-23 14:33 32768 c:\windows\system32\config\systemprofile\Local Settings\Historique\History.IE5\index.dat
+ 2007-04-26 07:51 . 2009-11-24 11:50 32768 c:\windows\system32\config\systemprofile\Local Settings\Historique\History.IE5\index.dat
- 2007-04-26 07:51 . 2009-10-23 14:33 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2009-11-18 18:51 . 2009-11-24 11:50 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
- 2004-08-19 12:03 . 2009-10-14 06:51 442466 c:\windows\system32\perfh009.dat
+ 2004-08-19 12:03 . 2009-10-25 14:55 442466 c:\windows\system32\perfh009.dat
- 2004-08-19 12:09 . 2009-08-16 15:09 119744 c:\windows\system32\FNTCACHE.DAT
+ 2004-08-19 12:09 . 2009-11-12 16:13 119744 c:\windows\system32\FNTCACHE.DAT
+ 2004-08-19 12:03 . 2008-04-14 02:33 701440 c:\windows\system32\dllcache\msxml2.dll
+ 2009-10-23 12:38 . 2009-11-24 11:50 245760 c:\windows\system32\config\systemprofile\IETldCache\index.dat
- 2009-10-23 12:38 . 2009-10-23 14:33 245760 c:\windows\system32\config\systemprofile\IETldCache\index.dat
+ 2009-11-04 16:00 . 2008-07-08 13:04 406392 c:\windows\ie8updates\KB976749-IE8\spuninst\updspapi.dll
+ 2009-11-04 16:00 . 2008-07-08 13:03 234872 c:\windows\ie8updates\KB976749-IE8\spuninst\spuninst.exe
+ 2008-07-09 15:00 . 2008-06-20 11:59 361600 c:\windows\$NtUninstallKB951748_0$\tcpip.sys
+ 2008-01-09 16:00 . 2008-06-20 11:59 361600 c:\windows\$NtUninstallKB941644$\tcpip.sys
+ 2009-03-02 07:50 . 2008-06-20 11:59 361600 c:\windows\$NtServicePackUninstall$\tcpip.sys
+ 2007-10-30 16:53 . 2008-06-20 11:59 361600 c:\windows\$hf_mig$\KB941644\SP2QFE\tcpip.sys
+ 2006-04-20 12:18 . 2008-06-20 11:59 361600 c:\windows\$hf_mig$\KB917953\SP2QFE\tcpip.sys
+ 2009-02-27 15:32 . 2009-08-14 15:13 1850752 c:\windows\system32\win32k.sys
+ 2004-08-19 12:03 . 2009-10-22 09:17 5939712 c:\windows\system32\mshtml.dll
+ 2008-10-15 07:29 . 2009-08-14 15:13 1850752 c:\windows\system32\dllcache\win32k.sys
+ 2006-07-28 03:28 . 2009-10-22 09:17 5939712 c:\windows\system32\dllcache\mshtml.dll
+ 2009-11-04 16:00 . 2009-08-29 07:56 5940224 c:\windows\ie8updates\KB976749-IE8\mshtml.dll
+ 2007-04-26 09:50 . 2009-11-05 17:36 26768832 c:\windows\system32\MRT.exe
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PowerArchiver Tray"="c:\program files\PowerArchiver\PASTARTER.EXE" [2008-11-30 148800]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-03-21 7204864]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2006-04-26 143360]
"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-12-09 49152]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-09-08 122940]
"MoneyStartUp10.0"="c:\program files\Microsoft Money\System\Activation.exe" [2001-07-25 245810]
"VadeRetro Desktop"="c:\program files\Goto Software\Vade Retro\Vaderetro_Mgr.exe" [2008-05-26 1078272]
"BDAgent"="c:\program files\BitDefender\BitDefender 2009\bdagent.exe" [2009-11-16 782336]
"BitDefender Antiphishing Helper"="c:\program files\BitDefender\BitDefender 2009\IEShow.exe" [2009-02-23 69632]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]
c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Microsoft Recherche acc‚l‚r‚e.lnk - c:\program files\Microsoft Office\Office\FINDFAST.EXE [1997-8-28 111376]
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
R2 ASFIPmon;Broadcom ASF IP Monitor;c:\program files\Broadcom\ASFIPMon\AsfIpMon.exe [17/03/2006 17:25 65536]
R2 BDVEDISK;BDVEDISK;c:\program files\BitDefender\BitDefender 2009\BDVEDISK.sys [06/10/2008 17:16 82696]
R3 bdfm;BDFM;c:\windows\system32\drivers\bdfm.sys [18/09/2008 11:09 111112]
R3 Bdfndisf;BitDefender Firewall NDIS Filter Service;c:\windows\system32\drivers\bdfndisf.sys [12/02/2009 15:52 104456]
S3 Arrakis3;BitDefender Arrakis Server;c:\program files\Fichiers communs\BitDefender\BitDefender Arrakis Server\bin\Arrakis3.exe [20/01/2009 18:16 172032]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bdx REG_MULTI_SZ scan
.
Contenu du dossier 'Tâches planifiées'
2009-11-24 c:\windows\Tasks\User_Feed_Synchronization-{C921B3AE-39A4-4E2E-ACF9-A0E581D2557A}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 02:31]
.
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.google.com/
TCP: {E396DADF-478E-43B8-94F6-5228AE293B91} = 80.10.246.2,80.10.246.129
.
- - - - ORPHELINS SUPPRIMES - - - -
AddRemove-NVIDIA Drivers - c:\windows\system32\nvudisp.exe UninstallGUI
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-11-24 12:52
Windows 5.1.2600 Service Pack 3 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net
device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x89DA02F6]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xba0ecf28
\Driver\ACPI -> ACPI.sys @ 0xb9f7ecb8
\Driver\atapi -> atapi.sys @ 0xb9f10852
\Driver\iaStor -> iaStor.sys @ 0xb9e5bf80
IoDeviceObjectType -> DeleteProcedure -> ntkrnlpa.exe @ 0x805836a8
ParseProcedure -> ntkrnlpa.exe @ 0x805827e8
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntkrnlpa.exe @ 0x805836a8
ParseProcedure -> ntkrnlpa.exe @ 0x805827e8
NDIS: Broadcom NetXtreme 57xx Gigabit Controller -> SendCompleteHandler -> NDIS.sys @ 0xb9d4fbb0
PacketIndicateHandler -> NDIS.sys @ 0xb9d5ca21
SendHandler -> NDIS.sys @ 0xb9d3a87b
user & kernel MBR OK
**************************************************************************
.
--------------------- DLLs chargées dans les processus actifs ---------------------
- - - - - - - > 'explorer.exe'(1688)
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\windows\system32\eappprxy.dll
.
------------------------ Autres processus actifs ------------------------
.
c:\program files\Intel\Intel Matrix Storage Manager\iaantmon.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Heure de fin: 2009-11-24 13:00 - La machine a redémarré
ComboFix-quarantined-files.txt 2009-11-24 12:00
ComboFix2.txt 2009-11-23 07:34
ComboFix3.txt 2009-11-18 19:21
ComboFix4.txt 2009-10-23 16:14
Avant-CF: 63 880 400 896 octets libres
Après-CF: 63 847 038 976 octets libres
- - End Of File - - 2FE13EC02EE2683CB15D6EB71E9D7E2E
- Murielle la puce
- Apprenti(e) Expert(e)
- Messages: 421
- Inscription: 28 Juil 2002 21:04
- Localisation: Derrière mon ordi
Re: Un problème avec Security tools..
le 24 Nov 2009 16:33
Bonjour,maintenant fait ceci;
Télécharge >> OTL <<sur ton bureau.
* Fait un double-clic sur l'icône d'OTL pour le lancer
* Assure toi d'avoir fermé toutes les applications en court de fonctionnement.
* Quand la fenêtre d'OTL apparaît, assure toi que dans la section "Output" (en haut à droite) la case "minimal Output" soit cochée.
* Copier et colle le contenue de cette citation dans la partie inférieure d'OTL Custom scanx/fixes
* Cliques sur l'icône "RunScan" (en haut à gauche) .
* Laisse le scan aller à son terme sans te servir du PC
* A la fin du scan deux rapports vont s'ouvrir "OTListIt.Txt" et "Extras.Txt".
* Copie et colle ces deux rapports dans ta réponse stp...
* Au cas où, tu peux les retrouver dans le dossier C:\OTM
A+
Télécharge >> OTL <<sur ton bureau.
* Fait un double-clic sur l'icône d'OTL pour le lancer
* Assure toi d'avoir fermé toutes les applications en court de fonctionnement.
* Quand la fenêtre d'OTL apparaît, assure toi que dans la section "Output" (en haut à droite) la case "minimal Output" soit cochée.
* Copier et colle le contenue de cette citation dans la partie inférieure d'OTL Custom scanx/fixes
netsvcs
%SYSTEMDRIVE%\*.exe
%SYSTEMDRIVE%\eventlog.dll /s /md5
%SYSTEMDRIVE%\scecli.dll /s /md5
%SYSTEMDRIVE%\netlogon.dll /s /md5
%SYSTEMDRIVE%\cngaudit.dll /s /md5
%SYSTEMDRIVE%\sceclt.dll /s /md5
%SYSTEMDRIVE%\ntelogon.dll /s /md5
%SYSTEMDRIVE%\logevent.dll /s /md5
%SYSTEMDRIVE%\iaStor.sys /s /md5
%SYSTEMDRIVE%\nvstor.sys /s /md5
%SYSTEMDRIVE%\atapi.sys /s /md5
%SYSTEMDRIVE%\IdeChnDr.sys /s /md5
%SYSTEMDRIVE%\viasraid.sys /s /md5
%SYSTEMDRIVE%\AGP440.sys /s /md5
%SYSTEMDRIVE%\vaxscsi.sys /s /md5
%SYSTEMDRIVE%\nvatabus.sys /s /md5
CREATERESTOREPOINT
* Cliques sur l'icône "RunScan" (en haut à gauche) .
* Laisse le scan aller à son terme sans te servir du PC
* A la fin du scan deux rapports vont s'ouvrir "OTListIt.Txt" et "Extras.Txt".
* Copie et colle ces deux rapports dans ta réponse stp...
* Au cas où, tu peux les retrouver dans le dossier C:\OTM
A+
-
Jypalou - Expert(e)
- Messages: 1583
- Inscription: 06 Oct 2009 20:56
- Localisation: Narbonne
Re: Un problème avec Security tools..
le 26 Nov 2009 08:55
et voici les 2 rapports
OTL logfile created on: 26/11/2009 08:36:37 - Run 1
OTL by OldTimer - Version 3.1.10.1 Folder = C:\Documents and Settings\isabelle\Bureau
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy
2,00 Gb Total Physical Memory | 1,44 Gb Available Physical Memory | 72,22% Memory free
3,85 Gb Paging File | 3,41 Gb Available in Paging File | 88,61% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74,39 Gb Total Space | 59,41 Gb Free Space | 79,86% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: SECRETARIAT
Current User Name: isabelle
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard
========== Processes (SafeList) ==========
PRC - [2009/11/26 07:50:49 | 00,531,456 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\isabelle\Bureau\OTL.exe
PRC - [2009/11/16 18:35:43 | 00,782,336 | ---- | M] (BitDefender S.R.L.) -- C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe
PRC - [2009/11/16 18:35:42 | 01,638,240 | ---- | M] (BitDefender S. R. L.) -- C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe
PRC - [2009/10/08 09:30:02 | 00,413,696 | ---- | M] (BitDefender SRL) -- C:\Program Files\Fichiers communs\BitDefender\BitDefender Update Service\livesrv.exe
PRC - [2009/03/09 04:19:15 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2009/03/08 13:09:26 | 00,638,816 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe
PRC - [2009/03/08 13:09:26 | 00,638,816 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe
PRC - [2008/11/30 10:23:00 | 00,148,800 | ---- | M] (ConeXware, Inc.) -- C:\Program Files\PowerArchiver\PASTARTER.EXE
PRC - [2008/05/26 11:19:30 | 01,078,272 | ---- | M] (Goto Software) -- C:\Program Files\Goto Software\Vade Retro\Vaderetro_mgr.exe
PRC - [2008/04/14 03:34:03 | 01,037,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/04/26 07:39:18 | 00,143,360 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2006/04/26 07:38:50 | 00,081,920 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2006/03/21 10:12:52 | 00,143,427 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe
PRC - [2006/03/17 17:25:16 | 00,065,536 | ---- | M] (Broadcom Corporation) -- C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe
PRC - [2005/12/09 20:29:52 | 00,049,152 | ---- | M] (CyberLink Corp.) -- C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
PRC - [2005/09/08 05:20:00 | 00,122,940 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\DLA\DLACTRLW.EXE
========== Modules (SafeList) ==========
MOD - [2009/11/26 07:50:49 | 00,531,456 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\isabelle\Bureau\OTL.exe
MOD - [2008/04/14 03:33:25 | 00,185,344 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\framedyn.dll
MOD - [2008/04/14 03:30:54 | 01,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
========== Win32 Services (SafeList) ==========
SRV - [2009/11/16 18:35:42 | 01,638,240 | ---- | M] (BitDefender S. R. L.) -- C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe -- (VSSERV)
SRV - [2009/10/08 09:30:02 | 00,413,696 | ---- | M] (BitDefender SRL) -- C:\Program Files\Fichiers communs\BitDefender\BitDefender Update Service\livesrv.exe -- (LIVESRV)
SRV - [2009/08/10 13:19:36 | 00,323,584 | ---- | M] (S.C. BitDefender S.R.L) -- C:\Program Files\Fichiers communs\BitDefender\BitDefender Threat Scanner\scan.dll -- (scan)
SRV - [2009/03/09 04:19:15 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2009/01/20 18:16:20 | 00,172,032 | ---- | M] () -- C:\Program Files\Fichiers communs\BitDefender\BitDefender Arrakis Server\bin\Arrakis3.exe -- (Arrakis3)
SRV - [2008/07/29 20:10:04 | 00,046,104 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0)
SRV - [2008/07/29 18:24:50 | 00,881,664 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc)
SRV - [2008/07/29 18:16:38 | 00,132,096 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing)
SRV - [2008/07/25 10:17:02 | 00,069,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/07/25 10:16:40 | 00,034,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state)
SRV - [2008/04/14 03:33:38 | 00,038,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\pchealth\helpctr\binaries\pchsvc.dll -- (helpsvc)
SRV - [2006/11/03 08:59:14 | 00,918,016 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\WMPNetwk.exe -- (WMPNetworkSvc)
SRV - [2006/04/26 07:38:50 | 00,081,920 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMon) Intel(R)
SRV - [2006/03/21 10:12:52 | 00,143,427 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe -- (NVSvc)
SRV - [2006/03/17 17:25:16 | 00,065,536 | ---- | M] (Broadcom Corporation) -- C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe -- (ASFIPmon)
========== Driver Services (SafeList) ==========
DRV - [2009/11/22 11:44:39 | 00,246,784 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\iaStor.sys -- (iaStor)
DRV - [2009/08/25 07:53:40 | 00,104,456 | ---- | M] (BitDefender LLC) -- C:\WINDOWS\system32\drivers\bdfndisf.sys -- (Bdfndisf)
DRV - [2009/08/25 07:53:38 | 00,137,224 | ---- | M] (BitDefender LLC) -- C:\Program Files\Fichiers communs\BitDefender\BitDefender Firewall\bdftdif.sys -- (bdftdif)
DRV - [2009/04/03 16:49:38 | 00,039,808 | ---- | M] (BitDefender S.R.L.) -- C:\Program Files\Fichiers communs\BitDefender\BitDefender Threat Scanner\trufos.sys -- (Trufos)
DRV - [2009/01/12 11:27:58 | 00,008,832 | ---- | M] (BitDefender S.R.L.) -- C:\Program Files\BitDefender\BitDefender 2009\bdselfpr.sys -- (BDSelfPr)
DRV - [2008/12/10 19:42:46 | 00,242,184 | ---- | M] (BitDefender S.R.L. Bucharest, ROMANIA) -- C:\WINDOWS\system32\drivers\bdfsfltr.sys -- (bdfsfltr)
DRV - [2008/10/06 17:16:16 | 00,082,696 | ---- | M] (BitDefender S.R.L.) -- C:\Program Files\BitDefender\BitDefender 2009\BDVEDISK.sys -- (BDVEDISK)
DRV - [2008/09/18 11:09:12 | 00,111,112 | ---- | M] (BitDefender S.R.L. Bucharest, ROMANIA) -- C:\WINDOWS\system32\drivers\bdfm.sys -- (bdfm)
DRV - [2008/09/02 13:32:06 | 00,013,056 | ---- | M] () -- C:\Program Files\Fichiers communs\BitDefender\BitDefender Threat Scanner\profos.sys -- (Profos)
DRV - [2008/04/13 19:36:39 | 00,043,008 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp)
DRV - [2008/04/13 19:36:39 | 00,040,960 | ---- | M] (Silicon Integrated Systems Corporation) -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp)
DRV - [2008/04/13 17:36:05 | 00,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2007/11/13 11:25:54 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv)
DRV - [2006/05/01 07:09:32 | 00,152,064 | ---- | M] (Broadcom Corporation) -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
DRV - [2006/03/21 10:12:50 | 03,520,160 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2006/03/20 15:06:04 | 01,156,648 | ---- | M] (SigmaTel, Inc.) -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2005/09/12 03:30:00 | 00,089,264 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\Drivers\DRVMCDB.SYS -- (DRVMCDB)
DRV - [2005/09/08 05:20:00 | 00,094,332 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS -- (DLAUDFAM)
DRV - [2005/09/08 05:20:00 | 00,087,036 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS -- (DLAUDF_M)
DRV - [2005/09/08 05:20:00 | 00,086,524 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS -- (DLAIFS_M)
DRV - [2005/09/08 05:20:00 | 00,025,628 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS -- (DLABOIOM)
DRV - [2005/09/08 05:20:00 | 00,014,684 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS -- (DLAOPIOM)
DRV - [2005/09/08 05:20:00 | 00,006,364 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS -- (DLAPoolM)
DRV - [2005/09/08 05:20:00 | 00,002,496 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\DLA\DLADResN.SYS -- (DLADResN)
DRV - [2005/08/25 12:16:52 | 00,005,628 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS -- (DLACDBHM)
DRV - [2005/08/25 12:16:16 | 00,022,684 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\DLARTL_N.SYS -- (DLARTL_N)
DRV - [2005/08/12 05:20:00 | 00,040,544 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\DRVNDDM.SYS -- (DRVNDDM)
DRV - [2005/01/26 02:03:00 | 00,020,576 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20)
DRV - [2004/08/05 12:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink)
DRV - [2003/04/24 15:21:50 | 00,006,025 | ---- | M] (Broadcom Corporation) -- C:\Program Files\Broadcom\ASFIPMon\BASFND.sys -- (BASFND)
DRV - [2001/08/23 17:12:50 | 00,117,760 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\e100b325.sys -- (E100B) Pilote de carte Intel (R)
DRV - [2001/08/23 17:04:44 | 00,006,656 | ---- | M] (CMD Technology, Inc.) -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde)
DRV - [2001/08/17 22:07:44 | 00,019,072 | ---- | M] (Adaptec, Inc.) -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow)
DRV - [2001/08/17 22:07:42 | 00,030,688 | ---- | M] (LSI Logic) -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3)
DRV - [2001/08/17 22:07:40 | 00,028,384 | ---- | M] (LSI Logic) -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi)
DRV - [2001/08/17 22:07:36 | 00,032,640 | ---- | M] (LSI Logic) -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx)
DRV - [2001/08/17 22:07:34 | 00,016,256 | ---- | M] (Symbios Logic Inc.) -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810)
DRV - [2001/08/17 21:52:22 | 00,036,736 | ---- | M] (Promise Technology, Inc.) -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra)
DRV - [2001/08/17 21:52:20 | 00,045,312 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160)
DRV - [2001/08/17 21:52:20 | 00,040,320 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080)
DRV - [2001/08/17 21:52:18 | 00,049,024 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280)
DRV - [2001/08/17 21:52:16 | 00,179,584 | ---- | M] (Mylex Corporation) -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k)
DRV - [2001/08/17 21:52:12 | 00,017,280 | ---- | M] (American Megatrends Inc.) -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x)
DRV - [2001/08/17 21:52:00 | 00,026,496 | ---- | M] (Advanced System Products, Inc.) -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc)
DRV - [2001/08/17 21:51:58 | 00,014,848 | ---- | M] (Advanced System Products, Inc.) -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550)
DRV - [2001/08/17 21:51:56 | 00,005,248 | ---- | M] (Acer Laboratories Inc.) -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.fr/ig/dell?hl=fr&client=dell ... bd=1070421
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = www.google.fr/ig/dell?hl=fr&client=dell ... bd=1070421
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
FF - HKLM\software\mozilla\Firefox\Extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2009/01/15 17:26:24 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/09/02 08:38:47 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Thunderbird\Extensions\\bdThunderbird@bitdefender.com: C:\Program Files\BitDefender\BitDefender 2009\tbextension\ [2009/06/19 11:26:06 | 00,000,000 | ---D | M]
O1 HOSTS File: (27 bytes) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (BitDefender Toolbar) - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2009\IEToolbar.dll (Bitdefender)
O4 - HKLM..\Run: [BDAgent] C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe (BitDefender S.R.L.)
O4 - HKLM..\Run: [BitDefender Antiphishing Helper] C:\Program Files\BitDefender\BitDefender 2009\IEShow.exe (BitDefender)
O4 - HKLM..\Run: [DLA] C:\WINDOWS\system32\DLA\DLACTRLW.EXE (Sonic Solutions)
O4 - HKLM..\Run: [DVDLauncher] C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe (CyberLink Corp.)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [MoneyStartUp10.0] C:\Program Files\Microsoft Money\System\Activation.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [VadeRetro Desktop] C:\Program Files\Goto Software\Vade Retro\Vaderetro_mgr.exe (Goto Software)
O4 - HKCU..\Run: [PowerArchiver Tray] C:\Program Files\PowerArchiver\PASTARTER.EXE (ConeXware, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Microsoft Recherche accélérée.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O15 - HKCU\..Trusted Domains: 25 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/fl ... rashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinsta ... s-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_13)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/19 13:18:18 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
O35 - comfile [open] -- "%1" %* File not found
O35 - exefile [open] -- "%1" %* File not found
NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2004/08/19 13:05:26 | 00,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: helpsvc - C:\WINDOWS\pchealth\helpctr\binaries\pchsvc.dll (Microsoft Corporation)
CREATERESTOREPOINT
Restore point Set: OTL Restore Point (67839029915156480)
========== Files/Folders - Created Within 30 Days ==========
[2009/11/26 07:50:43 | 00,531,456 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\isabelle\Bureau\OTL.exe
[2009/11/24 12:24:17 | 00,000,000 | ---D | C] -- C:\Documents and Settings\isabelle\Bureau\backups
[2009/11/23 09:09:40 | 00,000,000 | ---D | C] -- C:\SDFix
[2009/11/19 17:08:06 | 00,401,720 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\isabelle\Bureau\HiJackThis.exe
[2009/11/19 16:14:47 | 00,000,000 | ---D | C] -- C:\_OTM
[2009/11/19 15:59:05 | 00,422,912 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\isabelle\Bureau\OTM.exe
[2009/11/19 15:56:53 | 00,000,000 | ---D | C] -- C:\WINDOWS\pss
[2009/11/18 21:49:12 | 00,000,000 | RH-D | C] -- C:\Documents and Settings\isabelle\Recent
[2009/11/18 21:48:25 | 00,000,000 | ---D | C] -- C:\Program Files\CCleaner
[18 C:\WINDOWS\Fonts\*.tmp files -> C:\WINDOWS\Fonts\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2009/11/26 07:52:51 | 00,000,438 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{C921B3AE-39A4-4E2E-ACF9-A0E581D2557A}.job
[2009/11/26 07:50:49 | 00,531,456 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\isabelle\Bureau\OTL.exe
[2009/11/26 07:48:00 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/11/26 07:47:46 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\NvwsApps.xml
[2009/11/26 07:47:38 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/11/26 07:47:34 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/11/26 07:47:32 | 21,450,21952 | -HS- | M] () -- C:\hiberfil.sys
[2009/11/25 19:57:32 | 00,081,984 | ---- | M] () -- C:\WINDOWS\System32\bdod.bin
[2009/11/25 19:57:21 | 00,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009/11/25 19:56:38 | 07,340,032 | -H-- | M] () -- C:\Documents and Settings\isabelle\NTUSER.DAT
[2009/11/25 19:56:38 | 00,000,184 | -HS- | M] () -- C:\Documents and Settings\isabelle\ntuser.ini
[2009/11/24 19:39:17 | 03,758,662 | -H-- | M] () -- C:\Documents and Settings\isabelle\Local Settings\Application Data\IconCache.db
[2009/11/24 12:53:04 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2009/11/24 12:51:32 | 00,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2009/11/24 12:33:15 | 03,574,677 | R--- | M] () -- C:\Documents and Settings\isabelle\Bureau\ComboFix.exe
[2009/11/23 08:46:01 | 01,529,241 | ---- | M] () -- C:\Documents and Settings\isabelle\Bureau\SDFix.exe
[2009/11/22 11:44:39 | 00,246,784 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\drivers\iaStor.sys
[2009/11/21 11:40:13 | 07,540,736 | ---- | M] () -- C:\Documents and Settings\isabelle\Mes documents\Money.mny
[2009/11/19 17:10:53 | 00,000,992 | ---- | M] () -- C:\WINDOWS\win.ini
[2009/11/19 17:10:53 | 00,000,293 | RHS- | M] () -- C:\boot.ini
[2009/11/19 17:08:06 | 00,401,720 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\isabelle\Bureau\HiJackThis.exe
[2009/11/19 15:59:05 | 00,422,912 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\isabelle\Bureau\OTM.exe
[2009/11/19 09:03:26 | 00,000,398 | ---- | M] () -- C:\WINDOWS\System32\BDUpdateV1.xml
[2009/11/18 21:49:37 | 00,035,100 | ---- | M] () -- C:\Documents and Settings\isabelle\Mes documents\cc_20091118_214928.reg
[2009/11/18 21:48:26 | 00,001,587 | ---- | M] () -- C:\Documents and Settings\isabelle\Bureau\CCleaner.lnk
[2009/11/17 21:24:20 | 00,000,121 | ---- | M] () -- C:\WINDOWS\bdagent.INI
[2009/11/14 01:47:57 | 00,260,608 | ---- | M] () -- C:\WINDOWS\PEV.exe
[2009/11/12 17:13:48 | 00,119,744 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/11/08 11:06:49 | 00,071,168 | ---- | M] () -- C:\Documents and Settings\isabelle\Mes documents\NH Isabelle musique.doc
[2009/11/05 18:36:21 | 26,768,832 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe
[2009/10/28 16:07:15 | 00,046,080 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\tzchange.exe
========== Files Created - No Company Name ==========
[2009/11/25 19:57:19 | 00,001,393 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2009/11/23 08:45:52 | 01,529,241 | ---- | C] () -- C:\Documents and Settings\isabelle\Bureau\SDFix.exe
[2009/11/23 08:06:56 | 03,574,677 | R--- | C] () -- C:\Documents and Settings\isabelle\Bureau\ComboFix.exe
[2009/11/19 17:01:52 | 00,000,016 | ---- | C] () -- C:\Documents and Settings\isabelle\Application Data\wiaservg.log
[2009/11/18 21:49:32 | 00,035,100 | ---- | C] () -- C:\Documents and Settings\isabelle\Mes documents\cc_20091118_214928.reg
[2009/11/18 21:48:25 | 00,001,587 | ---- | C] () -- C:\Documents and Settings\isabelle\Bureau\CCleaner.lnk
[2009/11/18 19:52:40 | 00,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2009/06/21 16:30:29 | 00,000,121 | ---- | C] () -- C:\WINDOWS\bdagent.INI
[2008/10/09 15:31:54 | 00,192,512 | ---- | C] () -- C:\WINDOWS\System32\txmlutil.dll
[2008/08/25 16:01:26 | 00,000,206 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2007/10/29 10:58:26 | 00,004,608 | ---- | C] () -- C:\Documents and Settings\isabelle\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/05/07 08:27:13 | 00,000,448 | ---- | C] () -- C:\WINDOWS\LEXSTAT.INI
[2007/04/26 12:45:58 | 00,038,531 | ---- | C] () -- C:\WINDOWS\RicDB.ini
[2007/04/26 12:05:57 | 00,116,224 | ---- | C] () -- C:\WINDOWS\System32\pdfcmnnt.dll
[2007/04/26 09:55:35 | 00,000,743 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2007/04/26 09:55:35 | 00,000,022 | ---- | C] () -- C:\WINDOWS\exchng.ini
[2007/04/26 08:56:40 | 03,758,662 | -H-- | C] () -- C:\Documents and Settings\isabelle\Local Settings\Application Data\IconCache.db
[2007/04/26 08:56:40 | 00,012,328 | ---- | C] () -- C:\Documents and Settings\isabelle\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2007/04/26 08:56:40 | 00,000,131 | ---- | C] () -- C:\Documents and Settings\isabelle\Local Settings\Application Data\fusioncache.dat
[2007/04/26 08:56:40 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\isabelle\Application Data\desktop.ini
[2007/04/21 12:31:27 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2007/04/21 12:29:56 | 00,000,126 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2007/04/21 12:11:24 | 00,110,592 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll
[2007/04/21 12:09:54 | 00,000,538 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2007/01/31 13:50:32 | 00,913,408 | ---- | C] () -- C:\WINDOWS\System32\xreglib.dll
[2006/06/29 13:58:52 | 00,030,808 | ---- | C] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont
[2006/06/29 13:53:56 | 00,026,489 | ---- | C] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
[2006/04/18 14:39:28 | 00,029,779 | ---- | C] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
[2006/04/18 14:39:28 | 00,026,040 | ---- | C] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
[2005/11/10 01:38:34 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2004/08/19 13:27:50 | 00,000,821 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/19 13:18:16 | 00,000,000 | ---- | C] () -- C:\WINDOWS\control.ini
[2004/08/19 13:15:17 | 00,000,037 | ---- | C] () -- C:\WINDOWS\vbaddin.ini
[2004/08/19 13:15:17 | 00,000,036 | ---- | C] () -- C:\WINDOWS\vb.ini
[2004/08/19 13:14:48 | 00,027,768 | ---- | C] () -- C:\WINDOWS\System32\tslabels.ini
[2004/08/19 13:14:48 | 00,003,914 | ---- | C] () -- C:\WINDOWS\System32\msdtcprf.ini
[2004/08/19 13:10:39 | 01,126,110 | ---- | C] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2004/08/19 13:10:38 | 00,004,392 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004/08/19 13:10:24 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\desktop.ini
[2004/08/19 13:03:53 | 00,013,312 | ---- | C] () -- C:\WINDOWS\System32\win87em.dll
[2004/08/19 13:03:53 | 00,000,992 | ---- | C] () -- C:\WINDOWS\win.ini
[2004/08/19 13:03:51 | 00,015,360 | ---- | C] () -- C:\WINDOWS\System32\tsd32.dll
[2004/08/19 13:03:50 | 00,053,478 | ---- | C] () -- C:\WINDOWS\System32\tcpmon.ini
[2004/08/19 13:03:50 | 00,000,227 | ---- | C] () -- C:\WINDOWS\system.ini
[2004/08/19 13:03:45 | 00,270,848 | ---- | C] () -- C:\WINDOWS\System32\sbe.dll
[2004/08/19 13:03:45 | 00,010,240 | ---- | C] () -- C:\WINDOWS\System32\scriptpw.dll
[2004/08/19 13:03:44 | 00,733,696 | ---- | C] () -- C:\WINDOWS\System32\qedwipes.dll
[2004/08/19 13:03:44 | 00,015,937 | ---- | C] () -- C:\WINDOWS\System32\rsvp.ini
[2004/08/19 13:03:44 | 00,014,073 | ---- | C] () -- C:\WINDOWS\System32\pschdprf.ini
[2004/08/19 13:03:44 | 00,006,212 | ---- | C] () -- C:\WINDOWS\System32\rasctrs.ini
[2004/08/19 13:03:43 | 00,003,030 | ---- | C] () -- C:\WINDOWS\System32\perfci.ini
[2004/08/19 13:03:43 | 00,002,994 | ---- | C] () -- C:\WINDOWS\System32\perfwci.ini
[2004/08/19 13:03:43 | 00,001,293 | ---- | C] () -- C:\WINDOWS\System32\perffilt.ini
[2004/08/19 13:03:43 | 00,000,363 | ---- | C] () -- C:\WINDOWS\System32\prodspec.ini
[2004/08/19 13:03:40 | 00,035,648 | ---- | C] () -- C:\WINDOWS\System32\ntio411.sys
[2004/08/19 13:03:40 | 00,035,424 | ---- | C] () -- C:\WINDOWS\System32\ntio412.sys
[2004/08/19 13:03:40 | 00,034,560 | ---- | C] () -- C:\WINDOWS\System32\ntio804.sys
[2004/08/19 13:03:40 | 00,034,560 | ---- | C] () -- C:\WINDOWS\System32\ntio404.sys
[2004/08/19 13:03:40 | 00,034,000 | ---- | C] () -- C:\WINDOWS\System32\ntio.sys
[2004/08/19 13:03:40 | 00,029,370 | ---- | C] () -- C:\WINDOWS\System32\ntdos411.sys
[2004/08/19 13:03:40 | 00,029,274 | ---- | C] () -- C:\WINDOWS\System32\ntdos412.sys
[2004/08/19 13:03:40 | 00,029,146 | ---- | C] () -- C:\WINDOWS\System32\ntdos804.sys
[2004/08/19 13:03:40 | 00,029,146 | ---- | C] () -- C:\WINDOWS\System32\ntdos404.sys
[2004/08/19 13:03:40 | 00,027,916 | ---- | C] () -- C:\WINDOWS\System32\ntdos.sys
[2004/08/19 13:03:39 | 00,002,656 | ---- | C] () -- C:\WINDOWS\System32\netware.drv
[2004/08/19 13:03:37 | 00,094,282 | ---- | C] () -- C:\WINDOWS\System32\msencode.dll
[2004/08/19 13:03:37 | 00,014,336 | ---- | C] () -- C:\WINDOWS\System32\msdmo.dll
[2004/08/19 13:03:37 | 00,001,405 | ---- | C] () -- C:\WINDOWS\msdfmap.ini
[2004/08/19 13:03:35 | 00,020,727 | ---- | C] () -- C:\WINDOWS\System32\mqperf.ini
[2004/08/19 13:03:33 | 00,042,809 | ---- | C] () -- C:\WINDOWS\System32\key01.sys
[2004/08/19 13:03:33 | 00,042,537 | ---- | C] () -- C:\WINDOWS\System32\keyboard.sys
[2004/08/19 13:03:32 | 00,199,168 | ---- | C] () -- C:\WINDOWS\System32\ir32_32.dll
[2004/08/19 13:03:30 | 00,004,912 | ---- | C] () -- C:\WINDOWS\System32\himem.sys
[2004/08/19 13:03:28 | 01,015,477 | ---- | C] () -- C:\WINDOWS\System32\esentprf.ini
[2004/08/19 13:03:28 | 00,186,880 | ---- | C] () -- C:\WINDOWS\System32\encdec.dll
[2004/08/19 13:03:16 | 00,355,112 | ---- | C] () -- C:\WINDOWS\System32\msjetoledb40.dll
[2004/08/19 13:03:16 | 00,253,440 | ---- | C] () -- C:\WINDOWS\System32\compatui.dll
[2004/08/19 13:03:16 | 00,027,097 | ---- | C] () -- C:\WINDOWS\System32\country.sys
[2004/08/19 13:03:14 | 00,070,656 | ---- | C] () -- C:\WINDOWS\System32\amstream.dll
[2004/08/19 13:03:14 | 00,009,037 | ---- | C] () -- C:\WINDOWS\System32\ansi.sys
[2001/08/23 17:47:16 | 00,157,696 | ---- | C] () -- C:\WINDOWS\System32\paqsp.dll
[1997/08/28 23:00:00 | 00,031,232 | ---- | C] () -- C:\WINDOWS\System32\XLREC.DLL
[1997/08/28 23:00:00 | 00,025,600 | ---- | C] () -- C:\WINDOWS\System32\RECNCL.DLL
[1997/08/28 23:00:00 | 00,022,016 | ---- | C] () -- C:\WINDOWS\System32\ODBCSTF.DLL
[1997/08/28 23:00:00 | 00,022,016 | ---- | C] () -- C:\WINDOWS\System32\DOCOBJ.DLL
[1997/08/28 23:00:00 | 00,012,288 | ---- | C] () -- C:\WINDOWS\System32\HLINKPRX.DLL
========== Custom Scans ==========
< %SYSTEMDRIVE%\*.exe >
< %SYSTEMDRIVE%\eventlog.dll /s /md5 >
[2004/08/05 12:00:00 | 00,055,808 | ---- | M] (Microsoft Corporation) MD5=21E83876A6287F15538EF187D286FE11 -- C:\i386\eventlog.dll
[1 C:\i386\*.tmp files -> C:\i386\*.tmp -> ]
[2009/01/20 18:16:14 | 00,001,536 | ---- | M] () MD5=58B81BFA8841E41639BDD81A7FEE2B8E -- C:\Program Files\Fichiers communs\BitDefender\BitDefender Arrakis Server\lib\eventlog.dll
[2004/08/05 12:00:00 | 00,055,808 | ---- | M] (Microsoft Corporation) MD5=21E83876A6287F15538EF187D286FE11 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll
[27 C:\WINDOWS\$NtServicePackUninstall$\*.tmp files -> C:\WINDOWS\$NtServicePackUninstall$\*.tmp -> ]
[2008/04/14 03:33:24 | 00,056,320 | ---- | M] (Microsoft Corporation) MD5=4EC800BDF80521B0207BD2301DFC7D14 -- C:\WINDOWS\ERDNT\cache\eventlog.dll
[2008/04/14 03:33:24 | 00,056,320 | ---- | M] (Microsoft Corporation) MD5=4EC800BDF80521B0207BD2301DFC7D14 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/14 03:33:24 | 00,056,320 | ---- | M] (Microsoft Corporation) MD5=4EC800BDF80521B0207BD2301DFC7D14 -- C:\WINDOWS\SoftwareDistribution\Download\23ec66f2314a80d718b5483ab6e865af\eventlog.dll
[2008/04/14 03:33:24 | 00,056,320 | ---- | M] (Microsoft Corporation) MD5=4EC800BDF80521B0207BD2301DFC7D14 -- C:\WINDOWS\system32\eventlog.dll
< %SYSTEMDRIVE%\scecli.dll /s /md5 >
[2004/08/05 12:00:00 | 00,186,368 | ---- | M] (Microsoft Corporation) MD5=DEC0397F35D027874804EC72979D03CC -- C:\i386\scecli.dll
[1 C:\i386\*.tmp files -> C:\i386\*.tmp -> ]
[2004/08/05 12:00:00 | 00,186,368 | ---- | M] (Microsoft Corporation) MD5=DEC0397F35D027874804EC72979D03CC -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[27 C:\WINDOWS\$NtServicePackUninstall$\*.tmp files -> C:\WINDOWS\$NtServicePackUninstall$\*.tmp -> ]
[2008/04/14 03:33:40 | 00,187,392 | ---- | M] (Microsoft Corporation) MD5=973B36634C544948C663E8269AA1B3A3 -- C:\WINDOWS\ERDNT\cache\scecli.dll
[2008/04/14 03:33:40 | 00,187,392 | ---- | M] (Microsoft Corporation) MD5=973B36634C544948C663E8269AA1B3A3 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/14 03:33:40 | 00,187,392 | ---- | M] (Microsoft Corporation) MD5=973B36634C544948C663E8269AA1B3A3 -- C:\WINDOWS\SoftwareDistribution\Download\23ec66f2314a80d718b5483ab6e865af\scecli.dll
[2008/04/14 03:33:40 | 00,187,392 | ---- | M] (Microsoft Corporation) MD5=973B36634C544948C663E8269AA1B3A3 -- C:\WINDOWS\system32\scecli.dll
< %SYSTEMDRIVE%\netlogon.dll /s /md5 >
[2004/08/05 12:00:00 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=FAF07FDCDE76000621A28D19F8E2E8EB -- C:\i386\netlogon.dll
[1 C:\i386\*.tmp files -> C:\i386\*.tmp -> ]
[2004/08/05 12:00:00 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=FAF07FDCDE76000621A28D19F8E2E8EB -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll
[27 C:\WINDOWS\$NtServicePackUninstall$\*.tmp files -> C:\WINDOWS\$NtServicePackUninstall$\*.tmp -> ]
[2008/04/14 03:33:34 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=04821179C3171554C1BD1F9888A113E2 -- C:\WINDOWS\ERDNT\cache\netlogon.dll
[2008/04/14 03:33:34 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=04821179C3171554C1BD1F9888A113E2 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/14 03:33:34 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=04821179C3171554C1BD1F9888A113E2 -- C:\WINDOWS\SoftwareDistribution\Download\23ec66f2314a80d718b5483ab6e865af\netlogon.dll
[2008/04/14 03:33:34 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=04821179C3171554C1BD1F9888A113E2 -- C:\WINDOWS\system32\netlogon.dll
< %SYSTEMDRIVE%\cngaudit.dll /s /md5 >
< %SYSTEMDRIVE%\sceclt.dll /s /md5 >
< %SYSTEMDRIVE%\ntelogon.dll /s /md5 >
< %SYSTEMDRIVE%\logevent.dll /s /md5 >
< %SYSTEMDRIVE%\iaStor.sys /s /md5 >
[2006/10/10 13:03:48 | 00,246,784 | ---- | M] (Intel Corporation) MD5=019CF5F31C67030841233C545A0E217A -- C:\drivers\storage\R130118\iastor.sys
[2006/10/10 13:03:48 | 00,246,784 | ---- | M] (Intel Corporation) MD5=019CF5F31C67030841233C545A0E217A -- C:\i386\iaStor.sys
[1 C:\i386\*.tmp files -> C:\i386\*.tmp -> ]
[2009/11/22 11:44:39 | 00,246,784 | ---- | M] (Intel Corporation) MD5=019CF5F31C67030841233C545A0E217A -- C:\WINDOWS\system32\drivers\iaStor.sys
< %SYSTEMDRIVE%\nvstor.sys /s /md5 >
< %SYSTEMDRIVE%\atapi.sys /s /md5 >
[2004/08/03 22:59:44 | 00,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\cmdcons\atapi.sys
[2004/08/03 22:59:44 | 00,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\i386\atapi.sys
[1 C:\i386\*.tmp files -> C:\i386\*.tmp -> ]
[2004/08/03 22:59:44 | 00,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
[27 C:\WINDOWS\$NtServicePackUninstall$\*.tmp files -> C:\WINDOWS\$NtServicePackUninstall$\*.tmp -> ]
[2008/04/13 19:40:30 | 00,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ERDNT\cache\atapi.sys
[2008/04/13 19:40:30 | 00,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 19:40:30 | 00,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\SoftwareDistribution\Download\23ec66f2314a80d718b5483ab6e865af\atapi.sys
[2008/04/13 19:40:30 | 00,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/03 22:59:44 | 00,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0011\DriverFiles\i386\atapi.sys
< %SYSTEMDRIVE%\IdeChnDr.sys /s /md5 >
< %SYSTEMDRIVE%\viasraid.sys /s /md5 >
< %SYSTEMDRIVE%\AGP440.sys /s /md5 >
[2004/08/03 23:07:42 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\i386\AGP440.SYS
[1 C:\i386\*.tmp files -> C:\i386\*.tmp -> ]
[2004/08/03 23:07:42 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\$NtServicePackUninstall$\agp440.sys
[27 C:\WINDOWS\$NtServicePackUninstall$\*.tmp files -> C:\WINDOWS\$NtServicePackUninstall$\*.tmp -> ]
[2008/04/13 19:36:38 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ERDNT\cache\agp440.sys
[2008/04/13 19:36:38 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 19:36:38 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\SoftwareDistribution\Download\23ec66f2314a80d718b5483ab6e865af\agp440.sys
[2008/04/13 19:36:38 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys
< %SYSTEMDRIVE%\vaxscsi.sys /s /md5 >
< %SYSTEMDRIVE%\nvatabus.sys /s /md5 >
========== Alternate Data Streams ==========
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34
< End of report >
OTL Extras logfile created on: 26/11/2009 08:36:37 - Run 1
OTL by OldTimer - Version 3.1.10.1 Folder = C:\Documents and Settings\isabelle\Bureau
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy
2,00 Gb Total Physical Memory | 1,44 Gb Available Physical Memory | 72,22% Memory free
3,85 Gb Paging File | 3,41 Gb Available in Paging File | 88,61% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74,39 Gb Total Space | 59,41 Gb Free Space | 79,86% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: SECRETARIAT
Current User Name: isabelle
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.chm [@ = chm.file] -- "%SYSTEMROOT%\hh.exe" %1
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- Reg Error: Key error. File not found
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
chm.file [open] -- "%SYSTEMROOT%\hh.exe" %1 File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "%programfiles%\internet explorer\iexplore.exe" File not found
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{0017040C-78E1-11D2-B60F-006097C998E7}" = Microsoft Word 2000
"{071B9AFA-EBE8-4ABF-8F4A-9F92612F517E}" = Broadcom ASF Management Applications
"{075473F5-846A-448B-BCB3-104AA1760205}" = Roxio RecordNow Data
"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Roxio DLA
"{18A59CF2-76D3-4031-A380-6B05F4A9B190}" = PowerArchiver 2009 French
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 13
"{26E1BFB0-E87E-4696-9F89-B467F01F81E5}" = Broadcom Advanced Control Suite
"{27148014-3B0A-402B-8130-6B056357D12D}" = BitDefender Internet Security 2009
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Sonic Update Manager
"{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6
"{350C940c-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3EE33958-7381-4E7B-A4F3-6E43098E9E9C}" = URL Assistant
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD 5.7
"{6901DD22-527A-41EF-9059-E81FEDE9E494}" = Windows Presentation Foundation Language Pack (FRA)
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel Matrix Storage Manager
"{90AF040C-6000-11D3-8CFE-0150048383C9}" = Microsoft Office PowerPoint Viewer 2003
"{92FD71D5-ED7E-40B2-8DF3-4B5E6F684367}" = Dell ETS Factory Installation
"{9A394342-4A68-4EBA-85A6-55B559F4E700}" = Microsoft .NET Framework 1.1 French Language Pack
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Roxio RecordNow Audio
"{AC76BA86-7AD7-1036-7B44-A81200000003}" = Adobe Reader 8.1.2 - Français
"{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Roxio RecordNow Copy
"{B168C59D-5FCF-4EEC-B464-BFA7A8266150}" = Windows Communication Foundation Language Pack - FRA
"{B84C141C-9A13-44BE-9A69-301D7B11D836}" = Windows Workflow Foundation FR Language Pack
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CF5193FE-6B37-11D5-B7D2-00AA00A204F1}" = Extension Système de Microsoft Money
"{E3C080B0-23F5-49AF-89F8-8E8DBC89E659}" = Microsoft .NET Framework 3.0 French Language Pack
"{E7298FDF-1386-11D5-8D6C-0050DAD32D95}" = Microsoft Money
"{F196AC50-7C95-42E1-9947-BDAB18BF3C8C}" = Microsoft .NET Framework 2.0 Language Pack - FRA
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"CCleaner" = CCleaner (remove only)
"HijackThis" = HijackThis 2.0.2
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"IrfanView" = IrfanView (remove only)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 2.0 Language Pack - FRA" = Module de prise en charge linguistique de Microsoft .NET Framework 2.0 - FRA
"Microsoft .NET Framework 3.0 French Language Pack" = Module de prise en charge linguistique du français de Microsoft .NET Framework 3.0
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"OELauncher" = Outlook Express Launcher 2.2
"Office8.0" = Microsoft Office 97 Professional
"SearchAssist" = SearchAssist
"SpywareBlaster_is1" = SpywareBlaster 4.2
"Utilitaires LAN-Fax" = Utilitaires LAN-Fax
"Vade Retro" = Vade Retro Outlook, Outlook Express, Windows Mail (Vista)
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Lecteur Windows Media 11
"Windows XP Service" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"XPSEPSCLP" = XML Paper Specification Shared Components Language Pack 1.0
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 11/12/2008 03:30:02 | Computer Name = SECRETARIAT | Source = Application Error | ID = 1000
Description = Application défaillante msimn.exe, version 6.0.2900.2180, module défaillant
sockspy.dll, version 0.0.0.0, adresse de défaillance 0x0000104a.
Error - 11/12/2008 03:46:00 | Computer Name = SECRETARIAT | Source = Application Error | ID = 1000
Description = Application défaillante msimn.exe, version 6.0.2900.2180, module défaillant
ntdll.dll, version 5.1.2600.2180, adresse de défaillance 0x00018fea.
Error - 11/12/2008 03:47:10 | Computer Name = SECRETARIAT | Source = Application Hang | ID = 1002
Description = Application bloquée msimn.exe, version 6.0.2900.2180, module bloqué
hungapp, version 0.0.0.0, adresse de blocage 0x00000000.
Error - 11/12/2008 03:47:13 | Computer Name = SECRETARIAT | Source = Application Hang | ID = 1001
Description = Détecteur d'erreurs 126906962.
Error - 11/12/2008 03:47:22 | Computer Name = SECRETARIAT | Source = Application Error | ID = 1001
Description = Détecteur d'erreurs 129316364.
Error - 15/12/2008 03:40:21 | Computer Name = SECRETARIAT | Source = Application Error | ID = 1000
Description = Application défaillante msimn.exe, version 6.0.2900.2180, module défaillant
sockspy.dll, version 0.0.0.0, adresse de défaillance 0x0000104a.
Error - 15/12/2008 13:44:43 | Computer Name = SECRETARIAT | Source = Application Error | ID = 1000
Description = Application défaillante msimn.exe, version 6.0.2900.2180, module défaillant
sockspy.dll, version 0.0.0.0, adresse de défaillance 0x0000104a.
Error - 15/12/2008 13:45:34 | Computer Name = SECRETARIAT | Source = Application Hang | ID = 1002
Description = Application bloquée msimn.exe, version 6.0.2900.2180, module bloqué
hungapp, version 0.0.0.0, adresse de blocage 0x00000000.
Error - 15/12/2008 13:45:50 | Computer Name = SECRETARIAT | Source = Application Error | ID = 1000
Description = Application défaillante drwtsn32.exe, version 5.1.2600.0, module défaillant
dbghelp.dll, version 5.1.2600.2180, adresse de défaillance 0x0001295d.
Error - 15/12/2008 13:46:27 | Computer Name = SECRETARIAT | Source = Application Hang | ID = 1002
Description = Application bloquée msimn.exe, version 6.0.2900.2180, module bloqué
hungapp, version 0.0.0.0, adresse de blocage 0x00000000.
[ System Events ]
Error - 23/11/2009 02:51:16 | Computer Name = SECRETARIAT | Source = Service Control Manager | ID = 7000
Description = Le service Service de la passerelle de la couche Application n'a pas
pu démarrer en raison de l'erreur : %%1053
Error - 23/11/2009 03:22:21 | Computer Name = SECRETARIAT | Source = PlugPlayManager | ID = 11
Description = Le périphérique Root\LEGACY_NPF\0000 a disparu du système sans que
sa suppression ait tout d'abord été préparée.
Error - 23/11/2009 04:01:57 | Computer Name = SECRETARIAT | Source = Service Control Manager | ID = 7009
Description = Délai (30000 millisecondes) d'attente pour une connexion du service
Carte de performance WMI.
Error - 23/11/2009 04:02:30 | Computer Name = SECRETARIAT | Source = Service Control Manager | ID = 7000
Description = Le service Carte de performance WMI n'a pas pu démarrer en raison
de l'erreur : %%1053
Error - 24/11/2009 07:38:38 | Computer Name = SECRETARIAT | Source = Service Control Manager | ID = 7034
Description = Le service NVIDIA Display Driver Service s'est terminé de façon inattendue
pour la 1ème fois.
Error - 24/11/2009 07:38:38 | Computer Name = SECRETARIAT | Source = Service Control Manager | ID = 7034
Description = Le service Spouleur d'impression s'est terminé de façon inattendue
pour la 1ème fois.
Error - 24/11/2009 07:38:38 | Computer Name = SECRETARIAT | Source = Service Control Manager | ID = 7034
Description = Le service Intel(R) Matrix Storage Event Monitor s'est terminé de
façon inattendue pour la 1ème fois.
Error - 24/11/2009 07:38:38 | Computer Name = SECRETARIAT | Source = Service Control Manager | ID = 7034
Description = Le service Service de la passerelle de la couche Application s'est
terminé de façon inattendue pour la 1ème fois.
Error - 24/11/2009 07:38:38 | Computer Name = SECRETARIAT | Source = Service Control Manager | ID = 7034
Description = Le service Broadcom ASF IP Monitor s'est terminé de façon inattendue
pour la 1ème fois.
Error - 24/11/2009 07:38:38 | Computer Name = SECRETARIAT | Source = Service Control Manager | ID = 7034
Description = Le service Java Quick Starter s'est terminé de façon inattendue pour
la 1ème fois.
< End of report >
Merci encore pour ta patience et ton efficacité...
OTL logfile created on: 26/11/2009 08:36:37 - Run 1
OTL by OldTimer - Version 3.1.10.1 Folder = C:\Documents and Settings\isabelle\Bureau
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy
2,00 Gb Total Physical Memory | 1,44 Gb Available Physical Memory | 72,22% Memory free
3,85 Gb Paging File | 3,41 Gb Available in Paging File | 88,61% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74,39 Gb Total Space | 59,41 Gb Free Space | 79,86% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: SECRETARIAT
Current User Name: isabelle
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard
========== Processes (SafeList) ==========
PRC - [2009/11/26 07:50:49 | 00,531,456 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\isabelle\Bureau\OTL.exe
PRC - [2009/11/16 18:35:43 | 00,782,336 | ---- | M] (BitDefender S.R.L.) -- C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe
PRC - [2009/11/16 18:35:42 | 01,638,240 | ---- | M] (BitDefender S. R. L.) -- C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe
PRC - [2009/10/08 09:30:02 | 00,413,696 | ---- | M] (BitDefender SRL) -- C:\Program Files\Fichiers communs\BitDefender\BitDefender Update Service\livesrv.exe
PRC - [2009/03/09 04:19:15 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2009/03/08 13:09:26 | 00,638,816 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe
PRC - [2009/03/08 13:09:26 | 00,638,816 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe
PRC - [2008/11/30 10:23:00 | 00,148,800 | ---- | M] (ConeXware, Inc.) -- C:\Program Files\PowerArchiver\PASTARTER.EXE
PRC - [2008/05/26 11:19:30 | 01,078,272 | ---- | M] (Goto Software) -- C:\Program Files\Goto Software\Vade Retro\Vaderetro_mgr.exe
PRC - [2008/04/14 03:34:03 | 01,037,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/04/26 07:39:18 | 00,143,360 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2006/04/26 07:38:50 | 00,081,920 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2006/03/21 10:12:52 | 00,143,427 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe
PRC - [2006/03/17 17:25:16 | 00,065,536 | ---- | M] (Broadcom Corporation) -- C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe
PRC - [2005/12/09 20:29:52 | 00,049,152 | ---- | M] (CyberLink Corp.) -- C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
PRC - [2005/09/08 05:20:00 | 00,122,940 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\DLA\DLACTRLW.EXE
========== Modules (SafeList) ==========
MOD - [2009/11/26 07:50:49 | 00,531,456 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\isabelle\Bureau\OTL.exe
MOD - [2008/04/14 03:33:25 | 00,185,344 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\framedyn.dll
MOD - [2008/04/14 03:30:54 | 01,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
========== Win32 Services (SafeList) ==========
SRV - [2009/11/16 18:35:42 | 01,638,240 | ---- | M] (BitDefender S. R. L.) -- C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe -- (VSSERV)
SRV - [2009/10/08 09:30:02 | 00,413,696 | ---- | M] (BitDefender SRL) -- C:\Program Files\Fichiers communs\BitDefender\BitDefender Update Service\livesrv.exe -- (LIVESRV)
SRV - [2009/08/10 13:19:36 | 00,323,584 | ---- | M] (S.C. BitDefender S.R.L) -- C:\Program Files\Fichiers communs\BitDefender\BitDefender Threat Scanner\scan.dll -- (scan)
SRV - [2009/03/09 04:19:15 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2009/01/20 18:16:20 | 00,172,032 | ---- | M] () -- C:\Program Files\Fichiers communs\BitDefender\BitDefender Arrakis Server\bin\Arrakis3.exe -- (Arrakis3)
SRV - [2008/07/29 20:10:04 | 00,046,104 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0)
SRV - [2008/07/29 18:24:50 | 00,881,664 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc)
SRV - [2008/07/29 18:16:38 | 00,132,096 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing)
SRV - [2008/07/25 10:17:02 | 00,069,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/07/25 10:16:40 | 00,034,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state)
SRV - [2008/04/14 03:33:38 | 00,038,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\pchealth\helpctr\binaries\pchsvc.dll -- (helpsvc)
SRV - [2006/11/03 08:59:14 | 00,918,016 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\WMPNetwk.exe -- (WMPNetworkSvc)
SRV - [2006/04/26 07:38:50 | 00,081,920 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMon) Intel(R)
SRV - [2006/03/21 10:12:52 | 00,143,427 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe -- (NVSvc)
SRV - [2006/03/17 17:25:16 | 00,065,536 | ---- | M] (Broadcom Corporation) -- C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe -- (ASFIPmon)
========== Driver Services (SafeList) ==========
DRV - [2009/11/22 11:44:39 | 00,246,784 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\iaStor.sys -- (iaStor)
DRV - [2009/08/25 07:53:40 | 00,104,456 | ---- | M] (BitDefender LLC) -- C:\WINDOWS\system32\drivers\bdfndisf.sys -- (Bdfndisf)
DRV - [2009/08/25 07:53:38 | 00,137,224 | ---- | M] (BitDefender LLC) -- C:\Program Files\Fichiers communs\BitDefender\BitDefender Firewall\bdftdif.sys -- (bdftdif)
DRV - [2009/04/03 16:49:38 | 00,039,808 | ---- | M] (BitDefender S.R.L.) -- C:\Program Files\Fichiers communs\BitDefender\BitDefender Threat Scanner\trufos.sys -- (Trufos)
DRV - [2009/01/12 11:27:58 | 00,008,832 | ---- | M] (BitDefender S.R.L.) -- C:\Program Files\BitDefender\BitDefender 2009\bdselfpr.sys -- (BDSelfPr)
DRV - [2008/12/10 19:42:46 | 00,242,184 | ---- | M] (BitDefender S.R.L. Bucharest, ROMANIA) -- C:\WINDOWS\system32\drivers\bdfsfltr.sys -- (bdfsfltr)
DRV - [2008/10/06 17:16:16 | 00,082,696 | ---- | M] (BitDefender S.R.L.) -- C:\Program Files\BitDefender\BitDefender 2009\BDVEDISK.sys -- (BDVEDISK)
DRV - [2008/09/18 11:09:12 | 00,111,112 | ---- | M] (BitDefender S.R.L. Bucharest, ROMANIA) -- C:\WINDOWS\system32\drivers\bdfm.sys -- (bdfm)
DRV - [2008/09/02 13:32:06 | 00,013,056 | ---- | M] () -- C:\Program Files\Fichiers communs\BitDefender\BitDefender Threat Scanner\profos.sys -- (Profos)
DRV - [2008/04/13 19:36:39 | 00,043,008 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp)
DRV - [2008/04/13 19:36:39 | 00,040,960 | ---- | M] (Silicon Integrated Systems Corporation) -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp)
DRV - [2008/04/13 17:36:05 | 00,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2007/11/13 11:25:54 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv)
DRV - [2006/05/01 07:09:32 | 00,152,064 | ---- | M] (Broadcom Corporation) -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
DRV - [2006/03/21 10:12:50 | 03,520,160 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2006/03/20 15:06:04 | 01,156,648 | ---- | M] (SigmaTel, Inc.) -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2005/09/12 03:30:00 | 00,089,264 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\Drivers\DRVMCDB.SYS -- (DRVMCDB)
DRV - [2005/09/08 05:20:00 | 00,094,332 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS -- (DLAUDFAM)
DRV - [2005/09/08 05:20:00 | 00,087,036 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS -- (DLAUDF_M)
DRV - [2005/09/08 05:20:00 | 00,086,524 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS -- (DLAIFS_M)
DRV - [2005/09/08 05:20:00 | 00,025,628 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS -- (DLABOIOM)
DRV - [2005/09/08 05:20:00 | 00,014,684 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS -- (DLAOPIOM)
DRV - [2005/09/08 05:20:00 | 00,006,364 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS -- (DLAPoolM)
DRV - [2005/09/08 05:20:00 | 00,002,496 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\DLA\DLADResN.SYS -- (DLADResN)
DRV - [2005/08/25 12:16:52 | 00,005,628 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS -- (DLACDBHM)
DRV - [2005/08/25 12:16:16 | 00,022,684 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\DLARTL_N.SYS -- (DLARTL_N)
DRV - [2005/08/12 05:20:00 | 00,040,544 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\DRVNDDM.SYS -- (DRVNDDM)
DRV - [2005/01/26 02:03:00 | 00,020,576 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20)
DRV - [2004/08/05 12:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink)
DRV - [2003/04/24 15:21:50 | 00,006,025 | ---- | M] (Broadcom Corporation) -- C:\Program Files\Broadcom\ASFIPMon\BASFND.sys -- (BASFND)
DRV - [2001/08/23 17:12:50 | 00,117,760 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\e100b325.sys -- (E100B) Pilote de carte Intel (R)
DRV - [2001/08/23 17:04:44 | 00,006,656 | ---- | M] (CMD Technology, Inc.) -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde)
DRV - [2001/08/17 22:07:44 | 00,019,072 | ---- | M] (Adaptec, Inc.) -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow)
DRV - [2001/08/17 22:07:42 | 00,030,688 | ---- | M] (LSI Logic) -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3)
DRV - [2001/08/17 22:07:40 | 00,028,384 | ---- | M] (LSI Logic) -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi)
DRV - [2001/08/17 22:07:36 | 00,032,640 | ---- | M] (LSI Logic) -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx)
DRV - [2001/08/17 22:07:34 | 00,016,256 | ---- | M] (Symbios Logic Inc.) -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810)
DRV - [2001/08/17 21:52:22 | 00,036,736 | ---- | M] (Promise Technology, Inc.) -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra)
DRV - [2001/08/17 21:52:20 | 00,045,312 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160)
DRV - [2001/08/17 21:52:20 | 00,040,320 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080)
DRV - [2001/08/17 21:52:18 | 00,049,024 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280)
DRV - [2001/08/17 21:52:16 | 00,179,584 | ---- | M] (Mylex Corporation) -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k)
DRV - [2001/08/17 21:52:12 | 00,017,280 | ---- | M] (American Megatrends Inc.) -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x)
DRV - [2001/08/17 21:52:00 | 00,026,496 | ---- | M] (Advanced System Products, Inc.) -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc)
DRV - [2001/08/17 21:51:58 | 00,014,848 | ---- | M] (Advanced System Products, Inc.) -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550)
DRV - [2001/08/17 21:51:56 | 00,005,248 | ---- | M] (Acer Laboratories Inc.) -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.fr/ig/dell?hl=fr&client=dell ... bd=1070421
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = www.google.fr/ig/dell?hl=fr&client=dell ... bd=1070421
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
FF - HKLM\software\mozilla\Firefox\Extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2009/01/15 17:26:24 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/09/02 08:38:47 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Thunderbird\Extensions\\bdThunderbird@bitdefender.com: C:\Program Files\BitDefender\BitDefender 2009\tbextension\ [2009/06/19 11:26:06 | 00,000,000 | ---D | M]
O1 HOSTS File: (27 bytes) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (BitDefender Toolbar) - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2009\IEToolbar.dll (Bitdefender)
O4 - HKLM..\Run: [BDAgent] C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe (BitDefender S.R.L.)
O4 - HKLM..\Run: [BitDefender Antiphishing Helper] C:\Program Files\BitDefender\BitDefender 2009\IEShow.exe (BitDefender)
O4 - HKLM..\Run: [DLA] C:\WINDOWS\system32\DLA\DLACTRLW.EXE (Sonic Solutions)
O4 - HKLM..\Run: [DVDLauncher] C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe (CyberLink Corp.)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [MoneyStartUp10.0] C:\Program Files\Microsoft Money\System\Activation.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [VadeRetro Desktop] C:\Program Files\Goto Software\Vade Retro\Vaderetro_mgr.exe (Goto Software)
O4 - HKCU..\Run: [PowerArchiver Tray] C:\Program Files\PowerArchiver\PASTARTER.EXE (ConeXware, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Microsoft Recherche accélérée.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O15 - HKCU\..Trusted Domains: 25 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/fl ... rashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinsta ... s-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_13)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/19 13:18:18 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
O35 - comfile [open] -- "%1" %* File not found
O35 - exefile [open] -- "%1" %* File not found
NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2004/08/19 13:05:26 | 00,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: helpsvc - C:\WINDOWS\pchealth\helpctr\binaries\pchsvc.dll (Microsoft Corporation)
CREATERESTOREPOINT
Restore point Set: OTL Restore Point (67839029915156480)
========== Files/Folders - Created Within 30 Days ==========
[2009/11/26 07:50:43 | 00,531,456 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\isabelle\Bureau\OTL.exe
[2009/11/24 12:24:17 | 00,000,000 | ---D | C] -- C:\Documents and Settings\isabelle\Bureau\backups
[2009/11/23 09:09:40 | 00,000,000 | ---D | C] -- C:\SDFix
[2009/11/19 17:08:06 | 00,401,720 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\isabelle\Bureau\HiJackThis.exe
[2009/11/19 16:14:47 | 00,000,000 | ---D | C] -- C:\_OTM
[2009/11/19 15:59:05 | 00,422,912 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\isabelle\Bureau\OTM.exe
[2009/11/19 15:56:53 | 00,000,000 | ---D | C] -- C:\WINDOWS\pss
[2009/11/18 21:49:12 | 00,000,000 | RH-D | C] -- C:\Documents and Settings\isabelle\Recent
[2009/11/18 21:48:25 | 00,000,000 | ---D | C] -- C:\Program Files\CCleaner
[18 C:\WINDOWS\Fonts\*.tmp files -> C:\WINDOWS\Fonts\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2009/11/26 07:52:51 | 00,000,438 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{C921B3AE-39A4-4E2E-ACF9-A0E581D2557A}.job
[2009/11/26 07:50:49 | 00,531,456 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\isabelle\Bureau\OTL.exe
[2009/11/26 07:48:00 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/11/26 07:47:46 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\NvwsApps.xml
[2009/11/26 07:47:38 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/11/26 07:47:34 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/11/26 07:47:32 | 21,450,21952 | -HS- | M] () -- C:\hiberfil.sys
[2009/11/25 19:57:32 | 00,081,984 | ---- | M] () -- C:\WINDOWS\System32\bdod.bin
[2009/11/25 19:57:21 | 00,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009/11/25 19:56:38 | 07,340,032 | -H-- | M] () -- C:\Documents and Settings\isabelle\NTUSER.DAT
[2009/11/25 19:56:38 | 00,000,184 | -HS- | M] () -- C:\Documents and Settings\isabelle\ntuser.ini
[2009/11/24 19:39:17 | 03,758,662 | -H-- | M] () -- C:\Documents and Settings\isabelle\Local Settings\Application Data\IconCache.db
[2009/11/24 12:53:04 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2009/11/24 12:51:32 | 00,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2009/11/24 12:33:15 | 03,574,677 | R--- | M] () -- C:\Documents and Settings\isabelle\Bureau\ComboFix.exe
[2009/11/23 08:46:01 | 01,529,241 | ---- | M] () -- C:\Documents and Settings\isabelle\Bureau\SDFix.exe
[2009/11/22 11:44:39 | 00,246,784 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\drivers\iaStor.sys
[2009/11/21 11:40:13 | 07,540,736 | ---- | M] () -- C:\Documents and Settings\isabelle\Mes documents\Money.mny
[2009/11/19 17:10:53 | 00,000,992 | ---- | M] () -- C:\WINDOWS\win.ini
[2009/11/19 17:10:53 | 00,000,293 | RHS- | M] () -- C:\boot.ini
[2009/11/19 17:08:06 | 00,401,720 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\isabelle\Bureau\HiJackThis.exe
[2009/11/19 15:59:05 | 00,422,912 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\isabelle\Bureau\OTM.exe
[2009/11/19 09:03:26 | 00,000,398 | ---- | M] () -- C:\WINDOWS\System32\BDUpdateV1.xml
[2009/11/18 21:49:37 | 00,035,100 | ---- | M] () -- C:\Documents and Settings\isabelle\Mes documents\cc_20091118_214928.reg
[2009/11/18 21:48:26 | 00,001,587 | ---- | M] () -- C:\Documents and Settings\isabelle\Bureau\CCleaner.lnk
[2009/11/17 21:24:20 | 00,000,121 | ---- | M] () -- C:\WINDOWS\bdagent.INI
[2009/11/14 01:47:57 | 00,260,608 | ---- | M] () -- C:\WINDOWS\PEV.exe
[2009/11/12 17:13:48 | 00,119,744 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/11/08 11:06:49 | 00,071,168 | ---- | M] () -- C:\Documents and Settings\isabelle\Mes documents\NH Isabelle musique.doc
[2009/11/05 18:36:21 | 26,768,832 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe
[2009/10/28 16:07:15 | 00,046,080 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\tzchange.exe
========== Files Created - No Company Name ==========
[2009/11/25 19:57:19 | 00,001,393 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2009/11/23 08:45:52 | 01,529,241 | ---- | C] () -- C:\Documents and Settings\isabelle\Bureau\SDFix.exe
[2009/11/23 08:06:56 | 03,574,677 | R--- | C] () -- C:\Documents and Settings\isabelle\Bureau\ComboFix.exe
[2009/11/19 17:01:52 | 00,000,016 | ---- | C] () -- C:\Documents and Settings\isabelle\Application Data\wiaservg.log
[2009/11/18 21:49:32 | 00,035,100 | ---- | C] () -- C:\Documents and Settings\isabelle\Mes documents\cc_20091118_214928.reg
[2009/11/18 21:48:25 | 00,001,587 | ---- | C] () -- C:\Documents and Settings\isabelle\Bureau\CCleaner.lnk
[2009/11/18 19:52:40 | 00,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2009/06/21 16:30:29 | 00,000,121 | ---- | C] () -- C:\WINDOWS\bdagent.INI
[2008/10/09 15:31:54 | 00,192,512 | ---- | C] () -- C:\WINDOWS\System32\txmlutil.dll
[2008/08/25 16:01:26 | 00,000,206 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2007/10/29 10:58:26 | 00,004,608 | ---- | C] () -- C:\Documents and Settings\isabelle\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/05/07 08:27:13 | 00,000,448 | ---- | C] () -- C:\WINDOWS\LEXSTAT.INI
[2007/04/26 12:45:58 | 00,038,531 | ---- | C] () -- C:\WINDOWS\RicDB.ini
[2007/04/26 12:05:57 | 00,116,224 | ---- | C] () -- C:\WINDOWS\System32\pdfcmnnt.dll
[2007/04/26 09:55:35 | 00,000,743 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2007/04/26 09:55:35 | 00,000,022 | ---- | C] () -- C:\WINDOWS\exchng.ini
[2007/04/26 08:56:40 | 03,758,662 | -H-- | C] () -- C:\Documents and Settings\isabelle\Local Settings\Application Data\IconCache.db
[2007/04/26 08:56:40 | 00,012,328 | ---- | C] () -- C:\Documents and Settings\isabelle\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2007/04/26 08:56:40 | 00,000,131 | ---- | C] () -- C:\Documents and Settings\isabelle\Local Settings\Application Data\fusioncache.dat
[2007/04/26 08:56:40 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\isabelle\Application Data\desktop.ini
[2007/04/21 12:31:27 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2007/04/21 12:29:56 | 00,000,126 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2007/04/21 12:11:24 | 00,110,592 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll
[2007/04/21 12:09:54 | 00,000,538 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2007/01/31 13:50:32 | 00,913,408 | ---- | C] () -- C:\WINDOWS\System32\xreglib.dll
[2006/06/29 13:58:52 | 00,030,808 | ---- | C] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont
[2006/06/29 13:53:56 | 00,026,489 | ---- | C] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
[2006/04/18 14:39:28 | 00,029,779 | ---- | C] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
[2006/04/18 14:39:28 | 00,026,040 | ---- | C] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
[2005/11/10 01:38:34 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2004/08/19 13:27:50 | 00,000,821 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/19 13:18:16 | 00,000,000 | ---- | C] () -- C:\WINDOWS\control.ini
[2004/08/19 13:15:17 | 00,000,037 | ---- | C] () -- C:\WINDOWS\vbaddin.ini
[2004/08/19 13:15:17 | 00,000,036 | ---- | C] () -- C:\WINDOWS\vb.ini
[2004/08/19 13:14:48 | 00,027,768 | ---- | C] () -- C:\WINDOWS\System32\tslabels.ini
[2004/08/19 13:14:48 | 00,003,914 | ---- | C] () -- C:\WINDOWS\System32\msdtcprf.ini
[2004/08/19 13:10:39 | 01,126,110 | ---- | C] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2004/08/19 13:10:38 | 00,004,392 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004/08/19 13:10:24 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\desktop.ini
[2004/08/19 13:03:53 | 00,013,312 | ---- | C] () -- C:\WINDOWS\System32\win87em.dll
[2004/08/19 13:03:53 | 00,000,992 | ---- | C] () -- C:\WINDOWS\win.ini
[2004/08/19 13:03:51 | 00,015,360 | ---- | C] () -- C:\WINDOWS\System32\tsd32.dll
[2004/08/19 13:03:50 | 00,053,478 | ---- | C] () -- C:\WINDOWS\System32\tcpmon.ini
[2004/08/19 13:03:50 | 00,000,227 | ---- | C] () -- C:\WINDOWS\system.ini
[2004/08/19 13:03:45 | 00,270,848 | ---- | C] () -- C:\WINDOWS\System32\sbe.dll
[2004/08/19 13:03:45 | 00,010,240 | ---- | C] () -- C:\WINDOWS\System32\scriptpw.dll
[2004/08/19 13:03:44 | 00,733,696 | ---- | C] () -- C:\WINDOWS\System32\qedwipes.dll
[2004/08/19 13:03:44 | 00,015,937 | ---- | C] () -- C:\WINDOWS\System32\rsvp.ini
[2004/08/19 13:03:44 | 00,014,073 | ---- | C] () -- C:\WINDOWS\System32\pschdprf.ini
[2004/08/19 13:03:44 | 00,006,212 | ---- | C] () -- C:\WINDOWS\System32\rasctrs.ini
[2004/08/19 13:03:43 | 00,003,030 | ---- | C] () -- C:\WINDOWS\System32\perfci.ini
[2004/08/19 13:03:43 | 00,002,994 | ---- | C] () -- C:\WINDOWS\System32\perfwci.ini
[2004/08/19 13:03:43 | 00,001,293 | ---- | C] () -- C:\WINDOWS\System32\perffilt.ini
[2004/08/19 13:03:43 | 00,000,363 | ---- | C] () -- C:\WINDOWS\System32\prodspec.ini
[2004/08/19 13:03:40 | 00,035,648 | ---- | C] () -- C:\WINDOWS\System32\ntio411.sys
[2004/08/19 13:03:40 | 00,035,424 | ---- | C] () -- C:\WINDOWS\System32\ntio412.sys
[2004/08/19 13:03:40 | 00,034,560 | ---- | C] () -- C:\WINDOWS\System32\ntio804.sys
[2004/08/19 13:03:40 | 00,034,560 | ---- | C] () -- C:\WINDOWS\System32\ntio404.sys
[2004/08/19 13:03:40 | 00,034,000 | ---- | C] () -- C:\WINDOWS\System32\ntio.sys
[2004/08/19 13:03:40 | 00,029,370 | ---- | C] () -- C:\WINDOWS\System32\ntdos411.sys
[2004/08/19 13:03:40 | 00,029,274 | ---- | C] () -- C:\WINDOWS\System32\ntdos412.sys
[2004/08/19 13:03:40 | 00,029,146 | ---- | C] () -- C:\WINDOWS\System32\ntdos804.sys
[2004/08/19 13:03:40 | 00,029,146 | ---- | C] () -- C:\WINDOWS\System32\ntdos404.sys
[2004/08/19 13:03:40 | 00,027,916 | ---- | C] () -- C:\WINDOWS\System32\ntdos.sys
[2004/08/19 13:03:39 | 00,002,656 | ---- | C] () -- C:\WINDOWS\System32\netware.drv
[2004/08/19 13:03:37 | 00,094,282 | ---- | C] () -- C:\WINDOWS\System32\msencode.dll
[2004/08/19 13:03:37 | 00,014,336 | ---- | C] () -- C:\WINDOWS\System32\msdmo.dll
[2004/08/19 13:03:37 | 00,001,405 | ---- | C] () -- C:\WINDOWS\msdfmap.ini
[2004/08/19 13:03:35 | 00,020,727 | ---- | C] () -- C:\WINDOWS\System32\mqperf.ini
[2004/08/19 13:03:33 | 00,042,809 | ---- | C] () -- C:\WINDOWS\System32\key01.sys
[2004/08/19 13:03:33 | 00,042,537 | ---- | C] () -- C:\WINDOWS\System32\keyboard.sys
[2004/08/19 13:03:32 | 00,199,168 | ---- | C] () -- C:\WINDOWS\System32\ir32_32.dll
[2004/08/19 13:03:30 | 00,004,912 | ---- | C] () -- C:\WINDOWS\System32\himem.sys
[2004/08/19 13:03:28 | 01,015,477 | ---- | C] () -- C:\WINDOWS\System32\esentprf.ini
[2004/08/19 13:03:28 | 00,186,880 | ---- | C] () -- C:\WINDOWS\System32\encdec.dll
[2004/08/19 13:03:16 | 00,355,112 | ---- | C] () -- C:\WINDOWS\System32\msjetoledb40.dll
[2004/08/19 13:03:16 | 00,253,440 | ---- | C] () -- C:\WINDOWS\System32\compatui.dll
[2004/08/19 13:03:16 | 00,027,097 | ---- | C] () -- C:\WINDOWS\System32\country.sys
[2004/08/19 13:03:14 | 00,070,656 | ---- | C] () -- C:\WINDOWS\System32\amstream.dll
[2004/08/19 13:03:14 | 00,009,037 | ---- | C] () -- C:\WINDOWS\System32\ansi.sys
[2001/08/23 17:47:16 | 00,157,696 | ---- | C] () -- C:\WINDOWS\System32\paqsp.dll
[1997/08/28 23:00:00 | 00,031,232 | ---- | C] () -- C:\WINDOWS\System32\XLREC.DLL
[1997/08/28 23:00:00 | 00,025,600 | ---- | C] () -- C:\WINDOWS\System32\RECNCL.DLL
[1997/08/28 23:00:00 | 00,022,016 | ---- | C] () -- C:\WINDOWS\System32\ODBCSTF.DLL
[1997/08/28 23:00:00 | 00,022,016 | ---- | C] () -- C:\WINDOWS\System32\DOCOBJ.DLL
[1997/08/28 23:00:00 | 00,012,288 | ---- | C] () -- C:\WINDOWS\System32\HLINKPRX.DLL
========== Custom Scans ==========
< %SYSTEMDRIVE%\*.exe >
< %SYSTEMDRIVE%\eventlog.dll /s /md5 >
[2004/08/05 12:00:00 | 00,055,808 | ---- | M] (Microsoft Corporation) MD5=21E83876A6287F15538EF187D286FE11 -- C:\i386\eventlog.dll
[1 C:\i386\*.tmp files -> C:\i386\*.tmp -> ]
[2009/01/20 18:16:14 | 00,001,536 | ---- | M] () MD5=58B81BFA8841E41639BDD81A7FEE2B8E -- C:\Program Files\Fichiers communs\BitDefender\BitDefender Arrakis Server\lib\eventlog.dll
[2004/08/05 12:00:00 | 00,055,808 | ---- | M] (Microsoft Corporation) MD5=21E83876A6287F15538EF187D286FE11 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll
[27 C:\WINDOWS\$NtServicePackUninstall$\*.tmp files -> C:\WINDOWS\$NtServicePackUninstall$\*.tmp -> ]
[2008/04/14 03:33:24 | 00,056,320 | ---- | M] (Microsoft Corporation) MD5=4EC800BDF80521B0207BD2301DFC7D14 -- C:\WINDOWS\ERDNT\cache\eventlog.dll
[2008/04/14 03:33:24 | 00,056,320 | ---- | M] (Microsoft Corporation) MD5=4EC800BDF80521B0207BD2301DFC7D14 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/14 03:33:24 | 00,056,320 | ---- | M] (Microsoft Corporation) MD5=4EC800BDF80521B0207BD2301DFC7D14 -- C:\WINDOWS\SoftwareDistribution\Download\23ec66f2314a80d718b5483ab6e865af\eventlog.dll
[2008/04/14 03:33:24 | 00,056,320 | ---- | M] (Microsoft Corporation) MD5=4EC800BDF80521B0207BD2301DFC7D14 -- C:\WINDOWS\system32\eventlog.dll
< %SYSTEMDRIVE%\scecli.dll /s /md5 >
[2004/08/05 12:00:00 | 00,186,368 | ---- | M] (Microsoft Corporation) MD5=DEC0397F35D027874804EC72979D03CC -- C:\i386\scecli.dll
[1 C:\i386\*.tmp files -> C:\i386\*.tmp -> ]
[2004/08/05 12:00:00 | 00,186,368 | ---- | M] (Microsoft Corporation) MD5=DEC0397F35D027874804EC72979D03CC -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[27 C:\WINDOWS\$NtServicePackUninstall$\*.tmp files -> C:\WINDOWS\$NtServicePackUninstall$\*.tmp -> ]
[2008/04/14 03:33:40 | 00,187,392 | ---- | M] (Microsoft Corporation) MD5=973B36634C544948C663E8269AA1B3A3 -- C:\WINDOWS\ERDNT\cache\scecli.dll
[2008/04/14 03:33:40 | 00,187,392 | ---- | M] (Microsoft Corporation) MD5=973B36634C544948C663E8269AA1B3A3 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/14 03:33:40 | 00,187,392 | ---- | M] (Microsoft Corporation) MD5=973B36634C544948C663E8269AA1B3A3 -- C:\WINDOWS\SoftwareDistribution\Download\23ec66f2314a80d718b5483ab6e865af\scecli.dll
[2008/04/14 03:33:40 | 00,187,392 | ---- | M] (Microsoft Corporation) MD5=973B36634C544948C663E8269AA1B3A3 -- C:\WINDOWS\system32\scecli.dll
< %SYSTEMDRIVE%\netlogon.dll /s /md5 >
[2004/08/05 12:00:00 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=FAF07FDCDE76000621A28D19F8E2E8EB -- C:\i386\netlogon.dll
[1 C:\i386\*.tmp files -> C:\i386\*.tmp -> ]
[2004/08/05 12:00:00 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=FAF07FDCDE76000621A28D19F8E2E8EB -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll
[27 C:\WINDOWS\$NtServicePackUninstall$\*.tmp files -> C:\WINDOWS\$NtServicePackUninstall$\*.tmp -> ]
[2008/04/14 03:33:34 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=04821179C3171554C1BD1F9888A113E2 -- C:\WINDOWS\ERDNT\cache\netlogon.dll
[2008/04/14 03:33:34 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=04821179C3171554C1BD1F9888A113E2 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/14 03:33:34 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=04821179C3171554C1BD1F9888A113E2 -- C:\WINDOWS\SoftwareDistribution\Download\23ec66f2314a80d718b5483ab6e865af\netlogon.dll
[2008/04/14 03:33:34 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=04821179C3171554C1BD1F9888A113E2 -- C:\WINDOWS\system32\netlogon.dll
< %SYSTEMDRIVE%\cngaudit.dll /s /md5 >
< %SYSTEMDRIVE%\sceclt.dll /s /md5 >
< %SYSTEMDRIVE%\ntelogon.dll /s /md5 >
< %SYSTEMDRIVE%\logevent.dll /s /md5 >
< %SYSTEMDRIVE%\iaStor.sys /s /md5 >
[2006/10/10 13:03:48 | 00,246,784 | ---- | M] (Intel Corporation) MD5=019CF5F31C67030841233C545A0E217A -- C:\drivers\storage\R130118\iastor.sys
[2006/10/10 13:03:48 | 00,246,784 | ---- | M] (Intel Corporation) MD5=019CF5F31C67030841233C545A0E217A -- C:\i386\iaStor.sys
[1 C:\i386\*.tmp files -> C:\i386\*.tmp -> ]
[2009/11/22 11:44:39 | 00,246,784 | ---- | M] (Intel Corporation) MD5=019CF5F31C67030841233C545A0E217A -- C:\WINDOWS\system32\drivers\iaStor.sys
< %SYSTEMDRIVE%\nvstor.sys /s /md5 >
< %SYSTEMDRIVE%\atapi.sys /s /md5 >
[2004/08/03 22:59:44 | 00,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\cmdcons\atapi.sys
[2004/08/03 22:59:44 | 00,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\i386\atapi.sys
[1 C:\i386\*.tmp files -> C:\i386\*.tmp -> ]
[2004/08/03 22:59:44 | 00,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
[27 C:\WINDOWS\$NtServicePackUninstall$\*.tmp files -> C:\WINDOWS\$NtServicePackUninstall$\*.tmp -> ]
[2008/04/13 19:40:30 | 00,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ERDNT\cache\atapi.sys
[2008/04/13 19:40:30 | 00,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 19:40:30 | 00,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\SoftwareDistribution\Download\23ec66f2314a80d718b5483ab6e865af\atapi.sys
[2008/04/13 19:40:30 | 00,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/03 22:59:44 | 00,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0011\DriverFiles\i386\atapi.sys
< %SYSTEMDRIVE%\IdeChnDr.sys /s /md5 >
< %SYSTEMDRIVE%\viasraid.sys /s /md5 >
< %SYSTEMDRIVE%\AGP440.sys /s /md5 >
[2004/08/03 23:07:42 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\i386\AGP440.SYS
[1 C:\i386\*.tmp files -> C:\i386\*.tmp -> ]
[2004/08/03 23:07:42 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\$NtServicePackUninstall$\agp440.sys
[27 C:\WINDOWS\$NtServicePackUninstall$\*.tmp files -> C:\WINDOWS\$NtServicePackUninstall$\*.tmp -> ]
[2008/04/13 19:36:38 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ERDNT\cache\agp440.sys
[2008/04/13 19:36:38 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 19:36:38 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\SoftwareDistribution\Download\23ec66f2314a80d718b5483ab6e865af\agp440.sys
[2008/04/13 19:36:38 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys
< %SYSTEMDRIVE%\vaxscsi.sys /s /md5 >
< %SYSTEMDRIVE%\nvatabus.sys /s /md5 >
========== Alternate Data Streams ==========
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34
< End of report >
OTL Extras logfile created on: 26/11/2009 08:36:37 - Run 1
OTL by OldTimer - Version 3.1.10.1 Folder = C:\Documents and Settings\isabelle\Bureau
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy
2,00 Gb Total Physical Memory | 1,44 Gb Available Physical Memory | 72,22% Memory free
3,85 Gb Paging File | 3,41 Gb Available in Paging File | 88,61% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74,39 Gb Total Space | 59,41 Gb Free Space | 79,86% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: SECRETARIAT
Current User Name: isabelle
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.chm [@ = chm.file] -- "%SYSTEMROOT%\hh.exe" %1
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- Reg Error: Key error. File not found
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
chm.file [open] -- "%SYSTEMROOT%\hh.exe" %1 File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "%programfiles%\internet explorer\iexplore.exe" File not found
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{0017040C-78E1-11D2-B60F-006097C998E7}" = Microsoft Word 2000
"{071B9AFA-EBE8-4ABF-8F4A-9F92612F517E}" = Broadcom ASF Management Applications
"{075473F5-846A-448B-BCB3-104AA1760205}" = Roxio RecordNow Data
"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Roxio DLA
"{18A59CF2-76D3-4031-A380-6B05F4A9B190}" = PowerArchiver 2009 French
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 13
"{26E1BFB0-E87E-4696-9F89-B467F01F81E5}" = Broadcom Advanced Control Suite
"{27148014-3B0A-402B-8130-6B056357D12D}" = BitDefender Internet Security 2009
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Sonic Update Manager
"{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6
"{350C940c-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3EE33958-7381-4E7B-A4F3-6E43098E9E9C}" = URL Assistant
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD 5.7
"{6901DD22-527A-41EF-9059-E81FEDE9E494}" = Windows Presentation Foundation Language Pack (FRA)
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel Matrix Storage Manager
"{90AF040C-6000-11D3-8CFE-0150048383C9}" = Microsoft Office PowerPoint Viewer 2003
"{92FD71D5-ED7E-40B2-8DF3-4B5E6F684367}" = Dell ETS Factory Installation
"{9A394342-4A68-4EBA-85A6-55B559F4E700}" = Microsoft .NET Framework 1.1 French Language Pack
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Roxio RecordNow Audio
"{AC76BA86-7AD7-1036-7B44-A81200000003}" = Adobe Reader 8.1.2 - Français
"{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Roxio RecordNow Copy
"{B168C59D-5FCF-4EEC-B464-BFA7A8266150}" = Windows Communication Foundation Language Pack - FRA
"{B84C141C-9A13-44BE-9A69-301D7B11D836}" = Windows Workflow Foundation FR Language Pack
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CF5193FE-6B37-11D5-B7D2-00AA00A204F1}" = Extension Système de Microsoft Money
"{E3C080B0-23F5-49AF-89F8-8E8DBC89E659}" = Microsoft .NET Framework 3.0 French Language Pack
"{E7298FDF-1386-11D5-8D6C-0050DAD32D95}" = Microsoft Money
"{F196AC50-7C95-42E1-9947-BDAB18BF3C8C}" = Microsoft .NET Framework 2.0 Language Pack - FRA
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"CCleaner" = CCleaner (remove only)
"HijackThis" = HijackThis 2.0.2
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"IrfanView" = IrfanView (remove only)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 2.0 Language Pack - FRA" = Module de prise en charge linguistique de Microsoft .NET Framework 2.0 - FRA
"Microsoft .NET Framework 3.0 French Language Pack" = Module de prise en charge linguistique du français de Microsoft .NET Framework 3.0
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"OELauncher" = Outlook Express Launcher 2.2
"Office8.0" = Microsoft Office 97 Professional
"SearchAssist" = SearchAssist
"SpywareBlaster_is1" = SpywareBlaster 4.2
"Utilitaires LAN-Fax" = Utilitaires LAN-Fax
"Vade Retro" = Vade Retro Outlook, Outlook Express, Windows Mail (Vista)
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Lecteur Windows Media 11
"Windows XP Service" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"XPSEPSCLP" = XML Paper Specification Shared Components Language Pack 1.0
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 11/12/2008 03:30:02 | Computer Name = SECRETARIAT | Source = Application Error | ID = 1000
Description = Application défaillante msimn.exe, version 6.0.2900.2180, module défaillant
sockspy.dll, version 0.0.0.0, adresse de défaillance 0x0000104a.
Error - 11/12/2008 03:46:00 | Computer Name = SECRETARIAT | Source = Application Error | ID = 1000
Description = Application défaillante msimn.exe, version 6.0.2900.2180, module défaillant
ntdll.dll, version 5.1.2600.2180, adresse de défaillance 0x00018fea.
Error - 11/12/2008 03:47:10 | Computer Name = SECRETARIAT | Source = Application Hang | ID = 1002
Description = Application bloquée msimn.exe, version 6.0.2900.2180, module bloqué
hungapp, version 0.0.0.0, adresse de blocage 0x00000000.
Error - 11/12/2008 03:47:13 | Computer Name = SECRETARIAT | Source = Application Hang | ID = 1001
Description = Détecteur d'erreurs 126906962.
Error - 11/12/2008 03:47:22 | Computer Name = SECRETARIAT | Source = Application Error | ID = 1001
Description = Détecteur d'erreurs 129316364.
Error - 15/12/2008 03:40:21 | Computer Name = SECRETARIAT | Source = Application Error | ID = 1000
Description = Application défaillante msimn.exe, version 6.0.2900.2180, module défaillant
sockspy.dll, version 0.0.0.0, adresse de défaillance 0x0000104a.
Error - 15/12/2008 13:44:43 | Computer Name = SECRETARIAT | Source = Application Error | ID = 1000
Description = Application défaillante msimn.exe, version 6.0.2900.2180, module défaillant
sockspy.dll, version 0.0.0.0, adresse de défaillance 0x0000104a.
Error - 15/12/2008 13:45:34 | Computer Name = SECRETARIAT | Source = Application Hang | ID = 1002
Description = Application bloquée msimn.exe, version 6.0.2900.2180, module bloqué
hungapp, version 0.0.0.0, adresse de blocage 0x00000000.
Error - 15/12/2008 13:45:50 | Computer Name = SECRETARIAT | Source = Application Error | ID = 1000
Description = Application défaillante drwtsn32.exe, version 5.1.2600.0, module défaillant
dbghelp.dll, version 5.1.2600.2180, adresse de défaillance 0x0001295d.
Error - 15/12/2008 13:46:27 | Computer Name = SECRETARIAT | Source = Application Hang | ID = 1002
Description = Application bloquée msimn.exe, version 6.0.2900.2180, module bloqué
hungapp, version 0.0.0.0, adresse de blocage 0x00000000.
[ System Events ]
Error - 23/11/2009 02:51:16 | Computer Name = SECRETARIAT | Source = Service Control Manager | ID = 7000
Description = Le service Service de la passerelle de la couche Application n'a pas
pu démarrer en raison de l'erreur : %%1053
Error - 23/11/2009 03:22:21 | Computer Name = SECRETARIAT | Source = PlugPlayManager | ID = 11
Description = Le périphérique Root\LEGACY_NPF\0000 a disparu du système sans que
sa suppression ait tout d'abord été préparée.
Error - 23/11/2009 04:01:57 | Computer Name = SECRETARIAT | Source = Service Control Manager | ID = 7009
Description = Délai (30000 millisecondes) d'attente pour une connexion du service
Carte de performance WMI.
Error - 23/11/2009 04:02:30 | Computer Name = SECRETARIAT | Source = Service Control Manager | ID = 7000
Description = Le service Carte de performance WMI n'a pas pu démarrer en raison
de l'erreur : %%1053
Error - 24/11/2009 07:38:38 | Computer Name = SECRETARIAT | Source = Service Control Manager | ID = 7034
Description = Le service NVIDIA Display Driver Service s'est terminé de façon inattendue
pour la 1ème fois.
Error - 24/11/2009 07:38:38 | Computer Name = SECRETARIAT | Source = Service Control Manager | ID = 7034
Description = Le service Spouleur d'impression s'est terminé de façon inattendue
pour la 1ème fois.
Error - 24/11/2009 07:38:38 | Computer Name = SECRETARIAT | Source = Service Control Manager | ID = 7034
Description = Le service Intel(R) Matrix Storage Event Monitor s'est terminé de
façon inattendue pour la 1ème fois.
Error - 24/11/2009 07:38:38 | Computer Name = SECRETARIAT | Source = Service Control Manager | ID = 7034
Description = Le service Service de la passerelle de la couche Application s'est
terminé de façon inattendue pour la 1ème fois.
Error - 24/11/2009 07:38:38 | Computer Name = SECRETARIAT | Source = Service Control Manager | ID = 7034
Description = Le service Broadcom ASF IP Monitor s'est terminé de façon inattendue
pour la 1ème fois.
Error - 24/11/2009 07:38:38 | Computer Name = SECRETARIAT | Source = Service Control Manager | ID = 7034
Description = Le service Java Quick Starter s'est terminé de façon inattendue pour
la 1ème fois.
< End of report >
Merci encore pour ta patience et ton efficacité...
- Murielle la puce
- Apprenti(e) Expert(e)
- Messages: 421
- Inscription: 28 Juil 2002 21:04
- Localisation: Derrière mon ordi
Re: Un problème avec Security tools..
le 26 Nov 2009 09:37
Bonjour,tu as bien travaillé,en attendant que je vérifie tout ça,pour t'avancer tu peut nettoyer ton cahe Java avec log:
Télécharge JavaRA (de Paul McLain et Fred de Vries)
Pour Vista : Clic-droit sur 
setup et choisis "Exécuter en tant qu'administrateur".
Aide en images
Décompresse le fichier sur ton Bureau (clic droit > Extraire tout)
Double-clique sur le répertoire JavaRa obtenu.
Puis double-Clique sur le fichier JavaRa.exe (le .exe peut ne pas s'afficher).
Clique sur Effacer les anciennes versions.
Clique sur Oui pour confirmer. L'outil va travailler, clique ensuite sur Ok, puis une deuxième fois sur Ok.
Ferme l'application.
Poste le contenu du rapport C:\JavaRa.log.
A+
Télécharge JavaRA (de Paul McLain et Fred de Vries) Pour Vista : Clic-droit sur setup et choisis "Exécuter en tant qu'administrateur". Aide en images Décompresse le fichier sur ton Bureau (clic droit > Extraire tout) Double-clique sur le répertoire JavaRa obtenu. Puis double-Clique sur le fichier JavaRa.exe (le .exe peut ne pas s'afficher).Clique sur Effacer les anciennes versions. Clique sur Oui pour confirmer. L'outil va travailler, clique ensuite sur Ok, puis une deuxième fois sur Ok. Ferme l'application. Poste le contenu du rapport C:\JavaRa.log.A+
-
Jypalou - Expert(e)
- Messages: 1583
- Inscription: 06 Oct 2009 20:56
- Localisation: Narbonne
Re: Un problème avec Security tools..
le 27 Nov 2009 07:58
avaRa 1.15 Removal Log.
Report follows after line.
------------------------------------
The JavaRa removal process was started on Fri Nov 27 07:57:38 2009
Found and removed: C:\Program Files\Java\jre1.5.0_06
Found and removed: C:\Documents and Settings\isabelle\Application Data\Sun\Java\jre1.6.0_11
Found and removed: C:\Documents and Settings\isabelle\Application Data\Sun\Java\jre1.6.0_12
Found and removed: Software\JavaSoft\Java2D\1.5.0_06
Found and removed: SOFTWARE\Classes\Installer\Features\8A0F842331866D117AB7000B0D510006
Found and removed: SOFTWARE\Classes\Installer\Products\8A0F842331866D117AB7000B0D510006
Found and removed: SOFTWARE\Classes\Installer\UpgradeCodes\7A0F842331866D117AB7000B0D510006
Found and removed: SOFTWARE\Classes\JavaPlugin.150_06
Found and removed: SOFTWARE\Classes\JavaWebStart.isInstalled.1.5.0.0
Found and removed: SOFTWARE\JavaSoft\Java Plug-in\1.5.0_06
Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.5
Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.5.0_06
Found and removed: SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}
Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ACBB9B2318A96D117A58000B0D510006
Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\8A0F842331866D117AB7000B0D510006
Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3248F0A8-6813-11D6-A77B-00B0D0150060}
Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.5.0_06
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0000-0003-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0000-0004-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0000-0005-ABCDEFFEDCBA}
Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1
Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_02
Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_03
Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_04
Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.2
Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.2.0_01
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0000-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0022-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0022-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0023-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0023-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0024-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0024-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0025-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0025-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0026-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0026-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0027-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0027-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0028-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0028-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0029-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0029-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0030-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0030-ABCDEFFEDCBB}
Found and removed: SOFTWARE\Microsoft\Active Setup\Installed Components\{08B0E5C0-4FCB-11CF-AAA5-00401C608500}
------------------------------------
Finished reporting.
et voili et voila !!
Report follows after line.
------------------------------------
The JavaRa removal process was started on Fri Nov 27 07:57:38 2009
Found and removed: C:\Program Files\Java\jre1.5.0_06
Found and removed: C:\Documents and Settings\isabelle\Application Data\Sun\Java\jre1.6.0_11
Found and removed: C:\Documents and Settings\isabelle\Application Data\Sun\Java\jre1.6.0_12
Found and removed: Software\JavaSoft\Java2D\1.5.0_06
Found and removed: SOFTWARE\Classes\Installer\Features\8A0F842331866D117AB7000B0D510006
Found and removed: SOFTWARE\Classes\Installer\Products\8A0F842331866D117AB7000B0D510006
Found and removed: SOFTWARE\Classes\Installer\UpgradeCodes\7A0F842331866D117AB7000B0D510006
Found and removed: SOFTWARE\Classes\JavaPlugin.150_06
Found and removed: SOFTWARE\Classes\JavaWebStart.isInstalled.1.5.0.0
Found and removed: SOFTWARE\JavaSoft\Java Plug-in\1.5.0_06
Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.5
Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.5.0_06
Found and removed: SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}
Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ACBB9B2318A96D117A58000B0D510006
Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\8A0F842331866D117AB7000B0D510006
Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3248F0A8-6813-11D6-A77B-00B0D0150060}
Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.5.0_06
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0000-0003-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0000-0004-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0000-0005-ABCDEFFEDCBA}
Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1
Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_02
Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_03
Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_04
Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.2
Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.2.0_01
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0000-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0022-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0022-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0023-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0023-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0024-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0024-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0025-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0025-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0026-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0026-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0027-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0027-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0028-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0028-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0029-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0029-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0030-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0030-ABCDEFFEDCBB}
Found and removed: SOFTWARE\Microsoft\Active Setup\Installed Components\{08B0E5C0-4FCB-11CF-AAA5-00401C608500}
------------------------------------
Finished reporting.
et voili et voila !!
- Murielle la puce
- Apprenti(e) Expert(e)
- Messages: 421
- Inscription: 28 Juil 2002 21:04
- Localisation: Derrière mon ordi
Re: Un problème avec Security tools..
le 27 Nov 2009 08:12
Bonjour maintenant c'est propre
Fait ceci
Copie (Ctrl+C) le texte se situant dans le cadre ci-dessous :
Ouvre le Bloc-Notes puis colle (Ctrl+V) le texte que tu as copié.
(Démarrer\Tous les programmes\Accessoires\Bloc notes.)
Sauvegarde ce fichier sous le nom de CFScript.txt
Glisse maintenant le fichier ComboFix-Do.txt dans Combofix.exe comme ci-dessous :
Une fenêtre bleue va apparaître ,tape 1 puis valide .(il se peut qu'il se lance directement)
Ton Bureau va disparaître à plusieurs reprises, pas d'inquiétude c'est normal,
ne touche surtout à rien pendant le scan de Combofix.
Une fois le scan terminé, poste le contenu du rapport obtenu.
A+
Fait ceci
Copie (Ctrl+C) le texte se situant dans le cadre ci-dessous :
KillAll::
ADS::
C:\Documents and Settings\All Users\Application Data\TEMP
Ouvre le Bloc-Notes puis colle (Ctrl+V) le texte que tu as copié.
(Démarrer\Tous les programmes\Accessoires\Bloc notes.)
Sauvegarde ce fichier sous le nom de CFScript.txt
Glisse maintenant le fichier ComboFix-Do.txt dans Combofix.exe comme ci-dessous :
Une fenêtre bleue va apparaître ,tape 1 puis valide .(il se peut qu'il se lance directement)
Ton Bureau va disparaître à plusieurs reprises, pas d'inquiétude c'est normal,
ne touche surtout à rien pendant le scan de Combofix. Une fois le scan terminé, poste le contenu du rapport obtenu.
A+
-
Jypalou - Expert(e)
- Messages: 1583
- Inscription: 06 Oct 2009 20:56
- Localisation: Narbonne
Re: Un problème avec Security tools..
le 27 Nov 2009 09:26
ComboFix 09-11-26.02 - isabelle 27/11/2009 8:48.7.2 - x86
Microsoft Windows XP Professionnel 5.1.2600.3.1252.33.1036.18.2046.1618 [GMT 1:00]
Lancé depuis: c:\documents and settings\isabelle\Bureau\ComboFix.exe
Commutateurs utilisés :: c:\documents and settings\isabelle\Bureau\CFScript.txt.txt
AV: Antivirus BitDefender *On-access scanning disabled* (Updated) {6C4BB89C-B0ED-4F41-A29C-4373888923BB}
FW: Pare-feu BitDefender *disabled* {4055920F-2E99-48A8-A270-4243D2B8F242}
.
ADS - TEMP: deleted 125 bytes in 1 streams.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\LOG.TXT
.
((((((((((((((((((((((((((((( Fichiers créés du 2009-10-27 au 2009-11-27 ))))))))))))))))))))))))))))))))))))
.
2009-11-19 15:14 . 2009-11-19 15:14 -------- d-----w- C:\_OTM
2009-11-18 20:48 . 2009-11-18 20:48 -------- d-----w- c:\program files\CCleaner
2009-11-18 12:56 . 2009-11-18 12:56 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-11-27 07:58 . 2007-06-18 07:50 81984 ----a-w- c:\windows\system32\bdod.bin
2009-11-27 06:57 . 2007-04-21 11:25 -------- d-----w- c:\program files\Java
2009-11-27 06:56 . 2007-04-26 11:00 -------- d-----w- c:\program files\PowerArchiver
2009-11-26 09:29 . 2007-04-21 11:11 246784 ----a-w- c:\windows\system32\drivers\iaStor.sys
2009-10-25 14:55 . 2004-08-19 12:03 85396 ----a-w- c:\windows\system32\perfc00C.dat
2009-10-25 14:55 . 2004-08-19 12:03 511874 ----a-w- c:\windows\system32\perfh00C.dat
2009-10-23 15:46 . 2009-07-09 07:20 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-10-23 14:42 . 2009-10-23 14:42 4045528 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2009-09-11 14:18 . 2009-02-27 15:32 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-10 12:54 . 2009-07-09 07:20 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-10 12:53 . 2009-07-09 07:20 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-09-04 21:04 . 2004-08-19 12:03 58880 ----a-w- c:\windows\system32\msasn1.dll
.
((((((((((((((((((((((((((((( SnapShot@2009-10-23_16.11.34 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-11-27 07:59 . 2009-11-27 07:59 16384 c:\windows\Temp\Perflib_Perfdata_124.dat
+ 2007-04-21 11:23 . 2009-10-28 15:07 46080 c:\windows\system32\tzchange.exe
- 2007-04-21 11:23 . 2009-07-14 11:03 46080 c:\windows\system32\tzchange.exe
- 2004-08-19 12:03 . 2009-10-14 06:51 71732 c:\windows\system32\perfc009.dat
+ 2004-08-19 12:03 . 2009-10-25 14:55 71732 c:\windows\system32\perfc009.dat
+ 2009-11-19 16:18 . 2009-11-27 07:59 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2007-04-26 07:51 . 2009-10-23 14:33 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2007-04-26 07:51 . 2009-11-27 07:59 32768 c:\windows\system32\config\systemprofile\Local Settings\Historique\History.IE5\index.dat
- 2007-04-26 07:51 . 2009-10-23 14:33 32768 c:\windows\system32\config\systemprofile\Local Settings\Historique\History.IE5\index.dat
+ 2009-11-18 18:51 . 2009-11-27 07:59 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
- 2007-04-26 07:51 . 2009-10-23 14:33 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2004-08-19 12:03 . 2009-10-25 14:55 442466 c:\windows\system32\perfh009.dat
- 2004-08-19 12:03 . 2009-10-14 06:51 442466 c:\windows\system32\perfh009.dat
+ 2004-08-19 12:09 . 2009-11-12 16:13 119744 c:\windows\system32\FNTCACHE.DAT
- 2004-08-19 12:09 . 2009-08-16 15:09 119744 c:\windows\system32\FNTCACHE.DAT
- 2009-02-27 15:32 . 2008-06-20 11:51 361600 c:\windows\system32\drivers\tcpip.sys
+ 2009-02-27 15:32 . 2008-06-20 11:59 361600 c:\windows\system32\drivers\tcpip.sys
- 2008-06-20 11:51 . 2008-06-20 11:51 361600 c:\windows\system32\dllcache\tcpip.sys
+ 2008-06-20 11:51 . 2008-06-20 11:59 361600 c:\windows\system32\dllcache\tcpip.sys
+ 2004-08-19 12:03 . 2008-04-14 02:33 701440 c:\windows\system32\dllcache\msxml2.dll
+ 2009-10-23 12:38 . 2009-11-27 07:59 245760 c:\windows\system32\config\systemprofile\IETldCache\index.dat
- 2009-10-23 12:38 . 2009-10-23 14:33 245760 c:\windows\system32\config\systemprofile\IETldCache\index.dat
+ 2009-02-20 04:32 . 2008-06-20 11:59 361600 c:\windows\ServicePackFiles\i386\tcpip.sys
+ 2009-11-04 16:00 . 2008-07-08 13:04 406392 c:\windows\ie8updates\KB976749-IE8\spuninst\updspapi.dll
+ 2009-11-04 16:00 . 2008-07-08 13:03 234872 c:\windows\ie8updates\KB976749-IE8\spuninst\spuninst.exe
+ 2008-07-09 15:00 . 2008-06-20 11:59 361600 c:\windows\$NtUninstallKB951748_0$\tcpip.sys
+ 2008-01-09 16:00 . 2008-06-20 11:59 361600 c:\windows\$NtUninstallKB941644$\tcpip.sys
+ 2009-03-02 07:50 . 2008-06-20 11:59 361600 c:\windows\$NtServicePackUninstall$\tcpip.sys
+ 2007-10-30 16:53 . 2008-06-20 11:59 361600 c:\windows\$hf_mig$\KB941644\SP2QFE\tcpip.sys
+ 2006-04-20 12:18 . 2008-06-20 11:59 361600 c:\windows\$hf_mig$\KB917953\SP2QFE\tcpip.sys
+ 2009-02-27 15:32 . 2009-08-14 15:13 1850752 c:\windows\system32\win32k.sys
+ 2008-08-29 19:06 . 2009-07-31 09:03 1372672 c:\windows\system32\msxml6.dll
+ 2004-08-19 12:03 . 2009-07-31 04:33 1172480 c:\windows\system32\msxml3.dll
+ 2004-08-19 12:03 . 2009-10-22 09:17 5939712 c:\windows\system32\mshtml.dll
+ 2008-10-15 07:29 . 2009-08-14 15:13 1850752 c:\windows\system32\dllcache\win32k.sys
+ 2009-02-20 04:33 . 2009-07-31 09:03 1372672 c:\windows\system32\dllcache\msxml6.dll
+ 2008-10-19 16:23 . 2009-07-31 04:33 1172480 c:\windows\system32\dllcache\msxml3.dll
+ 2006-07-28 03:28 . 2009-10-22 09:17 5939712 c:\windows\system32\dllcache\mshtml.dll
+ 2009-11-04 16:00 . 2009-08-29 07:56 5940224 c:\windows\ie8updates\KB976749-IE8\mshtml.dll
+ 2007-04-26 09:50 . 2009-11-05 17:36 26768832 c:\windows\system32\MRT.exe
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PowerArchiver Tray"="c:\program files\PowerArchiver\PASTARTER.EXE" [2008-11-30 148800]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-03-21 7204864]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2006-04-26 143360]
"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-12-09 49152]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-09-08 122940]
"MoneyStartUp10.0"="c:\program files\Microsoft Money\System\Activation.exe" [2001-07-25 245810]
"VadeRetro Desktop"="c:\program files\Goto Software\Vade Retro\Vaderetro_Mgr.exe" [2008-05-26 1078272]
"BDAgent"="c:\program files\BitDefender\BitDefender 2009\bdagent.exe" [2009-11-16 782336]
"BitDefender Antiphishing Helper"="c:\program files\BitDefender\BitDefender 2009\IEShow.exe" [2009-02-23 69632]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]
c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Microsoft Recherche acc‚l‚r‚e.lnk - c:\program files\Microsoft Office\Office\FINDFAST.EXE [1997-8-28 111376]
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
R2 ASFIPmon;Broadcom ASF IP Monitor;c:\program files\Broadcom\ASFIPMon\AsfIpMon.exe [17/03/2006 17:25 65536]
R2 BDVEDISK;BDVEDISK;c:\program files\BitDefender\BitDefender 2009\BDVEDISK.sys [06/10/2008 17:16 82696]
R3 bdfm;BDFM;c:\windows\system32\drivers\bdfm.sys [18/09/2008 11:09 111112]
R3 Bdfndisf;BitDefender Firewall NDIS Filter Service;c:\windows\system32\drivers\bdfndisf.sys [12/02/2009 15:52 104456]
S3 Arrakis3;BitDefender Arrakis Server;c:\program files\Fichiers communs\BitDefender\BitDefender Arrakis Server\bin\Arrakis3.exe [20/01/2009 18:16 172032]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bdx REG_MULTI_SZ scan
.
Contenu du dossier 'Tâches planifiées'
2009-11-27 c:\windows\Tasks\User_Feed_Synchronization-{C921B3AE-39A4-4E2E-ACF9-A0E581D2557A}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 02:31]
.
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.google.com/
TCP: {E396DADF-478E-43B8-94F6-5228AE293B91} = 80.10.246.2,80.10.246.129
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-11-27 09:01
Windows 5.1.2600 Service Pack 3 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net
device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x89DD72F6]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xba0ecf28
\Driver\ACPI -> ACPI.sys @ 0xb9f7ecb8
\Driver\atapi -> atapi.sys @ 0xb9f10852
\Driver\iaStor -> iaStor.sys @ 0xb9e5bf80
IoDeviceObjectType -> DeleteProcedure -> ntkrnlpa.exe @ 0x805836a8
ParseProcedure -> ntkrnlpa.exe @ 0x805827e8
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntkrnlpa.exe @ 0x805836a8
ParseProcedure -> ntkrnlpa.exe @ 0x805827e8
NDIS: Broadcom NetXtreme 57xx Gigabit Controller -> SendCompleteHandler -> NDIS.sys @ 0xb9d4fbb0
PacketIndicateHandler -> NDIS.sys @ 0xb9d5ca21
SendHandler -> NDIS.sys @ 0xb9d3a87b
user & kernel MBR OK
**************************************************************************
.
--------------------- DLLs chargées dans les processus actifs ---------------------
- - - - - - - > 'explorer.exe'(3072)
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\windows\system32\eappprxy.dll
.
------------------------ Autres processus actifs ------------------------
.
c:\program files\Intel\Intel Matrix Storage Manager\iaantmon.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Heure de fin: 2009-11-27 09:09 - La machine a redémarré
ComboFix-quarantined-files.txt 2009-11-27 08:09
ComboFix2.txt 2009-11-24 12:00
ComboFix3.txt 2009-11-23 07:34
ComboFix4.txt 2009-11-18 19:21
ComboFix5.txt 2009-11-27 07:44
Avant-CF: 63 787 749 376 octets libres
Après-CF: 63 768 186 880 octets libres
- - End Of File - - 754B6C5EEA8EF23BB39987FFA31E0EFA
voili voilou !!
Je dois avouer que ce security tools me gave pas mal, c'est au moins la 5ème fois qu'il revient et je me dis que vu que je n'avais pas fait tout ça les autres fois (juste 1 mbam et 1 combo) les autres fois ça avait suffi pour ne plus le voir apparaitre mais je ne l'avais certainement pas éradiquer comme il fallait (résultat tous les 15 jours - 3 semaines il revenait)... j'espère que cette fois ça durera plus longtemps...
Je sais aussi que le problème de cet ordi vient de l'utilisateur (mon chef navigue sur des sites X et je ne sais ou et c'est évident que c'est là qu'il attrape tout ça mais rien à faire il continue !!!) depuis le temps j'arrive parfois à me débrouiller pour remettre en ordre mais d'autre fois je cale !! et surtout comme je ne connais pas toutes les manips je dois d'une fois sur l'autre laisser des bouts de virus trainer...
merci encore pour ton aide ..
Microsoft Windows XP Professionnel 5.1.2600.3.1252.33.1036.18.2046.1618 [GMT 1:00]
Lancé depuis: c:\documents and settings\isabelle\Bureau\ComboFix.exe
Commutateurs utilisés :: c:\documents and settings\isabelle\Bureau\CFScript.txt.txt
AV: Antivirus BitDefender *On-access scanning disabled* (Updated) {6C4BB89C-B0ED-4F41-A29C-4373888923BB}
FW: Pare-feu BitDefender *disabled* {4055920F-2E99-48A8-A270-4243D2B8F242}
.
ADS - TEMP: deleted 125 bytes in 1 streams.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\LOG.TXT
.
((((((((((((((((((((((((((((( Fichiers créés du 2009-10-27 au 2009-11-27 ))))))))))))))))))))))))))))))))))))
.
2009-11-19 15:14 . 2009-11-19 15:14 -------- d-----w- C:\_OTM
2009-11-18 20:48 . 2009-11-18 20:48 -------- d-----w- c:\program files\CCleaner
2009-11-18 12:56 . 2009-11-18 12:56 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-11-27 07:58 . 2007-06-18 07:50 81984 ----a-w- c:\windows\system32\bdod.bin
2009-11-27 06:57 . 2007-04-21 11:25 -------- d-----w- c:\program files\Java
2009-11-27 06:56 . 2007-04-26 11:00 -------- d-----w- c:\program files\PowerArchiver
2009-11-26 09:29 . 2007-04-21 11:11 246784 ----a-w- c:\windows\system32\drivers\iaStor.sys
2009-10-25 14:55 . 2004-08-19 12:03 85396 ----a-w- c:\windows\system32\perfc00C.dat
2009-10-25 14:55 . 2004-08-19 12:03 511874 ----a-w- c:\windows\system32\perfh00C.dat
2009-10-23 15:46 . 2009-07-09 07:20 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-10-23 14:42 . 2009-10-23 14:42 4045528 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2009-09-11 14:18 . 2009-02-27 15:32 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-10 12:54 . 2009-07-09 07:20 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-10 12:53 . 2009-07-09 07:20 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-09-04 21:04 . 2004-08-19 12:03 58880 ----a-w- c:\windows\system32\msasn1.dll
.
((((((((((((((((((((((((((((( SnapShot@2009-10-23_16.11.34 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-11-27 07:59 . 2009-11-27 07:59 16384 c:\windows\Temp\Perflib_Perfdata_124.dat
+ 2007-04-21 11:23 . 2009-10-28 15:07 46080 c:\windows\system32\tzchange.exe
- 2007-04-21 11:23 . 2009-07-14 11:03 46080 c:\windows\system32\tzchange.exe
- 2004-08-19 12:03 . 2009-10-14 06:51 71732 c:\windows\system32\perfc009.dat
+ 2004-08-19 12:03 . 2009-10-25 14:55 71732 c:\windows\system32\perfc009.dat
+ 2009-11-19 16:18 . 2009-11-27 07:59 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2007-04-26 07:51 . 2009-10-23 14:33 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2007-04-26 07:51 . 2009-11-27 07:59 32768 c:\windows\system32\config\systemprofile\Local Settings\Historique\History.IE5\index.dat
- 2007-04-26 07:51 . 2009-10-23 14:33 32768 c:\windows\system32\config\systemprofile\Local Settings\Historique\History.IE5\index.dat
+ 2009-11-18 18:51 . 2009-11-27 07:59 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
- 2007-04-26 07:51 . 2009-10-23 14:33 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2004-08-19 12:03 . 2009-10-25 14:55 442466 c:\windows\system32\perfh009.dat
- 2004-08-19 12:03 . 2009-10-14 06:51 442466 c:\windows\system32\perfh009.dat
+ 2004-08-19 12:09 . 2009-11-12 16:13 119744 c:\windows\system32\FNTCACHE.DAT
- 2004-08-19 12:09 . 2009-08-16 15:09 119744 c:\windows\system32\FNTCACHE.DAT
- 2009-02-27 15:32 . 2008-06-20 11:51 361600 c:\windows\system32\drivers\tcpip.sys
+ 2009-02-27 15:32 . 2008-06-20 11:59 361600 c:\windows\system32\drivers\tcpip.sys
- 2008-06-20 11:51 . 2008-06-20 11:51 361600 c:\windows\system32\dllcache\tcpip.sys
+ 2008-06-20 11:51 . 2008-06-20 11:59 361600 c:\windows\system32\dllcache\tcpip.sys
+ 2004-08-19 12:03 . 2008-04-14 02:33 701440 c:\windows\system32\dllcache\msxml2.dll
+ 2009-10-23 12:38 . 2009-11-27 07:59 245760 c:\windows\system32\config\systemprofile\IETldCache\index.dat
- 2009-10-23 12:38 . 2009-10-23 14:33 245760 c:\windows\system32\config\systemprofile\IETldCache\index.dat
+ 2009-02-20 04:32 . 2008-06-20 11:59 361600 c:\windows\ServicePackFiles\i386\tcpip.sys
+ 2009-11-04 16:00 . 2008-07-08 13:04 406392 c:\windows\ie8updates\KB976749-IE8\spuninst\updspapi.dll
+ 2009-11-04 16:00 . 2008-07-08 13:03 234872 c:\windows\ie8updates\KB976749-IE8\spuninst\spuninst.exe
+ 2008-07-09 15:00 . 2008-06-20 11:59 361600 c:\windows\$NtUninstallKB951748_0$\tcpip.sys
+ 2008-01-09 16:00 . 2008-06-20 11:59 361600 c:\windows\$NtUninstallKB941644$\tcpip.sys
+ 2009-03-02 07:50 . 2008-06-20 11:59 361600 c:\windows\$NtServicePackUninstall$\tcpip.sys
+ 2007-10-30 16:53 . 2008-06-20 11:59 361600 c:\windows\$hf_mig$\KB941644\SP2QFE\tcpip.sys
+ 2006-04-20 12:18 . 2008-06-20 11:59 361600 c:\windows\$hf_mig$\KB917953\SP2QFE\tcpip.sys
+ 2009-02-27 15:32 . 2009-08-14 15:13 1850752 c:\windows\system32\win32k.sys
+ 2008-08-29 19:06 . 2009-07-31 09:03 1372672 c:\windows\system32\msxml6.dll
+ 2004-08-19 12:03 . 2009-07-31 04:33 1172480 c:\windows\system32\msxml3.dll
+ 2004-08-19 12:03 . 2009-10-22 09:17 5939712 c:\windows\system32\mshtml.dll
+ 2008-10-15 07:29 . 2009-08-14 15:13 1850752 c:\windows\system32\dllcache\win32k.sys
+ 2009-02-20 04:33 . 2009-07-31 09:03 1372672 c:\windows\system32\dllcache\msxml6.dll
+ 2008-10-19 16:23 . 2009-07-31 04:33 1172480 c:\windows\system32\dllcache\msxml3.dll
+ 2006-07-28 03:28 . 2009-10-22 09:17 5939712 c:\windows\system32\dllcache\mshtml.dll
+ 2009-11-04 16:00 . 2009-08-29 07:56 5940224 c:\windows\ie8updates\KB976749-IE8\mshtml.dll
+ 2007-04-26 09:50 . 2009-11-05 17:36 26768832 c:\windows\system32\MRT.exe
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PowerArchiver Tray"="c:\program files\PowerArchiver\PASTARTER.EXE" [2008-11-30 148800]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-03-21 7204864]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2006-04-26 143360]
"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-12-09 49152]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-09-08 122940]
"MoneyStartUp10.0"="c:\program files\Microsoft Money\System\Activation.exe" [2001-07-25 245810]
"VadeRetro Desktop"="c:\program files\Goto Software\Vade Retro\Vaderetro_Mgr.exe" [2008-05-26 1078272]
"BDAgent"="c:\program files\BitDefender\BitDefender 2009\bdagent.exe" [2009-11-16 782336]
"BitDefender Antiphishing Helper"="c:\program files\BitDefender\BitDefender 2009\IEShow.exe" [2009-02-23 69632]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]
c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Microsoft Recherche acc‚l‚r‚e.lnk - c:\program files\Microsoft Office\Office\FINDFAST.EXE [1997-8-28 111376]
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
R2 ASFIPmon;Broadcom ASF IP Monitor;c:\program files\Broadcom\ASFIPMon\AsfIpMon.exe [17/03/2006 17:25 65536]
R2 BDVEDISK;BDVEDISK;c:\program files\BitDefender\BitDefender 2009\BDVEDISK.sys [06/10/2008 17:16 82696]
R3 bdfm;BDFM;c:\windows\system32\drivers\bdfm.sys [18/09/2008 11:09 111112]
R3 Bdfndisf;BitDefender Firewall NDIS Filter Service;c:\windows\system32\drivers\bdfndisf.sys [12/02/2009 15:52 104456]
S3 Arrakis3;BitDefender Arrakis Server;c:\program files\Fichiers communs\BitDefender\BitDefender Arrakis Server\bin\Arrakis3.exe [20/01/2009 18:16 172032]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bdx REG_MULTI_SZ scan
.
Contenu du dossier 'Tâches planifiées'
2009-11-27 c:\windows\Tasks\User_Feed_Synchronization-{C921B3AE-39A4-4E2E-ACF9-A0E581D2557A}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 02:31]
.
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.google.com/
TCP: {E396DADF-478E-43B8-94F6-5228AE293B91} = 80.10.246.2,80.10.246.129
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-11-27 09:01
Windows 5.1.2600 Service Pack 3 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net
device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x89DD72F6]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xba0ecf28
\Driver\ACPI -> ACPI.sys @ 0xb9f7ecb8
\Driver\atapi -> atapi.sys @ 0xb9f10852
\Driver\iaStor -> iaStor.sys @ 0xb9e5bf80
IoDeviceObjectType -> DeleteProcedure -> ntkrnlpa.exe @ 0x805836a8
ParseProcedure -> ntkrnlpa.exe @ 0x805827e8
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntkrnlpa.exe @ 0x805836a8
ParseProcedure -> ntkrnlpa.exe @ 0x805827e8
NDIS: Broadcom NetXtreme 57xx Gigabit Controller -> SendCompleteHandler -> NDIS.sys @ 0xb9d4fbb0
PacketIndicateHandler -> NDIS.sys @ 0xb9d5ca21
SendHandler -> NDIS.sys @ 0xb9d3a87b
user & kernel MBR OK
**************************************************************************
.
--------------------- DLLs chargées dans les processus actifs ---------------------
- - - - - - - > 'explorer.exe'(3072)
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\windows\system32\eappprxy.dll
.
------------------------ Autres processus actifs ------------------------
.
c:\program files\Intel\Intel Matrix Storage Manager\iaantmon.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Heure de fin: 2009-11-27 09:09 - La machine a redémarré
ComboFix-quarantined-files.txt 2009-11-27 08:09
ComboFix2.txt 2009-11-24 12:00
ComboFix3.txt 2009-11-23 07:34
ComboFix4.txt 2009-11-18 19:21
ComboFix5.txt 2009-11-27 07:44
Avant-CF: 63 787 749 376 octets libres
Après-CF: 63 768 186 880 octets libres
- - End Of File - - 754B6C5EEA8EF23BB39987FFA31E0EFA
voili voilou !!
Je dois avouer que ce security tools me gave pas mal, c'est au moins la 5ème fois qu'il revient et je me dis que vu que je n'avais pas fait tout ça les autres fois (juste 1 mbam et 1 combo) les autres fois ça avait suffi pour ne plus le voir apparaitre mais je ne l'avais certainement pas éradiquer comme il fallait (résultat tous les 15 jours - 3 semaines il revenait)... j'espère que cette fois ça durera plus longtemps...
Je sais aussi que le problème de cet ordi vient de l'utilisateur (mon chef navigue sur des sites X et je ne sais ou et c'est évident que c'est là qu'il attrape tout ça mais rien à faire il continue !!!) depuis le temps j'arrive parfois à me débrouiller pour remettre en ordre mais d'autre fois je cale !! et surtout comme je ne connais pas toutes les manips je dois d'une fois sur l'autre laisser des bouts de virus trainer...
merci encore pour ton aide ..
- Murielle la puce
- Apprenti(e) Expert(e)
- Messages: 421
- Inscription: 28 Juil 2002 21:04
- Localisation: Derrière mon ordi
Sujets similaires
[Réglé] Mauvaise performance SSD NVMEBonjour, j'ai un WDC PC SN530 SDBPNPZ-512G, et quand je fais des benchmark où je ne comprends rien, ils m'indiquent dès résultat pas terrible, y a t'il moyen d'arranger ça ?https://www.userbenchmark.com/UserRun/68904129Merci de votre aide.
Réponses: 9
Problème USB 3 sur mini PC (SSD M2 externe)Bonjour a tous, j'ai un problème sur un mini PC fonctionnant sur un Intel N100. Il y a 2 port usb2 et 2 ports usb3. Mon problème ? Il semble que certains perifériques ne fonctionnent pas correctement (en l'occurence, les boitiers externes pour SSD M2).Si le SSD M2 est connecté sur un USB3 j'obtiens ...
Réponses: 5
[Réglé] Mini PC pour la 4k HDRBonjour (et bonne année a tous ),Actuellement, j'ai mon bon vieux mini PC (I5-4210U) , fonctionnel mais hélas devenu trop limité en performance pour la 4K (j'arrive à lire des fichiers en H264 avec très peu voir pas de lags tout dépend le lecteur) et on parle même pas avec du H265 (saccadé à mort) ...
Réponses: 6
[Réglé] android autoBonjour Je possede un tel. samsung S7 . Je viens d'intaller android auto et chaque fois que je branche mon tel. sur mon vehicule , mon telephone me dit de mettre android à jour. En fouillant un peu sur le net j'ai cru voir que samsung avait arreté les mises à jour sur les S7 . Est ce vrai , sinon co ...
Réponses: 3
[Réglè] HELPBonjour a tous,j'ai voulu désinstaller les pilotes AMD high définition audio device dans le gestionnaire croyant que les pilotes realtek prendraient la place j'ai redémarré mon PC et depuis je n'ai plus de son l?icône est affublée d'une belle croix rouge (aucun haut parleur ou casque n'est branché) ...
Réponses: 7
Son 5.1 [Réglé]Bonjour,J'ouvre un autre post concernant mon souci de sortie son qui est désespérément figé sur "Stéréo". Mon PC Assemblé par mes soins possède une Carte Mère Gigabyte B550M DS3H "affublée" d'une carte Graphique AMD RX6600 Pulse. Mon PC est relié de ma carte graphique à mon TV à ...
Réponses: 3
[Réglé] Fenêtre intempestive Powershell au démarrageBonjour,Je m'ajoute à la longue liste des victimes de la fenêtre pop-up bleue qui s'ouvre et qui se ferme à chaque connexion de session, et quelques fois après.J'ai passé les antimalware et ESET... mais rien à faire.Je possède un Lenovo TrigKey AZW S3 en AMD Ryzen 7 qui tourne sur W11 64bits.je vous ...
Réponses: 11
Qui est en ligne
Utilisateurs parcourant ce forum: Aucun utilisateur enregistré et 18 invités
|
.: Nous contacter :: Flux RSS :: Données personnelles :. |