Suite à un virus Trojan (que Kaspersky a détecté) mon ordinateur a commencé à devenir très lent depuis une semaine et depuis deux jours le fond d'écran n'apparaît plus. Je ne sais pas d'où vient le virus et Spybot, Maleware et Kaspersky ne le détecte plus. Pourtant les symptômes sont toujours là. J'en appelle donc à vos génies
J'ai effectué la procédure initiale indiquée et voici mes rapports:
- le rapport de Malewarebyte:
Malwarebytes' Anti-Malware 1.45
www.malwarebytes.org
Version de la base de données: 3991
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702
15/04/2010 19:58:57
mbam-log-2010-04-15 (19-58-57).txt
Type d'examen: Examen rapide
Elément(s) analysé(s): 110881
Temps écoulé: 4 minute(s), 26 seconde(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 0
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)
Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)
Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)
Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)
Dossier(s) infecté(s):
(Aucun élément nuisible détecté)
Fichier(s) infecté(s):
(Aucun élément nuisible détecté)
- les rapports ODT:
OTL Extras logfile created on: 15/04/2010 20:01:40 - Run 1
OTL by OldTimer - Version 3.2.1.1 Folder = C:\Documents and Settings\Do\Bureau
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 69,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 90,00% Paging File free
"C:\Program Files\LimeWire\LimeWire.exe" = C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire -- File not found
"C:\Program Files\iView MediaPro3\IVIEW_MP.exe" = C:\Program Files\iView MediaPro3\IVIEW_MP.exe:*:Enabled:iView Multimedia -- File not found
"C:\Program Files\Pinnacle\VideoSpin\Programs\RM.exe" = C:\Program Files\Pinnacle\VideoSpin\Programs\RM.exe:*:Enabled:Render Manager -- File not found
"C:\Program Files\Pinnacle\VideoSpin\Programs\PMSRegisterFile.exe" = C:\Program Files\Pinnacle\VideoSpin\Programs\PMSRegisterFile.exe:*:Enabled:PMSRegisterFile -- File not found
"C:\Program Files\Pinnacle\VideoSpin\Programs\umi.exe" = C:\Program Files\Pinnacle\VideoSpin\Programs\umi.exe:*:Enabled:umi -- File not found
"C:\Program Files\Pinnacle\VideoSpin\Programs\VideoSpin.exe" = C:\Program Files\Pinnacle\VideoSpin\Programs\VideoSpin.exe:*:Enabled:Pinnacle VideoSpin -- File not found
"C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe" = C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe:*:Enabled:Veoh Web Player -- File not found
"C:\Program Files\ma-config.com\maconfservice.exe" = C:\Program Files\ma-config.com\maconfservice.exe:LocalSubNet:Enabled:maconfservice -- File not found
"C:\Program Files\BitTorrent\bittorrent.exe" = C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent -- File not found
"C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe" = C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe:*:Enabled:Adobe Version Cue CS2 -- (Adobe Systems Incorporated)
"K:\LimeWire.exe" = K:\LimeWire.exe:*:Disabled:LimeWire -- File not found
========== HKEY_LOCAL_MACHINE Uninstall List ==========
O3 - HKU\S-1-5-21-2194610944-3195102602-2929692973-1005\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll File not found
O3 - HKU\S-1-5-21-2194610944-3195102602-2929692973-1005\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll File not found
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Adobe Version Cue CS2] C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe (Adobe Sytems Incorporated)
O24 - Desktop Components:0 (Ma page d'accueil) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\Do\Application Data\Microsoft\Windows Live Photo Gallery\Papier peint de la Galerie de photos Windows Live.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Do\Application Data\Microsoft\Windows Live Photo Gallery\Papier peint de la Galerie de photos Windows Live.bmp
Interprétation suite à Virus Trojan
dans Analyses et éradication malwares
Posté(e)
Bonjour à tou-te-s,
Suite à un virus Trojan (que Kaspersky a détecté) mon ordinateur a commencé à devenir très lent depuis une semaine et depuis deux jours le fond d'écran n'apparaît plus. Je ne sais pas d'où vient le virus et Spybot, Maleware et Kaspersky ne le détecte plus. Pourtant les symptômes sont toujours là. J'en appelle donc à vos génies
J'ai effectué la procédure initiale indiquée et voici mes rapports:
- le rapport de Malewarebyte:
Malwarebytes' Anti-Malware 1.45
www.malwarebytes.org
Version de la base de données: 3991
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702
15/04/2010 19:58:57
mbam-log-2010-04-15 (19-58-57).txt
Type d'examen: Examen rapide
Elément(s) analysé(s): 110881
Temps écoulé: 4 minute(s), 26 seconde(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 0
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)
Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)
Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)
Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)
Dossier(s) infecté(s):
(Aucun élément nuisible détecté)
Fichier(s) infecté(s):
(Aucun élément nuisible détecté)
- les rapports ODT:
OTL Extras logfile created on: 15/04/2010 20:01:40 - Run 1
OTL by OldTimer - Version 3.2.1.1 Folder = C:\Documents and Settings\Do\Bureau
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 69,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 90,00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 73,24 Gb Total Space | 10,58 Gb Free Space | 14,45% Space Free | Partition Type: NTFS
Drive D: | 75,80 Gb Total Space | 28,98 Gb Free Space | 38,23% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive L: | 74,53 Gb Total Space | 23,30 Gb Free Space | 31,26% Space Free | Partition Type: NTFS
Computer Name: USER-7546D903F4
Current User Name: Do
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.js [@ = Reg Error: Value error.] -- Reg Error: Key error. File not found
[HKEY_USERS\S-1-5-21-2194610944-3195102602-2929692973-1005\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- Reg Error: Key error. File not found
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Adobe\Adobe GoLive CS2\GoLive.exe" "%1" File not found
jsfile [edit] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring" = 1
"" =
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"48113:TCP" = 48113:TCP:LocalSubNet:Enabled:maconfig_tcp
"48113:UDP" = 48113:UDP:LocalSubNet:Enabled:maconfig_udp
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\LimeWire\LimeWire.exe" = C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire -- File not found
"C:\Program Files\iView MediaPro3\IVIEW_MP.exe" = C:\Program Files\iView MediaPro3\IVIEW_MP.exe:*:Enabled:iView Multimedia -- File not found
"C:\Program Files\Pinnacle\VideoSpin\Programs\RM.exe" = C:\Program Files\Pinnacle\VideoSpin\Programs\RM.exe:*:Enabled:Render Manager -- File not found
"C:\Program Files\Pinnacle\VideoSpin\Programs\PMSRegisterFile.exe" = C:\Program Files\Pinnacle\VideoSpin\Programs\PMSRegisterFile.exe:*:Enabled:PMSRegisterFile -- File not found
"C:\Program Files\Pinnacle\VideoSpin\Programs\umi.exe" = C:\Program Files\Pinnacle\VideoSpin\Programs\umi.exe:*:Enabled:umi -- File not found
"C:\Program Files\Pinnacle\VideoSpin\Programs\VideoSpin.exe" = C:\Program Files\Pinnacle\VideoSpin\Programs\VideoSpin.exe:*:Enabled:Pinnacle VideoSpin -- File not found
"C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe" = C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe:*:Enabled:Veoh Web Player -- File not found
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Program Files\ma-config.com\maconfservice.exe" = C:\Program Files\ma-config.com\maconfservice.exe:LocalSubNet:Enabled:maconfservice -- File not found
"C:\Program Files\BitTorrent\bittorrent.exe" = C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent -- File not found
"C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe" = C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe:*:Enabled:Adobe Version Cue CS2 -- (Adobe Systems Incorporated)
"K:\LimeWire.exe" = K:\LimeWire.exe:*:Disabled:LimeWire -- File not found
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0134A1A1-C283-4A47-91A1-92F19F960372}" = Adobe Creative Suite 2
"{0FA44E79-CD7D-4E8D-A2EE-26FE05F509B6}" = OpenOffice.org 3.1
"{20749F76-4228-43AD-8AB5-E7B20D8040C4}" = hph_readme
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{236BB7C4-4419-42FD-040C-1E257A25E34D}" = Adobe Photoshop CS2
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java 6 Update 19
"{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java SE Runtime Environment 6 Update 1
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java 6 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java 6 Update 7
"{350C940c-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{42EDF895-158C-484E-A7F2-42B90759F281}" = Camera RAW Plug-In for EPSON Creativity Suite
"{4634B21A-CC07-4396-890C-2B8168661FEA}" = Windows Live Writer
"{46548E80-040C-0000-7E8A-45000F855001}" = Adobe GoLive CS2
"{46ABBC54-1872-4AA3-95E2-F2C063A63F31}" = Installation Windows Live
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack
"{521AAD14-5030-44BB-8B0E-5CE65FCE57E0}" = InterVideo DeviceService
"{5DD76286-9BE7-4894-A990-E905E91AC818}" = Windows Live Mail
"{66910000-8B30-4973-A159-6371345AFFA5}" = WebReg
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6DE13770-01B7-4366-8DA6-48237793F445}" = VoiceOver Kit
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{770F1BEC-2871-4E70-B837-FB8525FFA3B1}" = Windows Live Messenger
"{786C5747-0C40-4930-9AFE-113BCE553101}" = Adobe Stock Photos 1.0
"{7F4C8163-F259-49A0-A018-2857A90578BC}" = Adobe InDesign CS2
"{82C7B308-0BDD-49D8-8EA5-9CD3A3F9DF41}" = Windows Live Call
"{868F24EB-5CA7-4285-B39B-3617CF37462A}" = D2300_Help
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8EDBA74D-0686-4C99-BFDD-F894678E5101}" = Adobe Common File Installer
"{943B6738-4801-4982-90EC-0442EF7AEB16}" = Kaspersky Anti-Virus 2010
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-1033-F400-7760-000000000002}" = Adobe Acrobat 7.0 Professionel
"{AC76BA86-7AD7-1036-7B44-A81300000003}" = Adobe Reader 8.1.3 - Français
"{ACCA20B0-C4D1-4BF5-BF21-0A0EB5EF9730}" = REALTEK GbE & FE Ethernet PCI NIC Driver
"{ADBE46EE-54E0-4610-B436-D7E93D829100}" = Adobe Version Cue CS2
"{B131E59D-202C-43C6-84C9-68F0C37541F1}" = Galerie de photos Windows Live
"{B19F9155-9337-4807-B5EF-ED471DDB2CCE}" = hph_software_req
"{B2F5D08C-7E79-4FCD-AAF4-57AD35FF0601}" = Adobe Illustrator CS2
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C49DAA9C-5BA8-459A-8244-E57B69DF0F04}" = Suite Specific
"{CB84F0F2-927B-458D-9DC5-87832E3DC653}" = GearDrvs
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D3116CC7-24DC-4CA3-9CE1-23FED836E9F2}" = Assistant de connexion Windows Live
"{D5D81435-B8DE-4CAF-867F-7998F2B92CFC}" = Windows Live Contrôle parental
"{DABF43D9-1104-4764-927B-5BED1274A3B0}" = Runtime
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{E9787678-119F-4D52-B551-6739B2B22101}" = Adobe Help Center 1.0
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F7D27C70-90F5-49B9-B188-0A133C0CE353}" = Windows Live Toolbar
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe SVG Viewer" = Adobe SVG Viewer 3.0
"CCleaner" = CCleaner
"EPSON Scanner" = EPSON Scan
"EPSON Stylus SX200 Series" = EPSON Stylus SX200 Series Printer Uninstall
"ERUNT_is1" = ERUNT 1.1j
"FileZilla Client" = FileZilla Client 3.3.2.1
"Google Chrome" = Google Chrome
"HDMI" = Intel® Graphics Media Accelerator Driver
"HijackThis" = HijackThis 2.0.2
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InstallWIX_{943B6738-4801-4982-90EC-0442EF7AEB16}" = Kaspersky Anti-Virus 2010
"KLiteCodecPack_is1" = K-Lite Codec Pack 5.0.5 (Full)
"LiveUpdate" = LiveUpdate 3.2 (Symantec Corporation)
"LMS" = C-Dilla Licence Management System
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.6.3)" = Mozilla Firefox (3.6.3)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Notepad++" = Notepad++
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Lecteur Windows Media 11
"Windows XP Service" = Windows XP Service Pack 3
"WinLiveSuite_Wave3" = Installation Windows Live
"WinRAR archiver" = Archiveur WinRAR
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 31/03/2010 11:29:35 | Computer Name = USER-7546D903F4 | Source = WindowsLiveMessenger | ID = 15728647
Description =
Error - 31/03/2010 11:29:35 | Computer Name = USER-7546D903F4 | Source = WindowsLiveMessenger | ID = 15728647
Description =
Error - 04/04/2010 18:02:09 | Computer Name = USER-7546D903F4 | Source = Application Hang | ID = 1002
Description = Application bloquée rundll32.exe, version 5.1.2600.5512, module bloqué
hungapp, version 0.0.0.0, adresse de blocage 0x00000000.
Error - 13/04/2010 15:55:15 | Computer Name = USER-7546D903F4 | Source = Application Hang | ID = 1002
Description = Application bloquée setup.exe, version 1.4.0.1, module bloqué hungapp,
version 0.0.0.0, adresse de blocage 0x00000000.
Error - 13/04/2010 16:20:36 | Computer Name = USER-7546D903F4 | Source = MsiInstaller | ID = 11905
Description = Product: Ask Toolbar -- Error 1905.Module C:\Program Files\Ask.com\GenericAskToolbar.dll
failed to unregister. HRESULT -2147220472. Contact your support personnel.
Error - 13/04/2010 17:17:27 | Computer Name = USER-7546D903F4 | Source = MsiInstaller | ID = 11406
Description = Product: Microsoft Silverlight -- Error 1406. Could not write value
UpdateConsentMode to key \SOFTWARE\Microsoft\Silverlight. System error . Verify
that you have sufficient access to that key, or contact your support personnel.
Error - 13/04/2010 17:17:34 | Computer Name = USER-7546D903F4 | Source = MsiInstaller | ID = 11406
Description = Product: Microsoft Silverlight -- Error 1406. Could not write value
UpdateConsentMode to key \SOFTWARE\Microsoft\Silverlight. System error . Verify
that you have sufficient access to that key, or contact your support personnel.
Error - 13/04/2010 17:17:35 | Computer Name = USER-7546D903F4 | Source = MsiInstaller | ID = 11406
Description = Product: Microsoft Silverlight -- Error 1406. Could not write value
UpdateConsentMode to key \SOFTWARE\Microsoft\Silverlight. System error . Verify
that you have sufficient access to that key, or contact your support personnel.
Error - 13/04/2010 17:17:35 | Computer Name = USER-7546D903F4 | Source = MsiInstaller | ID = 11406
Description = Product: Microsoft Silverlight -- Error 1406. Could not write value
UpdateConsentMode to key \SOFTWARE\Microsoft\Silverlight. System error . Verify
that you have sufficient access to that key, or contact your support personnel.
Error - 13/04/2010 17:17:36 | Computer Name = USER-7546D903F4 | Source = MsiInstaller | ID = 11406
Description = Product: Microsoft Silverlight -- Error 1406. Could not write value
UpdateConsentMode to key \SOFTWARE\Microsoft\Silverlight. System error . Verify
that you have sufficient access to that key, or contact your support personnel.
[ System Events ]
Error - 14/04/2010 17:30:16 | Computer Name = USER-7546D903F4 | Source = Service Control Manager | ID = 7000
Description = Le service Google Update Service (gupdate) n'a pas pu démarrer en
raison de l'erreur : %%3
Error - 14/04/2010 17:35:53 | Computer Name = USER-7546D903F4 | Source = Service Control Manager | ID = 7000
Description = Le service Google Update Service (gupdate) n'a pas pu démarrer en
raison de l'erreur : %%3
Error - 14/04/2010 17:47:18 | Computer Name = USER-7546D903F4 | Source = Windows Update Agent | ID = 20
Description = Échec de l'installation : l'installation de la mise à jour suivante
a échoué avec l'erreur 0x8007f0f4 : Mise à jour de sécurité pour Jscript 5.8 pour
Windows XP (KB971961).
Error - 14/04/2010 17:47:20 | Computer Name = USER-7546D903F4 | Source = Windows Update Agent | ID = 20
Description = Échec de l'installation : l'installation de la mise à jour suivante
a échoué avec l'erreur 0x8007f0f4 : Mise à jour de sécurité pour Windows XP (KB981332).
Error - 14/04/2010 17:47:21 | Computer Name = USER-7546D903F4 | Source = Windows Update Agent | ID = 20
Description = Échec de l'installation : l'installation de la mise à jour suivante
a échoué avec l'erreur 0x8007f0f4 : Mise à jour pour Windows XP (KB976662).
Error - 15/04/2010 05:15:16 | Computer Name = USER-7546D903F4 | Source = Service Control Manager | ID = 7000
Description = Le service Google Update Service (gupdate) n'a pas pu démarrer en
raison de l'erreur : %%3
Error - 15/04/2010 05:24:21 | Computer Name = USER-7546D903F4 | Source = Service Control Manager | ID = 7000
Description = Le service Google Update Service (gupdate) n'a pas pu démarrer en
raison de l'erreur : %%3
Error - 15/04/2010 08:13:34 | Computer Name = USER-7546D903F4 | Source = Service Control Manager | ID = 7000
Description = Le service Google Update Service (gupdate) n'a pas pu démarrer en
raison de l'erreur : %%3
Error - 15/04/2010 12:21:48 | Computer Name = USER-7546D903F4 | Source = Service Control Manager | ID = 7000
Description = Le service Google Update Service (gupdate) n'a pas pu démarrer en
raison de l'erreur : %%3
Error - 15/04/2010 13:27:59 | Computer Name = USER-7546D903F4 | Source = Service Control Manager | ID = 7000
Description = Le service Google Update Service (gupdate) n'a pas pu démarrer en
raison de l'erreur : %%3
< End of report >
OTL logfile created on: 15/04/2010 20:01:40 - Run 1
OTL by OldTimer - Version 3.2.1.1 Folder = C:\Documents and Settings\Do\Bureau
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 69,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 90,00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 73,24 Gb Total Space | 10,58 Gb Free Space | 14,45% Space Free | Partition Type: NTFS
Drive D: | 75,80 Gb Total Space | 28,98 Gb Free Space | 38,23% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive L: | 74,53 Gb Total Space | 23,30 Gb Free Space | 31,26% Space Free | Partition Type: NTFS
Computer Name: USER-7546D903F4
Current User Name: Do
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard
========== Processes (SafeList) ==========
PRC - [2010/04/15 19:36:25 | 000,059,964 | ---- | M] (Macrovision Europe Ltd.) -- C:\Documents and Settings\Do\Local Settings\Temp\Adobelm_Cleanup.0001
PRC - [2010/04/15 19:35:21 | 000,561,664 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Do\Bureau\OTL.exe
PRC - [2010/04/13 23:21:27 | 000,072,704 | ---- | M] (Adobe Systems) -- C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
PRC - [2010/04/04 23:42:39 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2009/10/20 20:39:28 | 000,340,456 | ---- | M] (Kaspersky Lab) -- C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe
PRC - [2009/10/20 20:34:38 | 000,207,376 | ---- | M] (Kaspersky Lab) -- C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtblfs.exe
PRC - [2009/05/19 11:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
PRC - [2008/04/14 04:34:03 | 001,037,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/03/25 11:29:42 | 000,221,239 | ---- | M] (IDT, Inc.) -- c:\Program Files\IDT\ECSXPV_5902_012208\WDM\stacsv.exe
PRC - [2008/03/25 11:26:58 | 000,442,433 | ---- | M] (IDT, Inc.) -- C:\Program Files\IDT\WDM\sttray.exe
PRC - [2007/08/09 09:27:52 | 000,073,728 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe
PRC - [2007/03/06 11:35:02 | 000,198,168 | ---- | M] (InterVideo Inc.) -- C:\Program Files\Fichiers communs\InterVideo\DeviceService\DevSvc.exe
PRC - [2006/05/16 23:12:59 | 000,075,376 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\Acrobat.exe
PRC - [2005/04/06 16:53:04 | 000,856,064 | ---- | M] (Adobe Sytems Incorporated) -- C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe
========== Modules (SafeList) ==========
MOD - [2010/04/15 19:35:21 | 000,561,664 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Do\Bureau\OTL.exe
========== Win32 Services (SafeList) ==========
SRV - File not found [Auto | Stopped] -- -- (gupdate) Google Update Service (gupdate)
SRV - File not found [Disabled | Stopped] -- -- (FirebirdServerMAGIXInstance)
SRV - [2010/04/13 23:21:27 | 000,072,704 | ---- | M] (Adobe Systems) [On_Demand | Running] -- C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe -- (Adobe LM Service)
SRV - [2009/10/20 20:39:28 | 000,340,456 | ---- | M] (Kaspersky Lab) [Auto | Running] -- C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe -- (AVP)
SRV - [2009/08/05 22:48:42 | 000,704,864 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Live\Family Safety\fsssvc.exe -- (fsssvc)
SRV - [2009/05/19 11:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)
SRV - [2008/03/25 11:29:42 | 000,221,239 | ---- | M] (IDT, Inc.) [Auto | Running] -- c:\Program Files\IDT\ECSXPV_5902_012208\WDM\stacsv.exe -- (STacSV)
SRV - [2007/08/09 09:27:52 | 000,073,728 | ---- | M] (HP) [Auto | Running] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)
SRV - [2007/03/06 11:35:02 | 000,198,168 | ---- | M] (InterVideo Inc.) [Auto | Running] -- C:\Program Files\Fichiers communs\InterVideo\DeviceService\DevSvc.exe -- (Capture Device Service)
SRV - [2005/11/14 01:06:04 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe -- (IDriverT)
SRV - [2005/04/06 16:53:02 | 000,163,840 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe -- (Adobe Version Cue CS2)
SRV - [2001/09/10 20:08:50 | 000,032,256 | ---- | M] (C-Dilla Ltd) [On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CDANTSRV.EXE -- (C-DillaSrv)
========== Driver Services (SafeList) ==========
DRV - [2010/04/14 11:25:42 | 000,315,408 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\klif.sys -- (KLIF)
DRV - [2009/10/14 21:18:34 | 000,036,880 | ---- | M] (Kaspersky Lab) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\klbg.sys -- (klbg)
DRV - [2009/10/02 19:39:44 | 000,019,472 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\klmouflt.sys -- (klmouflt)
DRV - [2009/09/14 14:42:46 | 000,032,272 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\klim5.sys -- (klim5)
DRV - [2009/09/01 15:29:50 | 000,128,016 | ---- | M] (Kaspersky Lab) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\kl1.sys -- (kl1)
DRV - [2009/08/05 22:48:42 | 000,054,752 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\fssfltr_tdi.sys -- (fssfltr)
DRV - [2009/01/21 16:49:40 | 000,118,656 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtnicxp.sys -- (RTL8023xp)
DRV - [2008/11/04 19:37:11 | 000,008,864 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\CDAC15BA.SYS -- (CdaC15BA)
DRV - [2008/05/06 08:01:50 | 000,016,512 | ---- | M] (Adaptec) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\ASPI32.SYS -- (Aspi32)
DRV - [2008/04/13 20:45:12 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio) Pilote USB audio (WDM)
DRV - [2008/04/13 18:36:05 | 000,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2008/03/25 11:32:12 | 001,292,888 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2008/02/15 14:12:06 | 005,854,752 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\igxpmp32.sys -- (ialm)
DRV - [2006/09/05 20:00:54 | 000,086,432 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\se58obex.sys -- (se58obex)
DRV - [2006/09/05 20:00:06 | 000,088,624 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\se58mgmt.sys -- (se58mgmt) Sony Ericsson Device 088 USB WMC Device Management Drivers (WDM)
DRV - [2006/09/05 19:59:18 | 000,097,088 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\se58mdm.sys -- (se58mdm)
DRV - [2006/09/05 19:59:14 | 000,009,360 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\se58mdfl.sys -- (se58mdfl)
DRV - [2006/09/05 19:58:26 | 000,061,536 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\se58bus.sys -- (se58bus) Sony Ericsson Device 088 driver (WDM)
DRV - [2006/09/05 19:57:54 | 000,018,704 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\se58nd5.sys -- (se58nd5) Sony Ericsson Device 088 USB Ethernet Emulation SEMC58 (NDIS)
DRV - [2006/09/05 19:57:48 | 000,090,800 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\se58unic.sys -- (se58unic) Sony Ericsson Device 088 USB Ethernet Emulation SEMC58 (WDM)
DRV - [2004/08/04 00:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Pilote NT de carte Realtek PCI Fast Ethernet à base RTL8139(A/B/C)
DRV - [2003/09/20 09:45:48 | 000,021,248 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pfc.sys -- (pfc)
DRV - [2001/09/10 20:09:46 | 000,057,392 | ---- | M] (Macrovision) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CDANT.SYS -- (C-Dilla)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2194610944-3195102602-2929692973-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-2194610944-3195102602-2929692973-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-2194610944-3195102602-2929692973-1005\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-2194610944-3195102602-2929692973-1005\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKU\S-1-5-21-2194610944-3195102602-2929692973-1005\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerm...tf8&oe=utf8
IE - HKU\S-1-5-21-2194610944-3195102602-2929692973-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource=10&ctid=CT2095689
IE - HKU\S-1-5-21-2194610944-3195102602-2929692973-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://fr.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-2194610944-3195102602-2929692973-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = fr
IE - HKU\S-1-5-21-2194610944-3195102602-2929692973-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 92 57 AB 0E 4A AF CA 01 [binary data]
IE - HKU\S-1-5-21-2194610944-3195102602-2929692973-1005\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-2194610944-3195102602-2929692973-1005\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-2194610944-3195102602-2929692973-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.defaulturl: "http://fr.search.yahoo.com/search?ei=UTF-8&fr=ytff-&p="
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.fr/"
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: linkfilter@kaspersky.ru:9.0.0.736
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/04/13 22:18:42 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/04/13 22:29:50 | 000,000,000 | ---D | M]
[2009/03/04 18:40:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Do\Application Data\Mozilla\Extensions
[2010/01/17 20:27:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Do\Application Data\Mozilla\Extensions\celtx@celtx.com
[2009/03/04 18:40:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Do\Application Data\Mozilla\Extensions\mozswing@mozswing.org
[2010/04/13 22:22:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Do\Application Data\Mozilla\Firefox\Profiles\0zkw2e2b.default\extensions
[2009/06/30 00:30:08 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Do\Application Data\Mozilla\Firefox\Profiles\0zkw2e2b.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/03/27 19:34:15 | 000,002,253 | ---- | M] () -- C:\Documents and Settings\Do\Application Data\Mozilla\Firefox\Profiles\0zkw2e2b.default\searchplugins\askcom.xml
[2010/04/13 21:28:58 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/01/27 16:49:48 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\linkfilter@kaspersky.ru
[2010/03/13 17:18:59 | 000,001,516 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-france.xml
[2010/03/13 17:18:59 | 000,001,822 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\cnrtl-tlfi-fr.xml
[2010/03/13 17:18:59 | 000,000,757 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-france.xml
[2009/10/05 21:40:03 | 000,000,748 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\MediaDICO-fr.xml
[2010/02/15 22:49:16 | 000,000,940 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\vmndtxtb.xml
[2010/03/13 17:18:59 | 000,001,426 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-fr.xml
[2010/03/24 00:13:39 | 000,000,956 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-france.xml
O1 HOSTS File: ([2006/03/02 14:00:00 | 000,000,790 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Adobe Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\ievkbd.dll (Kaspersky Lab)
O2 - BHO: (Programme d'aide de l'Assistant de connexion Windows Live) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll (Kaspersky Lab)
O3 - HKU\S-1-5-21-2194610944-3195102602-2929692973-1005\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll File not found
O3 - HKU\S-1-5-21-2194610944-3195102602-2929692973-1005\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll File not found
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Adobe Version Cue CS2] C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe (Adobe Sytems Incorporated)
O4 - HKLM..\Run: [AVP] C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe (Kaspersky Lab)
O4 - HKLM..\Run: [sysTrayApp] C:\Program Files\IDT\WDM\sttray.exe (IDT, Inc.)
O4 - HKU\S-1-5-21-2194610944-3195102602-2929692973-1005..\Run: [EPSON Stylus SX200 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIEFE.EXE (SEIKO EPSON CORPORATION)
O4 - Startup: C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Lancement rapide d'Adobe Acrobat.lnk = C:\WINDOWS\Installer\{AC76BA86-1033-F400-7760-000000000002}\SC_Acrobat.exe ()
O4 - Startup: C:\Documents and Settings\Do\Menu Démarrer\Programmes\Démarrage\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 60
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2194610944-3195102602-2929692973-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2194610944-3195102602-2929692973-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutorun = 0
O9 - Extra Button: Clavier &virtuel - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll (Kaspersky Lab)
O9 - Extra Button: Analyse des &liens - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll (Kaspersky Lab)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_19)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_19)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_19)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll) - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\mzvkbd3.dll (Kaspersky Lab)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\klogon: DllName - C:\WINDOWS\system32\klogon.dll - C:\WINDOWS\system32\klogon.dll (Kaspersky Lab)
O24 - Desktop Components:0 (Ma page d'accueil) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\Do\Application Data\Microsoft\Windows Live Photo Gallery\Papier peint de la Galerie de photos Windows Live.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Do\Application Data\Microsoft\Windows Live Photo Gallery\Papier peint de la Galerie de photos Windows Live.bmp
O32 - HKLM CDRom: AutoRun - 0
O32 - AutoRun File - [2008/03/26 18:33:26 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2002/01/12 01:38:13 | 000,000,000 | ---- | M] () - L:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{1a1f4ec4-3845-11df-ad60-0019214b7108}\Shell\Auto\command - "" = F:\launcher.exe -- File not found
O33 - MountPoints2\{44c8b7e4-96d0-11de-ab3e-0019214b7108}\Shell\AutoRun\command - "" = F:\WD_Windows_Tools\Setup.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2008/03/26 19:18:14 | 000,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: Wmi - C:\WINDOWS\system32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found
========== Files/Folders - Created Within 30 Days ==========
[2010/04/15 19:42:20 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/04/15 19:40:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Do\Bureau\ERUNT
[2010/04/15 19:37:47 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2010/04/15 19:35:19 | 000,561,664 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Do\Bureau\OTL.exe
[2010/04/15 19:30:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Do\Mes documents\Mes fichiers reçus
[2010/04/15 14:43:51 | 000,000,000 | ---D | C] -- C:\Program Files\FileZilla FTP Client
[2010/04/15 14:27:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Do\Mes documents\Téléchargements
[2010/04/15 14:17:19 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Do\Recent
[2010/04/14 23:42:17 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2010/04/14 22:25:55 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Do\Mes documents\Ma musique
[2010/04/14 11:17:41 | 000,000,000 | ---D | C] -- C:\Program Files\Kaspersky Lab
[2010/04/14 11:17:22 | 000,315,408 | ---- | C] (Kaspersky Lab) -- C:\WINDOWS\System32\drivers\klif.sys
[2010/04/14 11:14:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
[2010/04/14 00:07:43 | 008,101,951 | ---- | C] (IDT, Inc.) -- C:\WINDOWS\System32\idtsg.cpl
[2010/04/14 00:07:43 | 002,314,240 | ---- | C] (IDT, Inc.) -- C:\WINDOWS\System32\stlang.dll
[2010/04/14 00:07:43 | 000,442,433 | ---- | C] (IDT, Inc.) -- C:\WINDOWS\sttray.exe
[2010/04/14 00:07:43 | 000,221,239 | ---- | C] (IDT, Inc.) -- C:\WINDOWS\System32\stacsv.exe
[2010/04/14 00:07:21 | 000,150,016 | ---- | C] (IDT, Inc.) -- C:\WINDOWS\System32\staco.dll
[2010/04/14 00:07:11 | 001,292,888 | ---- | C] (IDT, Inc.) -- C:\WINDOWS\System32\drivers\sthda.sys
[2010/04/14 00:07:11 | 000,442,439 | ---- | C] (IDT, Inc.) -- C:\WINDOWS\System32\stacapi.dll
[2010/04/14 00:07:02 | 000,000,000 | ---D | C] -- C:\Program Files\IDT
[2010/04/14 00:06:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Do\Bureau\IDT
[2010/04/14 00:00:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Do\Local Settings\Application Data\Eazel-FR
[2010/04/14 00:00:45 | 000,000,000 | ---D | C] -- C:\Program Files\Conduit
[2010/04/14 00:00:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Do\Local Settings\Application Data\Conduit
[2010/04/13 23:21:27 | 000,000,000 | ---D | C] -- C:\Program Files\Fichiers communs\Adobe Systems Shared
[2010/04/13 17:42:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/04/13 16:46:28 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2010/04/13 16:41:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Do\Bureau\backups
[2010/04/13 16:37:36 | 000,401,720 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\Do\Bureau\HiJackThis.exe
[2010/04/13 16:37:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2010/04/13 14:40:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Do\Application Data\Malwarebytes
[2010/04/13 14:39:32 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/04/13 14:39:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/04/13 14:39:28 | 000,020,824 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/04/13 14:39:28 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/04/13 14:04:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
[2010/04/13 14:04:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Do\Application Data\Yahoo!
[2010/04/13 14:03:38 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2010/04/04 07:46:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Do\Application Data\igraal
[2010/03/31 17:36:22 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss
[2010/03/30 23:33:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Do\Application Data\Dynamique
[2010/03/30 23:33:17 | 000,000,000 | ---D | C] -- C:\SUPPORT_388945a0cuments and Settings
[2010/03/30 23:33:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Do\Application Data\Sites
[2010/03/30 23:33:16 | 000,000,000 | ---D | C] -- C:\Invitécuments and Settings
[2010/03/30 23:33:16 | 000,000,000 | ---D | C] -- C:\HelpAssistantcuments and Settings
[2010/03/30 23:33:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Do\Application Data\Classes de site
[2010/03/30 23:33:16 | 000,000,000 | ---D | C] -- C:\Administrateurcuments and Settings
[2010/03/30 23:26:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
[2010/03/30 23:25:56 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2010/03/30 23:25:56 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2010/03/30 23:25:56 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2010/03/25 21:39:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Do\Application Data\MP-Manager
[2009/08/21 16:57:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Google
[2009/08/21 16:52:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Google
[2009/07/22 15:25:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2009/06/18 22:25:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\MediaMonkey
[2009/03/17 11:40:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2008/07/18 23:34:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple
[2008/03/26 18:33:23 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2008/03/26 18:33:23 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[7 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2010/04/15 19:37:53 | 000,000,773 | ---- | M] () -- C:\Documents and Settings\Do\Menu Démarrer\Programmes\Démarrage\ERUNT AutoBackup.lnk
[2010/04/15 19:35:21 | 000,561,664 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Do\Bureau\OTL.exe
[2010/04/15 19:27:49 | 000,002,359 | ---- | M] () -- C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Lancement rapide d'Adobe Acrobat.lnk
[2010/04/15 19:27:47 | 000,001,042 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/04/15 19:27:46 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/04/15 19:27:43 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/04/15 18:43:30 | 009,175,040 | -H-- | M] () -- C:\Documents and Settings\Do\NTUSER.DAT
[2010/04/15 18:43:30 | 000,000,184 | -HS- | M] () -- C:\Documents and Settings\Do\ntuser.ini
[2010/04/15 18:43:23 | 004,847,248 | -H-- | M] () -- C:\Documents and Settings\Do\Local Settings\Application Data\IconCache.db
[2010/04/15 15:13:00 | 000,001,046 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/04/15 14:25:52 | 000,020,944 | ---- | M] () -- C:\Documents and Settings\Do\Mes documents\panda final.odt
[2010/04/14 12:47:06 | 000,012,626 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/04/14 11:25:42 | 000,315,408 | ---- | M] (Kaspersky Lab) -- C:\WINDOWS\System32\drivers\klif.sys
[2010/04/14 11:18:40 | 000,108,059 | ---- | M] () -- C:\WINDOWS\System32\drivers\klin.dat
[2010/04/14 11:18:39 | 000,095,259 | ---- | M] () -- C:\WINDOWS\System32\drivers\klick.dat
[2010/04/13 23:59:44 | 000,413,048 | ---- | M] () -- C:\WINDOWS\System32\SpoonUninstall.exe
[2010/04/13 16:46:28 | 000,001,740 | ---- | M] () -- C:\Documents and Settings\Do\Bureau\HijackThis.lnk
[2010/04/13 14:39:36 | 000,000,702 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\Malwarebytes' Anti-Malware.lnk
[2010/04/13 14:03:44 | 000,001,554 | ---- | M] () -- C:\Documents and Settings\Do\Bureau\CCleaner.lnk
[2010/04/13 14:00:40 | 000,401,720 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\Do\Bureau\HiJackThis.exe
[2010/04/12 18:38:49 | 000,024,988 | ---- | M] () -- C:\Documents and Settings\Do\Bureau\24570_383642336465_525041465_4375396_6812568_n.jpg
[2010/04/12 13:16:35 | 000,110,683 | ---- | M] () -- C:\Documents and Settings\Do\Bureau\351568.jpg
[2010/04/12 13:01:09 | 000,020,497 | ---- | M] () -- C:\Documents and Settings\Do\Bureau\buffalo1.jpg
[2010/04/01 22:03:01 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/03/31 17:36:49 | 000,000,507 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/03/31 17:36:49 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/03/31 17:36:49 | 000,000,216 | RHS- | M] () -- C:\boot.ini
[2010/03/31 10:48:48 | 000,012,800 | ---- | M] () -- C:\Documents and Settings\Do\Application Data\Settings.cfg
[2010/03/30 23:25:31 | 001,094,430 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/03/30 23:25:31 | 000,501,232 | ---- | M] () -- C:\WINDOWS\System32\perfh00C.dat
[2010/03/30 23:25:31 | 000,432,806 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/03/30 23:25:31 | 000,081,096 | ---- | M] () -- C:\WINDOWS\System32\perfc00C.dat
[2010/03/30 23:25:31 | 000,067,762 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/03/30 13:37:24 | 000,000,600 | ---- | M] () -- C:\Documents and Settings\Do\Local Settings\Application Data\PUTTY.RND
[2010/03/30 00:46:30 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/03/30 00:45:52 | 000,020,824 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/03/22 11:47:17 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[7 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
========== Files Created - No Company Name ==========
[2010/04/15 19:37:53 | 000,000,773 | ---- | C] () -- C:\Documents and Settings\Do\Menu Démarrer\Programmes\Démarrage\ERUNT AutoBackup.lnk
[2010/04/15 12:54:34 | 000,020,944 | ---- | C] () -- C:\Documents and Settings\Do\Mes documents\panda final.odt
[2010/04/14 11:18:40 | 000,108,059 | ---- | C] () -- C:\WINDOWS\System32\drivers\klin.dat
[2010/04/14 11:18:39 | 000,095,259 | ---- | C] () -- C:\WINDOWS\System32\drivers\klick.dat
[2010/04/13 16:46:28 | 000,001,740 | ---- | C] () -- C:\Documents and Settings\Do\Bureau\HijackThis.lnk
[2010/04/13 14:39:36 | 000,000,702 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\Malwarebytes' Anti-Malware.lnk
[2010/04/13 14:03:43 | 000,001,554 | ---- | C] () -- C:\Documents and Settings\Do\Bureau\CCleaner.lnk
[2010/04/12 18:38:48 | 000,024,988 | ---- | C] () -- C:\Documents and Settings\Do\Bureau\24570_383642336465_525041465_4375396_6812568_n.jpg
[2010/04/12 13:16:35 | 000,110,683 | ---- | C] () -- C:\Documents and Settings\Do\Bureau\351568.jpg
[2010/04/12 13:01:08 | 000,020,497 | ---- | C] () -- C:\Documents and Settings\Do\Bureau\buffalo1.jpg
[2010/03/30 23:33:17 | 000,012,800 | ---- | C] () -- C:\Documents and Settings\Do\Application Data\Settings.cfg
[2010/03/30 13:37:24 | 000,000,600 | ---- | C] () -- C:\Documents and Settings\Do\Local Settings\Application Data\PUTTY.RND
[2010/03/22 11:47:13 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2009/08/06 19:31:24 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2009/08/06 19:17:05 | 000,000,025 | ---- | C] () -- C:\WINDOWS\CDE SX200DEFGIPS.ini
[2009/04/28 16:38:21 | 000,000,246 | ---- | C] () -- C:\WINDOWS\w32dasm8.ini
[2009/03/20 19:35:26 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4926.dll
[2009/01/19 20:09:53 | 000,007,219 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\N360BUOptions.ini
[2008/11/09 17:19:23 | 000,168,448 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2008/11/09 17:19:22 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini
[2008/11/09 17:19:20 | 000,881,664 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2008/11/09 17:19:19 | 000,205,824 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2008/11/09 17:19:18 | 000,085,504 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2008/11/09 17:19:18 | 000,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2008/11/09 02:37:50 | 000,120,200 | ---- | C] () -- C:\WINDOWS\System32\DLLDEV32i.dll
[2008/11/09 02:37:40 | 000,007,023 | ---- | C] () -- C:\WINDOWS\mgxoschk.ini
[2008/11/04 19:37:13 | 000,008,864 | ---- | C] () -- C:\WINDOWS\System32\drivers\CDAC15BA.SYS
[2008/05/26 22:24:00 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2008/05/14 03:06:36 | 000,012,829 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2008/05/14 02:59:56 | 009,175,040 | -H-- | C] () -- C:\Documents and Settings\Do\NTUSER.DAT
[2008/05/14 02:59:56 | 000,016,384 | -H-- | C] () -- C:\Documents and Settings\Do\ntuser.dat.LOG
[2008/05/14 02:59:56 | 000,000,184 | -HS- | C] () -- C:\Documents and Settings\Do\ntuser.ini
[2008/05/14 02:59:48 | 000,262,144 | ---- | C] () -- C:\Documents and Settings\All Users\NTUSER.DAT
[2008/05/14 02:59:48 | 000,001,024 | -H-- | C] () -- C:\Documents and Settings\All Users\NTUSER.DAT.LOG
[2008/05/13 21:03:42 | 000,048,128 | ---- | C] () -- C:\Documents and Settings\Do\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/03/27 00:11:30 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2008/03/26 19:00:53 | 000,204,800 | R--- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4785.dll
[2006/05/16 08:25:43 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\hpzids01.dll
[2002/03/17 02:00:00 | 000,007,420 | ---- | C] () -- C:\WINDOWS\UA000082.DLL
========== LOP Check ==========
[2009/08/06 19:30:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EPSON
[2009/03/23 14:33:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ma-config.com
[2009/03/23 14:32:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MAGIX
[2008/11/11 23:20:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Pinnacle
[2008/11/11 23:25:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Pinnacle VideoSpin
[2010/04/13 17:45:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/08/06 19:40:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\UDL
[2009/03/23 15:05:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ulead Systems
[2008/11/11 23:22:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\VideoSpin
[2010/04/13 15:52:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2008/10/07 10:05:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
[2009/11/04 20:23:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/05/15 00:03:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2009/07/11 17:38:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Do\Application Data\Canon
[2010/03/30 23:33:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Do\Application Data\Classes de site
[2010/03/30 23:34:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Do\Application Data\Dynamique
[2009/08/06 22:46:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Do\Application Data\EPSON
[2010/04/15 14:59:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Do\Application Data\FileZilla
[2010/01/17 20:27:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Do\Application Data\Greyfirst
[2008/07/17 21:54:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Do\Application Data\gtk-2.0
[2010/04/04 07:46:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Do\Application Data\igraal
[2008/07/03 18:05:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Do\Application Data\iView
[2009/03/20 19:41:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Do\Application Data\MAGIX
[2010/03/25 22:20:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Do\Application Data\MP-Manager
[2010/01/27 17:05:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Do\Application Data\Notepad++
[2009/03/27 16:49:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Do\Application Data\OpenOffice.org
[2010/03/31 10:07:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Do\Application Data\Sites
[2010/04/05 11:43:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Do\Application Data\Teleca
[2009/03/20 16:32:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Do\Application Data\Ulead Systems
[2009/04/18 16:44:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Do\Application Data\VSO
========== Purity Check ==========
========== Custom Scans ==========
< %SYSTEMDRIVE%\*.exe >
< MD5 for: AGP440.SYS >
[2006/03/02 14:00:00 | 018,782,711 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2008/06/08 14:33:04 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2008/06/08 14:33:04 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008/04/13 20:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 20:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys
< MD5 for: ATAPI.SYS >
[2006/03/02 14:00:00 | 018,782,711 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2008/06/08 14:33:04 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2008/06/08 14:33:04 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008/04/13 20:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 20:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/03 23:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
[2006/03/02 14:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0002\DriverFiles\i386\atapi.sys
[2004/08/03 23:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0003\DriverFiles\i386\atapi.sys
< MD5 for: EVENTLOG.DLL >
[2006/03/02 14:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=49B1376885340BF9EA0D99F71557B59A -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll
[2008/04/14 04:33:24 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=4EC800BDF80521B0207BD2301DFC7D14 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/14 04:33:24 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=4EC800BDF80521B0207BD2301DFC7D14 -- C:\WINDOWS\system32\eventlog.dll
< MD5 for: NETLOGON.DLL >
[2008/04/14 04:33:34 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=04821179C3171554C1BD1F9888A113E2 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/14 04:33:34 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=04821179C3171554C1BD1F9888A113E2 -- C:\WINDOWS\system32\netlogon.dll
[2006/03/02 14:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=D4CFAC76926C24E32B7F25A35C31BC6E -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll
< MD5 for: SCECLI.DLL >
[2006/03/02 14:00:00 | 000,186,368 | ---- | M] (Microsoft Corporation) MD5=58D439F6EF73A2D9288B204E819F4BBD -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008/04/14 04:33:40 | 000,187,392 | ---- | M] (Microsoft Corporation) MD5=973B36634C544948C663E8269AA1B3A3 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/14 04:33:40 | 000,187,392 | ---- | M] (Microsoft Corporation) MD5=973B36634C544948C663E8269AA1B3A3 -- C:\WINDOWS\system32\scecli.dll
< %systemroot%\*. /mp /s >
< %systemroot%\system32\*.dll /lockedfiles >
[2008/04/14 04:33:33 | 001,384,479 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\msvbvm60.dll
[7 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]
< %systemroot%\Tasks\*.job /lockedfiles >
========== Alternate Data Streams ==========
@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CB0AACC9
< End of report >
En vous remerciant infiniment