LiliChan

Je l'ai supprimé en mode sans échec manuellement finalement et le problème est résolu ! Merci encore !

Alors j'ai bien fais tout ça et pourtant, l'icône MSN est toujours là...Dans l'utilitaire de configuration système, il apparaît comme ceci : msmsgs "C:\ProgramFiles\Messenger\msmsgs.exe"/backround Il ne s'agit visiblement pas de WLM mais de MSN ou un virus qui se fait passer pour ! Voici le rapport ComboFix généré par la dernière manip' : ComboFix 11-01-12.04 - accueil-1 13/01/2011 16:13:30.2.1 - x86 Microsoft Windows XP Professionnel 5.1.2600.3.1252.33.1036.18.510.235 [GMT 1:00] Lancé depuis: c:\documents and settings\accueil-1\Bureau\ComboFix.exe Commutateurs utilisés :: c:\documents and settings\accueil-1\Bureau\CFScript.txt AV: Kaspersky Anti-Virus *Disabled/Updated* {2C4D4BC6-0793-4956-A9F9-E252435469C0} . ((((((((((((((((((((((((((((( Fichiers créés du 2010-12-13 au 2011-01-13 )))))))))))))))))))))))))))))))))))) . 2011-01-13 15:09 . 2011-01-13 15:09 -------- d-sh--w- c:\documents and settings\accueil-1\PrivacIE 2011-01-13 15:09 . 2011-01-13 15:09 -------- d-sh--w- c:\documents and settings\accueil-1\IECompatCache 2011-01-13 09:39 . 2011-01-13 09:39 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache 2011-01-13 09:39 . 2011-01-13 09:39 -------- d-sh--w- c:\documents and settings\accueil-1\IETldCache 2011-01-13 08:53 . 2011-01-13 08:53 -------- d-----w- c:\documents and settings\accueil-1\Local Settings\Application Data\Temp 2011-01-13 08:45 . 2011-01-13 08:45 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee 2011-01-13 08:45 . 2011-01-13 08:45 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee Security Scan 2011-01-13 08:44 . 2011-01-13 08:44 -------- d-----w- c:\program files\McAfee Security Scan 2011-01-13 08:40 . 2011-01-13 09:10 -------- dc-h--w- c:\windows\ie8 2011-01-13 08:33 . 2010-10-18 11:10 7680 -c----w- c:\windows\system32\dllcache\iecompat.dll 2011-01-13 08:31 . 2010-11-06 00:21 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll 2011-01-13 08:31 . 2010-11-06 00:21 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll 2011-01-13 08:31 . 2010-11-06 00:21 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll 2011-01-12 16:12 . 2011-01-13 09:46 472808 ----a-w- c:\windows\system32\deployJava1.dll 2011-01-12 16:12 . 2011-01-13 09:46 472808 ----a-w- c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll 2011-01-12 15:37 . 2011-01-12 15:37 16856 ----a-w- c:\program files\Mozilla Firefox\plugin-container.exe 2011-01-12 15:37 . 2011-01-12 15:37 719832 ----a-w- c:\program files\Mozilla Firefox\mozcpp19.dll 2011-01-12 15:31 . 2011-01-12 15:31 -------- d-----w- C:\_OTL 2011-01-07 09:52 . 2011-01-12 09:16 -------- d-----w- c:\program files\RegScrubXP 2011-01-07 09:18 . 2011-01-07 09:18 -------- d-----w- c:\program files\CCleaner 2011-01-07 08:13 . 2011-01-07 08:13 -------- d-----w- c:\documents and settings\accueil-1\Application Data\Malwarebytes 2010-12-15 08:54 . 2010-11-02 15:17 40960 -c----w- c:\windows\system32\dllcache\ndproxy.sys 2010-12-15 08:51 . 2010-10-11 14:59 45568 -c----w- c:\windows\system32\dllcache\wab.exe . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2011-01-13 09:46 . 2008-05-09 09:53 73728 ----a-w- c:\windows\system32\javacpl.cpl 2010-12-20 17:09 . 2010-05-04 10:10 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-12-20 17:08 . 2010-05-04 10:10 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-11-18 18:12 . 2004-08-19 12:16 86016 ----a-w- c:\windows\system32\isign32.dll 2010-11-09 14:52 . 2004-08-19 17:44 249856 ----a-w- c:\windows\system32\odbc32.dll 2010-11-06 00:21 . 2004-08-19 17:51 916480 ----a-w- c:\windows\system32\wininet.dll 2010-11-06 00:21 . 2004-08-19 17:39 43520 ------w- c:\windows\system32\licmgr10.dll 2010-11-06 00:21 . 2004-08-19 17:38 1469440 ------w- c:\windows\system32\inetcpl.cpl 2010-11-03 12:26 . 2004-08-19 17:38 385024 ------w- c:\windows\system32\html.iec 2010-11-02 15:17 . 2004-08-19 17:42 40960 ----a-w- c:\windows\system32\drivers\ndproxy.sys 2010-10-28 13:14 . 2004-08-19 17:36 290048 ----a-w- c:\windows\system32\atmfd.dll 2010-10-26 14:07 . 2004-08-19 17:51 1853440 ----a-w- c:\windows\system32\win32k.sys . ((((((((((((((((((((((((((((((((( Points de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "AVP"="c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe" [2009-07-21 208616] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-09-27 13918208] "Synchronization Manager"="c:\windows\system32\mobsync.exe" [2008-04-14 143872] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2010-11-10 35736] "Adobe ARM"="c:\program files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-10 932288] "SunJavaUpdateSched"="c:\program files\Fichiers communs\Java\Java Update\jusched.exe" [2010-05-14 248552] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\ McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "DisableCAD"= 1 (0x1) [HKLM\~\startupfolder\C:^Documents and Settings^accueil-1^Menu Démarrer^Programmes^Démarrage^OpenOffice.org 2.4.lnk] path=c:\documents and settings\accueil-1\Menu Démarrer\Programmes\Démarrage\OpenOffice.org 2.4.lnk backup=c:\windows\pss\OpenOffice.org 2.4.lnkStartup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Microsoft Office.lnk] path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Microsoft Office.lnk backup=c:\windows\pss\Microsoft Office.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA] 2004-07-13 20:10 339968 ----a-w- c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] 2008-04-14 02:34 1695232 ------w- c:\program files\Messenger\msmsgs.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter] 2009-09-27 16:19 86016 ----a-w- c:\windows\system32\nvmctray.dll [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [29/01/2008 16:29 33808] R2 klnagent;Kaspersky Network Agent;c:\program files\Kaspersky Lab\NetworkAgent\klnagent.exe [09/03/2007 17:12 91265] R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [13/12/2007 12:28 24592] R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32.sys [15/06/2010 09:47 57248] S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [15/01/2010 13:49 227232] --- Autres Services/Pilotes en mémoire --- *NewlyCreated* - JAVAQUICKSTARTERSERVICE . . ------- Examen supplémentaire ------- . uStart Page = hxxp://www.orange.fr/ IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 FF - ProfilePath - c:\documents and settings\accueil-1\Application Data\Mozilla\Firefox\Profiles\zcz0l53h.default\ FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - www.google.fr FF - prefs.js: keyword.URL - hxxp://fr.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=302398&p= FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff . - - - - ORPHELINS SUPPRIMES - - - - MSConfigStartUp-Adobe Reader Speed Launcher - c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe MSConfigStartUp-AdobeUpdater - c:\program files\Fichiers communs\Adobe\Updater5\AdobeUpdater.exe ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover Rootkit scan 2011-01-13 16:21 Windows 5.1.2600 Service Pack 3 NTFS Recherche de processus cachés ... Recherche d'éléments en démarrage automatique cachés ... Recherche de fichiers cachés ... Scan terminé avec succès Fichiers cachés: 0 ************************************************************************** . --------------------- CLES DE REGISTRE BLOQUEES --------------------- [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\€–€|ÿÿÿÿÀ•€|ù•9~*] "C040AC1900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL" . --------------------- DLLs chargées dans les processus actifs --------------------- - - - - - - - > 'explorer.exe'(1408) c:\windows\system32\eappprxy.dll c:\windows\system32\webcheck.dll . Heure de fin: 2011-01-13 16:24:46 ComboFix-quarantined-files.txt 2011-01-13 15:24 ComboFix2.txt 2011-01-12 15:54 Avant-CF: 49 070 710 784 octets libres Après-CF: 49 089 589 248 octets libres - - End Of File - - 0CA1313AB45516A928D3A3F9BFF926FD

La machine semble plus réactive (bien que toujours très lente au démarrage - j'imagine que la mémoire y est pour quelque chose !) mais il reste un petit bug. Pas moyen de désinstaller Windows Live Messenger. L'icône reste active quoique je fasse, impossible de quitter l'appli et elle n'apparaît pas dans Ajout/Suppression de programmes...

Concernant Kaspersky, personnellement, je n'aime pas du tout. Je le trouve trop lourd (surtout pour cette machine T_T). Cependant, je ne peux pas le changer car ce n'est pas mon ordinateur... Sinon, j'aurais opté pour Antivir que j'apprécie particulièrement. Est-ce un bon choix ? Je peux toujours tenter de convaincre le propriétaire de l'ordi de changer... En tout cas, encore merci pour ton aide !

Voici le rapport OTL : ========== OTL ========== Service HidServ stopped successfully! Service HidServ deleted successfully! File C:\WINDOWS\System32\hidserv.dll not found. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{BA52B914-B692-46c4-B683-905236F6F655} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BA52B914-B692-46c4-B683-905236F6F655}\ not found. Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93} Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully. Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found. Starting removal of ActiveX control {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA}\ deleted successfully. Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA}\ not found. Starting removal of ActiveX control {CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA} Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA}\ deleted successfully. Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA}\ not found. Starting removal of ActiveX control {CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA} Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA}\ deleted successfully. Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA}\ not found. Starting removal of ActiveX control {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}\ deleted successfully. Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}\ not found. Starting removal of ActiveX control {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}\ deleted successfully. Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}\ not found. Starting removal of ActiveX control {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA}\ deleted successfully. Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA}\ not found. Starting removal of ActiveX control {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}\ deleted successfully. Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}\ not found. Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found. ========== SERVICES/DRIVERS ========== ========== REGISTRY ========== ========== FILES ========== ========== COMMANDS ========== [EMPTYFLASH] User: accueil-1 ->Flash cache emptied: 2305 bytes User: Administrateur User: All Users User: Default User User: LocalService User: NetworkService Total Flash Files Cleaned = 0,00 mb C:\WINDOWS\System32\drivers\etc\Hosts moved successfully. HOSTS file reset successfully OTL by OldTimer - Version 3.2.20.1 log created on 01122011_163100 Et le rapport ComboFix : ComboFix 11-01-11.03 - accueil-1 12/01/2011 16:41:53.1.1 - x86 Microsoft Windows XP Professionnel 5.1.2600.3.1252.33.1036.18.510.238 [GMT 1:00] Lancé depuis: c:\documents and settings\accueil-1\Bureau\ComboFix.exe AV: Kaspersky Anti-Virus *Disabled/Updated* {2C4D4BC6-0793-4956-A9F9-E252435469C0} . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . c:\windows\system32\drivers\fad.sys . ((((((((((((((((((((((((((((( Fichiers créés du 2010-12-12 au 2011-01-12 )))))))))))))))))))))))))))))))))))) . 2011-01-12 15:37 . 2011-01-12 15:37 16856 ----a-w- c:\program files\Mozilla Firefox\plugin-container.exe 2011-01-12 15:37 . 2011-01-12 15:37 719832 ----a-w- c:\program files\Mozilla Firefox\mozcpp19.dll 2011-01-12 15:31 . 2011-01-12 15:31 -------- d-----w- C:\_OTL 2011-01-07 09:52 . 2011-01-12 09:16 -------- d-----w- c:\program files\RegScrubXP 2011-01-07 09:18 . 2011-01-07 09:18 -------- d-----w- c:\program files\CCleaner 2011-01-07 08:13 . 2011-01-07 08:13 -------- d-----w- c:\documents and settings\accueil-1\Application Data\Malwarebytes 2010-12-15 08:54 . 2010-11-02 15:17 40960 -c----w- c:\windows\system32\dllcache\ndproxy.sys 2010-12-15 08:51 . 2010-10-11 14:59 45568 -c----w- c:\windows\system32\dllcache\wab.exe . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2010-12-20 17:09 . 2010-05-04 10:10 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-12-20 17:08 . 2010-05-04 10:10 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-11-18 18:12 . 2004-08-19 12:16 86016 ----a-w- c:\windows\system32\isign32.dll 2010-11-06 00:28 . 2004-08-19 17:51 832512 ----a-w- c:\windows\system32\wininet.dll 2010-11-06 00:28 . 2004-08-19 17:38 1830912 ----a-w- c:\windows\system32\inetcpl.cpl 2010-11-06 00:28 . 2004-08-19 17:38 78336 ----a-w- c:\windows\system32\ieencode.dll 2010-11-06 00:28 . 2004-08-19 17:37 17408 ----a-w- c:\windows\system32\corpol.dll 2010-11-03 12:25 . 2004-08-19 17:38 389120 ----a-w- c:\windows\system32\html.iec 2010-11-02 15:17 . 2004-08-19 17:42 40960 ----a-w- c:\windows\system32\drivers\ndproxy.sys 2010-10-28 13:14 . 2004-08-19 17:36 290048 ----a-w- c:\windows\system32\atmfd.dll 2010-10-26 14:07 . 2004-08-19 17:51 1853440 ----a-w- c:\windows\system32\win32k.sys . ((((((((((((((((((((((((((((((((( Points de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "AdobeUpdater"="c:\program files\Fichiers communs\Adobe\Updater5\AdobeUpdater.exe" [2008-11-07 2356088] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SunJavaUpdateSched"="c:\program files\Fichiers communs\Java\Java Update\jusched.exe" [2010-02-18 248040] "AVP"="c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe" [2009-07-21 208616] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-09-27 13918208] "Synchronization Manager"="c:\windows\system32\mobsync.exe" [2008-04-14 143872] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "DisableCAD"= 1 (0x1) [HKLM\~\startupfolder\C:^Documents and Settings^accueil-1^Menu Démarrer^Programmes^Démarrage^OpenOffice.org 2.4.lnk] path=c:\documents and settings\accueil-1\Menu Démarrer\Programmes\Démarrage\OpenOffice.org 2.4.lnk backup=c:\windows\pss\OpenOffice.org 2.4.lnkStartup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Microsoft Office.lnk] path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Microsoft Office.lnk backup=c:\windows\pss\Microsoft Office.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] 2008-01-11 21:16 39792 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA] 2004-07-13 20:10 339968 ----a-w- c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] 2008-04-14 02:34 1695232 ------w- c:\program files\Messenger\msmsgs.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter] 2009-09-27 16:19 86016 ----a-w- c:\windows\system32\nvmctray.dll [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [29/01/2008 16:29 33808] R2 klnagent;Kaspersky Network Agent;c:\program files\Kaspersky Lab\NetworkAgent\klnagent.exe [09/03/2007 17:12 91265] R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [13/12/2007 12:28 24592] R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32.sys [15/06/2010 09:47 57248] . . ------- Examen supplémentaire ------- . uStart Page = hxxp://www.orange.fr/ IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 FF - ProfilePath - c:\documents and settings\accueil-1\Application Data\Mozilla\Firefox\Profiles\zcz0l53h.default\ FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - www.google.fr FF - prefs.js: keyword.URL - hxxp://fr.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=302398&p= FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff . - - - - ORPHELINS SUPPRIMES - - - - MSConfigStartUp-SearchSettings - c:\program files\pdfforge Toolbar\SearchSettings.exe MSConfigStartUp-SuperCopier2 - c:\program files\SuperCopier2\SuperCopier2.exe ************************************************************************** Recherche de processus cachés ... Recherche d'éléments en démarrage automatique cachés ... Recherche de fichiers cachés ... Scan terminé avec succès Fichiers cachés: ************************************************************************** . --------------------- CLES DE REGISTRE BLOQUEES --------------------- [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\€–€|ÿÿÿÿÀ•€|ù•9~*] "C040AC1900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL" . --------------------- DLLs chargées dans les processus actifs --------------------- - - - - - - - > 'explorer.exe'(2364) c:\windows\system32\eappprxy.dll . ------------------------ Autres processus actifs ------------------------ . c:\windows\system32\nvsvc32.exe c:\windows\system32\brss01a.exe c:\windows\system32\basfipm.exe c:\program files\Dell\OpenManage\Client\Iap.exe c:\program files\Java\jre6\bin\jqs.exe c:\program files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE c:\program files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe c:\windows\System32\snmp.exe c:\windows\system32\wscntfy.exe c:\program files\Fichiers communs\Java\Java Update\jucheck.exe . ************************************************************************** . Heure de fin: 2011-01-12 16:54:29 - La machine a redémarré ComboFix-quarantined-files.txt 2011-01-12 15:54 Avant-CF: 49 668 345 856 octets libres Après-CF: 49 666 813 952 octets libres WindowsXP-KB310994-SP2-Pro-BootDisk-FRA.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons UnsupportedDebug="do not select this" /debug multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professionnel" /noexecute=optin /fastdetect - - End Of File - - CE5089253671D6AB0555C5EF5E669524

OTL : OTL logfile created on: 12/01/2011 12:55:18 - Run 1 OTL by OldTimer - Version 3.2.20.1 Folder = C:\Documents and Settings\accueil-1\Bureau Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 7.0.5730.13) Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy 510,00 Mb Total Physical Memory | 117,00 Mb Available Physical Memory | 23,00% Memory free 1,00 Gb Paging File | 1,00 Gb Available in Paging File | 65,00% Paging File free Paging file location(s): c:\pagefile.sys 768 1536 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 74,42 Gb Total Space | 46,30 Gb Free Space | 62,22% Space Free | Partition Type: NTFS Drive G: | 189,91 Gb Total Space | 85,46 Gb Free Space | 45,00% Space Free | Partition Type: NTFS Drive Z: | 74,43 Gb Total Space | 67,23 Gb Free Space | 90,33% Space Free | Partition Type: NTFS Computer Name: ACCUEIL1 | User Name: accueil-1 | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2011/01/12 11:16:35 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\accueil-1\Bureau\OTL.exe PRC - [2011/01/11 09:15:13 | 000,910,808 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe PRC - [2010/02/18 10:43:20 | 000,490,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Fichiers communs\Java\Java Update\jucheck.exe PRC - [2010/02/18 10:43:18 | 000,248,040 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe PRC - [2008/04/14 03:34:03 | 001,037,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe PRC - [2007/03/09 17:12:14 | 000,091,265 | ---- | M] (Kaspersky Lab) -- C:\Program Files\Kaspersky Lab\NetworkAgent\klnagent.exe PRC - [2004/04/01 18:05:48 | 000,077,824 | ---- | M] (Broadcom Corp.) -- C:\WINDOWS\system32\BAsfIpM.exe PRC - [2004/02/13 10:47:02 | 000,155,648 | ---- | M] (Dell Inc) -- C:\Program Files\Dell\OpenManage\Client\Iap.exe PRC - [2003/08/28 01:00:00 | 000,057,344 | ---- | M] (brother Industries Ltd) -- C:\WINDOWS\system32\BRSVC01A.EXE PRC - [2003/06/19 23:25:00 | 000,322,120 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE PRC - [2001/12/13 01:01:00 | 000,045,056 | ---- | M] (brother Industries Ltd) -- C:\WINDOWS\system32\BRSS01A.EXE ========== Modules (SafeList) ========== MOD - [2011/01/12 11:16:35 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\accueil-1\Bureau\OTL.exe MOD - [2010/08/23 17:12:39 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll ========== Win32 Services (SafeList) ========== SRV - File not found [Disabled | Stopped] -- C:\WINDOWS\System32\hidserv.dll -- (HidServ) SRV - [2009/07/21 12:16:39 | 000,208,616 | ---- | M] (Kaspersky Lab) [Auto | Running] -- C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe -- (avp) SRV - [2007/03/09 17:12:14 | 000,091,265 | ---- | M] (Kaspersky Lab) [Auto | Running] -- C:\Program Files\Kaspersky Lab\NetworkAgent\klnagent.exe -- (klnagent) SRV - [2004/04/01 18:05:48 | 000,077,824 | ---- | M] (Broadcom Corp.) [Auto | Running] -- C:\WINDOWS\system32\BAsfIpM.exe -- (BAsfIpM) SRV - [2004/02/13 10:47:02 | 000,155,648 | ---- | M] (Dell Inc) [Auto | Running] -- C:\Program Files\Dell\OpenManage\Client\Iap.exe -- (Iap) SRV - [2003/08/28 01:00:00 | 000,057,344 | ---- | M] (brother Industries Ltd) [Auto | Running] -- C:\WINDOWS\system32\BRSVC01A.EXE -- (Brother XP spl Service) SRV - [2003/07/28 20:28:22 | 000,089,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE -- (ose) SRV - [2003/06/19 23:25:00 | 000,322,120 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE -- (MDM) ========== Driver Services (SafeList) ========== DRV - [2009/09/28 00:12:22 | 007,655,872 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv) DRV - [2009/08/21 21:24:10 | 000,057,248 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvhda32.sys -- (NVHDA) DRV - [2009/04/30 13:36:07 | 000,226,832 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\klif.sys -- (klif) DRV - [2009/04/30 13:36:07 | 000,033,808 | ---- | M] (Kaspersky Lab) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\klbg.sys -- (klbg) DRV - [2008/07/21 16:34:36 | 000,121,872 | ---- | M] (Kaspersky Lab) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\kl1.sys -- (kl1) DRV - [2008/04/30 16:06:48 | 000,024,592 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\klim5.sys -- (klim5) DRV - [2008/04/13 19:36:39 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp) DRV - [2008/04/13 19:36:39 | 000,040,960 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp) DRV - [2008/04/13 17:36:05 | 000,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus) DRV - [2004/08/19 18:49:40 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra) DRV - [2004/08/19 18:48:42 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3) DRV - [2004/08/19 18:48:42 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi) DRV - [2004/08/19 18:48:41 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx) DRV - [2004/08/19 18:48:41 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810) DRV - [2004/08/19 18:48:01 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow) DRV - [2004/08/19 18:45:23 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280) DRV - [2004/08/19 18:45:23 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160) DRV - [2004/08/19 18:45:22 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080) DRV - [2004/08/19 18:41:16 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x) DRV - [2004/08/19 18:37:26 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k) DRV - [2004/08/19 18:36:43 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde) DRV - [2004/08/19 18:36:25 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc) DRV - [2004/08/19 18:36:25 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550) DRV - [2004/08/19 18:36:22 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde) DRV - [2004/05/29 22:41:54 | 000,186,112 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k) DRV - [2004/05/26 04:19:00 | 000,729,600 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag) DRV - [2004/02/13 10:46:00 | 000,017,153 | ---- | M] (Dell Inc) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\omci.sys -- (omci) DRV - [2003/04/24 16:21:50 | 000,006,025 | ---- | M] (Broadcom Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\BASFND.sys -- (BASFND) DRV - [2000/07/24 00:01:00 | 000,019,537 | ---- | M] (Brother Industries Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\BrPar.sys -- (BrPar) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = Dell - The Official Site | Dell UK IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Orange : téléphones, forfaits, Internet, actualité, sport, video IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "Yahoo" FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=302398" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.startup.homepage: "www.google.fr" FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0 FF - prefs.js..keyword.URL: "http://fr.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=302398&p=" FF - HKLM\software\mozilla\Mozilla Firefox 3.5.16\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/01/11 09:15:45 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.5.16\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/01/11 09:15:45 | 000,000,000 | ---D | M] [2010/08/02 09:04:31 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\accueil-1\Application Data\Mozilla\Extensions [2010/08/02 09:04:31 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\accueil-1\Application Data\Mozilla\Firefox\Profiles\zcz0l53h.default\extensions [2011/01/12 09:38:46 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions [2009/03/04 15:52:16 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF [2011/01/11 09:15:29 | 000,001,516 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-france.xml [2011/01/11 09:15:29 | 000,001,822 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\cnrtl-tlfi-fr.xml [2011/01/11 09:15:29 | 000,000,757 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-france.xml [2006/09/10 12:35:08 | 000,000,748 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\MediaDICO-fr.xml [2011/01/11 09:15:30 | 000,001,426 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-fr.xml [2011/01/11 09:15:30 | 000,000,652 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-france.xml O1 HOSTS File: ([2004/08/05 12:00:00 | 000,000,790 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\ievkbd.dll (Kaspersky Lab) O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O3 - HKLM\..\Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - No CLSID value found. O4 - HKLM..\Run: [AVP] C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe (Kaspersky Lab) O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [sunJavaUpdateSched] C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe (Sun Microsystems, Inc.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O9 - Extra Button: Statistiques de la protection du trafic Internet - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\SCIEPlgn.dll (Kaspersky Lab) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11) O16 - DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} Java Plug-in Technology (Java Plug-in 1.4.2_03) O16 - DPF: {CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_02-windows-i586.cab (Java Plug-in 1.5.0_02) O16 - DPF: {CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_04-windows-i586.cab (Java Plug-in 1.5.0_04) O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab (Java Plug-in 1.5.0_06) O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab (Java Plug-in 1.6.0_02) O16 - DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab (Java Plug-in 1.6.0_04) O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O16 - DPF: {E6ACF817-0A85-4EBE-9F0A-096C6488CFEA} http://support.jvs.fr/inquiero/mod/setup/ntractivex118_24.cab (NTR ActiveX 1.1. O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Fichiers communs\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Fichiers communs\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation) O20 - AppInit_DLLs: (C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll) - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\mzvkbd3.dll (Kaspersky Lab) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - Winlogon\Notify\klogon: DllName - C:\WINDOWS\system32\klogon.dll - C:\WINDOWS\system32\klogon.dll (Kaspersky Lab) O24 - Desktop Components:0 (Ma page d'accueil) - About:Home O24 - Desktop WallPaper: C:\Documents and Settings\accueil-1\Local Settings\Application Data\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: C:\Documents and Settings\accueil-1\Local Settings\Application Data\Microsoft\Wallpaper1.bmp O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2005/10/18 14:31:57 | 000,000,560 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* NetSvcs: 6to4 - File not found NetSvcs: HidServ - C:\WINDOWS\System32\hidserv.dll File not found NetSvcs: Ias - File not found NetSvcs: Iprip - File not found NetSvcs: Irmon - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: WmdmPmSp - File not found Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation) Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.) Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.) Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.) Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll () Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll () Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation) Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation) CREATERESTOREPOINT Restore point Set: OTL Restore Point (17465059307421696) ========== Files/Folders - Created Within 30 Days ========== [2011/01/12 11:16:16 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\accueil-1\Bureau\OTL.exe [2011/01/12 10:13:28 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\accueil-1\Recent [2011/01/12 09:20:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood [2011/01/11 16:21:41 | 000,000,000 | R--D | C] -- G:\Ma musique [2011/01/07 13:47:43 | 000,000,000 | R--D | C] -- C:\Documents and Settings\accueil-1\Menu Démarrer\Programmes\Outils d'administration [2011/01/07 10:52:28 | 000,000,000 | ---D | C] -- C:\Program Files\RegScrubXP [2011/01/07 10:18:15 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner [2011/01/07 09:25:30 | 000,000,000 | ---D | C] -- G:\Téléchargements [2011/01/07 09:15:53 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss [2011/01/07 09:13:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\accueil-1\Application Data\Malwarebytes [2010/12/15 09:54:51 | 000,040,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ndproxy.sys [2010/12/15 09:51:49 | 000,045,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wab.exe [4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [1 G:\*.tmp files -> G:\*.tmp -> ] [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2011/01/12 11:17:02 | 000,879,047 | ---- | M] () -- C:\Documents and Settings\accueil-1\Bureau\SecurityCheck.exe [2011/01/12 11:16:35 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\accueil-1\Bureau\OTL.exe [2011/01/12 09:05:55 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2011/01/12 09:05:53 | 000,253,748 | ---- | M] () -- C:\WINDOWS\System32\NvApps.xml [2011/01/12 09:05:11 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2011/01/11 17:19:06 | 013,287,712 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox.dat [2011/01/11 17:19:06 | 001,006,112 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox2.dat [2011/01/11 17:19:06 | 000,180,056 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox.idx [2011/01/11 17:19:06 | 000,097,484 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox2.idx [2011/01/11 17:02:19 | 001,676,554 | ---- | M] () -- G:\Sans titre.bmp [2011/01/11 14:45:49 | 000,002,183 | ---- | M] () -- C:\Documents and Settings\accueil-1\.recently-used.xbel [2011/01/11 09:23:40 | 000,000,212 | -HS- | M] () -- C:\boot.ini [2010/12/30 16:29:51 | 000,019,456 | ---- | M] () -- G:\Doc1.doc [2010/12/20 18:09:00 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys [2010/12/20 18:08:40 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2010/12/17 11:41:59 | 000,279,744 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2010/12/15 11:04:52 | 000,029,696 | ---- | M] () -- G:\Classeur1.xls!!.xls [4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [1 G:\*.tmp files -> G:\*.tmp -> ] [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files Created - No Company Name ========== [2011/01/12 11:17:00 | 000,879,047 | ---- | C] () -- C:\Documents and Settings\accueil-1\Bureau\SecurityCheck.exe [2011/01/11 17:02:18 | 001,676,554 | ---- | C] () -- G:\Sans titre.bmp [2011/01/11 14:45:49 | 000,002,183 | ---- | C] () -- C:\Documents and Settings\accueil-1\.recently-used.xbel [2010/12/30 16:29:51 | 000,019,456 | ---- | C] () -- G:\Doc1.doc [2010/12/14 17:03:06 | 000,029,696 | ---- | C] () -- G:\Classeur1.xls!!.xls [2010/10/13 12:41:58 | 000,008,704 | ---- | C] () -- C:\Documents and Settings\accueil-1\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010/10/07 09:13:22 | 000,116,224 | ---- | C] () -- C:\WINDOWS\System32\pdfcmnnt.dll [2010/06/21 14:13:34 | 000,000,332 | ---- | C] () -- C:\WINDOWS\System32\CNCMFP23.INI [2010/06/17 08:31:08 | 000,000,043 | ---- | C] () -- C:\WINDOWS\gswin32.ini [2010/06/15 10:06:33 | 000,000,137 | ---- | C] () -- C:\Documents and Settings\accueil-1\Local Settings\Application Data\fusioncache.dat [2009/01/02 14:01:32 | 000,059,392 | ---- | C] () -- C:\WINDOWS\System32\Vbis4032.dll [2008/10/29 10:10:06 | 000,000,075 | ---- | C] () -- C:\WINDOWS\Navigma.INI [2007/11/19 17:32:33 | 000,000,344 | ---- | C] () -- C:\WINDOWS\DcmLtBox.ini [2007/10/10 12:06:06 | 000,000,468 | ---- | C] () -- C:\WINDOWS\WMCONNEX.INI [2006/11/23 16:31:33 | 000,000,754 | ---- | C] () -- C:\WINDOWS\wordpad.INI [2006/08/16 10:06:07 | 000,000,020 | ---- | C] () -- C:\WINDOWS\version.ini [2006/01/19 08:57:04 | 000,000,300 | ---- | C] () -- C:\WINDOWS\MdFdm.ini [2005/07/19 14:04:08 | 000,000,055 | ---- | C] () -- C:\WINDOWS\brqikmon.ini [2005/07/19 14:04:08 | 000,000,040 | ---- | C] () -- C:\WINDOWS\opt_1850.ini [2005/05/27 08:57:43 | 000,000,040 | ---- | C] () -- C:\WINDOWS\BO6050.INI [2005/05/19 11:06:03 | 000,000,000 | ---- | C] () -- C:\WINDOWS\VPC32.INI [2005/05/19 09:11:14 | 000,000,038 | ---- | C] () -- C:\WINDOWS\WinDev.ini [2005/05/13 09:12:13 | 000,000,098 | ---- | C] () -- C:\WINDOWS\brmx2001.ini [2005/05/13 09:12:13 | 000,000,026 | ---- | C] () -- C:\WINDOWS\Brownie.ini [2005/05/13 09:12:13 | 000,000,023 | ---- | C] () -- C:\WINDOWS\BRDIAG.INI [2005/05/13 09:12:13 | 000,000,011 | ---- | C] () -- C:\WINDOWS\BRVIDEO.INI [2005/05/13 09:12:13 | 000,000,000 | ---- | C] () -- C:\WINDOWS\bw6050.ini [2005/05/13 09:12:11 | 000,026,624 | ---- | C] () -- C:\WINDOWS\System32\BRGSRC32.DLL [2005/05/13 09:12:11 | 000,004,608 | ---- | C] () -- C:\WINDOWS\System32\BRGSRC16.DLL [2005/05/13 09:12:02 | 000,000,462 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI [2005/05/13 09:12:02 | 000,000,038 | ---- | C] () -- C:\WINDOWS\BRPP2KA.INI [2005/05/13 09:12:02 | 000,000,030 | ---- | C] () -- C:\WINDOWS\System32\brss01a.ini [2005/05/12 15:03:12 | 000,000,150 | ---- | C] () -- C:\WINDOWS\jedit.ini [2005/05/12 14:13:19 | 000,000,110 | ---- | C] () -- C:\WINDOWS\WD.INI [2005/04/19 20:43:34 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini [2005/04/19 20:35:03 | 000,000,794 | ---- | C] () -- C:\WINDOWS\ODBC.INI [2005/04/19 20:15:46 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\ati2evxx.dll [2005/04/19 20:15:32 | 000,000,446 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI [2004/08/19 13:27:50 | 000,000,821 | ---- | C] () -- C:\WINDOWS\orun32.ini [2004/08/19 13:14:48 | 000,003,712 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini [2004/08/19 13:10:38 | 000,004,205 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI [2003/04/01 10:58:02 | 000,005,260 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI [1999/07/30 07:24:34 | 000,000,218 | ---- | C] () -- C:\WINDOWS\oraodbc.ini ========== Custom Scans ========== < %SYSTEMDRIVE%\*.* > [2005/10/18 14:31:57 | 000,000,560 | ---- | M] () -- C:\AUTOEXEC.BAT [2011/01/11 09:23:40 | 000,000,212 | -HS- | M] () -- C:\boot.ini [2004/08/19 18:36:32 | 000,004,952 | RHS- | M] () -- C:\Bootfont.bin [2004/08/19 13:18:18 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS [2005/04/19 20:17:24 | 000,003,749 | RH-- | M] () -- C:\dell.sdr [2005/10/19 13:35:59 | 000,004,128 | ---- | M] () -- C:\INFCACHE.1 [2004/08/19 13:18:18 | 000,000,000 | -H-- | M] () -- C:\IO.SYS [2004/08/19 13:18:18 | 000,000,000 | -H-- | M] () -- C:\MSDOS.SYS [2007/04/17 17:23:12 | 000,001,206 | ---- | M] () -- C:\nagent_log.txt [2004/08/19 18:43:49 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM [2009/03/04 16:08:33 | 000,252,240 | RHS- | M] () -- C:\ntldr [2011/01/12 09:05:05 | 805,306,368 | -HS- | M] () -- C:\pagefile.sys [1997/06/30 09:31:00 | 000,000,035 | ---- | M] () -- C:\PL.BAT < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > [2008/04/14 03:33:24 | 000,380,445 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\expsrv.dll [2004/08/19 18:42:33 | 001,355,776 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\msvbvm50.dll [2008/04/14 03:33:33 | 001,384,479 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\msvbvm60.dll [2008/04/14 03:33:33 | 000,413,696 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\msvcp60.dll [1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ] < %systemroot%\Tasks\*.job /lockedfiles > < %systemroot%\System32\config\*.sav > [2005/10/19 15:31:20 | 000,262,144 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav [2005/10/19 13:19:40 | 000,262,144 | ---- | M] () -- C:\WINDOWS\system32\config\security.sav [2005/10/19 15:31:20 | 019,660,800 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav [2005/10/19 15:31:20 | 003,670,016 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav < %systemroot%\system32\drivers\*.sys /90 > [2010/12/20 18:08:40 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\system32\drivers\mbam.sys [2010/12/20 18:09:00 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys [2010/11/02 16:17:02 | 000,040,960 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\ndproxy.sys < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU > < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs > HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2011-01-07 08:42:06 < End of report > Extras : OTL Extras logfile created on: 12/01/2011 12:55:18 - Run 1 OTL by OldTimer - Version 3.2.20.1 Folder = C:\Documents and Settings\accueil-1\Bureau Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 7.0.5730.13) Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy 510,00 Mb Total Physical Memory | 117,00 Mb Available Physical Memory | 23,00% Memory free 1,00 Gb Paging File | 1,00 Gb Available in Paging File | 65,00% Paging File free Paging file location(s): c:\pagefile.sys 768 1536 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 74,42 Gb Total Space | 46,30 Gb Free Space | 62,22% Space Free | Partition Type: NTFS Drive G: | 189,91 Gb Total Space | 85,46 Gb Free Space | 45,00% Space Free | Partition Type: NTFS Drive Z: | 74,43 Gb Total Space | 67,23 Gb Free Space | 90,33% Space Free | Partition Type: NTFS Computer Name: ACCUEIL1 | User Name: accueil-1 | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation) scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "FirstRunDisabled" = 1 "UpdatesDisableNotify" = 0 "AntiVirusOverride" = 0 "FirewallOverride" = 0 "AntiVirusDisableNotify" = 0 "FirewallDisableNotify" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall] ========== System Restore Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore] "DisableSR" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr] "Start" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService] "Start" = 2 ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall" = 0 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List] "139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004 "445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005 "137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001 "138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002 "15000:UDP" = 15000:UDP:LocalSubNet:Enabled:Kaspersky Administration Kit "1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007 "2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 "DoNotAllowExceptions" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] "139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004 "445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005 "137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001 "138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002 "15000:UDP" = 15000:UDP:LocalSubNet:Enabled:Kaspersky Administration Kit "1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007 "2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008 ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator "{0011040C-78E1-11D2-B60F-006097C998E7}" = Microsoft Excel 2000 "{0017040C-78E1-11D2-B60F-006097C998E7}" = Microsoft Word 2000 "{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI Control Panel "{132CA5D9-C745-4B0B-A3B2-8C7A6EC3EE7E}" = Canon MF Toolbox 4.9.1.1.mf03 "{172423F9-522A-483A-AD65-03600CE4CA4F}" = Microsoft Works 6-9 Converter "{1E0FF527-971B-4BBF-83D1-987E8DEE437D}" = OpenOffice.org 2.4 "{239A8D60-270B-42e8-82D3-60D70A2942E0}" = Séries MF4100 de Canon "{25D24E84-64A9-40D2-85CF-540B1C4A6D52}" = Broadcom ASF Management Applications "{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java 6 Update 11 "{2E086814-7392-4E0F-ADB8-54A81E47406C}" = Broadcom Advanced Control Suite 2 "{3248F0A8-6813-11D6-A77B-00B0D0150020}" = J2SE Runtime Environment 5.0 Update 2 "{3248F0A8-6813-11D6-A77B-00B0D0150040}" = J2SE Runtime Environment 5.0 Update 4 "{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6 "{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java 6 Update 2 "{3248F0A8-6813-11D6-A77B-00B0D0160040}" = Java 6 Update 4 "{350C940c-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{6580C5A3-2336-4EC5-85F1-3448C5F6208A}" = Kaspersky Anti-Virus 2009 "{66563AD8-637B-407F-BCA7-0233A16891AB}" = Gestionnaire de contacts professionnels pour Outlook 2003 "{7148F0A8-6813-11D6-A77B-00B0D0142030}" = Java 2 Runtime Environment, SE v1.4.2_03 "{73F1BDB7-11E1-11D5-9DC6-00C04F2FC33B}" = OMCI "{7C72AAB5-8A7D-4882-950C-A1F26A949DA3}" = Kaspersky Network Agent "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{90120000-0020-040C-0000-0000000FF1CE}" = Module de compatibilité pour Microsoft Office System 2007 "{91CA040C-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Small Business Edition 2003 "{9A394342-4A68-4EBA-85A6-55B559F4E700}" = Microsoft .NET Framework 1.1 French Language Pack "{AC76BA86-7AD7-1036-7B44-A81200000003}" = Adobe Reader 8.1.2 - Français "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1 "{D78653C3-A8FF-415F-92E6-D774E634FF2D}" = Dell ResourceCD "{DD929BD3-5D41-4407-BE04-119B4A631869}" = Canon MF Toolbox 4.9.1.1.mf03 "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "ATI Display Driver" = ATI Display Driver "CCleaner" = CCleaner "GPL Ghostscript 8.61" = GPL Ghostscript 8.61 "GPL Ghostscript Fonts" = GPL Ghostscript Fonts "IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs "ie7" = Windows Internet Explorer 7 "InstallShield_{25D24E84-64A9-40D2-85CF-540B1C4A6D52}" = Broadcom ASF Management Applications "InstallShield_{2E086814-7392-4E0F-ADB8-54A81E47406C}" = Broadcom Advanced Control Suite 2 "InstallShield_{7C72AAB5-8A7D-4882-950C-A1F26A949DA3}" = Kaspersky Network Agent "InstallWIX_{6580C5A3-2336-4EC5-85F1-3448C5F6208A}" = Kaspersky Anti-Virus 2009 "IrfanView" = IrfanView (remove only) "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1 "Mozilla Firefox (3.5.16)" = Mozilla Firefox (3.5.16) "NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs "NVIDIA Drivers" = NVIDIA Drivers "RegScrubXP_is1" = RegScrubXP 3.25 "Scribus 1.3.3.14" = Scribus 1.3.3.14 "SuperCopier2" = SuperCopier2 "Utilitaires LAN-Fax" = Utilitaires LAN-Fax "VLC media player" = VLC media player 1.0.5 "Votre Généalogie" = Votre Généalogie "Windows XP Service" = Windows XP Service Pack 3 "WinGimp-2.0_is1" = GIMP 2.6.8 ========== Last 10 Event Log Errors ========== [ Application Events ] Error - 16/11/2010 06:47:35 | Computer Name = ACCUEIL1 | Source = Application Hang | ID = 1002 Description = Application bloquée iexplore.exe, version 7.0.6000.17091, module bloqué hungapp, version 0.0.0.0, adresse de blocage 0x00000000. Error - 23/11/2010 12:41:14 | Computer Name = ACCUEIL1 | Source = Application Hang | ID = 1002 Description = Application bloquée EXCEL.EXE, version 11.0.8328.0, module bloqué hungapp, version 0.0.0.0, adresse de blocage 0x00000000. Error - 25/11/2010 10:52:22 | Computer Name = ACCUEIL1 | Source = Application Hang | ID = 1002 Description = Application bloquée iexplore.exe, version 7.0.6000.17091, module bloqué hungapp, version 0.0.0.0, adresse de blocage 0x00000000. Error - 04/12/2010 11:58:29 | Computer Name = ACCUEIL1 | Source = Application Hang | ID = 1002 Description = Application bloquée WINWORD.EXE, version 9.0.0.2823, module bloqué hungapp, version 0.0.0.0, adresse de blocage 0x00000000. Error - 10/12/2010 12:23:43 | Computer Name = ACCUEIL1 | Source = Application Hang | ID = 1002 Description = Application bloquée Scribus.exe, version 1.3.3.14, module bloqué hungapp, version 0.0.0.0, adresse de blocage 0x00000000. Error - 15/12/2010 12:00:11 | Computer Name = ACCUEIL1 | Source = Application Hang | ID = 1002 Description = Application bloquée WINWORD.EXE, version 9.0.0.2823, module bloqué hungapp, version 0.0.0.0, adresse de blocage 0x00000000. Error - 05/01/2011 10:44:30 | Computer Name = ACCUEIL1 | Source = crypt32 | ID = 131083 Description = Échec de l'extraction de la liste racine tierce partie depuis le fichier CAB de mise à jour automatique à : <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> avec l'erreur : Données non valides. Error - 11/01/2011 12:08:41 | Computer Name = ACCUEIL1 | Source = Application Hang | ID = 1002 Description = Application bloquée iexplore.exe, version 7.0.6000.17093, module bloqué hungapp, version 0.0.0.0, adresse de blocage 0x00000000. [ Kaspersky Event Log Events ] Error - 20/04/2007 03:41:35 | Computer Name = P_ACCUEIL01 | Source = klnagent | ID = 1 Description = RtpState replication failed Product ='KAVWKS6' Version ='6.0.0.0' Error information: 1186/0 (Object not found), O:\PPP\Connector\cnt_csc.cpp, 134 [ System Events ] Error - 05/11/2010 06:05:14 | Computer Name = ACCUEIL1 | Source = BROWSER | ID = 8032 Description = Le service Explorateur d'ordinateur a rencontré un nombre d'échecs trop important en essayant de retrouver la copie de sauvegarde de la liste sur le transport \Device\NetBT_Tcpip_{3E72BDB7-8A0B-4E98-AED4-6375B68A64CE}. L'explorateur secondaire s'arrête. Error - 07/12/2010 19:43:48 | Computer Name = ACCUEIL1 | Source = BROWSER | ID = 8032 Description = Le service Explorateur d'ordinateur a rencontré un nombre d'échecs trop important en essayant de retrouver la copie de sauvegarde de la liste sur le transport \Device\NetBT_Tcpip_{3E72BDB7-8A0B-4E98-AED4-6375B68A64CE}. L'explorateur secondaire s'arrête. Error - 07/01/2011 04:44:08 | Computer Name = ACCUEIL1 | Source = Windows Update Agent | ID = 20 Description = Échec de l'installation : l'installation de la mise à jour suivante a échoué avec l'erreur 0x80070643 : Internet Explorer 8 pour Windows XP :. Error - 07/01/2011 08:18:23 | Computer Name = ACCUEIL1 | Source = Service Control Manager | ID = 7034 Description = Le service Application Updater s'est terminé de façon inattendue pour la 1ème fois. Error - 07/01/2011 08:50:07 | Computer Name = ACCUEIL1 | Source = Service Control Manager | ID = 7026 Description = Le pilote de démarrage système ou d'amorçage suivant n'a pas pu se charger : IntelIde Error - 11/01/2011 04:14:27 | Computer Name = ACCUEIL1 | Source = W32Time | ID = 39452689 Description = Fournisseur de temps NtpClient : une erreur s'est produite lors de la recherche DNS de l'homologue manuellement configuré 'time.windows.com,0x1'. NtpClient va essayer à nouveau la recherche DNS dans 15 minutes. L'erreur était : Une opération a été tentée sur un hôte impossible à atteindre. (0x80072751) Error - 11/01/2011 04:14:28 | Computer Name = ACCUEIL1 | Source = W32Time | ID = 39452701 Description = Le fournisseur de temps NtpClient est configuré pour acquérir le temps à partir d'une ou plusieurs sources de temps, cependant aucune source n'est actuellement accessible. Aucune tentative pour en contacter une ne sera effectuée d'ici 14 minutes. NtpClient n'a pas de source de temps précis. Error - 11/01/2011 04:14:44 | Computer Name = ACCUEIL1 | Source = W32Time | ID = 39452689 Description = Fournisseur de temps NtpClient : une erreur s'est produite lors de la recherche DNS de l'homologue manuellement configuré 'time.windows.com,0x1'. NtpClient va essayer à nouveau la recherche DNS dans 15 minutes. L'erreur était : Une opération a été tentée sur un hôte impossible à atteindre. (0x80072751) Error - 11/01/2011 04:14:44 | Computer Name = ACCUEIL1 | Source = W32Time | ID = 39452701 Description = Le fournisseur de temps NtpClient est configuré pour acquérir le temps à partir d'une ou plusieurs sources de temps, cependant aucune source n'est actuellement accessible. Aucune tentative pour en contacter une ne sera effectuée d'ici 14 minutes. NtpClient n'a pas de source de temps précis. < End of report > Et SecurityCheck : Results of screen317's Security Check version 0.99.8 Windows XP Service Pack 3 Internet Explorer 7 Out of date! `````````````````````````````` Antivirus/Firewall Check: Kaspersky Anti-Virus 2009 WMI entry may not exist for antivirus; attempting automatic update. ``````````````````````````````` Anti-malware/Other Utilities Check: Malwarebytes' Anti-Malware CCleaner Java 6 Update 11 Java 6 Update 2 Java 6 Update 4 Java 2 Runtime Environment, SE v1.4.2_03 Out of date Java installed! Adobe Flash Player 10.0.32.18 Adobe Reader 8.1.2 - Français Adobe Reader 8.1.2 Security Update 1 (KB403742) Out of date Adobe Reader installed! Mozilla Firefox (3.5.16) Firefox Out of Date! ```````````````````````````````` Process Check: objlist.exe by Laurent Kaspersky Lab NetworkAgent klnagent.exe ``````````End of Log````````````

Merci de m'aider ! C'est super sympa ! Voici donc les rapports : MBAM : Malwarebytes' Anti-Malware 1.50.1.1100 www.malwarebytes.org Version de la base de données: 5506 Windows 5.1.2600 Service Pack 3 Internet Explorer 7.0.5730.13 12/01/2011 11:38:41 mbam-log-2011-01-12 (11-38-41).txt Type d'examen: Examen rapide Elément(s) analysé(s): 142692 Temps écoulé: 6 minute(s), 4 seconde(s) Processus mémoire infecté(s): 0 Module(s) mémoire infecté(s): 0 Clé(s) du Registre infectée(s): 0 Valeur(s) du Registre infectée(s): 0 Elément(s) de données du Registre infecté(s): 0 Dossier(s) infecté(s): 0 Fichier(s) infecté(s): 0 Processus mémoire infecté(s): (Aucun élément nuisible détecté) Module(s) mémoire infecté(s): (Aucun élément nuisible détecté) Clé(s) du Registre infectée(s): (Aucun élément nuisible détecté) Valeur(s) du Registre infectée(s): (Aucun élément nuisible détecté) Elément(s) de données du Registre infecté(s): (Aucun élément nuisible détecté) Dossier(s) infecté(s): (Aucun élément nuisible détecté) Fichier(s) infecté(s): (Aucun élément nuisible détecté)

Bonjour à tous ! Je viens de récupérer un nouveau PC au boulot et il est extrêmement lent... MSN (que je voudrais supprimer car je ne l'utilise pas) a été installé mais certainement mal effacé et il apparaît constamment au démarrage du PC. Pas moyen de l'enlever malgré une désactivation dans msconfig... Des malwares ont été détectés par Malwarebytes mais encore une fois, impossible des les supprimer...Bref, il est lent comme pas possible, il bug et il est tout sauf propre... Je cherche donc le ou la sauveur/(se) qui acceptera d'aider la super noob que je suis et qui m'évitera de formater... Merci d'avance !