Problème ZoneAlarm Security (Résolu)

[saxaphone]

Bonjour,

 

je reviens sur ce forum, suite à la demande de Tonton57, qui n'a pas pu, malgré son aide précieuse, résoudre mon problème.

 

ci-dessous le lien vers le sujet:

http://forum.zebulon.fr/findpost-t186344-p1561355.html

 

merci d'avance de votre aide.

 

A+ Saxaphone

Modifié le 15 juillet 2011 par saxaphone

[lance_yien]

Bonjour saxaphone,

 

---

Très Important!

 

>>> A faire immédiatement:

- En haut de ce message cliquer sur le bouton "Suivre ce sujet", en choisissant "Notification immédiate" => "Soumettre" tu seras avisé en temps réel pour les réponses apportées à ton sujet et de ce fait, ta machine sera nettoyée dans les meilleurs délais.

Si à la place du bouton "Suivre ce sujet" tu as "Arrêter de suivre ce sujet", c'est que les réglages ont déjà été faits.

- Sauvegarder (en copiant) tous les documents personnels sur un support autre que la partition système: Clé USB, CD/DVD, Disque Dur externe etc.

 

>>> Que faire durant ce nettoyage: Merci de NE PAS utiliser, installer et/ou désinstaller aucun programme à part ceux qui sont proposés à chaque étape ce qui a pour but d'éviter tout problème d'incompatibilité entre les outils.

 

>>> Que faire à la réception de nouvelles instructions:

• Lire la totalité du message.
  
• Certains programmes peuvent créer des problèmes s'ils ne sont pas lancés depuis le Bureau. Aussi, il est demandé de les télécharger et enregistrer DIRECTEMENT sur le Bureau (ou les déplacer avant utilisation par un clic-droit dessus => "Couper" puis clic-droit sur le Bureau => "Coller").
  
• Prendre l'habitude de désactiver tous les programmes de protection au début de chaque nouvelle étape et de les réactiver à la fin.
  
• Procéder toujours dans l'ordre donné et demander des clarifications si nécessaire AVANT de commencer.
  
• NE PAS hésiter à commenter et signaler tout changement (en bien ou en mal) dans le comportement de la machine ou par rapport au problème initial.
  

>>> Comment répondre:

- Cliquer sur le bouton (et non sur car je n'ai pas besoin de relire mes messages précédents).

- Coller le contenu des rapports SANS y ajouter AUCUN formatage de texte (en citation, code, couleur etc...).

 

>>> Ne pas abandonner son sujet avant d'avoir été informé(e) que tout est OK.

---

 

Imprimer ces instructions ou les enregistrer dans un fichier texte sur le Bureau pour les consulter facilement à tout moment et redémarrer la machine en tapotant continuellement la touche F8 ou F5, choisir "Mode sans échec avec prise en charge réseau" en (avec les touches Haut/Bas) et presser la touche "Entrée".

 

Télécharger, sur le Bureau:

• ComboFix© (par sUBs) depuis ici ou ici
• Rkill (par Grinler) depuis un de ces liens:
  
  • Rkill.exe
    
  • Rkill.com
    
  • Rkill.scr

 

>>> Utiliser Rkill: Double-cliquer sur le fichier Rkill. Son seul rôle est de désactiver (jusqu'au nouveau démarrage du PC) certains processus de malware pour débloquer l'utilisation des programmes de désinfection.

- Si le 1er fichier télécharger ne fonctionne pas en essayer un autre.

- Si pour une raison quelconque le PC doit être redémarré avant la fin de ces étapes, accepter et relancer RKill de nouveau.

- Je n'ai pas besoin de voir le rapport qu'il produit.

 

>>> Utiliser ComboFix: Fermer toutes les applications et fenêtres ouvertes, désactiver antivirus/ pare-feu/ antispyware et cliquer ComboFix.exe. Suivre les instructions.

Accepter l'Agrément de la licence et l'installation de la Console de Récupération (proposée sous XP si pas installée).

NE PAS TOUCHER la machine avant la fin (même si les choses semblent ne pas avancer). Et ça peut rester figé très longtemps. Peu importe la couleur de l'écran, PATIENTER.

Quand c'est fini, un rapport (ComboFix.txt) s'affiche. Il est sauvegardé, automatiquement, à la racine de la partition système (généralement C:\)

Poster son contenu.

 

 

Rapports demandés:

• ComboFix.txt

Un changement quelconque?

[saxaphone]

Bonjour Lance_yien

 

Désolé pour ma réponse tardive, mais comme je te l'ai dit, beaucoup de boulot & pas vraiment de temps à consacrer à mon problème d'ordinateur, j'ai enfin pu faire ce que tu m'a demandé.

 

j'ai télécharger les trois version de Rkill, ainsi que Combofix depuis tes liens sur mon bureau.

 

j'ai redémarré en mode sans échec avec prise en charge du réseau.

 

J'ai lancé Rkill.com et à la fin je n'avais plus d’icônes sur le bureau mais j'ai lancé Combofix depuis le gestionnaire de tache.

 

une console s'ouvre mais à la fin, il m'est dit qu'il faut que je désinstalle mon anti virus AVG car Combofix ne fonctionne pas avec AVG installé sur l'ordi.

 

Dois-je réellement désinstaller AVG ? et est-ce normale de ne plus avoir aucun icônes, ni la barre de démarrage après avoir lancé Rkill ?

 

merci d'avance & A+

 

Saxaphone

[lance_yien]

Bonjour,

 

Oui, il ne sont pas bien copains tous les deux

 

Pour désinstaller AVG proprement, utiliser AppRemover ( Cliquer sur "Download now" dans la nouvelle page).

décocher "Enable anonymous usage statistic".

Redémarrer la machine.

Ensuite exécuter ComboFix comme indiqué dans mon post précédent (en Mode normal et sans RKill si ça passe).

 

Avant de poster son rapport, imprimer ces instructions ou les enregistrer dans un fichier texte sur le Bureau pour les consulter facilement à tout moment et télécharger, sur le Bureau Security Check (par screen317) depuis ici ou ici.

Fermer tout et double-cliquer sur "SecurityCheck.exe" (Vista/W7, cliquer-droit dessus => "Exécuter en tant qu'administrateur") pour lancer le programme.

Appuyer sur une touche comme demandé et suivre les indications.

Note: Si un des programmes de sécurité demande la permission d'accéder à Internet depuis dig.exe, acceptez.

Le Rapport checkup.txt s'ouvre à la fin. Poster son contenu.

Ce rapport ne sera pas enregistré automatiquement. Si vous voulez en garder une copie, cliquez sur "Fichier" => "Enregistrer sous", choisissez un endroit (Bureau par exemple) et cliquez sur "Enregistrer" en bas à droite.

Poster son contenu avec celui de ComboFix.

 

Ne réinstalle pas AVG tout de suite on pourrait avoir besoin de ComboFix encore. Va doucement sur le Net en attendant.

Modifié le 10 juillet 2011 par lance_yien

[saxaphone]

Bonsoir Lace_yien,

 

j'ai désinstallé AVG 2011, mais j'avais des reste de AVG 2010, que j'ai du virer manuellement + CCleaner et Regseeker pour nettoyer la base de registre de AVG.

 

Combofix ok, rapport ci-dessous:

 

ComboFix 11-07-07.06 - Saxo 11/07/2011 22:07:06.1.2 - x86

Lancé depuis: c:\documents and settings\Saxo\Bureau\ComboFix.exe

.

.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\windows\system32\SysInfo.dll

.

.

((((((((((((((((((((((((((((( Fichiers créés du 2011-06-11 au 2011-07-11 ))))))))))))))))))))))))))))))))))))

.

.

2011-07-09 10:59 . 2011-07-09 10:59 -------- d-----w- c:\windows\Internet Logs

2011-07-02 14:43 . 2011-07-02 14:43 -------- d-----w- c:\documents and settings\Saxo\Local Settings\Application Data\WMTools Downloaded Files

2011-07-02 12:12 . 2011-07-02 12:12 -------- d-----w- c:\documents and settings\Saxo\Application Data\Malwarebytes

2011-07-02 12:12 . 2011-07-02 12:12 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

2011-07-02 12:12 . 2011-05-29 07:11 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-07-02 12:12 . 2011-07-02 12:12 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2011-07-02 12:12 . 2011-05-29 07:11 22712 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-07-02 10:59 . 2008-04-14 02:33 15360 ----a-w- c:\windows\system32\ctfmon.exe.backup

2011-07-02 10:53 . 2011-07-02 10:53 -------- d-----w- c:\program files\xp-AntiSpy

2011-07-01 17:52 . 2011-07-01 17:52 89048 ----a-w- c:\program files\Mozilla Firefox\libEGL.dll

2011-07-01 17:52 . 2011-07-01 17:52 465880 ----a-w- c:\program files\Mozilla Firefox\libGLESv2.dll

2011-07-01 17:52 . 2011-07-01 17:52 2106216 ----a-w- c:\program files\Mozilla Firefox\D3DCompiler_43.dll

2011-07-01 17:52 . 2011-07-01 17:52 1998168 ----a-w- c:\program files\Mozilla Firefox\d3dx9_43.dll

2011-07-01 17:52 . 2011-07-01 17:52 15832 ----a-w- c:\program files\Mozilla Firefox\mozalloc.dll

2011-07-01 17:52 . 2011-07-01 17:52 142296 ----a-w- c:\program files\Mozilla Firefox\components\browsercomps.dll

2011-07-01 17:52 . 2011-07-01 17:52 781272 ----a-w- c:\program files\Mozilla Firefox\mozsqlite3.dll

2011-07-01 17:52 . 2011-07-01 17:52 1850328 ----a-w- c:\program files\Mozilla Firefox\mozjs.dll

2011-06-29 16:23 . 2007-07-19 16:14 444776 ----a-w- c:\windows\system32\d3dx10_35.dll

2011-06-29 16:23 . 2007-07-19 16:14 1358192 ----a-w- c:\windows\system32\D3DCompiler_35.dll

2011-06-29 16:23 . 2007-07-19 16:14 3727720 ----a-w- c:\windows\system32\d3dx9_35.dll

2011-06-29 16:23 . 2007-05-16 14:45 443752 ----a-w- c:\windows\system32\d3dx10_34.dll

2011-06-29 16:23 . 2007-05-16 14:45 1124720 ----a-w- c:\windows\system32\D3DCompiler_34.dll

2011-06-29 16:23 . 2007-05-16 14:45 3497832 ----a-w- c:\windows\system32\d3dx9_34.dll

2011-06-29 16:23 . 2007-04-04 16:53 81768 ----a-w- c:\windows\system32\xinput1_3.dll

2011-06-29 16:20 . 2011-06-29 16:20 -------- d-----w- c:\program files\Electronic Arts

2011-06-29 16:19 . 2011-06-29 16:19 -------- d--h--r- c:\documents and settings\Saxo\Application Data\SecuROM

2011-06-29 16:19 . 2011-06-29 16:19 107888 ----a-w- c:\windows\system32\CmdLineExt.dll

2011-06-29 11:34 . 2011-06-29 11:34 -------- d-----w- c:\program files\Ad-Remover

2011-06-19 09:18 . 2011-06-19 09:18 -------- d-----w- c:\program files\VS Revo Group

2011-06-15 07:11 . 2011-06-15 07:15 -------- d-----w- c:\windows\SxsCaPendDel

2011-06-15 07:08 . 2011-04-21 13:37 105472 -c----w- c:\windows\system32\dllcache\mup.sys

2011-06-15 07:08 . 2011-04-29 19:07 852480 -c----w- c:\windows\system32\dllcache\vgx.dll

2011-06-14 09:24 . 2011-06-14 09:24 -------- d-----w- c:\program files\Fichiers communs\Java

2011-06-13 07:28 . 2011-06-13 07:28 -------- d-----w- c:\windows\Sun

2011-06-13 07:27 . 2011-05-04 02:52 476904 ----a-w- c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll

2011-06-13 07:27 . 2011-05-04 02:52 472808 ----a-w- c:\windows\system32\deployJava1.dll

2011-06-13 07:27 . 2011-05-04 00:25 73728 ----a-w- c:\windows\system32\javacpl.cpl

2011-06-13 07:27 . 2011-06-14 09:24 -------- d-----w- c:\program files\Java

2011-06-12 18:09 . 2011-06-12 18:09 -------- d-----w- c:\documents and settings\Saxo\Application Data\Media Player Classic

2011-06-12 15:11 . 2011-06-25 11:07 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-06-12 10:21 . 2011-07-11 19:35 -------- d-----w- c:\documents and settings\Saxo\Local Settings\Application Data\Temp

.

.

.

(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-05-02 15:31 . 2011-05-21 12:43 692736 ----a-w- c:\windows\system32\inetcomm.dll

2011-04-29 17:25 . 2002-08-29 09:44 151552 ----a-w- c:\windows\system32\schannel.dll

2011-04-29 16:19 . 2002-08-28 23:59 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys

2011-04-25 14:47 . 2006-06-23 11:28 671232 ----a-w- c:\windows\system32\wininet.dll

2011-04-25 14:47 . 2004-08-19 23:09 81920 ------w- c:\windows\system32\ieencode.dll

2011-04-25 14:47 . 2001-08-28 14:00 61952 ----a-w- c:\windows\system32\tdc.ocx

2011-04-25 14:42 . 2004-08-19 22:56 371200 ------w- c:\windows\system32\html.iec

2011-04-21 13:37 . 2002-08-29 00:12 105472 ----a-w- c:\windows\system32\drivers\mup.sys

2011-07-01 17:52 . 2011-07-01 17:52 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

.

.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

REGEDIT4

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2006-12-18 868352]

"Sunkist2k"="c:\program files\Multimedia Card Reader\shwicon2k.exe" [2004-08-06 135168]

"NvCplDaemon"="c:\windows\System32\NvCpl.dll" [2007-06-28 8466432]

"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2006-07-19 94208]

"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2006-07-19 94208]

.

c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\

Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2011-5-21 671744]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]

"NoSMMyPictures"= 0 (0x0)

"NoStartMenuMyMusic"= 0 (0x0)

"NoRecentDocsNetHood"= 0 (0x0)

"NoSimpleStartMenu"= 0 (0x0)

.

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]

"NoSMMyPictures"= 0 (0x0)

"NoStartMenuMyMusic"= 0 (0x0)

"NoRecentDocsNetHood"= 1 (0x1)

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG10\avgchsvx.exe /sync\0c:\progra~1\AVG\AVG10\avgrsx.exe /sync /restart

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]

"NvMediaCenter"=RUNDLL32.EXE c:\windows\System32\NvMcTray.dll,NvTaskbarInit

"SoundMAX"="c:\program files\Analog Devices\SoundMAX\Smax4.exe" /tray

"LVCOMSX"="c:\program files\Fichiers communs\Logitech\LComMgr\LVComSX.exe"

"nwiz"=nwiz.exe /install

"LogitechQuickCamRibbon"="c:\program files\Logitech\QuickCam\Quickcam.exe" /hide

"SunJavaUpdateSched"="c:\program files\Fichiers communs\Java\Java Update\jusched.exe"

"LogitechCommunicationsManager"="c:\program files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe"

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]

"DisableMonitoring"=dword:00000001

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

"c:\\Program Files\\Electronic Arts\\Crytek\\Crysis SP Demo\\Bin32\\Crysis.exe"=

.

R2 LBeepKE;LBeepKE;c:\windows\system32\drivers\LBeepKE.sys [21/05/2011 18:57 3712]

R3 SunkFilt62;Alcor Micro Corp - 6362;c:\windows\system32\drivers\sunkfilt62.sys [23/07/2004 14:55 46536]

S3 BANG;BANG;\??\c:\docume~1\Saxo\LOCALS~1\Temp\BANG.SYS --> c:\docume~1\Saxo\LOCALS~1\Temp\BANG.SYS [?]

S3 SunkFilt6;Alcor Micro Corp - 6360;\??\c:\windows\System32\Drivers\sunkfilt6.sys --> c:\windows\System32\Drivers\sunkfilt6.sys [?]

.

.

------- Examen supplémentaire -------

.

uStart Page = hxxp://www.free.fr/

IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000

LSP: %SYSTEMROOT%\system32\nvappfilter.dll

TCP: DhcpNameServer = 212.27.40.240 212.27.40.241

DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab

DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab

FF - ProfilePath - c:\documents and settings\Saxo\Application Data\Mozilla\Firefox\Profiles\uc4c2cpk.default\

FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=IEFM1&q=

FF - prefs.js: browser.search.selectedEngine - AVG Secure Search

FF - prefs.js: browser.startup.homepage - hxxp://www.free.fr

FF - prefs.js: keyword.URL - hxxp://search.avg.com/route/?d=4dd7dd66&v=7.005.030.004&i=23&tp=ab&iy=&ychte=fr&lng=fr&q=

.

- - - - ORPHELINS SUPPRIMES - - - -

.

WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover

Rootkit scan 2011-07-11 22:08

Windows 5.1.2600 Service Pack 3 NTFS

.

Recherche de processus cachés ...

.

Recherche d'éléments en démarrage automatique cachés ...

.

Recherche de fichiers cachés ...

.

Scan terminé avec succès

Fichiers cachés: 0

.

**************************************************************************

.

--------------------- CLES DE REGISTRE BLOQUEES ---------------------

.

[HKEY_USERS\S-1-5-21-57989841-115176313-725345543-1003\Software\Microsoft\SystemCertificates\AddressBook*]

@Allowed: (Read) (RestrictedCode)

@Allowed: (Read) (RestrictedCode)

.

[HKEY_USERS\S-1-5-21-57989841-115176313-725345543-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]

@Allowed: (Read) (RestrictedCode)

@Allowed: (Read) (RestrictedCode)

.

--------------------- DLLs chargées dans les processus actifs ---------------------

.

- - - - - - - > 'lsass.exe'(952)

c:\windows\system32\nvappfilter.dll

.

Heure de fin: 2011-07-11 22:09:33

ComboFix-quarantined-files.txt 2011-07-11 20:09

.

Avant-CF: 85 100 142 592 octets libres

Après-CF: 85 064 495 104 octets libres

.

WindowsXP-KB310994-SP2-Home-BootDisk-FRA.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

UnsupportedDebug="do not select this" /debug

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professionnel" /fastdetect /NoExecute=OptIn

.

- - End Of File - - 1D556BE432DE7B8ECC14CD32A520561A

 

 

 

"SecurityCheck" OK, rapport ci-dessous:

 

 

Results of screen317's Security Check version 0.99.17

Windows XP Service Pack 3

Internet Explorer 6 Out of date!

``````````````````````````````

Antivirus/Firewall Check:

WMI entry may not exist for antivirus; attempting automatic update.

```````````````````````````````

Anti-malware/Other Utilities Check:

Malwarebytes' Anti-Malware

HijackThis 2.0.2

CCleaner

Java 6 Update 26

Adobe Flash Player 10.3.181.26

Mozilla Firefox (x86 fr..)

````````````````````````````````

Process Check:

objlist.exe by Laurent

``````````End of Log````````````

 

merci & A+

 

Saxaphone

[lance_yien]

Bonjour,

 

>>> Supprimer ComboFix: Cliquer sur Démarrer => Exécuter et saisir (ou copier/ coller) ComboFix /Uninstall (espace entre "ComboFix" et "/Uninstall"). Cliquer sur OK.

Ce qui a pour effet de supprimer ComboFix ainsi que les dossiers/ fichiers qu'il a installé et ré-initialiser les points de restauration.

 

 

>>> Réinstaller AVG

 

 

A 1ère vue (confirmation dans la prochaine étape), ta machine est protégée par NVidia Nforce Network Access Manager (un programme intégrant un pare-feu "Armor firewall"). Lecture ici.

Ton problème serait donc lié à une incompatibilité entre ce programme et ton ZA. Solution? Laisse tomber ce dernier. A moins que tu connaisses le 1er et que tu le désactives.

 

>>> Mises à jour: Toute ancienne version d'un programme quel qu'il soit peut comporter des vulnérabilités susceptibles d'être exploitées pour infecter un PC:

Ta version 6 d'Internet Explorer n'est pas à jour. Cliquer ICI (Pour XP, cliquer sur "Internet Explorer 8"), choisir la langue et le système d'exploitation pour télécharger et installer Internet Explorer (suivre simplement les indications).

--

 

Imprimer ces instructions ou les enregistrer dans un fichier texte sur le Bureau pour les consulter facilement à tout moment et télécharger, sur le Bureau OTL (par OldTimer) depuis ici ou ici.

Brancher et allumer tous les médias amovibles disponibles (DD externe, clés USB etc) et désactiver antivirus/ antispyware...

Fermer toutes les applications et fenêtres ouvertes et double-cliquer sur OTL.exe.

Copiez/ Collez ces lignes (commençant par netsvcs) dans l'espace sous "Personnalisation":

 

netsvcs

drivers32

%SYSTEMDRIVE%\*.*

%systemroot%\*. /mp /s

%systemroot%\system32\*.dll /lockedfiles

%systemroot%\Tasks\*.job /lockedfiles

%systemroot%\System32\config\*.sav

%systemroot%\system32\drivers\*.sys /90

CREATERESTOREPOINT

HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs

SAVEMBR:0

Sans rien changer, cliquer sur le bouton bleu Analyse et laisser faire.

A la fin du scan, 2 rapports seront créés: OTL.txt (qui s'ouvre dans le bloc-note) et Extras.txt (qui sera minimisé dans la Barre des tâches).

 

Copier/ Coller le contenu de chaque rapport, un seul par message parce qu'ils sont souvent très longs et dépassent la limite autorisée par le forum.

 

 

Rapports demandés:

• OTL.txt
• Extras.txt

[saxaphone]

Bonsoir Lance_yien,

 

Combofix désinstallé OK

internet explorer 8 XP 32 bits installé OK

AVG security 2011 réinstallé OK

 

Ci-dessous rapport OTL:

 

OTL logfile created on: 12/07/2011 18:10:24 - Run 1

OTL by OldTimer - Version 3.2.26.1 Folder = C:\Documents and Settings\Saxo\Bureau

Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy

 

2,00 Gb Total Physical Memory | 1,46 Gb Available Physical Memory | 72,97% Memory free

3,85 Gb Paging File | 3,47 Gb Available in Paging File | 90,26% Paging File free

Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 97,65 Gb Total Space | 79,93 Gb Free Space | 81,85% Space Free | Partition Type: NTFS

Drive D: | 195,31 Gb Total Space | 46,21 Gb Free Space | 23,66% Space Free | Partition Type: NTFS

Drive E: | 172,79 Gb Total Space | 107,82 Gb Free Space | 62,40% Space Free | Partition Type: NTFS

 

Computer Name: PC | User Name: Saxo | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 

========== Processes (SafeList) ==========

 

PRC - [2011/07/12 18:07:05 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Saxo\Bureau\OTL.exe

PRC - [2011/04/18 17:40:08 | 002,334,560 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgtray.exe

PRC - [2011/02/10 07:55:18 | 001,148,256 | ---- | M] () -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe

PRC - [2011/02/08 05:33:42 | 000,269,520 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgwdsvc.exe

PRC - [2008/07/26 08:25:36 | 000,150,040 | ---- | M] (Logitech Inc.) -- C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe

PRC - [2008/07/26 08:23:42 | 000,186,904 | ---- | M] (Logitech Inc.) -- C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe

PRC - [2008/04/14 04:34:03 | 001,037,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe

PRC - [2006/09/11 19:59:28 | 000,172,032 | ---- | M] () -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe

PRC - [2006/09/11 19:56:02 | 000,135,227 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe

PRC - [2006/09/11 19:55:42 | 000,065,599 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe

PRC - [2006/09/01 11:01:42 | 000,671,744 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\SetPoint\SetPoint.exe

PRC - [2006/08/03 13:29:02 | 000,244,520 | ---- | M] (Logitech Inc.) -- C:\Program Files\Fichiers communs\Logitech\LComMgr\LVComSX.exe

PRC - [2006/08/03 09:44:52 | 000,529,968 | ---- | M] (Logitech Inc.) -- C:\Program Files\Fichiers communs\Logitech\LComMgr\Communications_Helper.exe

PRC - [2006/07/19 12:03:56 | 000,094,208 | ---- | M] (Logitech Inc.) -- C:\Program Files\Fichiers communs\Logitech\khalshared\KHALMNPR.exe

PRC - [2004/08/06 17:01:42 | 000,135,168 | ---- | M] (Alcor Micro, Corp.) -- C:\Program Files\Multimedia Card Reader\shwicon2k.exe

 

 

========== Modules (SafeList) ==========

 

MOD - [2011/07/12 18:07:05 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Saxo\Bureau\OTL.exe

MOD - [2011/05/14 01:17:40 | 000,632,656 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\msvcr80.dll

MOD - [2011/05/14 01:12:34 | 000,554,832 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\msvcp80.dll

MOD - [2010/08/23 18:12:39 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll

MOD - [2008/07/26 08:25:24 | 000,109,080 | ---- | M] (Logitech Inc.) -- C:\WINDOWS\temp\logishrd\LVPrcInj01.dll

MOD - [2006/09/01 10:30:30 | 000,044,544 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\SetPoint\lgscroll.dll

 

 

========== Win32 Services (SafeList) ==========

 

SRV - [2011/04/18 17:39:42 | 007,398,752 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Stopped] -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe -- (AVGIDSAgent)

SRV - [2011/02/08 05:33:42 | 000,269,520 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG10\avgwdsvc.exe -- (avgwd)

SRV - [2008/11/04 01:06:28 | 000,441,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv)

SRV - [2008/07/26 08:25:36 | 000,150,040 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv)

SRV - [2008/07/26 08:23:42 | 000,186,904 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe -- (LVCOMSer)

SRV - [2006/10/26 14:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE -- (ose)

SRV - [2006/09/11 19:59:28 | 000,172,032 | ---- | M] () [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe -- (ForceWare Intelligent Application Manager (IAM)) ForceWare Intelligent Application Manager (IAM)

SRV - [2006/09/11 19:56:02 | 000,135,227 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe -- (nSvcIp)

SRV - [2006/09/11 19:55:42 | 000,065,599 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe -- (nSvcLog)

 

 

========== Driver Services (SafeList) ==========

 

DRV - [2011/04/14 21:28:42 | 000,134,480 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)

DRV - [2011/04/05 00:59:56 | 000,297,168 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (Avgtdix)

DRV - [2011/03/16 16:03:20 | 000,032,592 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\avgrkx86.sys -- (Avgrkx86)

DRV - [2011/03/01 14:25:18 | 000,034,896 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (Avgmfx86)

DRV - [2011/02/22 08:13:02 | 000,022,992 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys -- (AVGIDSEH)

DRV - [2011/02/10 07:53:54 | 000,027,216 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSShim.sys -- (AVGIDSShim)

DRV - [2011/02/10 07:53:52 | 000,024,144 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)

DRV - [2011/01/07 06:41:46 | 000,248,656 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (Avgldx86)

DRV - [2008/07/26 17:26:56 | 000,023,832 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvuvcflt.sys -- (FilterService)

DRV - [2008/07/26 17:26:44 | 004,658,584 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\lvuvc.sys -- (LVUVC) Logitech QuickCam S5500(UVC)

DRV - [2008/07/26 17:26:22 | 000,041,752 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LVUSBSta.sys -- (LVUSBSta)

DRV - [2008/07/26 17:25:48 | 000,627,864 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\lvrs.sys -- (LVRS)

DRV - [2008/07/26 08:25:02 | 000,025,624 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LVPr2Mon.sys -- (LVPr2Mon)

DRV - [2006/09/11 13:45:38 | 000,019,968 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)

DRV - [2006/09/11 13:45:36 | 000,057,856 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)

DRV - [2006/09/11 13:45:26 | 000,110,592 | R--- | M] (NVIDIA Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\nvtcp.sys -- (NVTCP)

DRV - [2006/09/01 12:32:50 | 000,003,712 | ---- | M] (Logitech Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\LBeepKE.sys -- (LBeepKE)

DRV - [2006/08/21 12:24:28 | 000,105,344 | R--- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\nvata.sys -- (nvata)

DRV - [2006/07/19 12:29:08 | 000,027,136 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LHidKE.Sys -- (LHidKe)

DRV - [2006/07/19 12:28:56 | 000,071,936 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LMouKE.Sys -- (LMouKE)

DRV - [2006/07/19 12:27:46 | 000,055,936 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\L8042mou.Sys -- (L8042mou)

DRV - [2006/07/19 12:27:26 | 000,013,568 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\L8042Kbd.sys -- (L8042Kbd)

DRV - [2006/03/17 11:18:58 | 000,392,960 | R--- | M] (Sensaura) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\senfilt.sys -- (SenFiltService)

DRV - [2004/08/13 04:56:20 | 000,005,810 | R--- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ASACPI.sys -- (MTsensor)

DRV - [2004/07/23 14:55:50 | 000,046,536 | ---- | M] (Alcor Micro, Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sunkfilt62.sys -- (SunkFilt62)

 

 

========== Standard Registry (SafeList) ==========

 

 

========== Internet Explorer ==========

 

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search bar = Le Complément de recherche d'Internet Explorer 6 n'est plus pris en charge.

 

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Freebox, la meilleure offre ADSL : Internet, Téléphone, Télévision

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

========== FireFox ==========

 

FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search"

FF - prefs.js..browser.search.defaultthis.engineName: "Protection ZoneAlarm Customized Web Search"

FF - prefs.js..browser.search.defaulturl: "http://www.bing.com/search?FORM=IEFM1&q="

FF - prefs.js..browser.search.selectedEngine: "AVG Secure Search"

FF - prefs.js..browser.search.useDBForOrder: true

FF - prefs.js..browser.startup.homepage: "http://www.free.fr"

FF - prefs.js..extensions.enabledItems: {1E73965B-8B48-48be-9C8D-68B920ABC1C4}:10.0.0.1387

FF - prefs.js..extensions.enabledItems: avg@igeared:7.005.030.004

FF - prefs.js..extensions.enabledItems: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}:5.3.0.7280

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26

FF - prefs.js..keyword.URL: "http://search.avg.com/route/?d=4dd7dd66&v=7.005.030.004&i=23&tp=ab&iy=&ychte=fr&lng=fr&q="

 

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()

FF - HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi: File not found

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.11.3088: C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.11.3006: C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found

FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.10: C:\Program Files\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)

 

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG10\Firefox4\ [2011/07/12 17:40:46 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/07/01 19:53:01 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/07/01 19:53:00 | 000,000,000 | ---D | M]

 

[2011/05/21 18:04:12 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Saxo\Application Data\Mozilla\Extensions

[2011/07/01 19:24:21 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Saxo\Application Data\Mozilla\Firefox\Profiles\uc4c2cpk.default\extensions

[2011/05/22 23:40:46 | 000,001,819 | ---- | M] () -- C:\Documents and Settings\Saxo\Application Data\Mozilla\Firefox\Profiles\uc4c2cpk.default\searchplugins\bing.xml

[2011/07/01 19:51:39 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions

[2011/05/21 20:42:04 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}

[2011/06/13 09:27:42 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}

[2011/06/14 11:24:31 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}

File not found (No name found) --

[2011/07/12 17:40:46 | 000,000,000 | ---D | M] (AVG Safe Search) -- C:\PROGRAM FILES\AVG\AVG10\FIREFOX4

[2011/07/01 19:52:59 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll

[2011/05/04 04:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll

[2011/07/01 19:52:57 | 000,001,516 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-france.xml

[2011/07/01 19:52:57 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

[2011/07/01 19:52:57 | 000,001,822 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\cnrtl-tlfi-fr.xml

[2011/07/01 19:52:57 | 000,001,154 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-france.xml

[2011/07/01 19:52:57 | 000,001,426 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-fr.xml

[2011/07/01 19:52:57 | 000,000,956 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-france.xml

 

O1 HOSTS File: ([2011/07/11 22:08:37 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)

O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll (AVG Technologies CZ, s.r.o.)

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.

O2 - BHO: (Programme d'aide de l'Assistant de connexion Windows Live) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)

O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.

O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - No CLSID value found.

O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - No CLSID value found.

O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)

O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\WINDOWS\KHALMNPR.Exe (Logitech Inc.)

O4 - HKLM..\Run: [Logitech Hardware Abstraction Layer] C:\WINDOWS\KHALMNPR.Exe (Logitech Inc.)

O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)

O4 - HKLM..\Run: [sunkist2k] C:\Program Files\Multimedia Card Reader\shwicon2k.exe (Alcor Micro, Corp.)

O4 - Startup: C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe (Logitech Inc.)

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFavoritesMenu = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMMyDocs = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMMyPictures = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuMyMusic = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRecentDocsNetHood = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSimpleStartMenu = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFavoritesMenu = 0

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMMyDocs = 0

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMMyPictures = 0

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuMyMusic = 0

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRecentDocsNetHood = 1

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 0

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoUserNameInStartMenu = 1

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuPinnedList = 0

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceStartMenuLogoff = 0

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSharedDocuments = 1

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\system32\nvappfilter.dll (NVIDIA)

O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\system32\nvappfilter.dll (NVIDIA)

O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\system32\nvappfilter.dll (NVIDIA)

O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\system32\nvappfilter.dll (NVIDIA)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)

O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)

O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)

O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 212.27.40.240 212.27.40.241

O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.)

O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Fichiers communs\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Fichiers communs\Skype\Skype4COM.dll (Skype Technologies)

O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O24 - Desktop Components:0 (Ma page d'accueil) - About:Home

O24 - Desktop WallPaper: C:\Documents and Settings\Saxo\Local Settings\Application Data\Microsoft\Wallpaper1.bmp

O24 - Desktop BackupWallPaper: C:\Documents and Settings\Saxo\Local Settings\Application Data\Microsoft\Wallpaper1.bmp

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2011/05/21 14:45:35 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgchsvx.exe /sync) - C:\Program Files\AVG\AVG10\avgchsvx.exe (AVG Technologies CZ, s.r.o.)

O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgrsx.exe /sync /restart) - C:\Program Files\AVG\AVG10\avgrsx.exe (AVG Technologies CZ, s.r.o.)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

 

NetSvcs: 6to4 - File not found

NetSvcs: Ias - File not found

NetSvcs: Iprip - File not found

NetSvcs: Irmon - File not found

NetSvcs: NWCWorkstation - File not found

NetSvcs: Nwsapagent - File not found

NetSvcs: WmdmPmSp - File not found

 

Drivers32: msacm.ac3acm - C:\WINDOWS\System32\ac3acm.acm (fccHandler)

Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)

Drivers32: msacm.lameacm - C:\WINDOWS\System32\lameACM.acm (http://www.mp3dev.org/)

Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)

Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)

Drivers32: MSVideo - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)

Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)

Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)

Drivers32: VIDC.DIVX - C:\WINDOWS\System32\divx.dll (DivX, Inc.)

Drivers32: VIDC.FFDS - C:\WINDOWS\System32\ff_vfw.dll ()

Drivers32: VIDC.I420 - C:\WINDOWS\System32\lvcodec2.dll (Logitech Inc.)

Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()

Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()

Drivers32: VIDC.XVID - C:\WINDOWS\System32\xvidvfw.dll ()

Drivers32: VIDC.YV12 - C:\WINDOWS\System32\yv12vfw.dll (www.helixcommunity.org)

 

CREATERESTOREPOINT

Restore point Set: OTL Restore Point

PhysicalDisk0 MBR saved to C:\PhysicalMBR.bin

 

========== Files/Folders - Created Within 30 Days ==========

 

[2011/07/12 18:07:04 | 000,579,584 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Saxo\Bureau\OTL.exe

[2011/07/12 18:04:32 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Saxo\IETldCache

[2011/07/12 18:02:54 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Saxo\Recent

[2011/07/12 18:01:59 | 000,000,000 | ---D | C] -- C:\WINDOWS\ie8updates

[2011/07/12 18:01:33 | 000,000,000 | ---D | C] -- C:\WINDOWS\WBEM

[2011/07/12 18:01:16 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8

[2011/07/12 17:42:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Saxo\Application Data\AVG10

[2011/07/12 17:40:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Démarrer\Programmes\AVG 2011

[2011/07/12 17:40:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVG10

[2011/07/12 17:39:53 | 000,000,000 | ---D | C] -- C:\Program Files\AVG

[2011/07/12 17:33:05 | 000,000,000 | --SD | C] -- C:\ComboFix

[2011/07/11 22:16:51 | 000,000,000 | -HSD | C] -- C:\RECYCLER

[2011/07/11 22:09:35 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp

[2011/07/11 22:06:24 | 000,000,000 | RHSD | C] -- C:\cmdcons

[2011/07/11 22:04:37 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT

[2011/07/11 21:14:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\MFAData

[2011/07/11 20:53:52 | 006,443,128 | ---- | C] (OPSWAT, Inc.) -- C:\Documents and Settings\Saxo\Bureau\AppRemover.exe

[2011/07/10 12:56:14 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Saxo\Menu Démarrer\Programmes\Outils d'administration

[2011/07/09 12:59:24 | 000,000,000 | ---D | C] -- C:\WINDOWS\Internet Logs

[2011/07/02 16:43:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Saxo\Local Settings\Application Data\WMTools Downloaded Files

[2011/07/02 14:12:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Saxo\Application Data\Malwarebytes

[2011/07/02 14:12:35 | 000,039,984 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys

[2011/07/02 14:12:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Malwarebytes' Anti-Malware

[2011/07/02 14:12:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes

[2011/07/02 14:12:32 | 000,022,712 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

[2011/07/02 14:12:32 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware

[2011/07/02 12:53:06 | 000,000,000 | ---D | C] -- C:\Program Files\xp-AntiSpy

[2011/07/02 12:53:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Saxo\Menu Démarrer\Programmes\xp-AntiSpy

[2011/06/29 18:23:16 | 001,358,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_35.dll

[2011/06/29 18:23:16 | 000,444,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_35.dll

[2011/06/29 18:23:15 | 003,727,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_35.dll

[2011/06/29 18:23:15 | 001,124,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_34.dll

[2011/06/29 18:23:15 | 000,443,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_34.dll

[2011/06/29 18:23:13 | 003,497,832 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_34.dll

[2011/06/29 18:23:11 | 000,081,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xinput1_3.dll

[2011/06/29 18:22:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Electronic Arts

[2011/06/29 18:20:35 | 000,000,000 | ---D | C] -- C:\Program Files\Electronic Arts

[2011/06/29 18:19:27 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Saxo\Application Data\SecuROM

[2011/06/29 18:19:26 | 000,107,888 | ---- | C] (Sony DADC Austria AG.) -- C:\WINDOWS\System32\CmdLineExt.dll

[2011/06/29 18:15:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\Monolith Productions

[2011/06/29 18:15:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Saxo\Mes documents\Eidos

[2011/06/29 13:34:32 | 000,000,000 | ---D | C] -- C:\Program Files\Ad-Remover

[2011/06/19 11:18:08 | 000,000,000 | ---D | C] -- C:\Program Files\VS Revo Group

[2011/06/19 11:18:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Saxo\Menu Démarrer\Programmes\Revo Uninstaller

[2011/06/16 06:40:29 | 000,000,000 | -HSD | C] -- C:\WINDOWS\CSC

[2011/06/15 09:11:33 | 000,000,000 | ---D | C] -- C:\WINDOWS\SxsCaPendDel

[2011/06/15 09:08:51 | 000,105,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mup.sys

[2011/06/15 09:08:29 | 000,759,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\VGX.dll

[2011/06/15 07:41:04 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss

[2011/06/14 11:24:48 | 000,000,000 | ---D | C] -- C:\Program Files\Fichiers communs\Java

[2011/06/14 11:24:30 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe

[2011/06/14 11:24:30 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe

[2011/06/14 11:24:30 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe

[2011/06/13 09:28:32 | 000,000,000 | ---D | C] -- C:\WINDOWS\Sun

[2011/06/13 09:27:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun

[2011/06/13 09:27:42 | 000,472,808 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll

[2011/06/13 09:27:42 | 000,073,728 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl

[2011/06/13 09:27:31 | 000,000,000 | ---D | C] -- C:\Program Files\Java

[2011/06/13 09:26:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Saxo\Application Data\Sun

[2011/06/12 20:09:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Saxo\Application Data\Media Player Classic

 

========== Files - Modified Within 30 Days ==========

 

[2011/07/12 18:10:57 | 000,000,512 | ---- | M] () -- C:\PhysicalMBR.bin

[2011/07/12 18:07:05 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Saxo\Bureau\OTL.exe

[2011/07/12 18:04:35 | 000,000,815 | ---- | M] () -- C:\Documents and Settings\Saxo\Application Data\Microsoft\Internet Explorer\Quick Launch\Démarrer Internet Explorer.lnk

[2011/07/12 18:04:27 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2011/07/12 18:04:17 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\lvuvc.hs

[2011/07/12 18:04:15 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\logiflt.iad

[2011/07/12 18:02:21 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK

[2011/07/12 17:42:47 | 122,141,391 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm

[2011/07/12 17:40:48 | 000,000,704 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\AVG 2011.lnk

[2011/07/11 22:17:11 | 000,879,223 | ---- | M] () -- C:\Documents and Settings\Saxo\Bureau\SecurityCheck.exe

[2011/07/11 22:08:37 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts

[2011/07/11 22:06:27 | 000,000,328 | RHS- | M] () -- C:\boot.ini

[2011/07/11 20:53:57 | 006,443,128 | ---- | M] (OPSWAT, Inc.) -- C:\Documents and Settings\Saxo\Bureau\AppRemover.exe

[2011/07/11 20:26:55 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2011/07/09 14:45:17 | 000,041,472 | ---- | M] () -- C:\Documents and Settings\Saxo\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2011/07/09 13:58:12 | 000,000,038 | ---- | M] () -- C:\WINDOWS\avisplitter.INI

[2011/07/09 13:27:14 | 000,002,265 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\Skype.lnk

[2011/07/08 10:23:34 | 000,004,212 | -H-- | M] () -- C:\WINDOWS\System32\zllictbl.dat

[2011/07/02 14:12:35 | 000,000,802 | ---- | M] () -- C:\Documents and Settings\Saxo\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk

[2011/07/02 14:12:35 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\Malwarebytes' Anti-Malware.lnk

[2011/07/02 12:53:06 | 000,001,598 | ---- | M] () -- C:\Documents and Settings\Saxo\Application Data\Microsoft\Internet Explorer\Quick Launch\xp-AntiSpy.lnk

[2011/07/02 12:53:06 | 000,001,580 | ---- | M] () -- C:\Documents and Settings\Saxo\Bureau\xp-AntiSpy.lnk

[2011/07/01 20:32:12 | 000,000,614 | ---- | M] () -- C:\Documents and Settings\Saxo\Bureau\PhotoFiltre.lnk

[2011/06/29 18:26:54 | 000,000,643 | ---- | M] () -- C:\Documents and Settings\Saxo\Bureau\SplinterCell.lnk

[2011/06/29 18:26:20 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\Saxo\Bureau\Crysis.lnk

[2011/06/29 18:19:26 | 000,107,888 | ---- | M] (Sony DADC Austria AG.) -- C:\WINDOWS\System32\CmdLineExt.dll

[2011/06/29 13:34:34 | 000,001,554 | ---- | M] () -- C:\Documents and Settings\Saxo\Bureau\AD-R.lnk

[2011/06/25 13:07:48 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl

[2011/06/23 19:22:59 | 000,000,651 | ---- | M] () -- C:\Documents and Settings\Saxo\Application Data\Microsoft\Internet Explorer\Quick Launch\SafeXP.lnk

[2011/06/23 17:20:06 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\CCleaner.lnk

[2011/06/21 12:34:57 | 000,000,478 | ---- | M] () -- C:\Documents and Settings\Saxo\Bureau\HiJackThis.lnk

[2011/06/19 11:18:09 | 000,000,917 | ---- | M] () -- C:\Documents and Settings\Saxo\Bureau\Revo Uninstaller.lnk

[2011/06/12 20:10:23 | 000,000,000 | ---- | M] () -- C:\WINDOWS\graphedit.INI

 

========== Files Created - No Company Name ==========

 

[2011/07/12 18:10:57 | 000,000,512 | ---- | C] () -- C:\PhysicalMBR.bin

[2011/07/12 18:01:39 | 000,001,374 | ---- | C] () -- C:\WINDOWS\imsins.BAK

[2011/07/11 22:06:27 | 000,000,212 | ---- | C] () -- C:\Boot.bak

[2011/07/11 22:06:26 | 000,263,488 | RHS- | C] () -- C:\cmldr

[2011/07/09 13:58:10 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.INI

[2011/07/02 14:12:35 | 000,000,802 | ---- | C] () -- C:\Documents and Settings\Saxo\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk

[2011/07/02 14:12:35 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\Malwarebytes' Anti-Malware.lnk

[2011/07/02 12:53:06 | 000,001,598 | ---- | C] () -- C:\Documents and Settings\Saxo\Application Data\Microsoft\Internet Explorer\Quick Launch\xp-AntiSpy.lnk

[2011/07/02 12:53:06 | 000,001,580 | ---- | C] () -- C:\Documents and Settings\Saxo\Bureau\xp-AntiSpy.lnk

[2011/07/01 20:32:12 | 000,000,614 | ---- | C] () -- C:\Documents and Settings\Saxo\Bureau\PhotoFiltre.lnk

[2011/07/01 19:53:02 | 000,000,730 | ---- | C] () -- C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Mozilla Firefox.lnk

[2011/07/01 19:23:16 | 000,879,223 | ---- | C] () -- C:\Documents and Settings\Saxo\Bureau\SecurityCheck.exe

[2011/06/29 18:26:54 | 000,000,643 | ---- | C] () -- C:\Documents and Settings\Saxo\Bureau\SplinterCell.lnk

[2011/06/29 18:26:20 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\Saxo\Bureau\Crysis.lnk

[2011/06/29 13:34:34 | 000,001,554 | ---- | C] () -- C:\Documents and Settings\Saxo\Bureau\AD-R.lnk

[2011/06/23 19:22:59 | 000,000,651 | ---- | C] () -- C:\Documents and Settings\Saxo\Application Data\Microsoft\Internet Explorer\Quick Launch\SafeXP.lnk

[2011/06/21 12:34:57 | 000,000,478 | ---- | C] () -- C:\Documents and Settings\Saxo\Bureau\HiJackThis.lnk

[2011/06/19 11:18:09 | 000,000,917 | ---- | C] () -- C:\Documents and Settings\Saxo\Bureau\Revo Uninstaller.lnk

[2011/06/12 20:10:23 | 000,000,000 | ---- | C] () -- C:\WINDOWS\graphedit.INI

[2011/06/09 12:11:30 | 000,164,352 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll

[2011/06/09 12:11:28 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll

[2011/06/09 12:11:28 | 001,559,040 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll

[2011/06/09 12:11:28 | 000,282,624 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll

[2011/06/09 12:11:27 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll

[2011/06/07 14:30:09 | 000,087,552 | ---- | C] () -- C:\WINDOWS\System32\cpwmon2k.dll

[2011/05/22 14:01:10 | 000,041,472 | ---- | C] () -- C:\Documents and Settings\Saxo\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2011/05/21 21:47:54 | 000,066,482 | R--- | C] () -- C:\WINDOWS\System32\lvcoinst.ini

[2011/05/21 20:53:38 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat

[2011/05/21 20:07:00 | 000,004,212 | -H-- | C] () -- C:\WINDOWS\System32\zllictbl.dat

[2011/05/21 18:04:07 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat

[2011/05/21 16:39:27 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat

[2011/05/21 15:36:53 | 000,004,207 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI

[2011/05/21 15:36:38 | 000,000,000 | ---- | C] () -- C:\WINDOWS\msicpl.ini

[2011/05/21 15:35:57 | 000,263,824 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT

[2011/05/21 15:34:25 | 000,131,072 | R--- | C] () -- C:\WINDOWS\System32\smdll.dll

[2011/05/21 15:34:23 | 000,266,240 | R--- | C] () -- C:\WINDOWS\System32\HookShield.dll

[2011/05/21 15:34:23 | 000,262,144 | R--- | C] () -- C:\WINDOWS\System32\HookMAp.dll

[2011/05/21 15:34:23 | 000,032,768 | R--- | C] () -- C:\WINDOWS\System32\Auxiliary.dll

[2011/05/21 15:34:22 | 000,208,896 | R--- | C] () -- C:\WINDOWS\System32\WinSys2.exe

[2011/05/21 15:34:22 | 000,208,896 | R--- | C] () -- C:\WINDOWS\System32\sw20.exe

[2011/05/21 15:34:22 | 000,200,704 | R--- | C] () -- C:\WINDOWS\System32\WinSys.exe

[2011/05/21 15:34:22 | 000,069,632 | R--- | C] () -- C:\WINDOWS\System32\sw24.exe

[2011/05/21 15:34:22 | 000,009,728 | R--- | C] () -- C:\WINDOWS\System32\sysinfoX64.sys

[2011/05/21 15:34:22 | 000,008,192 | R--- | C] () -- C:\WINDOWS\System32\sysinfo.sys

[2011/05/21 14:51:58 | 000,001,428 | R--- | C] () -- C:\WINDOWS\System32\drivers\nvphy.bin

[2011/05/21 14:50:56 | 000,000,804 | R--- | C] () -- C:\WINDOWS\System32\AsusSetup.ini

[2011/05/21 14:50:56 | 000,000,396 | R--- | C] () -- C:\WINDOWS\System32\raidmgmt.ini

[2011/05/21 14:50:32 | 000,032,861 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini

[2011/05/21 14:50:31 | 000,005,810 | R--- | C] () -- C:\WINDOWS\System32\drivers\ASACPI.sys

[2011/05/21 14:50:24 | 000,010,288 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS

[2011/05/21 14:47:32 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat

[2011/05/21 14:43:09 | 000,021,892 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat

[2008/07/26 08:25:02 | 000,025,624 | ---- | C] () -- C:\WINDOWS\System32\drivers\LVPr2Mon.sys

[2007/06/28 18:43:00 | 001,703,936 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll

[2007/06/28 18:43:00 | 001,626,112 | ---- | C] () -- C:\WINDOWS\System32\nwiz.exe

[2007/06/28 18:43:00 | 001,474,560 | ---- | C] () -- C:\WINDOWS\System32\nview.dll

[2007/06/28 18:43:00 | 001,339,392 | ---- | C] () -- C:\WINDOWS\System32\nvdspsch.exe

[2007/06/28 18:43:00 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll

[2007/06/28 18:43:00 | 001,018,772 | ---- | C] () -- C:\WINDOWS\System32\nvucode.bin

[2007/06/28 18:43:00 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll

[2007/06/28 18:43:00 | 000,442,368 | ---- | C] () -- C:\WINDOWS\System32\nvappbar.exe

[2007/06/28 18:43:00 | 000,425,984 | ---- | C] () -- C:\WINDOWS\System32\keystone.exe

[2007/06/28 18:43:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll

[2002/08/29 12:18:54 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin

[2001/08/28 16:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat

[2001/08/28 16:00:00 | 000,367,658 | ---- | C] () -- C:\WINDOWS\System32\perfh00C.dat

[2001/08/28 16:00:00 | 000,322,810 | ---- | C] () -- C:\WINDOWS\System32\perfi00C.dat

[2001/08/28 16:00:00 | 000,311,604 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat

[2001/08/28 16:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat

[2001/08/28 16:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat

[2001/08/28 16:00:00 | 000,048,616 | ---- | C] () -- C:\WINDOWS\System32\perfc00C.dat

[2001/08/28 16:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin

[2001/08/28 16:00:00 | 000,039,992 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat

[2001/08/28 16:00:00 | 000,034,108 | ---- | C] () -- C:\WINDOWS\System32\perfd00C.dat

[2001/08/28 16:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat

[2001/08/28 16:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat

[2001/08/23 15:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin

[2001/08/23 15:00:00 | 000,004,463 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat

 

========== Custom Scans ==========

 

 

< %SYSTEMDRIVE%\*.* >

[2011/05/21 14:45:35 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT

[2011/05/21 16:58:11 | 000,000,212 | ---- | M] () -- C:\Boot.bak

[2011/07/11 22:06:27 | 000,000,328 | RHS- | M] () -- C:\boot.ini

[2001/08/28 16:00:00 | 000,004,952 | RHS- | M] () -- C:\Bootfont.bin

[2004/08/03 23:00:08 | 000,263,488 | RHS- | M] () -- C:\cmldr

[2011/07/11 22:09:34 | 000,010,951 | ---- | M] () -- C:\ComboFix.txt

[2011/05/21 14:45:35 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS

[2011/05/21 14:45:35 | 000,000,000 | RHS- | M] () -- C:\IO.SYS

[2011/05/21 14:45:35 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS

[2011/05/21 16:55:54 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM

[2011/05/23 13:01:59 | 000,252,240 | RHS- | M] () -- C:\ntldr

[2011/07/12 18:04:24 | 2145,386,496 | -HS- | M] () -- C:\pagefile.sys

[2011/07/12 18:10:57 | 000,000,512 | ---- | M] () -- C:\PhysicalMBR.bin

[2011/07/10 12:54:23 | 000,000,359 | ---- | M] () -- C:\rkill.log

 

< %systemroot%\*. /mp /s >

 

< %systemroot%\system32\*.dll /lockedfiles >

 

< %systemroot%\Tasks\*.job /lockedfiles >

 

< %systemroot%\System32\config\*.sav >

[2011/05/21 16:34:59 | 000,094,208 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav

[2011/05/21 16:34:59 | 000,630,784 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav

[2011/05/21 16:34:59 | 000,417,792 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav

 

< %systemroot%\system32\drivers\*.sys /90 >

[2011/04/14 21:28:42 | 000,134,480 | ---- | M] (AVG Technologies CZ, s.r.o. ) -- C:\WINDOWS\system32\drivers\AVGIDSDriver.sys

[2011/05/29 09:11:20 | 000,022,712 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\system32\drivers\mbam.sys

[2011/05/29 09:11:30 | 000,039,984 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys

[2011/04/29 18:19:43 | 000,456,320 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\mrxsmb.sys

[2011/04/21 15:37:43 | 000,105,472 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\mup.sys

 

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

"AUOptions" = 4

"AutoInstallMinorUpdates" = 1

"NoAutoUpdate" = 0

 

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2011-06-29 10:59:08

 

< End of report >

 

Rapport EXTRAS dans la réponse suivante

 

Saxaphone

[saxaphone]

Rapport EXTRAS ci dessous:

 

OTL Extras logfile created on: 12/07/2011 18:10:24 - Run 1

OTL by OldTimer - Version 3.2.26.1 Folder = C:\Documents and Settings\Saxo\Bureau

Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy

 

2,00 Gb Total Physical Memory | 1,46 Gb Available Physical Memory | 72,97% Memory free

3,85 Gb Paging File | 3,47 Gb Available in Paging File | 90,26% Paging File free

Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 97,65 Gb Total Space | 79,93 Gb Free Space | 81,85% Space Free | Partition Type: NTFS

Drive D: | 195,31 Gb Total Space | 46,21 Gb Free Space | 23,66% Space Free | Partition Type: NTFS

Drive E: | 172,79 Gb Total Space | 107,82 Gb Free Space | 62,40% Space Free | Partition Type: NTFS

 

Computer Name: PC | User Name: Saxo | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 

========== Extra Registry (SafeList) ==========

 

 

========== File Associations ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

 

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]

.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

 

========== Shell Spawning ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

exefile [open] -- "%1" %*

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()

Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

 

========== Security Center Settings ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"AntiVirusDisableNotify" = 0

"FirewallDisableNotify" = 0

"UpdatesDisableNotify" = 0

"AntiVirusOverride" = 0

"FirewallOverride" = 0

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

"DisableMonitoring" = 1

 

========== System Restore Settings ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]

"DisableSR" = 0

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]

"Start" = 0

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]

"Start" = 2

 

========== Firewall Settings ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"EnableFirewall" = 1

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]

"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004

"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005

"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001

"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = 1

"DoNotAllowExceptions" = 0

"DisableNotifications" = 0

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004

"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005

"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001

"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

 

========== Authorized Applications List ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

"C:\Program Files\Electronic Arts\Crytek\Crysis SP Demo\Bin32\Crysis.exe" = C:\Program Files\Electronic Arts\Crytek\Crysis SP Demo\Bin32\Crysis.exe:*:Enabled:Crysis_32_sp_demo -- (Crytek GmbH)

"C:\Program Files\AVG\AVG10\avgnsx.exe" = C:\Program Files\AVG\AVG10\avgnsx.exe:*:Enabled:Bouclier Web -- (AVG Technologies CZ, s.r.o.)

"C:\Program Files\AVG\AVG10\avgmfapx.exe" = C:\Program Files\AVG\AVG10\avgmfapx.exe:*:Enabled:Programme d'installation AVG -- (AVG Technologies CZ, s.r.o.)

"C:\Program Files\AVG\AVG10\avgemcx.exe" = C:\Program Files\AVG\AVG10\avgemcx.exe:*:Enabled:Scanner e-mail personnel -- (AVG Technologies CZ, s.r.o.)

 

 

========== HKEY_LOCAL_MACHINE Uninstall List ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{02E89EFC-7B07-4D5A-AA03-9EC0902914EE}" = VC 9.0 Runtime

"{133742BA-6F46-4D3E-85AF-78631D9AD8B8}" = Installation Windows Live

"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

"{1F6423DE-7959-4178-80E0-023C7EAA5347}" = NVIDIA ForceWare Network Access Manager

"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Outil de téléchargement Windows Live

"{228814B2-6A64-4AD5-8D2D-4E2188DEB191}" = AVG 2011

"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT

"{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java 6 Update 26

"{2E8EAC71-BFE4-417A-88F0-5A1BDFBCF5D3}" = Logitech SetPoint

"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform

"{350C940c-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP

"{3AF8FCCD-F51A-4014-9002-F195E1CBC876}" = Logitech QuickCam

"{445B183D-F4F1-45C8-B9DB-F11355CA657B}" = Windows Live Messenger

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{5335DADB-34BA-4AE8-A519-648D78498846}" = Skype™ 5.3

"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable

"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable

"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

"{80490945-CE48-45CF-9CCA-CA0EF44D9FE4}" = AVG 2011

"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570

"{90120000-0010-040C-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (French) 12

"{90120000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2007

"{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)

"{90120000-0015-040C-0000-0000000FF1CE}" = Microsoft Office Access MUI (French) 2007

"{90120000-0016-040C-0000-0000000FF1CE}" = Microsoft Office Excel MUI (French) 2007

"{90120000-0018-040C-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (French) 2007

"{90120000-0019-040C-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (French) 2007

"{90120000-001A-040C-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (French) 2007

"{90120000-001B-040C-0000-0000000FF1CE}" = Microsoft Office Word MUI (French) 2007

"{90120000-001F-0401-0000-0000000FF1CE}" = Microsoft Office Proof (Arabic) 2007

"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007

"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007

"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007

"{90120000-001F-0413-0000-0000000FF1CE}" = Microsoft Office Proof (Dutch) 2007

"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007

"{90120000-002C-040C-0000-0000000FF1CE}" = Microsoft Office Proofing (French) 2007

"{90120000-0044-040C-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (French) 2007

"{90120000-006E-040C-0000-0000000FF1CE}" = Microsoft Office Shared MUI (French) 2007

"{92AF2F5A-4407-4A03-A80A-5A2582264746}" = Crysis® SP Demo

"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting

"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI

"{AC76BA86-7AD7-1036-7B44-A90000000001}" = Adobe Reader 9 - Français

"{B3B487E7-6171-4376-9074-B28082CEB504}" = Windows Live Call

"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Toolbars

"{BD202930-5F70-4B35-B875-1E28604F328D}" = Logitech Communications Manager

"{CA529363-D0F2-41EA-B44B-D7515A254645}" = Multimedia Card Reader

"{DCE8CD14-FBF5-4464-B9A4-E18E473546C7}" = Assistant de connexion Windows Live

"{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1" = AusLogics Disk Defrag 1.4

"{EE7B9A8D-19F0-450D-8E94-3E391E6044CD}" = KhalSetup

"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX

"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard

"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin

"Ad-Remover" = Ad-Remover par C_XX

"AVG" = AVG 2011

"CCleaner" = CCleaner

"CutePDF Writer Installation" = CutePDF Writer 2.8

"HijackThis" = HijackThis 2.0.2

"ie8" = Windows Internet Explorer 8

"InstallShield_{1F6423DE-7959-4178-80E0-023C7EAA5347}" = NVIDIA ForceWare Network Access Manager

"InstallShield_{CA529363-D0F2-41EA-B44B-D7515A254645}" = Multimedia Card Reader

"KLiteCodecPack_is1" = K-Lite Mega Codec Pack 3.7.0

"lvdrivers_11.80" = Coffret de pilotes Logitech QuickCam

"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.0.1200

"Mozilla Firefox 5.0 (x86 fr)" = Mozilla Firefox 5.0 (x86 fr)

"NVIDIA Drivers" = NVIDIA Drivers

"PROPLUS" = Microsoft Office Professional Plus 2007

"Revo Uninstaller" = Revo Uninstaller 1.92

"TmNationsForever_is1" = TmNationsForever

"VLC media player" = VLC media player 1.1.10

"Windows Media Format Runtime" = Windows Media Format Runtime

"Windows Media Player" = Lecteur Windows Media 10

"WinLiveSuite_Wave3" = Installation Windows Live

"WinRAR archiver" = WinRAR archiver

"xp-AntiSpy" = xp-AntiSpy 3.97-9

 

========== Last 10 Event Log Errors ==========

 

[ Application Events ]

Error - 03/06/2011 04:29:52 | Computer Name = PC | Source = Application Error | ID = 1000

Description = Application défaillante wlcomm.exe, version 14.0.8117.416, module

défaillant ole32.dll, version 5.1.2600.6010, adresse de défaillance 0x0004c473.

 

Error - 04/06/2011 00:04:00 | Computer Name = PC | Source = EventSystem | ID = 4609

Description = Le système d'événements de COM+ a détecté un code de renvoi erroné

lors de son traitement interne. Le HRESULT est 80070005 à partir de la ligne 44

de d:\comxp_sp3\com\com1x\src\events\tier1\eventsystemobj.cpp. Contactez les services

du Support Technique Microsoft pour signaler cette erreu

 

Error - 04/06/2011 00:04:00 | Computer Name = PC | Source = VSS | ID = 8193

Description = Erreur du service de cliché instantané des volumes : erreur lors de

l'appel de la routine CoCreateInstance. hr = 0x80040206.

 

Error - 05/06/2011 04:48:33 | Computer Name = PC | Source = Application Error | ID = 1000

Description = Application défaillante wlcomm.exe, version 14.0.8117.416, module

défaillant ole32.dll, version 5.1.2600.6010, adresse de défaillance 0x0004d8f6.

 

Error - 09/06/2011 12:29:56 | Computer Name = PC | Source = Application Error | ID = 1000

Description = Application défaillante skype.exe, version 5.3.0.111, module défaillant

kernel32.dll, version 5.1.2600.5781, adresse de défaillance 0x00012afb.

 

Error - 12/06/2011 13:49:20 | Computer Name = PC | Source = Application Error | ID = 1000

Description = Application défaillante wlcomm.exe, version 14.0.8117.416, module

défaillant ole32.dll, version 5.1.2600.6010, adresse de défaillance 0x0004c473.

 

Error - 12/06/2011 13:52:38 | Computer Name = PC | Source = Application Error | ID = 1000

Description = Application défaillante wlcomm.exe, version 14.0.8117.416, module

défaillant ole32.dll, version 5.1.2600.6010, adresse de défaillance 0x0004c473.

 

Error - 14/06/2011 06:04:23 | Computer Name = PC | Source = Application Error | ID = 1000

Description = Application défaillante wlcomm.exe, version 14.0.8117.416, module

défaillant ole32.dll, version 5.1.2600.6010, adresse de défaillance 0x0004c473.

 

Error - 15/06/2011 02:29:48 | Computer Name = PC | Source = Application Error | ID = 1000

Description = Application défaillante wlcomm.exe, version 14.0.8117.416, module

défaillant ole32.dll, version 5.1.2600.6010, adresse de défaillance 0x0004c473.

 

Error - 19/06/2011 07:42:08 | Computer Name = PC | Source = Application Error | ID = 1000

Description = Application défaillante wlcomm.exe, version 14.0.8117.416, module

défaillant ole32.dll, version 5.1.2600.6010, adresse de défaillance 0x0004c473.

 

[ System Events ]

Error - 15/06/2011 00:47:12 | Computer Name = PC | Source = DCOM | ID = 10005

Description = DCOM a reçu l'erreur "%1084" lors de la mise en route du service EventSystem

avec les arguments "" pour démarrer le serveur : {1BE1F766-5536-11D1-B726-00C04FB926AF}

 

Error - 15/06/2011 00:48:37 | Computer Name = PC | Source = Service Control Manager | ID = 7001

Description = Le service Client DHCP dépend du service NetBIOS sur TCP/IP qui n'a

pas pu démarrer en raison de l'erreur : %%31

 

Error - 15/06/2011 00:48:37 | Computer Name = PC | Source = Service Control Manager | ID = 7001

Description = Le service Client DNS dépend du service Pilote du protocole TCP/IP

qui n'a pas pu démarrer en raison de l'erreur : %%31

 

Error - 15/06/2011 00:48:37 | Computer Name = PC | Source = Service Control Manager | ID = 7001

Description = Le service Assistance TCP/IP NetBIOS dépend du service Environnement

de prise en charge de réseau AFD qui n'a pas pu démarrer en raison de l'erreur :

%%31

 

Error - 15/06/2011 00:48:37 | Computer Name = PC | Source = Service Control Manager | ID = 7001

Description = Le service TrueVector Internet Monitor dépend du service vsdatant

qui n'a pas pu démarrer en raison de l'erreur : %%31

 

Error - 15/06/2011 00:48:37 | Computer Name = PC | Source = Service Control Manager | ID = 7001

Description = Le service Forceware Web Interface dépend du service Environnement

de prise en charge de réseau AFD qui n'a pas pu démarrer en raison de l'erreur :

%%31

 

Error - 15/06/2011 00:48:37 | Computer Name = PC | Source = Service Control Manager | ID = 7001

Description = Le service Services IPSEC dépend du service Pilote IPSEC qui n'a pas

pu démarrer en raison de l'erreur : %%31

 

Error - 15/06/2011 00:48:37 | Computer Name = PC | Source = Service Control Manager | ID = 7026

Description = Le pilote de démarrage système ou d'amorçage suivant n'a pas pu se

charger : AFD Avgldx86 Avgmfx86 Avgtdix Fips IPSec MRxSmb NetBIOS NetBT NVTCP Processor RasAcd

Rdbss

Tcpip

vsdatant

WS2IFSL

 

Error - 15/06/2011 00:55:09 | Computer Name = PC | Source = DCOM | ID = 10005

Description = DCOM a reçu l'erreur "%1084" lors de la mise en route du service netman

avec les arguments "" pour démarrer le serveur : {BA126AE5-2166-11D1-B1D0-00805FC1270E}

 

Error - 15/06/2011 00:56:03 | Computer Name = PC | Source = DCOM | ID = 10005

Description = DCOM a reçu l'erreur "%1084" lors de la mise en route du service EventSystem

avec les arguments "" pour démarrer le serveur : {1BE1F766-5536-11D1-B726-00C04FB926AF}

 

 

< End of report >

 

PS: Est-ce que j'ai besoin du pare-feu Windows si NVidia Nforce Network Access Manager est présent sur l'ordi ?

 

Je n'ai pas de DD externe et j'ai formaté ma clé USB depuis un autre ordi et vide de données, je ne l'ai donc pas connecté.

 

merci & A+

 

Saxaphone

[lance_yien]

Bonjour,

 

... PS: Est-ce que j'ai besoin du pare-feu Windows si NVidia Nforce Network Access Manager est présent sur l'ordi ?

Surtout pas, non. Il faut un seul AV, un seul PF et un seul antispyware.

En plus le PF de XP ne contrôle pas le flux sortant.

--

 

>>> OTL: Désactiver les programmes de protection (antivirus etc...) et lancer OTL.

Copier la liste suivante (commençant par :OTL) et la coller dans l'espace sous "Personnalisation" (les : au début et le ] à la fin sont très important, merci de vérifier).

 

:OTL

FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search"

FF - prefs.js..browser.search.defaultthis.engineName: "Protection ZoneAlarm Customized Web Search"

FF - prefs.js..browser.search.selectedEngine: "AVG Secure Search"

FF - prefs.js..extensions.enabledItems: {1E73965B-8B48-48be-9C8D-68B920ABC1C4}:10.0.0.1387

FF - prefs.js..extensions.enabledItems: avg@igeared:7.005.030.004

FF - prefs.js..keyword.URL: "http://search.avg.com/route/?d=4dd7dd66&v=7.005.030.004&i=23&tp=ab&iy=&ychte=fr&lng=fr&q="

FF - HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi: File not found

[2011/06/14 11:24:31 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}

File not found (No name found) --

[2011/07/12 17:40:46 | 000,000,000 | ---D | M] (AVG Safe Search) -- C:\PROGRAM FILES\AVG\AVG10\FIREFOX4

O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll (AVG Technologies CZ, s.r.o.)

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.

O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.

O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - No CLSID value found.

O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - No CLSID value found.

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

[2011/07/12 17:33:05 | 000,000,000 | --SD | C] -- C:\ComboFix

 

:Services

 

:Reg

 

:Files

ipconfig /flushdns /c

C:\WINDOWS\tasks\*.job

C:\*.sqm

C:\WINDOWS\System32\*.tmp

C:\WINDOWS\*.tmp

 

:Commands

[EMPTYTEMP]

[EMPTYFLASH]

[RESETHOSTS]

Cliquer sur le bouton rouge Correction et laisser faire.

Si un ou plusieurs fichiers ne peuvent pas être supprimés normalement, le programme demandera de redémarrer la machine pour finir le processus, cliquer sur Oui.

A la fin un rapport s'ouvre dans le bloc-note. Copier son contenu et le coller dans une nouvelle réponse. Fermer le rapport et OTL.

 

 

Rapports demandés:

• OTL.txt

As-tu encore d'autres symptômes visibles à vérifier avant de conclure?

[saxaphone]

Bonsoir Lance_yien,

 

Pour l'instant je n'ai plus de symptôme de désactivation du pare-feu Windows.

Mais puisque je vais le désactivé ...

 

voici le rapport OTL:

 

All processes killed

========== OTL ==========

Prefs.js: "AVG Secure Search" removed from browser.search.defaultenginename

Prefs.js: "Protection ZoneAlarm Customized Web Search" removed from browser.search.defaultthis.engineName

Prefs.js: "AVG Secure Search" removed from browser.search.selectedEngine

Prefs.js: {1E73965B-8B48-48be-9C8D-68B920ABC1C4}:10.0.0.1387 removed from extensions.enabledItems

Prefs.js: avg@igeared:7.005.030.004 removed from extensions.enabledItems

Prefs.js: "http://search.avg.com/route/?d=4dd7dd66&v=7.005.030.004&i=23&tp=ab&iy=&ychte=fr&lng=fr&q=" removed from keyword.URL

Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@checkpoint.com/FFApi\ deleted successfully.

C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome\locale\zh-TW\ffjcext folder moved successfully.

C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome\locale\zh-TW folder moved successfully.

C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome\locale\zh-CN\ffjcext folder moved successfully.

C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome\locale\zh-CN folder moved successfully.

C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome\locale\sv-SE\ffjcext folder moved successfully.

C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome\locale\sv-SE folder moved successfully.

C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome\locale\ko-KR\ffjcext folder moved successfully.

C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome\locale\ko-KR folder moved successfully.

C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome\locale\ja-JP\ffjcext folder moved successfully.

C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome\locale\ja-JP folder moved successfully.

C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome\locale\it-IT\ffjcext folder moved successfully.

C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome\locale\it-IT folder moved successfully.

C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome\locale\fr-FR\ffjcext folder moved successfully.

C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome\locale\fr-FR folder moved successfully.

C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome\locale\es-ES\ffjcext folder moved successfully.

C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome\locale\es-ES folder moved successfully.

C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome\locale\en-US\ffjcext folder moved successfully.

C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome\locale\en-US folder moved successfully.

C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome\locale\de-DE\ffjcext folder moved successfully.

C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome\locale\de-DE folder moved successfully.

C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome\locale folder moved successfully.

C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome\content\ffjcext folder moved successfully.

C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome\content folder moved successfully.

C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome folder moved successfully.

C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} folder moved successfully.

C:\PROGRAM FILES\AVG\AVG10\FIREFOX4\Components folder moved successfully.

C:\PROGRAM FILES\AVG\AVG10\FIREFOX4\Chrome folder moved successfully.

C:\PROGRAM FILES\AVG\AVG10\FIREFOX4 folder moved successfully.

Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\ deleted successfully.

C:\Program Files\AVG\AVG10\avgssie.dll moved successfully.

Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.

Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}\ not found.

Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\\{EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107}\ not found.

Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107}\ not found.

Registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Infodelivery\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Restrictions\ deleted successfully.

Registry key HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Control Panel\ deleted successfully.

Folder C:\ComboFix\ not found.

========== SERVICES/DRIVERS ==========

========== REGISTRY ==========

========== FILES ==========

< ipconfig /flushdns /c >

Configuration IP de Windows

Cache de résolution DNS vidé.

C:\Documents and Settings\Saxo\Bureau\cmd.bat deleted successfully.

C:\Documents and Settings\Saxo\Bureau\cmd.txt deleted successfully.

File\Folder C:\WINDOWS\tasks\*.job not found.

File\Folder C:\*.sqm not found.

File\Folder C:\WINDOWS\System32\*.tmp not found.

File\Folder C:\WINDOWS\*.tmp not found.

========== COMMANDS ==========

 

[EMPTYTEMP]

 

User: All Users

 

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 67 bytes

 

User: LocalService

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 32902 bytes

 

User: NetworkService

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 33170 bytes

 

User: Saxo

->Temp folder emptied: 11754 bytes

->Temporary Internet Files folder emptied: 180626 bytes

->Java cache emptied: 0 bytes

->FireFox cache emptied: 40798705 bytes

->Flash cache emptied: 470 bytes

 

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32\dllcache .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 109160 bytes

%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes

%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes

RecycleBin emptied: 0 bytes

 

Total Files Cleaned = 39,00 mb

 

 

[EMPTYFLASH]

 

User: All Users

 

User: Default User

 

User: LocalService

 

User: NetworkService

 

User: Saxo

->Flash cache emptied: 0 bytes

 

Total Flash Files Cleaned = 0,00 mb

 

C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.

HOSTS file reset successfully

 

OTL by OldTimer - Version 3.2.26.1 log created on 07142011_190811

 

Files\Folders moved on Reboot...

File move failed. C:\WINDOWS\temp\logishrd\LVPrcInj01.dll scheduled to be moved on reboot.

 

Registry entries deleted on Reboot...

 

PS:

-Je ne sais pas comment voir si le pare-feu NVidia Nforce Network Access Manager est actif, peux-tu me dire comment faire si tu le sais ?

 

-Depuis l'installation de la console de récupération Windows, mon écran de démarrage à changé, est-ce normal?

 

Merci & A+

 

Saxaphone