Il y a actuellement 36 visiteurs
Vendredi 06 Décembre 2024
accueilactualitésdossierscomparer les prixtélécharger gratuitement vos logicielsoffres d'emploiforum informatique
Connexion
Créer un compte

Residu d'infection

Un ordinateur qui ralentit, des écrans publicitaires qui apparaissent, des applications qui refusent de démarrer ou encore votre navigateur qui s'obstine à ouvrir une page douteuse sont autant d'éléments qui indiquent que l'intégrité de votre ordinateur est menacée par un virus. Vous trouverez dans ce forum quelques conseils et logiciels pour surfer tranquillement.
Règles du forum
Pour afficher un rapport d'analyse ou un rapport d'infection (HijackThis, OTL, AdwCleaner etc...)‎, veuillez utiliser le système de fichiers joints interne au forum. Seuls les formats les .txt et .log de moins de 1Mo sont acceptés. Pour obtenir de l'aide pour insérer vos fichiers joints, veuillez consulter ce tutoriel

Residu d'infection

Message le 25 Mai 2010 23:51

Bonsoir,
Je vient de faire du menage dans le PC portable de mes enfants qui ont un peu oublié mes consignes de sécurité.

c'est un PC portable ACER Travelmate 2300
avec XP pack 3 Nu 2600
Mémoire physique total 1024Mo dispo 481Mo
Mémoire virtuel total 2 Go dispo 1.96Go
Espace fichier d'échange 1.36Go

Il était infesté de "bebette" J'ai utilisé:
Spybot
malwarebytes
CCleaner
CureIt (de dr web)

Cela l'avais bien nettoyé et il refonctionnais correctement mais un message d'erreur réaparait au démarage :
"impossible de trouverC:\~~\locals~1\temp\ windows-update-kb237643-x86-enu.exe" (3 fois )

Je vous poste le rapport hijackthis en espèrant qu'il puisse vous aider pour solutionner mon PB.

Par ailleur je trouve que le PC est très lent! Avez vous des conseils pour alléger le chargement au démarage qui doit etre trop important pour la puissance de la machine (peut etre que les lenteurs vienne de là)

Code: Tout sélectionner
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 00:37:30, on 26/05/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZONELABS\vsmon.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Acer\eManager\anbmServ.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\acer\epm\epm-dm.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Fichiers communs\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Messenger\msmsgs.exe
D:\PROGRAMMES\PrintScreen\PrintScreen.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Fichiers communs\ArcSoft\Connection Service\Bin\ArcCon.ac
C:\WINDOWS\system32\msiexec.exe
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\AlertModule\1\AlertModule.exe
C:\Program Files\Philips\GoGear ARIA Device Manager\GoGear_Aria_DeviceManager.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\OrangeHSS\systray\systrayapp.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.orange.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\Program Files\OrangeHSS\SearchURLHook\SearchPageURL.dll
R3 - URLSearchHook: (no name) - {59994074-c06d-4a75-9768-49e5a8c21264} - (no file)
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (file missing)
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: (no name) - {59994074-c06d-4a75-9768-49e5a8c21264} - (no file)
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [EPM-DM] c:\acer\epm\epm-dm.exe
O4 - HKLM\..\Run: [ePowerManagement] C:\Acer\ePM\ePM.exe boot
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [ArcSoft Connection Service] C:\Program Files\Fichiers communs\ArcSoft\Connection Service\Bin\ACDaemon.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ORAHSSSessionManager] C:\Program Files\OrangeHSS\SessionManager\SessionManager.exe
O4 - HKLM\..\Run: [Google Updater] C:\DOCUME~1\Drololo\LOCALS~1\Temp\nvdis.exe
O4 - HKLM\..\Run: [StartServiceBTWCESK] "C:\Documents and Settings\Drololo\Local Settings\Application Data\BTWCESK\StartService.exe"
O4 - HKLM\..\Run: [NVIDIA Monitoring] C:\DOCUME~1\Drololo\LOCALS~1\Temp\erase_me481838.exe
O4 - HKLM\..\Run: [avast5] C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe /nogui
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Gadwin PrintScreen] D:\PROGRAMMES\PrintScreen\PrintScreen.exe /nosplash
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [Google Updater] C:\DOCUME~1\Drololo\LOCALS~1\Temp\nvdis.exe
O4 - HKCU\..\Run: [StartServiceBTWCESK] "C:\Documents and Settings\Drololo\Local Settings\Application Data\BTWCESK\StartService.exe"
O4 - HKCU\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" /systray /nologon
O4 - HKCU\..\Run: [MSConfig] C:\Documents and Settings\Drololo\nimqws.exe \u
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [M5T8QL3YW3] C:\DOCUME~1\Drololo\LOCALS~1\Temp\Ycx.exe
O4 - HKLM\..\Policies\Explorer\Run: [MicrosoftCorp] C:\DOCUME~1\Drololo\LOCALS~1\Temp\nvdis.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Philips GoGear ARIA Device Manager.lnk = C:\Program Files\Philips\GoGear ARIA Device Manager\GoGear_Aria_DeviceManager.exe
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: *.canalplay.com (HKLM)
O15 - Trusted Zone: *.canalplusactive.com (HKLM)
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.srtest.com/srl_bin/sysreqlab_srl.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/MessengerGamesContent/GameContent/fr/uno1/GAME_UNO1.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {C45B1500-7B63-47C2-AB25-C28CB46AFDEE} (MediaBar) - http://sib1.od2.com/common/musicmanager/installation/MusicManagerPlugin.CAB
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} (get_atlcom Class) - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files\Fichiers communs\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom SA - C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
O23 - Service: Service Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Sony Ericsson OMSI download service (OMSI download service) - Unknown owner - C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZONELABS\vsmon.exe

--
End of file - 11029 bytes


Merci d'avoir pris le temp de me lire
Cordialement
Olibasse
Avatar de l'utilisateur
olibasse
Visiteur Confirmé
Visiteur Confirmé
 
Messages: 11
Inscription: 25 Mai 2010 22:16
 


Re: Residu d'infection

Message le 26 Mai 2010 06:37

Salut et bienvenue sur PC-infopratique :wink:

tu pourra passer 100 fois Malwarebytes, cela ne changera pas le problème, le dropper est toujours présent, donc à chaque démarrage de ton pc il se reconnecte aux serveurs ......

fais cela stp...

Télécharge >>> AD-Remover <<< ( de C_XX ) sur ton bureau.

- Double-clique sur le raccourcie Image pour lancer le tool.

- Pour Vista /Seven faire un cliques droit sur l'icône et choisir "Exécuter en tant qu'administrateur"

- Cliques sur "Nettoyer".

- Ensuite laisse le scan s'effectuer tranquillement sans te servir du PC

- Poste le rapport.txt qui s'ouvre.

au cas ou,le rapport est sauvegarder ici
C:\AD-Report-scan+"date"

ensuite...

* Télécharge >> OTL <<sur ton bureau.

* Fait un double-clic sur l'icône d'OTL pour le lancer

* Assure toi d'avoir fermé toutes les applications en court de fonctionnement.

* Quand la fenêtre d'OTL apparaît, assure toi que dans la section "Rapport" (en haut à droite) la case "rapport minimal " soit cochée.

* Coches les case situées devant "Tous les utilisateurs", " Recherche LOP" et "Recherche Purity".

* Copier et colle le contenue de cette citation dans la partie inférieure d'OTL "personnalisation"


netsvcs
%SYSTEMDRIVE%\*.exe
/md5start
Sfloppy.sys
Changer.sys
cdrom.sys
disk.sys
ndis.sys
usbscan.sys
usbprint.sys
tdtcp.sys
tdpipe.sys
swmidi.sys
splitter.sys
rdpwd.sys
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
sceclt.dll
ntelogon.dll
logevent.dll
RASACD.SYS
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
nvrd32.sys
/md5stop
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles


* Cliques sur l'icône "Analyse" (en haut à gauche) .
* Laisse le scan aller à son terme sans te servir du PC
* A la fin du scan un ou deux rapports vont s'ouvrir "OTL.Txt" et ( ou ) "Extras.Txt"( dans certains cas).
* Copie et colle le ou les rapports dans ta réponse stp...
* Au cas où, tu peux les retrouver dans le dossier C:\OTL ou sur ton bureau en fonction des cas rencontrés

@ ce soir
Avatar de l'utilisateur
jeanmimigab
PC-Infopraticien
PC-Infopraticien
 
Messages: 2986
Inscription: 29 Nov 2009 12:05
 

Re: Residu d'infection

Message le 26 Mai 2010 18:56

Merci pour ces conseils
je me met au travail dès maintenant et je poste les résultats dans la soiré

Cdrl
Olibasse
Avatar de l'utilisateur
olibasse
Visiteur Confirmé
Visiteur Confirmé
 
Messages: 11
Inscription: 25 Mai 2010 22:16
 

Re: Residu d'infection

Message le 26 Mai 2010 19:56

voici les rapports, pour info je n'ai pas redémarrer le PC entre les analyses

Ad-Report-CLEAN
Code: Tout sélectionner
.
======= RAPPORT D'AD-REMOVER 2.0.0.0,D | UNIQUEMENT XP/VISTA/7 =======
.
Mis à jour par C_XX le 19/05/10 à 19:20
Contact: AdRemover.contact@gmail.com
Site web: http://pagesperso-orange.fr/NosTools/ad_remover.html
.
Lancé à: 19:57:40 le 26/05/2010 | Mode normal | Option: CLEAN
Exécuté de: C:\Ad-Remover\ADR.exe
SE: Microsoft Windows XP Édition familiale (Service Pack 3 - X86)
Nom du PC: DROLOLO_PC
Utilisateur actuel: Drololo
.
============== ÉLÉMENT(S) NEUTRALISÉ(S) ==============
.
.
C:\Documents and Settings\All Users\Application Data\GamesBar
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\GamesBar
C:\Program Files\GamesBar

(!) -- Fichiers temporaires supprimés.
.
HKCU\Software\fcn
HKCU\Software\GamesBar
HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}
HKLM\Software\Classes\CLSID\{C45B1500-7B63-47C2-AB25-C28CB46AFDEE}
HKLM\Software\Classes\TypeLib\{AD76633E-E50D-4844-9E7F-4DFBC7C18467}
HKLM\Software\GamesBar
HKLM\Software\GamesBarSetup
HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\Gamesbar
.
.
============== SCAN ADDITIONNEL ==============
.
.
* Internet Explorer Version 8.0.6001.18702 *
.
[HKCU\Software\Microsoft\Internet Explorer\Main]
.
Default_Page_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Do404Search: 0x01000000
Enable Browser Extensions: yes
Local Page: C:\WINDOWS\system32\blank.htm
Search bar: hxxp://go.microsoft.com/fwlink/?linkid=54896
Show_ToolBar: yes
Start Page: hxxp://fr.msn.com/
Use Search Asst: no
.
[HKLM\Software\Microsoft\Internet Explorer\Main]
.
Default_Page_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Delete_Temp_Files_On_Exit: yes
Local Page: C:\WINDOWS\system32\blank.htm
Search bar: hxxp://search.msn.com/spbasic.htm
Search Page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Start Page: hxxp://fr.msn.com/
.
[HKLM\Software\Microsoft\Internet Explorer\ABOUTURLS]
.
Tabs: res://ieframe.dll/tabswelcome.htm
Blank: res://mshtml.dll/blank.htm
.
========================================
.
C:\Ad-Remover\Quarantine: 0 Fichier(s)
C:\Ad-Remover\Backup: 13 Fichier(s)
.
C:\Ad-Report-CLEAN[1].txt - 2381 Octet(s)
.
Fin à: 20:01:56, 26/05/2010
.
============== E.O.F - CLEAN[1] ==============


OTL
Code: Tout sélectionner
OTL logfile created on: 26/05/2010 20:26:46 - Run 1
OTL by OldTimer - Version 3.2.5.0     Folder = C:\Documents and Settings\Drololo\Bureau
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy
 
1 006,00 Mb Total Physical Memory | 669,00 Mb Available Physical Memory | 66,00% Memory free
1,00 Gb Paging File | 1,00 Gb Available in Paging File | 84,00% Paging File free
Paging file location(s): C:\pagefile.sys 480 760 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 17,07 Gb Total Space | 4,60 Gb Free Space | 26,96% Space Free | Partition Type: FAT32
Drive D: | 17,24 Gb Total Space | 12,15 Gb Free Space | 70,48% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
Drive F: | 7,46 Gb Total Space | 7,04 Gb Free Space | 94,40% Space Free | Partition Type: FAT32
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: DROLOLO_PC
Current User Name: Drololo
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
[color=#E56717]========== Processes (SafeList) ==========[/color]
 
PRC - C:\Documents and Settings\Drololo\Bureau\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Alwil Software\Avast5\AvastUI.exe (ALWIL Software)
PRC - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (ALWIL Software)
PRC - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
PRC - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe (Lavasoft)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
 
 
[color=#E56717]========== Modules (SafeList) ==========[/color]
 
MOD - C:\Documents and Settings\Drololo\Bureau\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\system32\msscript.ocx (Microsoft Corporation)
 
 
[color=#E56717]========== Win32 Services (SafeList) ==========[/color]
 
SRV - (avast! Web Scanner) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (ALWIL Software)
SRV - (avast! Mail Scanner) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (ALWIL Software)
SRV - (avast! Antivirus) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (ALWIL Software)
SRV - (getPlusHelper) getPlus(R) -- C:\Program Files\NOS\bin\getPlus_Helper.dll (NOS Microsystems Ltd.)
SRV - (ACDaemon) -- C:\Program Files\Fichiers communs\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)
SRV - (Apple Mobile Device) -- C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (SeaPort) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)
SRV - (OMSI download service) -- C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe ()
SRV - (aawservice) -- C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe (Lavasoft)
SRV - (vsmon) -- C:\WINDOWS\System32\ZONELABS\vsmon.exe (Zone Labs, LLC)
SRV - (FTRTSVC) -- C:\Program Files\Fichiers communs\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe (France Telecom SA)
SRV - (IDriverT) -- C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe (Macrovision Corporation)
SRV - (anbmService) -- C:\Acer\eManager\anbmServ.exe (OSA Technologies Inc.)
 
 
[color=#E56717]========== Driver Services (SafeList) ==========[/color]
 
DRV - (SMBHC) -- C:\WINDOWS\system32\drivers\smbhc.sys (Microsoft Corporation)
DRV - (aswTdi) -- C:\WINDOWS\system32\drivers\aswTdi.sys (ALWIL Software)
DRV - (aswSP) -- C:\WINDOWS\system32\drivers\aswSP.sys (ALWIL Software)
DRV - (aswRdr) -- C:\WINDOWS\system32\drivers\aswRdr.sys (ALWIL Software)
DRV - (aswMon2) -- C:\WINDOWS\system32\drivers\aswmon2.sys (ALWIL Software)
DRV - (aswFsBlk) -- C:\WINDOWS\system32\drivers\aswFsBlk.sys (ALWIL Software)
DRV - (Aavmker4) -- C:\WINDOWS\system32\drivers\aavmker4.sys (ALWIL Software)
DRV - (atksgt) -- C:\WINDOWS\system32\drivers\atksgt.sys ()
DRV - (lirsgt) -- C:\WINDOWS\system32\drivers\lirsgt.sys ()
DRV - (USBModem) -- C:\WINDOWS\system32\drivers\lgusbmodem.sys (LG Electronics Inc.)
DRV - (UsbDiag) -- C:\WINDOWS\system32\drivers\lgusbdiag.sys (LG Electronics Inc.)
DRV - (usbbus) -- C:\WINDOWS\system32\drivers\lgusbbus.sys (LG Electronics Inc.)
DRV - (vsdatant) -- C:\WINDOWS\system32\vsdatant.sys (Zone Labs, LLC)
DRV - (s0017mdm) -- C:\WINDOWS\system32\drivers\s0017mdm.sys (MCCI Corporation)
DRV - (s0017unic) Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (WDM) -- C:\WINDOWS\system32\drivers\s0017unic.sys (MCCI Corporation)
DRV - (s0017obex) -- C:\WINDOWS\system32\drivers\s0017obex.sys (MCCI Corporation)
DRV - (s0017bus) Sony Ericsson Device 0017 driver (WDM) -- C:\WINDOWS\system32\drivers\s0017bus.sys (MCCI Corporation)
DRV - (s0017mdfl) -- C:\WINDOWS\system32\drivers\s0017mdfl.sys (MCCI Corporation)
DRV - (s0017mgmt) Sony Ericsson Device 0017 USB WMC Device Management Drivers (WDM) -- C:\WINDOWS\system32\drivers\s0017mgmt.sys (MCCI Corporation)
DRV - (s0017nd5) Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (NDIS) -- C:\WINDOWS\system32\drivers\s0017nd5.sys (MCCI Corporation)
DRV - (NSCIRDA) -- C:\WINDOWS\system32\drivers\nscirda.sys (National Semiconductor Corporation)
DRV - (usbaudio) Pilote USB audio (WDM) -- C:\WINDOWS\system32\drivers\USBAUDIO.sys (Microsoft Corporation)
DRV - (SMBBATT) -- C:\WINDOWS\system32\drivers\smbbatt.sys (Microsoft Corporation)
DRV - (srescan) -- C:\WINDOWS\system32\ZoneLabs\srescan.sys (Zone Labs, LLC)
DRV - (seehcri) -- C:\WINDOWS\system32\drivers\seehcri.sys (Sony Ericsson Mobile Communications)
DRV - (KLIF) -- C:\WINDOWS\system32\drivers\klif.sys (Kaspersky Lab)
DRV - (PCANDIS5) -- C:\WINDOWS\system32\pcandis5.sys (Printing Communications Assoc., Inc. (PCAUSA))
DRV - (sfvfs02) StarForce Protection VFS Driver (version 2.x) -- C:\WINDOWS\System32\drivers\sfvfs02.sys (Protection Technology)
DRV - (sfdrv01) StarForce Protection Environment Driver (version 1.x) -- C:\WINDOWS\System32\drivers\sfdrv01.sys (Protection Technology)
DRV - (sfhlp02) StarForce Protection Helper Driver (version 2.x) -- C:\WINDOWS\System32\drivers\sfhlp02.sys (Protection Technology)
DRV - (NTIDrvr) -- C:\WINDOWS\system32\drivers\NTIDrvr.sys (NewTech Infosystems, Inc.)
DRV - (w29n51) Pilote de carte de connexion réseau Intel(R) -- C:\WINDOWS\system32\drivers\w29n51.sys (Intel® Corporation)
DRV - (EpmShd) -- C:\WINDOWS\system32\drivers\epm-shd.sys (Acer Value Labs, USA)
DRV - (EpmPsd) -- C:\WINDOWS\system32\drivers\epm-psd.sys (Acer Value Labs, USA)
DRV - (osaio) -- C:\WINDOWS\system32\drivers\osaio.sys (Windows (R) 2000 DDK provider)
DRV - (osanbm) -- C:\WINDOWS\system32\drivers\osanbm.sys (Windows (R) 2000 DDK provider)
DRV - (LVUSBSta) -- C:\WINDOWS\system32\drivers\LVUSBSta.sys ()
DRV - (tifm21) -- C:\WINDOWS\system32\drivers\tifm21.sys (Texas Instruments)
DRV - (QCMerced) -- C:\WINDOWS\system32\drivers\lvcm.sys ()
DRV - (SynTP) -- C:\WINDOWS\system32\drivers\SynTP.sys (Synaptics, Inc.)
DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.)
DRV - (CAMCHALA) -- C:\WINDOWS\system32\drivers\camchal.sys (Conexant Systems Inc.)
DRV - (CAMCAUD) -- C:\WINDOWS\system32\drivers\camcaud.sys (Conexant Systems Inc.)
DRV - (IPN2220) -- C:\WINDOWS\system32\drivers\i2220ntx.sys (Inprocomm, Inc.)
DRV - (HSFHWICH) -- C:\WINDOWS\system32\drivers\HSFHWICH.sys (Conexant Systems, Inc.)
DRV - (winachsf) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys (Conexant Systems, Inc.)
DRV - (HSF_DP) -- C:\WINDOWS\system32\drivers\HSF_DP.sys (Conexant Systems, Inc.)
DRV - (bcm4sbxp) -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys (Broadcom Corporation)
DRV - (PCAMPR5) -- C:\WINDOWS\system32\pcampr5.sys (Printing Communications Assoc., Inc. (PCAUSA))
DRV - (b57w2k) -- C:\WINDOWS\system32\drivers\b57xp32.sys (Broadcom Corporation)
DRV - (DKbFltr) -- C:\WINDOWS\system32\drivers\DKbFltr.SYS (Dritek System Inc.)
 
 
[color=#E56717]========== Standard Registry (SafeList) ==========[/color]
 
 
[color=#E56717]========== Internet Explorer ==========[/color]
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-4049793721-4199923734-2029102714-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.google.fr/ [binary data]
IE - HKU\S-1-5-21-4049793721-4199923734-2029102714-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/
IE - HKU\S-1-5-21-4049793721-4199923734-2029102714-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://fr.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-4049793721-4199923734-2029102714-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = fr
IE - HKU\S-1-5-21-4049793721-4199923734-2029102714-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = B0 7A 82 CD E5 5B CA 01  [binary data]
IE - HKU\S-1-5-21-4049793721-4199923734-2029102714-1005\..\URLSearchHook: {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\Program Files\OrangeHSS\SearchURLHook\SearchPageURL.dll ()
IE - HKU\S-1-5-21-4049793721-4199923734-2029102714-1005\..\URLSearchHook: {59994074-c06d-4a75-9768-49e5a8c21264} - Reg Error: Key error. File not found
IE - HKU\S-1-5-21-4049793721-4199923734-2029102714-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
FF - HKLM\software\mozilla\Firefox\Extensions\\{B728AB94-9BC7-49b7-B76A-422BB31B2FD0}: D:\Internet Video Downloader\Plugin_FireFox [2009/09/26 17:49:48 | 000,000,000 | ---D | M]
 
 
Hosts file not found
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Programme d'aide de l'Assistant de connexion Windows Live) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll File not found
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (no name) - {59994074-c06d-4a75-9768-49e5a8c21264} - No CLSID value found.
O3 - HKU\S-1-5-21-4049793721-4199923734-2029102714-1005\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKU\S-1-5-21-4049793721-4199923734-2029102714-1005\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll File not found
O3 - HKU\S-1-5-21-4049793721-4199923734-2029102714-1005\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files\Fichiers communs\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\AvastUI.exe (ALWIL Software)
O4 - HKLM..\Run: [EPM-DM] c:\Acer\ePM\EPM-DM.exe (Acer Value Labs, USA)
O4 - HKLM..\Run: [ePowerManagement] C:\Acer\ePM\ePM.exe (Acer Value Labs, Taiwan)
O4 - HKLM..\Run: [Google Updater] C:\DOCUME~1\Drololo\LOCALS~1\Temp\nvdis.exe File not found
O4 - HKLM..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE (Logitech Inc.)
O4 - HKLM..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe ()
O4 - HKLM..\Run: [NVIDIA Monitoring] C:\DOCUME~1\Drololo\LOCALS~1\Temp\erase_me481838.exe File not found
O4 - HKLM..\Run: [ORAHSSSessionManager] C:\Program Files\OrangeHSS\SessionManager\SessionManager.exe (France Telecom SA)
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [StartServiceBTWCESK] C:\Documents and Settings\Drololo\Local Settings\Application Data\BTWCESK\StartService.exe (mIRC Co. Ltd.)
O4 - HKLM..\Run: [ZoneAlarm Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe (Zone Labs, LLC)
O4 - HKU\S-1-5-21-4049793721-4199923734-2029102714-1005..\Run: [Gadwin PrintScreen] D:\PROGRAMMES\PrintScreen\PrintScreen.exe (Gadwin Systems, Inc)
O4 - HKU\S-1-5-21-4049793721-4199923734-2029102714-1005..\Run: [Google Updater] C:\DOCUME~1\Drololo\LOCALS~1\Temp\nvdis.exe File not found
O4 - HKU\S-1-5-21-4049793721-4199923734-2029102714-1005..\Run: [M5T8QL3YW3] C:\DOCUME~1\Drololo\LOCALS~1\Temp\Ycx.exe File not found
O4 - HKU\S-1-5-21-4049793721-4199923734-2029102714-1005..\Run: [MSConfig]  File not found
O4 - HKU\S-1-5-21-4049793721-4199923734-2029102714-1005..\Run: [Sony Ericsson PC Suite] C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe (Sony Ericsson Mobile Communications AB)
O4 - HKU\S-1-5-21-4049793721-4199923734-2029102714-1005..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKU\S-1-5-21-4049793721-4199923734-2029102714-1005..\Run: [StartServiceBTWCESK] C:\Documents and Settings\Drololo\Local Settings\Application Data\BTWCESK\StartService.exe (mIRC Co. Ltd.)
O4 - HKU\S-1-5-21-4049793721-4199923734-2029102714-1005..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Philips GoGear ARIA Device Manager.lnk = C:\Program Files\Philips\GoGear ARIA Device Manager\GoGear_Aria_DeviceManager.exe (Philips)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: MicrosoftCorp = C:\DOCUME~1\Drololo\LOCALS~1\Temp\nvdis.exe File not found
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-4049793721-4199923734-2029102714-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll (Google Inc.)
O9 - Extra Button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O15 - HKLM\..Trusted Domains: canalplay.com ([]* in Trusted sites)
O15 - HKLM\..Trusted Domains: canalplusactive.com ([]* in Trusted sites)
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} http://www.srtest.com/srl_bin/sysreqlab_srl.cab (System Requirements Lab Class)
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} http://messenger.zone.msn.com/MessengerGamesContent/GameContent/fr/uno1/GAME_UNO1.cab (UnoCtrl Class)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {C45B1500-7B63-47C2-AB25-C28CB46AFDEE} http://sib1.od2.com/common/musicmanager/installation/MusicManagerPlugin.CAB (Reg Error: Key error.)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (get_atlcom Class)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKU\S-1-5-21-4049793721-4199923734-2029102714-1005 Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKU\S-1-5-21-4049793721-4199923734-2029102714-1005 Winlogon: Shell - (C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1455\fresdg.exe) - C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1455\fresdg.exe File not found
O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O24 - Desktop Components:0 (Ma page d'accueil) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\Drololo\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Drololo\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/09/20 11:17:08 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ FAT32 ]
O32 - AutoRun File - [2010/01/09 19:14:18 | 000,000,086 | ---- | M] () - D:\AUTORUN.INF -- [ FAT32 ]
O32 - AutoRun File - [2007/05/09 11:51:00 | 000,002,623 | ---- | M] () - D:\autofill.conf -- [ FAT32 ]
O33 - MountPoints2\{51fc6bf1-ac68-11de-90d6-00c09f642126}\Shell\Auto\command - "" = Start.exe
O33 - MountPoints2\{7aadddf1-be8a-11de-90f0-00c09f642126}\Shell\Auto\command - "" = Start.exe
O33 - MountPoints2\{836c9e00-6967-11de-9090-00c09f642126}\Shell\AutoRun\command - "" = F:\TRASH\DFG-2352-66235-2352322-634621321-6662355\365345.exe -- File not found
O33 - MountPoints2\{836c9e00-6967-11de-9090-00c09f642126}\Shell\open\command - "" = F:\TRASH\DFG-2352-66235-2352322-634621321-6662355\365345.exe -- File not found
O33 - MountPoints2\{857beea0-a064-11dd-8f4e-00c09f642126}\Shell\AutoRun\command - "" = G:\TRASH\DFG-2352-66235-2352322-634621321-6662355\365345.exe -- File not found
O33 - MountPoints2\{857beea0-a064-11dd-8f4e-00c09f642126}\Shell\open\command - "" = G:\TRASH\DFG-2352-66235-2352322-634621321-6662355\365345.exe -- File not found
O33 - MountPoints2\{d4c9e360-b83d-11de-90e6-00c09f642126}\Shell\Auto\command - "" = F:\Start.exe -- File not found
O33 - MountPoints2\{db2b15b1-9dcb-11dd-8f3e-806d6172696f}\Shell\AutoRun\command - "" = D:\setupSNK.exe -- [2008/04/13 19:34:30 | 000,028,672 | ---- | M] (Microsoft Corporation)
O33 - MountPoints2\{ea145752-c78d-11de-90f8-00c09f642126}\Shell - "" = AutoRun
O33 - MountPoints2\{ea145752-c78d-11de-90f8-00c09f642126}\Shell\AutoRun\command - "" = F:\USBAutoRun.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
NetSvcs: 6to4 -  File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2004/09/20 11:05:10 | 000,000,000 | ---D | M]
NetSvcs: Iprip -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: Wmi - C:\WINDOWS\system32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp -  File not found
NetSvcs: SSHNAS -  File not found
 
[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]
 
[2010/05/26 20:18:38 | 000,571,904 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Drololo\Bureau\OTL.exe
[2010/05/26 19:57:38 | 000,000,000 | ---D | C] -- C:\Ad-Remover
[2010/05/26 19:55:54 | 001,344,041 | ---- | C] (C_XX) -- C:\Documents and Settings\Drololo\Bureau\AD-R.exe
[2010/05/26 00:23:14 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Drololo\Recent
[2010/05/26 00:06:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Drololo\Application Data\mIRC
[2010/05/24 23:02:10 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2010/05/23 12:45:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Drololo\DoctorWeb
[2010/05/23 12:14:51 | 000,164,048 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2010/05/23 12:14:51 | 000,019,024 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2010/05/23 12:14:50 | 000,023,376 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2010/05/23 12:14:49 | 000,046,672 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2010/05/23 12:14:47 | 000,100,432 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2010/05/23 12:14:47 | 000,094,800 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2010/05/23 12:14:47 | 000,028,880 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2010/05/23 12:14:27 | 000,165,032 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\aswBoot.exe
[2010/05/23 12:14:27 | 000,038,848 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\avastSS.scr
[2010/05/23 12:14:19 | 000,000,000 | ---D | C] -- C:\Program Files\Alwil Software
[2010/05/23 12:14:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2010/05/23 12:11:17 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2010/05/23 11:29:14 | 000,000,000 | ---D | C] -- C:\Avenger
[2010/05/11 22:08:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Drololo\Mes documents\Mes Historiques de Conversation
[2010/05/01 15:57:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Drololo\WINDOWS
[2010/05/01 15:56:47 | 000,000,000 | ---D | C] -- C:\Program Files\Fichiers communs\AnimeVamp
[2010/04/28 20:34:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Drololo\Application Data\Sony
[2010/04/28 20:34:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sony
[2010/04/28 20:23:37 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Drololo\Mes documents\Mes vidéos
[2010/04/28 20:23:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Drololo\Local Settings\Application Data\Sony
[2010/04/28 20:22:10 | 000,000,000 | ---D | C] -- C:\Program Files\Fichiers communs\Sony Shared
[2010/04/28 20:21:45 | 000,000,000 | ---D | C] -- C:\Program Files\Sony
[2010/04/28 20:13:11 | 000,027,632 | ---- | C] (Sony Ericsson Mobile Communications) -- C:\WINDOWS\System32\drivers\seehcri.sys
[2010/04/28 20:12:44 | 000,148,736 | ---- | C] (Avanquest Software) -- C:\Documents and Settings\All Users\Application Data\hpe80.dll
[2010/04/28 20:06:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Drololo\Local Settings\Application Data\Sony Ericsson
[2010/04/28 20:04:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\BVRP Software
[2010/04/28 20:04:21 | 000,000,000 | ---D | C] -- C:\Program Files\Avanquest update
[2010/04/28 19:47:40 | 000,117,672 | ---- | C] (MCCI Corporation) -- C:\WINDOWS\System32\drivers\s0017unic.sys
[2010/04/28 19:47:40 | 000,010,792 | ---- | C] (MCCI Corporation) -- C:\WINDOWS\System32\drivers\s0017cr.sys
[2010/04/28 19:47:38 | 000,025,768 | ---- | C] (MCCI Corporation) -- C:\WINDOWS\System32\drivers\s0017nd5.sys
[2010/04/28 19:45:58 | 000,000,000 | ---D | C] -- C:\Program Files\Sony Ericsson
[2010/04/28 19:45:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sony Ericsson
[2010/04/28 19:40:43 | 000,115,496 | R--- | C] (MCCI Corporation) -- C:\WINDOWS\System32\drivers\s0017mgmt.sys
[2010/04/28 19:39:33 | 000,111,912 | R--- | C] (MCCI Corporation) -- C:\WINDOWS\System32\drivers\s0017obex.sys
[2010/04/28 19:38:13 | 000,122,152 | R--- | C] (MCCI Corporation) -- C:\WINDOWS\System32\drivers\s0017mdm.sys
[2010/04/28 19:38:13 | 000,015,016 | R--- | C] (MCCI Corporation) -- C:\WINDOWS\System32\drivers\s0017mdfl.sys
[2010/04/28 19:38:13 | 000,012,200 | R--- | C] (MCCI Corporation) -- C:\WINDOWS\System32\drivers\s0017cmnt.sys
[2010/04/28 19:38:13 | 000,012,200 | R--- | C] (MCCI Corporation) -- C:\WINDOWS\System32\drivers\s0017cm.sys
[2010/04/28 19:37:09 | 000,012,200 | R--- | C] (MCCI Corporation) -- C:\WINDOWS\System32\drivers\s0017whnt.sys
[2010/04/28 19:37:09 | 000,012,200 | ---- | C] (MCCI Corporation) -- C:\WINDOWS\System32\drivers\s0017wh.sys
[2010/04/28 19:37:08 | 000,090,536 | R--- | C] (MCCI Corporation) -- C:\WINDOWS\System32\drivers\s0017bus.sys
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\System32\drivers\*.tmp files -> C:\WINDOWS\System32\drivers\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
 
[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]
 
[2010/05/26 20:18:46 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Drololo\Bureau\OTL.exe
[2010/05/26 19:58:38 | 000,001,050 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/05/26 19:56:00 | 001,344,041 | ---- | M] (C_XX) -- C:\Documents and Settings\Drololo\Bureau\AD-R.exe
[2010/05/26 19:48:32 | 000,358,383 | ---- | M] () -- C:\WINDOWS\System32\vsconfig.xml
[2010/05/26 19:45:58 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/05/26 19:45:42 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/05/26 19:45:40 | 1055,379,456 | -HS- | M] () -- C:\hiberfil.sys
[2010/05/26 00:54:42 | 000,182,304 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox.dat
[2010/05/26 00:54:42 | 000,005,300 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox.idx
[2010/05/26 00:54:40 | 006,029,312 | -H-- | M] () -- C:\Documents and Settings\Drololo\NTUSER.DAT
[2010/05/26 00:54:38 | 000,000,184 | -HS- | M] () -- C:\Documents and Settings\Drololo\ntuser.ini
[2010/05/26 00:54:38 | 000,000,012 | ---- | M] () -- C:\WINDOWS\bthservsdp.dat
[2010/05/26 00:54:16 | 004,307,702 | -H-- | M] () -- C:\Documents and Settings\Drololo\Local Settings\Application Data\IconCache.db
[2010/05/26 00:37:20 | 000,001,642 | ---- | M] () -- C:\Documents and Settings\Drololo\Bureau\HijackThis.lnk
[2010/05/26 00:36:22 | 000,001,054 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/05/25 23:49:26 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/05/23 20:54:02 | 000,006,784 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\smbhc.sys
[2010/05/23 12:22:48 | 000,003,121 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2010/05/23 09:09:52 | 000,003,871 | RHS- | M] () -- C:\WINDOWS\wintybrd.jpg
[2010/05/12 20:21:34 | 000,001,421 | ---- | M] () -- C:\WINDOWS\mdll.dll
[2010/05/12 00:28:14 | 000,000,419 | ---- | M] () -- C:\WINDOWS\System32\MRT.INI
[2010/05/09 15:15:00 | 000,153,600 | ---- | M] () -- C:\Documents and Settings\Drololo\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/05/07 23:06:08 | 000,000,171 | ---- | M] () -- C:\Program Files\nvdiam.exe
[2010/05/07 18:22:22 | 000,016,384 | -H-- | M] () -- C:\Documents and Settings\Drololo\sup.exe
[2010/05/07 18:22:20 | 000,045,568 | -H-- | M] () -- C:\Documents and Settings\Drololo\secupdat.dat
[2010/05/06 22:59:58 | 000,038,848 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\avastSS.scr
[2010/05/06 22:59:36 | 000,165,032 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\aswBoot.exe
[2010/05/06 22:39:24 | 000,046,672 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2010/05/06 22:39:00 | 000,164,048 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2010/05/06 22:34:28 | 000,023,376 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2010/05/06 22:34:00 | 000,100,432 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2010/05/06 22:33:56 | 000,094,800 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2010/05/06 22:33:48 | 000,019,024 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2010/05/06 22:33:30 | 000,028,880 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2010/05/03 23:00:52 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Drololo\Application Data\chrtmp
[2010/05/01 16:10:26 | 000,000,960 | ---- | M] () -- C:\WINDOWS\_ISENV31.INI
[2010/05/01 16:10:26 | 000,000,521 | ---- | M] () -- C:\WINDOWS\_iserr31.ini
[2010/05/01 16:10:14 | 000,000,127 | ---- | M] () -- C:\WINDOWS\_delis43.ini
[2010/04/28 20:12:46 | 000,148,736 | ---- | M] (Avanquest Software) -- C:\Documents and Settings\All Users\Application Data\hpe80.dll
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\System32\drivers\*.tmp files -> C:\WINDOWS\System32\drivers\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
 
[color=#E56717]========== Files Created - No Company Name ==========[/color]
 
[2010/05/24 23:02:11 | 000,001,642 | ---- | C] () -- C:\Documents and Settings\Drololo\Bureau\HijackThis.lnk
[2010/05/23 08:38:30 | 1055,379,456 | -HS- | C] () -- C:\hiberfil.sys
[2010/05/12 20:21:57 | 000,003,871 | RHS- | C] () -- C:\WINDOWS\wintybrd.jpg
[2010/05/12 20:21:32 | 000,001,421 | ---- | C] () -- C:\WINDOWS\mdll.dll
[2010/05/12 00:28:13 | 000,000,419 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2010/05/07 18:22:19 | 000,016,384 | -H-- | C] () -- C:\Documents and Settings\Drololo\sup.exe
[2010/05/03 23:00:50 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Drololo\Application Data\chrtmp
[2010/05/01 16:10:25 | 000,000,960 | ---- | C] () -- C:\WINDOWS\_ISENV31.INI
[2010/05/01 16:10:25 | 000,000,521 | ---- | C] () -- C:\WINDOWS\_iserr31.ini
[2010/05/01 16:10:10 | 000,000,127 | ---- | C] () -- C:\WINDOWS\_delis43.ini
[2010/04/28 22:35:37 | 000,045,568 | -H-- | C] () -- C:\Documents and Settings\Drololo\secupdat.dat
[2010/02/17 13:26:05 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\CNMVS69.DLL
[2010/02/13 14:51:04 | 000,000,000 | ---- | C] () -- C:\WINDOWS\JCMkr32.INI
[2009/04/18 00:33:04 | 000,000,000 | ---- | C] () -- C:\WINDOWS\iPlayer.INI
[2008/12/27 11:11:22 | 000,278,728 | ---- | C] () -- C:\WINDOWS\System32\drivers\atksgt.sys
[2008/12/27 11:11:18 | 000,025,416 | ---- | C] () -- C:\WINDOWS\System32\drivers\lirsgt.sys
[2008/10/19 20:56:50 | 000,005,993 | ---- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2008/10/19 20:56:49 | 000,019,968 | ---- | C] () -- C:\WINDOWS\System32\drivers\LVUSBSta.sys
[2008/10/19 20:56:46 | 000,471,232 | ---- | C] () -- C:\WINDOWS\System32\drivers\lvcm.sys
[2008/10/19 16:36:00 | 000,021,904 | ---- | C] () -- C:\WINDOWS\System32\imsinstall_loc040c.dll
[2008/10/19 16:36:00 | 000,017,808 | ---- | C] () -- C:\WINDOWS\System32\imslsp_install_loc040c.dll
[2008/10/19 16:35:17 | 000,796,048 | ---- | C] () -- C:\WINDOWS\System32\libeay32_0.9.6l.dll
[2004/09/20 11:40:16 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2004/09/20 11:32:44 | 000,000,033 | ---- | C] () -- C:\WINDOWS\Acer.ini
[2004/09/20 11:32:43 | 000,000,327 | ---- | C] () -- C:\WINDOWS\uninstall.ini
[2004/09/20 11:31:54 | 000,001,024 | RH-- | C] () -- C:\WINDOWS\System32\ntiembed.dll
[2004/09/20 11:30:55 | 000,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTIMPEG2.dll
[2004/09/20 11:30:55 | 000,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTICDMK32.dll
[2004/09/20 11:27:16 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\SynTPCoI.dll
[2004/09/20 11:21:14 | 000,037,684 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2004/09/20 11:14:03 | 000,003,712 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2001/12/26 16:12:30 | 000,065,536 | R--- | C] () -- C:\WINDOWS\System32\multiplex_vcd.dll
[2001/09/03 23:46:38 | 000,110,592 | R--- | C] () -- C:\WINDOWS\System32\Hmpg12.dll
[2001/07/30 16:33:56 | 000,118,784 | R--- | C] () -- C:\WINDOWS\System32\HMPV2_ENC.dll
[2001/07/23 22:04:36 | 000,118,784 | R--- | C] () -- C:\WINDOWS\System32\HMPV2_ENC_MMX.dll
[1999/01/27 13:39:06 | 000,065,024 | ---- | C] () -- C:\WINDOWS\System32\indounin.dll
[1997/11/19 00:00:00 | 000,022,016 | ---- | C] () -- C:\WINDOWS\System32\DOCOBJ.DLL
[1997/11/19 00:00:00 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\HLINKPRX.DLL
[1997/11/11 00:00:00 | 000,031,232 | ---- | C] () -- C:\WINDOWS\System32\XLREC.DLL
[1997/11/11 00:00:00 | 000,025,600 | ---- | C] () -- C:\WINDOWS\System32\RECNCL.DLL
[1997/06/13 07:56:08 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\Iyvu9_32.dll
[1980/01/01 00:00:00 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\ati2evxx.dll
[1980/01/01 00:00:00 | 000,002,134 | ---- | C] () -- C:\WINDOWS\ANTIV.INI
[1980/01/01 00:00:00 | 000,000,091 | ---- | C] () -- C:\WINDOWS\ALAUNCH.INI
 
[color=#E56717]========== LOP Check ==========[/color]
 
[2008/10/19 16:36:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MailFrontier
[2009/05/27 15:16:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/12/13 01:02:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2010/04/25 22:51:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Messenger Plus!
[2010/04/28 20:04:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BVRP Software
[2010/04/28 20:34:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sony
[2010/05/23 12:14:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2008/10/19 21:00:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Drololo\Application Data\FotoWire
[2008/12/31 16:10:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Drololo\Application Data\Windows Live Writer
[2009/04/05 18:11:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Drololo\Application Data\MSNInstaller
[2009/05/27 15:17:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Drololo\Application Data\RobinsonCrusoe
[2010/04/28 20:34:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Drololo\Application Data\Sony
 
[color=#E56717]========== Purity Check ==========[/color]
 
 
 
[color=#E56717]========== Custom Scans ==========[/color]
 
 
[color=#A23BEC]< %SYSTEMDRIVE%\*.exe >[/color]
 
 
[color=#A23BEC]< MD5 for: AGP440.SYS  >[/color]
[2004/08/05 05:00:00 | 018,779,217 | ---- | M] () .cab file -- C:\i386\sp2.cab:AGP440.sys
[2008/10/19 17:01:06 | 023,892,017 | ---- | M] () .cab file -- C:\i386\sp3.cab:AGP440.sys
[2004/08/05 05:00:00 | 018,779,217 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2008/10/19 17:01:06 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008/04/13 20:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 20:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys
[2004/08/03 23:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\$NtServicePackUninstall$\agp440.sys
[2004/08/03 23:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\system32\ReinstallBackups\0009\DriverFiles\i386\AGP440.SYS
 
[color=#A23BEC]< MD5 for: ATAPI.SYS  >[/color]
[2004/08/05 05:00:00 | 018,779,217 | ---- | M] () .cab file -- C:\i386\sp2.cab:atapi.sys
[2008/10/19 17:01:06 | 023,892,017 | ---- | M] () .cab file -- C:\i386\sp3.cab:atapi.sys
[2004/08/05 05:00:00 | 018,779,217 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2008/10/19 17:01:06 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008/04/13 20:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 20:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/05 05:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
[2004/08/03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0003\DriverFiles\i386\atapi.sys
 
[color=#A23BEC]< MD5 for: CDROM.SYS  >[/color]
[2004/08/05 05:00:00 | 018,779,217 | ---- | M] () .cab file -- C:\i386\sp2.cab:cdrom.sys
[2008/10/19 17:01:06 | 023,892,017 | ---- | M] () .cab file -- C:\i386\sp3.cab:cdrom.sys
[2004/08/05 05:00:00 | 018,779,217 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:cdrom.sys
[2008/10/19 17:01:06 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:cdrom.sys
[2008/04/13 20:40:46 | 000,062,976 | ---- | M] (Microsoft Corporation) MD5=1F4260CC5B42272D71F79E570A27A4FE -- C:\WINDOWS\ServicePackFiles\i386\cdrom.sys
[2008/04/13 20:40:46 | 000,062,976 | ---- | M] (Microsoft Corporation) MD5=1F4260CC5B42272D71F79E570A27A4FE -- C:\WINDOWS\system32\drivers\cdrom.sys
[2004/08/05 05:00:00 | 000,049,536 | ---- | M] (Microsoft Corporation) MD5=AF9C19B3100FE010496B1A27181FBF72 -- C:\WINDOWS\$NtServicePackUninstall$\cdrom.sys
 
[color=#A23BEC]< MD5 for: CHANGER.SYS  >[/color]
[2004/08/05 05:00:00 | 018,779,217 | ---- | M] () .cab file -- C:\i386\sp2.cab:Changer.sys
[2008/10/19 17:01:06 | 023,892,017 | ---- | M] () .cab file -- C:\i386\sp3.cab:Changer.sys
[2004/08/05 05:00:00 | 018,779,217 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:Changer.sys
[2008/10/19 17:01:06 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:Changer.sys
[2008/04/13 20:40:58 | 000,008,192 | ---- | M] (Microsoft Corporation) MD5=2A5815CA6FFF24B688C01F828B96819C -- C:\WINDOWS\ServicePackFiles\i386\changer.sys
 
[color=#A23BEC]< MD5 for: DISK.SYS  >[/color]
[2004/08/05 05:00:00 | 018,779,217 | ---- | M] () .cab file -- C:\i386\sp2.cab:disk.sys
[2008/10/19 17:01:06 | 023,892,017 | ---- | M] () .cab file -- C:\i386\sp3.cab:disk.sys
[2004/08/05 05:00:00 | 018,779,217 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:disk.sys
[2008/10/19 17:01:06 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:disk.sys
[2004/08/05 05:00:00 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=00CA44E4534865F8A3B64F7C0984BFF0 -- C:\WINDOWS\$NtServicePackUninstall$\disk.sys
[2008/04/13 20:40:48 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=044452051F3E02E7963599FC8F4F3E25 -- C:\WINDOWS\ServicePackFiles\i386\disk.sys
[2008/04/13 20:40:48 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=044452051F3E02E7963599FC8F4F3E25 -- C:\WINDOWS\system32\drivers\disk.sys
 
[color=#A23BEC]< MD5 for: EVENTLOG.DLL  >[/color]
[2004/08/05 05:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=21E83876A6287F15538EF187D286FE11 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll
[2008/04/14 04:33:24 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=4EC800BDF80521B0207BD2301DFC7D14 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/14 04:33:24 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=4EC800BDF80521B0207BD2301DFC7D14 -- C:\WINDOWS\system32\eventlog.dll
 
[color=#A23BEC]< MD5 for: NDIS.SYS  >[/color]
[2008/04/13 21:20:38 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\ServicePackFiles\i386\ndis.sys
[2008/04/13 21:20:38 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\system32\drivers\ndis.sys
[2004/08/05 05:00:00 | 000,182,912 | ---- | M] (Microsoft Corporation) MD5=558635D3AF1C7546D26067D5D9B6959E -- C:\WINDOWS\$NtServicePackUninstall$\ndis.sys
 
[color=#A23BEC]< MD5 for: NETLOGON.DLL  >[/color]
[2008/04/14 04:33:34 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=04821179C3171554C1BD1F9888A113E2 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/14 04:33:34 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=04821179C3171554C1BD1F9888A113E2 -- C:\WINDOWS\system32\netlogon.dll
[2004/08/05 05:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=FAF07FDCDE76000621A28D19F8E2E8EB -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll
 
[color=#A23BEC]< MD5 for: RASACD.SYS  >[/color]
[2004/08/05 05:00:00 | 000,008,832 | ---- | M] (Microsoft Corporation) MD5=FE0D99D6F31E4FAD8159F690D68DED9C -- C:\WINDOWS\system32\dllcache\rasacd.sys
[2004/08/05 05:00:00 | 000,008,832 | ---- | M] (Microsoft Corporation) MD5=FE0D99D6F31E4FAD8159F690D68DED9C -- C:\WINDOWS\system32\drivers\rasacd.sys
 
[color=#A23BEC]< MD5 for: RDPWD.SYS  >[/color]
[2008/04/14 04:34:54 | 000,139,656 | ---- | M] (Microsoft Corporation) MD5=6728E45B66F93C08F11DE2E316FC70DD -- C:\WINDOWS\ServicePackFiles\i386\rdpwd.sys
[2008/04/14 04:34:54 | 000,139,656 | ---- | M] (Microsoft Corporation) MD5=6728E45B66F93C08F11DE2E316FC70DD -- C:\WINDOWS\system32\drivers\rdpwd.sys
[2004/08/05 05:00:00 | 000,139,400 | ---- | M] (Microsoft Corporation) MD5=D4F5643D7714EF499AE9527FDCD50894 -- C:\WINDOWS\$NtServicePackUninstall$\rdpwd.sys
 
[color=#A23BEC]< MD5 for: SCECLI.DLL  >[/color]
[2008/04/14 04:33:40 | 000,187,392 | ---- | M] (Microsoft Corporation) MD5=973B36634C544948C663E8269AA1B3A3 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/14 04:33:40 | 000,187,392 | ---- | M] (Microsoft Corporation) MD5=973B36634C544948C663E8269AA1B3A3 -- C:\WINDOWS\system32\scecli.dll
[2004/08/05 05:00:00 | 000,186,368 | ---- | M] (Microsoft Corporation) MD5=DEC0397F35D027874804EC72979D03CC -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
 
[color=#A23BEC]< MD5 for: SFLOPPY.SYS  >[/color]
[2004/08/05 05:00:00 | 018,779,217 | ---- | M] () .cab file -- C:\i386\sp2.cab:Sfloppy.sys
[2008/10/19 17:01:06 | 023,892,017 | ---- | M] () .cab file -- C:\i386\sp3.cab:Sfloppy.sys
[2004/08/05 05:00:00 | 018,779,217 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:Sfloppy.sys
[2008/10/19 17:01:06 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:Sfloppy.sys
[2004/08/05 05:00:00 | 000,011,392 | ---- | M] (Microsoft Corporation) MD5=0D13B6DF6E9E101013A7AFB0CE629FE0 -- C:\WINDOWS\$NtServicePackUninstall$\sfloppy.sys
[2008/04/13 20:40:48 | 000,011,392 | ---- | M] (Microsoft Corporation) MD5=8E6B8C671615D126FDC553D1E2DE5562 -- C:\WINDOWS\ServicePackFiles\i386\sfloppy.sys
[2008/04/13 20:40:48 | 000,011,392 | ---- | M] (Microsoft Corporation) MD5=8E6B8C671615D126FDC553D1E2DE5562 -- C:\WINDOWS\system32\drivers\sfloppy.sys
 
[color=#A23BEC]< MD5 for: SPLITTER.SYS  >[/color]
[2004/08/05 05:00:00 | 018,779,217 | ---- | M] () .cab file -- C:\i386\sp2.cab:splitter.sys
[2008/10/19 17:01:06 | 023,892,017 | ---- | M] () .cab file -- C:\i386\sp3.cab:splitter.sys
[2004/08/05 05:00:00 | 018,779,217 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:splitter.sys
[2008/10/19 17:01:06 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:splitter.sys
[2004/08/03 23:07:48 | 000,006,400 | ---- | M] (Microsoft Corporation) MD5=8E186B8F23295D1E42C573B82B80D548 -- C:\WINDOWS\$NtServicePackUninstall$\splitter.sys
[2008/04/13 20:45:08 | 000,006,272 | ---- | M] (Microsoft Corporation) MD5=AB8B92451ECB048A4D1DE7C3FFCB4A9F -- C:\WINDOWS\ServicePackFiles\i386\splitter.sys
[2008/04/13 20:45:08 | 000,006,272 | ---- | M] (Microsoft Corporation) MD5=AB8B92451ECB048A4D1DE7C3FFCB4A9F -- C:\WINDOWS\system32\drivers\splitter.sys
 
[color=#A23BEC]< MD5 for: SWMIDI.SYS  >[/color]
[2008/10/19 17:01:06 | 023,892,017 | ---- | M] () .cab file -- C:\i386\sp3.cab:swmidi.sys
[2008/10/19 17:01:06 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:swmidi.sys
[2008/04/13 20:45:10 | 000,056,576 | ---- | M] (Microsoft Corporation) MD5=8CE882BCC6CF8A62F2B2323D95CB3D01 -- C:\WINDOWS\ServicePackFiles\i386\swmidi.sys
[2008/04/13 20:45:10 | 000,056,576 | ---- | M] (Microsoft Corporation) MD5=8CE882BCC6CF8A62F2B2323D95CB3D01 -- C:\WINDOWS\system32\drivers\swmidi.sys
[2001/08/17 22:00:52 | 000,054,272 | ---- | M] (Microsoft Corporation) MD5=94ABC808FC4B6D7D2BBF42B85E25BB4D -- C:\WINDOWS\$NtServicePackUninstall$\swmidi.sys
 
[color=#A23BEC]< MD5 for: TDPIPE.SYS  >[/color]
[2004/08/05 05:00:00 | 000,012,040 | ---- | M] (Microsoft Corporation) MD5=38D437CF2D98965F239B0ABCD66DCB0F -- C:\WINDOWS\$NtServicePackUninstall$\tdpipe.sys
[2008/04/14 04:34:52 | 000,012,040 | ---- | M] (Microsoft Corporation) MD5=6471A66807F5E104E4885F5B67349397 -- C:\WINDOWS\ServicePackFiles\i386\tdpipe.sys
[2008/04/14 04:34:52 | 000,012,040 | ---- | M] (Microsoft Corporation) MD5=6471A66807F5E104E4885F5B67349397 -- C:\WINDOWS\system32\drivers\tdpipe.sys
 
[color=#A23BEC]< MD5 for: TDTCP.SYS  >[/color]
[2008/04/14 04:34:54 | 000,021,896 | ---- | M] (Microsoft Corporation) MD5=C56B6D0402371CF3700EB322EF3AAF61 -- C:\WINDOWS\ServicePackFiles\i386\tdtcp.sys
[2008/04/14 04:34:54 | 000,021,896 | ---- | M] (Microsoft Corporation) MD5=C56B6D0402371CF3700EB322EF3AAF61 -- C:\WINDOWS\system32\drivers\tdtcp.sys
[2004/08/05 05:00:00 | 000,021,896 | ---- | M] (Microsoft Corporation) MD5=ED0580AF02502D00AD8C4C066B156BE9 -- C:\WINDOWS\$NtServicePackUninstall$\tdtcp.sys
 
[color=#A23BEC]< MD5 for: USBPRINT.SYS  >[/color]
[2004/08/05 05:00:00 | 018,779,217 | ---- | M] () .cab file -- C:\i386\sp2.cab:usbprint.sys
[2008/10/19 17:01:06 | 023,892,017 | ---- | M] () .cab file -- C:\i386\sp3.cab:usbprint.sys
[2004/08/05 05:00:00 | 018,779,217 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:usbprint.sys
[2008/10/19 17:01:06 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:usbprint.sys
[2008/04/13 20:47:38 | 000,025,856 | ---- | M] (Microsoft Corporation) MD5=A717C8721046828520C9EDF31288FC00 -- C:\WINDOWS\ServicePackFiles\i386\usbprint.sys
[2008/04/13 20:47:38 | 000,025,856 | ---- | M] (Microsoft Corporation) MD5=A717C8721046828520C9EDF31288FC00 -- C:\WINDOWS\system32\dllcache\usbprint.sys
[2008/04/13 20:47:38 | 000,025,856 | ---- | M] (Microsoft Corporation) MD5=A717C8721046828520C9EDF31288FC00 -- C:\WINDOWS\system32\drivers\usbprint.sys
 
[color=#A23BEC]< MD5 for: USBSCAN.SYS  >[/color]
[2004/08/05 05:00:00 | 018,779,217 | ---- | M] () .cab file -- C:\i386\sp2.cab:usbscan.sys
[2008/10/19 17:01:06 | 023,892,017 | ---- | M] () .cab file -- C:\i386\sp3.cab:usbscan.sys
[2004/08/05 05:00:00 | 018,779,217 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:usbscan.sys
[2008/10/19 17:01:06 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:usbscan.sys
[2008/04/13 20:45:34 | 000,015,104 | ---- | M] (Microsoft Corporation) MD5=A0B8CF9DEB1184FBDD20784A58FA75D4 -- C:\WINDOWS\ServicePackFiles\i386\usbscan.sys
[2008/04/13 20:45:34 | 000,015,104 | ---- | M] (Microsoft Corporation) MD5=A0B8CF9DEB1184FBDD20784A58FA75D4 -- C:\WINDOWS\system32\drivers\usbscan.sys
 
[color=#A23BEC]< %systemroot%\*. /mp /s >[/color]
 
[color=#A23BEC]< %systemroot%\system32\*.dll /lockedfiles >[/color]
[4 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]
 
[color=#A23BEC]< %systemroot%\Tasks\*.job /lockedfiles  >[/color]
< End of report >


Extras
Code: Tout sélectionner
OTL Extras logfile created on: 26/05/2010 20:26:46 - Run 1
OTL by OldTimer - Version 3.2.5.0     Folder = C:\Documents and Settings\Drololo\Bureau
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy
 
1 006,00 Mb Total Physical Memory | 669,00 Mb Available Physical Memory | 66,00% Memory free
1,00 Gb Paging File | 1,00 Gb Available in Paging File | 84,00% Paging File free
Paging file location(s): C:\pagefile.sys 480 760 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 17,07 Gb Total Space | 4,60 Gb Free Space | 26,96% Space Free | Partition Type: FAT32
Drive D: | 17,24 Gb Total Space | 12,15 Gb Free Space | 70,48% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
Drive F: | 7,46 Gb Total Space | 7,04 Gb Free Space | 94,40% Space Free | Partition Type: FAT32
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: DROLOLO_PC
Current User Name: Drololo
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
[color=#E56717]========== Extra Registry (SafeList) ==========[/color]
 
 
[color=#E56717]========== File Associations ==========[/color]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
 
[color=#E56717]========== Shell Spawning ==========[/color]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[color=#E56717]========== Security Center Settings ==========[/color]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
 
[color=#E56717]========== Authorized Applications List ==========[/color]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" = C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live FolderShare -- (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"D:\Documents\Jeux PC\Warcraft III\Warcraft III.exe" = D:\Documents\Jeux PC\Warcraft III\Warcraft III.exe:*:Enabled:Warcraft III -- File not found
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" = C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live FolderShare -- (Microsoft Corporation)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Program Files\OrangeHSS\Connectivity\ConnectivityManager.exe" = C:\Program Files\OrangeHSS\Connectivity\ConnectivityManager.exe:*:enabled:CSS -- (France Telecom SA)
"C:\Documents and Settings\Drololo\Local Settings\Temp\nvdis.exe" = C:\Documents and Settings\Drololo\Local Settings\Temp\nvdis.exe:*:Enabled:WindowsSafety -- File not found
"C:\DOCUME~1\Drololo\LOCALS~1\Temp\erase_me481838.exe" = NVIDIA Monitoring:*:Enabled:(null)
"C:\Documents and Settings\Drololo\Application Data\nvda.exe" = C:\Documents and Settings\Drololo\Application Data\nvda.exe:*:Enabled:Windows System Guard -- File not found
"C:\Program Files\Sony Ericsson\Sony Ericsson Media Manager\MediaManager.exe" = C:\Program Files\Sony Ericsson\Sony Ericsson Media Manager\MediaManager.exe:*:Enabled:Sony Ericsson Media Manager 1.2 -- (Sony Creative Software Inc.)
"C:\DOCUME~1\Drololo\LOCALS~1\Temp\erase_me702827.exe" = C:\WINDOWS\infocard.exe:*:Enabled:Firewall Administrating -- File not found
"C:\WINDOWS\Explorer.EXE" = C:\WINDOWS\Explorer.EXE:*:Enabled:Windows Messenger -- (Microsoft Corporation)
 
 
[color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0F9196C6-58B4-445B-B56E-B1200FECC151}" = Microsoft Bootvis
"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Outil de téléchargement Windows Live
"{2075CB0A-D26F-4DAA-B424-5079296B43BA}" = Windows Live FolderShare
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{23C7348E-131C-4BFF-9763-2C804D6B87AE}" = TIxx21/x515
"{2FFE93F0-BB72-4E52-8761-354D1AAA9387}" = Sony Ericsson PC Suite 6.009.00
"{350C940c-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{43B0D334-9A1B-4257-9E51-D3813BD8B9D0}" = GoGear ARIA Device Manager
"{4634B21A-CC07-4396-890C-2B8168661FEA}" = Windows Live Writer
"{46ABBC54-1872-4AA3-95E2-F2C063A63F31}" = Installation Windows Live
"{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack
"{4E68EAA3-775A-4542-A08A-47DB8E8E74A6}" = NTI Backup NOW! 3
"{58E5844B-7CE2-413D-83D1-99294BF6C74F}" = Acer ePowerManagement
"{5DD76286-9BE7-4894-A990-E905E91AC818}" = Windows Live Mail
"{5F1ECBFB-048E-406E-A7AB-A81F9E359961}" = Sony Ericsson Media Manager 1.2
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}" = Avanquest update
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{770F1BEC-2871-4E70-B837-FB8525FFA3B1}" = Windows Live Messenger
"{827289F5-B44F-4E49-9993-840741585A62}" = Acer eManager for Notebook
"{82C7B308-0BDD-49D8-8EA5-9CD3A3F9DF41}" = Windows Live Call
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel(R) Extreme Graphics 2 Driver
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A6FDF86A-F541-4E7B-AEA0-8849A2A700D5}" = iTunes
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
"{AC76BA86-7AD7-1033-7B44-000000000001}" = Adobe Reader 6.0
"{B131E59D-202C-43C6-84C9-68F0C37541F1}" = Galerie de photos Windows Live
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C438B7C4-B4F8-49C5-A4DF-FF6F1F242778}" = NTI CD & DVD-Maker
"{C45B1500-7B63-47C2-AB25-C28CB46AFDEE}" = MediaBar
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D3116CC7-24DC-4CA3-9CE1-23FED836E9F2}" = Assistant de connexion Windows Live
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E623BB3F-F7ED-4148-BEB5-A0D1DB28B4DE}" = Media Converter for Philips
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F196AC50-7C95-42E1-9947-BDAB18BF3C8C}" = Microsoft .NET Framework 2.0 Language Pack - FRA
"{F7D27C70-90F5-49B9-B188-0A133C0CE353}" = Windows Live Toolbar
"{FA02ACAC-9E14-4878-A257-92A22A647C2C}" = LG USB Modem Drivers
"{ORAHSS}.UninstallSuite" = Orange - Logiciels Internet
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Ad-Remover" = Ad-Remover By C_XX
"avast5" = avast! Free Antivirus
"CCleaner" = CCleaner (remove only)
"CNXT_MODEM_PCI_VEN_8086&DEV_24C6&SUBSYS_00641025" = SoftV92 Data Fax Modem with SmartCP
"Conexant PCI Audio" = Conexant AC-Link Audio
"Excel" = Microsoft Excel 97
"EZface ActiveX" = EZface ActiveX 208
"Final Fantasy VII Origin Version 3.0" = Final Fantasy VII Origin Version 3.0
"Gadwin PrintScreen" = Gadwin PrintScreen
"Heroes of Might and Magic® III" = Heroes of Might and Magic® III Complete
"HijackThis" = HijackThis 2.0.2
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InstallShield_{23C7348E-131C-4BFF-9763-2C804D6B87AE}" = Texas Instruments PCIxx21/x515 drivers.
"InstallShield_{4E68EAA3-775A-4542-A08A-47DB8E8E74A6}" = NTI Backup NOW! 3
"InstallShield_{827289F5-B44F-4E49-9993-840741585A62}" = Acer eManager for Notebook
"InstallShield_{C438B7C4-B4F8-49C5-A4DF-FF6F1F242778}" = NTI CD & DVD-Maker Gold
"InterActual Player" = InterActual Player
"LManager" = Launch Manager
"Logitech Print Service" = Logitech Print Service
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Messenger Plus! Live" = Messenger Plus! Live
"Messenger_Plus_Live_France Toolbar" = Messenger_Plus_Live_France Toolbar
"Microsoft .NET Framework 2.0 Language Pack - FRA" = Module de prise en charge linguistique de Microsoft .NET Framework 2.0 - FRA
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"QcDrv" = Programme de gestion Camera de Logitech®
"ShockwaveFlash" = Adobe Flash Player 9 ActiveX
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"SystemRequirementsLab" = System Requirements Lab
"TmNations_is1" = TrackMania Nations ESWC 0.1.7.5
"VLC media player" = VLC media player 0.9.4
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Lecteur Windows Media 11
"Windows XP Service" = Windows XP Service Pack 3
"WinLiveSuite_Wave3" = Installation Windows Live
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Word8.0" = Microsoft Word 97
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"ZoneAlarm" = ZoneAlarm
 
[color=#E56717]========== Last 10 Event Log Errors ==========[/color]
 
[ Application Events ]
Error - 25/05/2010 17:44:31 | Computer Name = DROLOLO_PC | Source = Google Update | ID = 20
Description =
 
Error - 25/05/2010 17:49:34 | Computer Name = DROLOLO_PC | Source = Google Update | ID = 20
Description =
 
Error - 25/05/2010 18:14:32 | Computer Name = DROLOLO_PC | Source = Google Update | ID = 20
Description =
 
Error - 25/05/2010 18:25:21 | Computer Name = DROLOLO_PC | Source = Google Update | ID = 20
Description =
 
Error - 25/05/2010 18:36:20 | Computer Name = DROLOLO_PC | Source = Google Update | ID = 20
Description =
 
Error - 25/05/2010 18:49:43 | Computer Name = DROLOLO_PC | Source = Google Update | ID = 20
Description =
 
Error - 26/05/2010 13:46:49 | Computer Name = DROLOLO_PC | Source = Google Update | ID = 20
Description =
 
Error - 26/05/2010 13:46:52 | Computer Name = DROLOLO_PC | Source = Application Error | ID = 1000
Description = Application défaillante startservice.exe, version 6.35.0.0, module
 défaillant user32.dll, version 5.1.2600.5512, adresse de défaillance 0x00008d8a.
 
Error - 26/05/2010 13:46:57 | Computer Name = DROLOLO_PC | Source = Application Error | ID = 1000
Description = Application défaillante startservice.exe, version 6.35.0.0, module
 défaillant user32.dll, version 5.1.2600.5512, adresse de défaillance 0x00008d8a.
 
Error - 26/05/2010 14:33:06 | Computer Name = DROLOLO_PC | Source = Google Update | ID = 20
Description =
 
[ System Events ]
Error - 26/05/2010 13:58:36 | Computer Name = DROLOLO_PC | Source = Service Control Manager | ID = 7031
Description = Le service Lavasoft Ad-Aware Service s'est terminé de manière inattendue.
 Ceci s'est produit 1 fois. L'action corrective suivante va être effectuée dans
5000 millisecondes : Redémarrer le service.
 
Error - 26/05/2010 13:58:36 | Computer Name = DROLOLO_PC | Source = Service Control Manager | ID = 7031
Description = Le service Spouleur d'impression s'est terminé de manière inattendue.
 Ceci s'est produit 1 fois. L'action corrective suivante va être effectuée dans
60000 millisecondes : Redémarrer le service.
 
Error - 26/05/2010 13:58:36 | Computer Name = DROLOLO_PC | Source = Service Control Manager | ID = 7031
Description = Le service Apple Mobile Device s'est terminé de manière inattendue.
 Ceci s'est produit 1 fois. L'action corrective suivante va être effectuée dans
60000 millisecondes : Redémarrer le service.
 
Error - 26/05/2010 13:58:36 | Computer Name = DROLOLO_PC | Source = Service Control Manager | ID = 7034
Description = Le service Notebook Manager Service s'est terminé de façon inattendue
 pour la 1ème fois.
 
Error - 26/05/2010 13:58:36 | Computer Name = DROLOLO_PC | Source = Service Control Manager | ID = 7034
Description = Le service Service de l’iPod s'est terminé de façon inattendue pour
 la 1ème fois.
 
Error - 26/05/2010 13:58:36 | Computer Name = DROLOLO_PC | Source = Service Control Manager | ID = 7034
Description = Le service France Telecom Routing Table Service s'est terminé de façon
 inattendue pour la 1ème fois.
 
Error - 26/05/2010 13:58:36 | Computer Name = DROLOLO_PC | Source = Service Control Manager | ID = 7034
Description = Le service Sony Ericsson OMSI download service s'est terminé de façon
 inattendue pour la 1ème fois.
 
Error - 26/05/2010 13:58:36 | Computer Name = DROLOLO_PC | Source = Service Control Manager | ID = 7034
Description = Le service SeaPort s'est terminé de façon inattendue pour la 1ème
fois.
 
Error - 26/05/2010 13:58:36 | Computer Name = DROLOLO_PC | Source = Service Control Manager | ID = 7034
Description = Le service Service de la passerelle de la couche Application s'est
 terminé de façon inattendue pour la 1ème fois.
 
Error - 26/05/2010 13:59:48 | Computer Name = DROLOLO_PC | Source = MRxSmb | ID = 8003
Description = Le maître explorateur a reçu une annonce de serveur de l'ordinateur
 OLIVIER-PC  qui pense qu'il est le maître explorateur sur le domaine pour le transport
 NetBT_Tcpip_{7F4A0F6D-A192-4AA.  Le maître explorateur s'arrête ou une élection est
 provoquée.
 
 
< End of report >


Bon courage
A+
Avatar de l'utilisateur
olibasse
Visiteur Confirmé
Visiteur Confirmé
 
Messages: 11
Inscription: 25 Mai 2010 22:16
 

Re: Residu d'infection

Message le 26 Mai 2010 20:55

hello,

* Fait un double-clic sur l'icône d'OTL pour le lancer
/!\ pour Vista/Seven fais un clic-droit sur l'icône d'OTL et choisis "Exécuter en tant qu'administrateur"

* Assure toi d'avoir fermé toutes les applications en court de fonctionnement.

* Quand la fenêtre d'OTL apparaît, assure toi que dans la section "Rapport" (en haut à droite) la case "Rapport minimal" soit cochée.

* Copies et colles le contenue de cette citation dans la partie inférieure d'OTL "Personnalisation"
:OTL
O4 - HKLM\..\Run: [StartServiceBTWCESK] C:\Documents and Settings\Drololo\Local Settings\Application Data\BTWCESK\StartService.exe (mIRC Co. Ltd.)
O20 - HKU\S-1-5-21-4049793721-4199923734-2029102714-1005 Winlogon: Shell - (C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1455\fresdg.exe) - C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1455\fresdg.exe File not found
O33 - MountPoints2\{836c9e00-6967-11de-9090-00c09f642126}\Shell\AutoRun\command - "" = F:\TRASH\DFG-2352-66235-2352322-634621321-6662355\365345.exe -- File not found
O33 - MountPoints2\{836c9e00-6967-11de-9090-00c09f642126}\Shell\open\command - "" = F:\TRASH\DFG-2352-66235-2352322-634621321-6662355\365345.exe -- File not found
O33 - MountPoints2\{857beea0-a064-11dd-8f4e-00c09f642126}\Shell\AutoRun\command - "" = G:\TRASH\DFG-2352-66235-2352322-634621321-6662355\365345.exe -- File not found
O33 - MountPoints2\{857beea0-a064-11dd-8f4e-00c09f642126}\Shell\open\command - "" = G:\TRASH\DFG-2352-66235-2352322-634621321-6662355\365345.exe -- File not found
O33 - MountPoints2\{d4c9e360-b83d-11de-90e6-00c09f642126}\Shell\Auto\command - "" = F:\Start.exe -- File not found
O33 - MountPoints2\{ea145752-c78d-11de-90f8-00c09f642126}\Shell - "" = AutoRun

:Files
C:\Documents and Settings\Drololo\Local Settings\Application Data\BTWCESK
C:\Documents and Settings\Drololo\sup.exe
C:\Documents and Settings\Drololo\secupdat.dat
C:\Program Files\nvdiam.exe
C:\WINDOWS\wintybrd.jpg
C:\WINDOWS\mdll.dll
C:\WINDOWS\_ISENV31.INI
C:\WINDOWS\_iserr31.ini
C:\WINDOWS\_delis43.ini
C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}


:Commands
[EMPTYTEMP]
[EMPTYFLASH]

* Cliques sur l'icône "Correction" (en haut à gauche) .
* Laisse le scan aller à son terme sans te servir du PC
* A la fin du scan un rapport "OTL.Txt" s'ouvre
* Copie et colle le dans ta réponse stp...
* Au cas où, tu peux les retrouver dans le dossier C:\OTL ou sur ton bureau en fonction des cas rencontrés

ensuite...

Télécharge MyLook (Par Jeanmimigab ) sur ton bureau .
  • Fais un double-clic sur l'icône de MyLook pour le lancer.
  • Fais le choix N°1.Explorer un dossier et valide en tapant la touche "entrée".
  • Fais un "copier/coller" du chemin suivant dans la fenêtre de MyLook ...
    C:\Documents and Settings\Drololo\Application Data\chrtmp
  • valide en tapant la touche "entrée".
  • Poste le contenu du rapport qui s'ouvre (MyLook.txt).

ensuite...

refais un scan complet avec Malwarebyte, supprime ce qu'il trouvera et poste le rapport

et enfin refais un scan OTL comme tu l'as fais la première fois et poste moi le rapport stp... :wink:

@++ :wink:
Avatar de l'utilisateur
jeanmimigab
PC-Infopraticien
PC-Infopraticien
 
Messages: 2986
Inscription: 29 Nov 2009 12:05
 



Sujets similaires

Message [Résolu] infection probable
Bonjour à tousalors voila, je pense être infecter par virus et ou malware, ou quelqu'un, depuis un bon moment j'ai des bannières qui viennent ce glisser et entrer sur mon écran à droite, elles apparaissent par 3 l'une sur l'autre, je peut les fermer, mais elles reviennent,principalement ca concerne ...
Réponses: 22

Message Suspicion d'infection
Bonjour,Il y a peu mon PC m'a paru ralenti et répondant bizarrement.Voici les rapports FRST.Merci d'avance.JF
Réponses: 3

Message [Réglé] infection probable
Bonjour à tousalors voila, je pense être infecter par virus et ou malware, ou quelqu'un, depuis un bon moment j'ai des bannières qui viennent ce glisser et entrer sur mon écran en bas à droite, dans la journée elles apparaissent par 3 l'une sur l'autre, je peut les fermer, mais sitôt que je quitte ...
Réponses: 12

Message [Réglé] vérification possible infection ou autres
bonjour a tous, j'ai mon PC qui ralenti fort en ce moment, un disque qui est a 100% d'activité alors qu'il est a 50% sur le processus et une impossibilité de désinstaller CCLEANER et MALWARmerci de votre aide
Réponses: 28

Message [Réglé] infection ou pas pc
ci joint le rapport zhp
Réponses: 14

Message Infection
Bonjour, Je suis nouveau sur votre Forum, à vrai dire c'est la 1er fois que je m'inscris puisque je trouve facilement mes réponses sur d'autres topics en général. Mais là, c'est un peu trop compliqué pour moi. Je suis débrouillard en informatique mais pas expert ! Voilà mes problèmes, dans mes appli ...
Réponses: 7

Message Infection Netutils2016
Bonjour à tous !Voilà, mon souci est l'infection du PC via netutils2016(il me semble).Je joint les rapports générés via FRST64.Je sèche donc si vous avez des solutions...Merci d'avance.
Réponses: 1


Qui est en ligne

Utilisateurs parcourant ce forum: Google [Bot] et 1 invité


.: Nous contacter :: Flux RSS :: Données personnelles :.
cron