OK Pages internet s'affichent en double + pub intempestives

Sécurité et insécurité. Virus, Trojans, Spywares, Failles etc. …

Modérateur: Modérateurs et Modératrices

Règles du forum
Assiste.com a suspendu l'assistance à la décontamination après presque 15 ans sur l'ancien forum puis celui-ci. Voir :

Procédure de décontamination 1 - Anti-malware
Décontamination anti-malwares

Procédure de décontamination 2 - Anti-malware et antivirus (La Manip)
La Manip - Procédure standard de décontamination

Entretien périodique d'un PC sous Windows
Entretien périodique d'un PC sous Windows

Protection des navigateurs, de la navigation et de la vie privée
Protéger le navigateur, la navigation et la vie privée

Messagede richou » 03 Oct 2008, 13:47

Bonjour Nickw,
j'ai donc refait tes manips et là à un moment il m'a signalé un message d'erreur : window pas de disque et en dessous : exception processing message c0000013 parameters afbf7c 4 75afbf7c 75afbf7c. Il m'a demandé si je voulais annuler, recommancer ou continuer. J'ai dit continuer...
apparement tout marche normalement.
Donc voici le rapport avenger :

Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com

Platform: Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!

File "C:\WINDOWS\System32\lajwvc.dll" deleted successfully.
File "C:\WINDOWS\System32\xpldtdfr.dll" deleted successfully.
File "C:\WINDOWS\System32\nwrkcymh.ini" deleted successfully.
File "C:\WINDOWS\System32\hmyckrwn.dll" deleted successfully.
File "C:\WINDOWS\System32\jcoyjogk.dll" deleted successfully.

Error: file "C:\WINDOWS\system32\opnlMfdD.dll" not found!
Deletion of file "C:\WINDOWS\system32\opnlMfdD.dll" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist

Registry key "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c29e4999-c38d-46bf-b1c9-a0cb683fdf9a}" deleted successfully.
Registry key "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D292B70D-E64A-4EF4-9D26-A42B6BA190A2}" deleted successfully.

Completed script processing.

*******************

Finished! Terminate.
richou
 
Messages: 81
Inscription: 14 Nov 2007, 15:25
Localisation: Caen

Messagede richou » 03 Oct 2008, 13:49

voici le rapport otviewlt :

OTViewIt logfile created on: 03/10/2008 14:38:36 - Run 3
OTViewIt by OldTimer - Version 1.0.9.2 Folder = D:\Documents and Settings\Richard.1043768403116.000\Bureau
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy

1023,36 Mb Total Physical Memory | 567,72 Mb Available Physical Memory | 55,48% Memory free
2,40 Gb Paging File | 1,98 Gb Available in Paging File | 82,42% Paging File free
Paging file location(s): C:\pagefile.sys 0 0;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 29,99 Gb Total Space | 6,84 Gb Free Space | 22,81% Space Free | Partition Type: NTFS
Drive D: | 196,88 Gb Total Space | 164,08 Gb Free Space | 83,34% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive K: | 488,00 Mb Total Space | 0,67 Mb Free Space | 0,14% Space Free | Partition Type: FAT

Computer Name: 1043768403116
Current User Name: Richard
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Whitelist: On
File Age = 30 Days

========== Processes ==========

[2005/08/03 23:02:58 | 00,380,928 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\ati2evxx.exe
[2005/08/03 23:02:58 | 00,380,928 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\ati2evxx.exe
[2005/08/05 21:05:00 | 00,344,064 | ---- | M] (ATI Technologies, Inc.) -- C:\ATI Technologies\ATI Control Panel\atiptaxx.exe
[2008/04/14 04:34:20 | 00,033,792 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\rundll32.exe
[2005/08/25 19:41:44 | 00,155,648 | ---- | M] (Philips) -- C:\WINDOWS\system32\drivers\PhiBtn.exe
[2005/08/25 19:41:58 | 00,266,240 | ---- | M] (Philips) -- C:\WINDOWS\system32\drivers\Tray900.exe
[2005/02/16 17:15:20 | 00,081,920 | ---- | M] (InstallShield Software Corporation) -- C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
[2008/01/15 04:22:56 | 00,267,048 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunesHelper.exe
[2008/01/11 23:16:38 | 00,039,792 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
[2008/06/10 04:27:04 | 00,144,784 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
[2005/07/06 01:58:36 | 00,069,632 | ---- | M] (ScanSoft, Inc.) -- C:\Program Files\ScanSoft\OmniPage15.0\OpWare15.exe
[2006/11/17 05:42:52 | 00,577,536 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\soundman.exe
[2008/06/21 12:49:26 | 00,290,816 | ---- | M] (SOFTWIN S.R.L.) -- C:\Program Files\Softwin\BitDefender10\bdmcon.exe
[2007/03/26 15:49:46 | 00,069,632 | ---- | M] (SOFTWIN S.R.L.) -- C:\Program Files\Softwin\BitDefender10\bdagent.exe
[2005/05/31 14:29:16 | 00,577,597 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Logiciel Bluetooth\BTTray.exe
[2006/12/04 12:53:32 | 00,139,305 | ---- | M] (IncrediMail, Ltd.) -- C:\Program Files\IncrediMail\bin\IMApp.exe
[2008/09/13 18:41:50 | 00,380,536 | ---- | M] (Emsi Software GmbH) -- C:\Program Files\a-squared Free\a2service.exe
[2004/04/08 05:25:04 | 01,135,728 | ---- | M] (America Online, Inc.) -- C:\Program Files\Fichiers communs\AOL\ACS\AOLacsd.exe
[2007/07/09 12:39:05 | 00,312,880 | ---- | M] (GRISOFT s.r.o.) -- C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
[2007/07/24 16:17:08 | 00,229,376 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
[2005/05/31 14:23:08 | 00,258,103 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Logiciel Bluetooth\bin\btwdins.exe
[2005/05/11 13:50:14 | 00,221,266 | ---- | M] () -- c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
[2005/05/11 13:52:00 | 00,061,440 | ---- | M] (Cyberlink) -- C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
[2005/05/11 13:52:04 | 00,737,381 | ---- | M] (Cyberlink) -- C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
[2005/01/07 12:01:52 | 00,049,152 | ---- | M] () -- c:\APPS\HIDSERVICE\HidService.exe
[2008/06/07 15:23:40 | 00,066,872 | ---- | M] () -- C:\WINDOWS\system32\PnkBstrA.exe
[2006/02/10 19:00:58 | 00,069,632 | ---- | M] (VoyagerSoft, LLC) -- C:\Program Files\SolidDocuments\SolidConverterPDF\SCPDF\SolidPdfService.exe
[2005/04/01 19:51:48 | 00,217,600 | ---- | M] (Rocket Division Software) -- C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
[2004/02/26 09:52:00 | 00,049,152 | ---- | M] (Ulead Systems, Inc.) -- C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
[2006/11/09 13:33:04 | 00,086,016 | ---- | M] (SOFTWIN S.R.L) -- C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe
[2007/01/19 16:12:56 | 00,081,920 | ---- | M] () -- C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe
[2005/05/11 13:50:34 | 00,110,672 | ---- | M] () -- c:\APPS\Powercinema\Kernel\TV\CLSched.exe
[2008/08/07 16:10:15 | 00,278,528 | ---- | M] (SOFTWIN S.R.L.) -- C:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe
[2008/06/21 12:49:34 | 00,462,848 | ---- | M] (SOFTWIN S.R.L.) -- C:\Program Files\Softwin\BitDefender10\vsserv.exe
[2008/07/18 22:10:42 | 00,053,448 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wuauclt.exe
[2008/01/15 04:22:44 | 00,504,104 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe
[2008/04/14 04:34:28 | 00,218,112 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\wmiprvse.exe
[2008/10/01 09:31:16 | 00,419,840 | ---- | M] (OldTimer Tools) -- D:\Documents and Settings\Richard.1043768403116.000\Bureau\OTViewIt.exe

========== (O23) Win32 Services ==========

[2008/09/13 18:41:50 | 00,380,536 | ---- | M] (Emsi Software GmbH) -- C:\Program Files\a-squared Free\a2service.exe -- (a2free [Auto | Running])
[2004/04/08 05:25:04 | 01,135,728 | ---- | M] (America Online, Inc.) -- C:\Program Files\Fichiers communs\AOL\ACS\AOLacsd.exe -- (AOL ACS [Auto | Running])
[2007/10/24 01:47:22 | 00,033,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
[2005/08/03 23:02:58 | 00,380,928 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\ati2evxx.exe -- (Ati HotKey Poller [Auto | Running])
[2007/07/09 12:39:05 | 00,312,880 | ---- | M] (GRISOFT s.r.o.) -- C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe -- (AVG Anti-Spyware Guard [Auto | Running])
[2007/01/19 16:12:56 | 00,081,920 | ---- | M] () -- C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe -- (bdss [Auto | Running])
[2007/07/24 16:17:08 | 00,229,376 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service [Auto | Running])
[2005/05/31 14:23:08 | 00,258,103 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Logiciel Bluetooth\bin\btwdins.exe -- (btwdins [Auto | Running])
[2008/04/14 04:33:57 | 00,005,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\cisvc.exe -- (CiSvc [On_Demand | Stopped])
[2005/05/11 13:50:14 | 00,221,266 | ---- | M] () -- c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe -- (CLCapSvc [Auto | Running])
[2007/10/24 01:47:40 | 00,070,144 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
[2005/05/11 13:50:34 | 00,110,672 | ---- | M] () -- c:\APPS\Powercinema\Kernel\TV\CLSched.exe -- (CLSched [Auto | Running])
[2005/05/11 13:52:00 | 00,061,440 | ---- | M] (Cyberlink) -- C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe -- (CyberLink Media Library Service [Auto | Running])
[2008/03/04 15:59:28 | 00,654,848 | ---- | M] (Macrovision Europe Ltd.) -- C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service [On_Demand | Stopped])
[2005/01/07 12:01:52 | 00,049,152 | ---- | M] () -- c:\APPS\HIDSERVICE\HidService.exe -- (GenericHidService [Auto | Running])
[2004/10/22 04:24:18 | 00,073,728 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped])
[2008/01/15 04:22:44 | 00,504,104 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service [On_Demand | Running])
[2008/08/07 16:10:15 | 00,278,528 | ---- | M] (SOFTWIN S.R.L.) -- C:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe -- (LIVESRV [Auto | Running])
File not found -- -- (MysqlInventime [On_Demand | Stopped])
[2003/07/28 21:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
File not found -- C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe -- (Planificateur LiveUpdate automatique [Auto | Stopped])
[2008/06/07 15:23:40 | 00,066,872 | ---- | M] () -- C:\WINDOWS\system32\PnkBstrA.exe -- (PnkBstrA [Auto | Running])
[2006/02/10 19:00:58 | 00,069,632 | ---- | M] (VoyagerSoft, LLC) -- C:\Program Files\SolidDocuments\SolidConverterPDF\SCPDF\SolidPdfService.exe -- (ScReadSpool [Auto | Running])
[2005/04/01 19:51:48 | 00,217,600 | ---- | M] (Rocket Division Software) -- C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe -- (StarWindService [Auto | Running])
[2004/02/26 09:52:00 | 00,049,152 | ---- | M] (Ulead Systems, Inc.) -- C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper [Auto | Running])
[2007/01/19 12:54:14 | 00,097,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\MSN Messenger\usnsvc.exe -- (usnjsvc [On_Demand | Stopped])
[2008/06/21 12:49:34 | 00,462,848 | ---- | M] (SOFTWIN S.R.L.) -- C:\Program Files\Softwin\BitDefender10\vsserv.exe -- (VSSERV [Auto | Running])
[2006/11/03 09:59:14 | 00,918,016 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc [On_Demand | Stopped])
[2006/11/09 13:33:04 | 00,086,016 | ---- | M] (SOFTWIN S.R.L) -- C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe -- (XCOMM [Auto | Running])

========== Driver Services ==========

[2005/05/27 12:51:26 | 00,799,744 | ---- | M] (Philips Semiconductors GmbH) -- C:\WINDOWS\system32\drivers\3xHybrid.sys -- (3xHybrid [On_Demand | Stopped])
[2001/08/17 21:52:00 | 00,023,552 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\ABP480N5.SYS -- (abp480n5 [Boot | Stopped])
[2001/08/17 22:07:32 | 00,101,888 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\adpu160m.sys -- (adpu160m [Boot | Stopped])
[2008/04/13 20:36:39 | 00,044,928 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\agpcpq.sys -- (agpCPQ [Boot | Stopped])
[2001/08/17 21:52:02 | 00,012,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\aha154x.sys -- (Aha154x [Boot | Stopped])
[2001/08/17 22:07:36 | 00,055,168 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\aic78u2.sys -- (aic78u2 [Boot | Stopped])
[2001/08/17 22:07:38 | 00,056,960 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\aic78xx.sys -- (aic78xx [Boot | Stopped])
[2007/01/25 16:37:16 | 04,027,456 | R--- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\system32\drivers\alcxwdm.sys -- (ALCXWDM [On_Demand | Running])
[2001/08/17 21:51:56 | 00,005,248 | ---- | M] (Acer Laboratories Inc.) -- C:\WINDOWS\system32\drivers\aliide.sys -- (AliIde [Boot | Stopped])
[2008/04/13 20:36:38 | 00,042,752 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\alim1541.sys -- (alim1541 [Boot | Stopped])
[2008/04/13 20:36:39 | 00,043,008 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\WINDOWS\system32\drivers\amdagp.sys -- (amdagp [Boot | Stopped])
[2005/03/09 15:53:00 | 00,043,008 | ---- | M] (Advanced Micro Devices) -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8 [System | Running])
[2001/08/17 21:52:04 | 00,012,032 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\amsint.sys -- (amsint [Boot | Stopped])
[2001/08/17 21:52:00 | 00,026,496 | ---- | M] (Advanced System Products, Inc.) -- C:\WINDOWS\system32\drivers\asc.sys -- (asc [Boot | Stopped])
[2001/08/17 21:52:04 | 00,022,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\asc3350p.sys -- (asc3350p [Boot | Stopped])
[2001/08/17 21:51:58 | 00,014,848 | ---- | M] (Advanced System Products, Inc.) -- C:\WINDOWS\system32\drivers\asc3550.sys -- (asc3550 [Boot | Stopped])
[2005/08/03 23:10:18 | 01,273,344 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag [On_Demand | Running])
[2007/07/09 12:36:32 | 00,011,000 | ---- | M] () -- C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.sys -- (AVG Anti-Spyware Driver [System | Running])
[2006/09/05 18:03:16 | 00,003,968 | ---- | M] (GRISOFT, s.r.o.) -- C:\WINDOWS\system32\drivers\AvgAsCln.sys -- (AvgAsCln [System | Running])
[2006/12/04 16:51:44 | 00,008,704 | ---- | M] () -- C:\Program Files\Softwin\BitDefender10\bdfdll.sys -- (bdfdll [On_Demand | Running])
[2006/01/09 18:50:34 | 00,014,145 | ---- | M] () -- C:\Program Files\Softwin\BitDefender10\bdfsdrv.sys -- (BDFsDrv [On_Demand | Running])
[2007/04/20 13:29:44 | 00,025,984 | ---- | M] (Softwin SRL) -- C:\Program Files\Softwin\BitDefender10\bdpredir.sys -- (bdpredir [System | Running])
[2006/06/28 17:13:54 | 00,010,768 | ---- | M] () -- C:\Program Files\Softwin\BitDefender10\bdrsdrv.sys -- (BDRSDRV [Auto | Running])
[2005/05/31 14:16:06 | 00,401,152 | ---- | M] (Broadcom Corporation.) -- C:\WINDOWS\system32\drivers\btaudio.sys -- (btaudio [On_Demand | Stopped])
[2005/05/31 14:11:18 | 00,030,363 | ---- | M] (Broadcom Corporation.) -- C:\WINDOWS\system32\drivers\btport.sys -- (BTDriver [On_Demand | Stopped])
[2008/04/13 20:46:33 | 00,017,024 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\bthenum.sys -- (BthEnum [On_Demand | Stopped])
[2008/04/13 20:51:34 | 00,101,120 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\bthpan.sys -- (BthPan [On_Demand | Stopped])
[2008/06/14 19:33:37 | 00,272,768 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\bthport.sys -- (BTHPORT [On_Demand | Stopped])
[2008/04/13 20:46:29 | 00,018,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\bthusb.sys -- (BTHUSB [On_Demand | Stopped])
[2005/05/31 14:13:34 | 01,341,466 | ---- | M] (Broadcom Corporation.) -- C:\WINDOWS\system32\drivers\btkrnl.sys -- (BTKRNL [On_Demand | Running])
File not found -- C:\WINDOWS\system32\drivers\btserial.sys -- (BTSERIAL [Auto | Stopped])
File not found -- C:\WINDOWS\system32\drivers\btslbcsp.sys -- (BTSLBCSP [Auto | Stopped])
[2005/05/31 14:07:56 | 00,148,040 | ---- | M] (Broadcom Corporation.) -- C:\WINDOWS\system32\drivers\btwdndis.sys -- (BTWDNDIS [On_Demand | Stopped])
[2005/05/31 14:11:08 | 00,030,189 | ---- | M] (Broadcom Corporation.) -- C:\WINDOWS\system32\drivers\btwmodem.sys -- (btwmodem [On_Demand | Stopped])
[2005/05/31 14:10:32 | 00,056,648 | ---- | M] (Broadcom Corporation.) -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB [On_Demand | Stopped])
[2005/08/25 18:28:00 | 01,240,576 | ---- | M] (Philips Consumer Electronics) -- C:\WINDOWS\system32\drivers\camdrv41.sys -- (camvid40 [On_Demand | Stopped])
File not found -- D:\DOCUME~1\RICHAR~1.000\LOCALS~1\Temp\catchme.sys -- (catchme [On_Demand | Stopped])
[2008/04/13 20:46:23 | 00,017,024 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\ccdecode.sys -- (CCDECODE [On_Demand | Stopped])
[2001/08/17 21:52:06 | 00,007,680 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\cd20xrnt.sys -- (cd20xrnt [Boot | Stopped])
[2001/08/23 17:04:44 | 00,006,656 | ---- | M] (CMD Technology, Inc.) -- C:\WINDOWS\system32\drivers\cmdide.sys -- (CmdIde [Boot | Stopped])
[2001/08/17 21:52:06 | 00,014,976 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\cpqarray.sys -- (Cpqarray [Boot | Stopped])
[2001/08/17 21:52:16 | 00,179,584 | ---- | M] (Mylex Corporation) -- C:\WINDOWS\system32\drivers\dac2w2k.sys -- (dac2w2k [Boot | Stopped])
[2001/08/17 21:52:16 | 00,014,720 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\dac960nt.sys -- (dac960nt [Boot | Stopped])
[2001/08/17 22:07:44 | 00,020,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\dpti2o.sys -- (dpti2o [Boot | Stopped])
[2001/08/17 22:07:44 | 00,025,952 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\hpn.sys -- (hpn [Boot | Stopped])
[2008/04/13 20:41:22 | 00,008,576 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\i2omgmt.sys -- (i2omgmt [System | Running])
[2008/04/13 20:41:22 | 00,018,560 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\i2omp.sys -- (i2omp [Boot | Stopped])
[2001/08/17 21:52:08 | 00,016,000 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\ini910u.sys -- (ini910u [Boot | Stopped])
[2008/04/14 04:05:15 | 00,014,720 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\kbdhid.sys -- (kbdhid [System | Running])
[2008/04/13 20:46:22 | 00,015,232 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\mpe.sys -- (MPE [On_Demand | Stopped])
[2001/08/17 21:52:12 | 00,017,280 | ---- | M] (American Megatrends Inc.) -- C:\WINDOWS\system32\drivers\mraid35x.sys -- (mraid35x [Boot | Stopped])
[2008/04/13 20:39:50 | 00,005,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\mstee.sys -- (MSTEE [On_Demand | Stopped])
[2008/04/13 20:46:25 | 00,085,248 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\nabtsfec.sys -- (NABTSFEC [On_Demand | Stopped])
[2008/04/13 20:46:22 | 00,010,880 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\ndisip.sys -- (NdisIP [On_Demand | Stopped])
[2001/08/23 17:15:46 | 00,003,328 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\pciide.sys -- (PCIIde [Boot | Running])
[2001/08/17 22:07:40 | 00,027,296 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\perc2.sys -- (perc2 [Boot | Stopped])
[2001/08/17 22:07:42 | 00,005,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\perc2hib.sys -- (perc2hib [Boot | Stopped])
[2008/04/14 03:55:30 | 00,040,064 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\processr.sys -- (Processor [System | Stopped])
[2006/08/19 05:33:24 | 00,013,568 | ---- | M] () -- C:\Program Files\Softwin\BitDefender10\profos.sys -- (Profos [On_Demand | Stopped])
[2004/08/05 14:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink [On_Demand | Running])
[2007/10/20 02:56:10 | 00,043,528 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\pxhelp20.sys -- (PxHelp20 [Boot | Running])
[2001/08/17 21:52:20 | 00,040,320 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\system32\drivers\ql1080.sys -- (ql1080 [Boot | Stopped])
[2001/08/17 21:52:16 | 00,033,152 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\ql10wnt.sys -- (Ql10wnt [Boot | Stopped])
[2001/08/17 21:52:20 | 00,045,312 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\system32\drivers\ql12160.sys -- (ql12160 [Boot | Stopped])
[2001/08/17 21:52:16 | 00,040,448 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\ql1240.sys -- (ql1240 [Boot | Stopped])
[2001/08/17 21:52:18 | 00,049,024 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\system32\drivers\ql1280.sys -- (ql1280 [Boot | Stopped])
[2008/04/13 20:46:32 | 00,059,136 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\rfcomm.sys -- (RFCOMM [On_Demand | Stopped])
[2004/08/05 14:00:00 | 00,005,888 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\rootmdm.sys -- (ROOTMODEM [On_Demand | Running])
[2004/12/02 16:36:08 | 00,070,912 | ---- | M] (Realtek Semiconductor Corporation ) -- C:\WINDOWS\system32\drivers\Rtlnicxp.sys -- (RTL8023xp [On_Demand | Running])
[2007/11/13 12:25:54 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv [Auto | Running])
[2008/04/13 20:36:39 | 00,040,960 | ---- | M] (Silicon Integrated Systems Corporation) -- C:\WINDOWS\system32\drivers\sisagp.sys -- (sisagp [Boot | Stopped])
[2008/04/13 20:46:23 | 00,011,136 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\slip.sys -- (SLIP [On_Demand | Stopped])
[2001/08/17 21:56:16 | 00,007,552 | ---- | M] (Sony Corporation) -- C:\WINDOWS\system32\drivers\SONYPVU1.SYS -- (SONYPVU1 [On_Demand | Stopped])
[2001/08/17 22:07:44 | 00,019,072 | ---- | M] (Adaptec, Inc.) -- C:\WINDOWS\system32\drivers\sparrow.sys -- (Sparrow [Boot | Stopped])
[2006/08/19 09:23:43 | 00,642,560 | ---- | M] () -- C:\WINDOWS\system32\drivers\sptd.sys -- (sptd [Boot | Running])
[2008/04/13 20:46:21 | 00,015,232 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\streamip.sys -- (streamip [On_Demand | Stopped])
[2001/08/17 22:07:34 | 00,016,256 | ---- | M] (Symbios Logic Inc.) -- C:\WINDOWS\system32\drivers\symc810.sys -- (symc810 [Boot | Stopped])
[2001/08/17 22:07:36 | 00,032,640 | ---- | M] (LSI Logic) -- C:\WINDOWS\system32\drivers\symc8xx.sys -- (symc8xx [Boot | Stopped])
[2001/08/17 22:07:40 | 00,028,384 | ---- | M] (LSI Logic) -- C:\WINDOWS\system32\drivers\sym_hi.sys -- (sym_hi [Boot | Stopped])
[2001/08/17 22:07:42 | 00,030,688 | ---- | M] (LSI Logic) -- C:\WINDOWS\system32\drivers\sym_u3.sys -- (sym_u3 [Boot | Stopped])
[2001/08/23 17:00:46 | 00,004,992 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\toside.sys -- (TosIde [Boot | Stopped])
[2006/08/16 12:11:12 | 00,022,656 | ---- | M] () -- C:\Program Files\Softwin\BitDefender10\trufos.sys -- (Trufos [On_Demand | Stopped])
[2001/08/17 21:52:22 | 00,036,736 | ---- | M] (Promise Technology, Inc.) -- C:\WINDOWS\system32\drivers\ultra.sys -- (ultra [Boot | Stopped])
[2008/04/13 20:45:12 | 00,060,032 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\usbaudio.sys -- (usbaudio [On_Demand | Stopped])
[2008/04/13 20:45:35 | 00,030,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\usbehci.sys -- (usbehci [On_Demand | Running])
[2008/04/13 20:45:35 | 00,017,152 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\usbohci.sys -- (usbohci [On_Demand | Running])
[2006/08/19 21:06:41 | 00,223,128 | ---- | M] () -- C:\WINDOWS\system32\drivers\vaxscsi.sys -- (vaxscsi [On_Demand | Running])
[2008/04/13 20:36:40 | 00,042,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\viaagp.sys -- (viaagp [Boot | Stopped])
[2008/04/13 20:40:31 | 00,005,376 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\viaide.sys -- (ViaIde [Boot | Stopped])
[2003/01/10 16:13:04 | 00,033,588 | ---- | M] (America Online, Inc.) -- C:\WINDOWS\system32\drivers\wanatw4.sys -- (wanatw [On_Demand | Running])
[2004/04/14 11:08:00 | 00,010,144 | ---- | M] (Logitech Inc.) -- C:\WINDOWS\system32\drivers\WmBEnum.sys -- (WmBEnum [On_Demand | Running])
[2004/04/14 11:08:00 | 00,021,280 | ---- | M] (Logitech Inc.) -- C:\WINDOWS\system32\drivers\WmFilter.sys -- (WmFilter [On_Demand | Stopped])
[2004/04/14 11:08:00 | 00,005,600 | ---- | M] (Logitech Inc.) -- C:\WINDOWS\system32\drivers\WmVirHid.sys -- (WmVirHid [On_Demand | Stopped])
[2004/04/14 11:08:00 | 00,044,064 | ---- | M] (Logitech Inc.) -- C:\WINDOWS\system32\drivers\WmXlCore.sys -- (WmXlCore [On_Demand | Running])
[2006/10/18 21:00:00 | 00,038,528 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\wpdusb.sys -- (WpdUsb [On_Demand | Stopped])
[2008/04/13 20:46:24 | 00,019,200 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\wstcodec.sys -- (WSTCODEC [On_Demand | Stopped])
[2006/09/28 19:55:50 | 00,077,568 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\WudfPf.sys -- (WudfPf [Boot | Running])
[2006/09/28 20:00:34 | 00,082,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\WudfRd.sys -- (WudfRd [On_Demand | Stopped])

========== (R ) Internet Explorer ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Page_URL"=http://go.microsoft.com/fwlink/?LinkId=69157
"Default_Search_URL"=http://recherche.neuf.fr/
"Default_Secondary_Page_URL"=
"Extensions Off Page"=about:NoAdd-ons
"Search Page"=http://go.microsoft.com/fwlink/?LinkId=54896
"Security Risk Page"=about:SecurityRisk
"Start Page"=http://go.microsoft.com/fwlink/?LinkId=69157

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search]
"CustomizeSearch"=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
"Local Page"=http://www.iesearch.com/
"SearchAssistant"=http://recherche.neuf.fr/ie/default.html

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main]
"Search Page"=http://recherche.neuf.fr/
"Start Page"=http://www.neufportail.fr/

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0
"ProxyOverride" = *.local

========== (O1) Hosts File ==========

HOSTS File = (227994 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
First 25 entries...
127.0.0.1 localhost
127.0.0.1 serial.alcohol-soft.com
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.1001-search.info
127.0.0.1 1001-search.info
127.0.0.1 www.100888290cs.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
127.0.0.1 www.10sek.com
127.0.0.1 10sek.com
127.0.0.1 www.123topsearch.com
127.0.0.1 123topsearch.com
127.0.0.1 www.132.com
127.0.0.1 132.com
127.0.0.1 www.136136.net
7997 more lines...

========== (O2) BHO's ==========

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\]
{259F616C-A300-44F5-B04A-ED001A26C85C} (HKLM) -- C:\Program Files\SolidDocuments\SolidConverterPDF\SCPDF\ExploreExtPDF.dll (VoyagerSoft, LLC)
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (HKLM) -- C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)

========== (O3) Toolbars ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
"{259F616C-A300-44F5-B04A-ED001A26C85C}" (HKLM) -- C:\Program Files\SolidDocuments\SolidConverterPDF\SCPDF\ExploreExtPDF.dll (VoyagerSoft, LLC)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
"{327C2873-E90D-4c37-AA9D-10AC9BABA46C}" (HKLM) -- C:\Program Files\Canon\Easy-WebPrint\Toolband.dll ()

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser]
"{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found
"{F2CF5485-4E02-4F68-819C-B92DE9277049}" (HKLM) -- C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)

========== (O4) Run Keys ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" (Adobe Systems Incorporated)
"ATIPTA"="C:\ATI Technologies\ATI Control Panel\atiptaxx.exe" (ATI Technologies, Inc.)
"BDAgent"="C:\Program Files\Softwin\BitDefender10\bdagent.exe" (SOFTWIN S.R.L.)
"BDMCon"="C:\Program Files\Softwin\BitDefender10\bdmcon.exe" /reg (SOFTWIN S.R.L.)
"BluetoothAuthenticationAgent"=rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent (Microsoft Corporation)
"ISUSPM Startup"=C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup (InstallShield Software Corporation)
"ISUSScheduler"="C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start (InstallShield Software Corporation)
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" (Apple Inc.)
"Opware15"="C:\Program Files\ScanSoft\OmniPage15.0\Opware15.exe" (ScanSoft, Inc.)
"PDF3 Registry Controller"="C:\Program Files\ScanSoft\OmniPage15.0\PDFConverter3\\RegistryController.exe" (ScanSoft, Inc.)
"PhiBtn"=%SystemRoot%\System32\drivers\PhiBtn.exe (Philips)
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" -atboottime (Apple Inc.)
"RegistryMechanic"= File not found
"SoundMan"=SOUNDMAN.EXE (Realtek Semiconductor Corp.)
"SSBkgdUpdate"="C:\Program Files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot (Nuance Communications, Inc.)
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" (Sun Microsystems, Inc.)
"Traymin900"=%SystemRoot%\System32\drivers\Tray900.exe (Philips)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)
"IncrediMail"=C:\Program Files\IncrediMail\bin\IncMail.exe /c (IncrediMail, Ltd.)
"NBJ"="C:\PROGRA~1\Ahead\NEROBA~1\NBJ.exe" (Ahead Software AG)

========== (O4) Startup Folders ==========

[2005/05/31 14:29:16 | 00,577,597 | ---- | M] (Broadcom Corporation.) -- D:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\BTTray.lnk = C:\Program Files\WIDCOMM\Logiciel Bluetooth\BTTray.exe

========== (O6 & O7) Current Version Policies ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"DisableRegistryTools"=0

========== (O8) IE Context Menu Extensions ==========

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\]
E&xporter vers Microsoft Excel: C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE [2007/05/31 13:41:06 | 10,352,472 | ---- | M] (Microsoft Corporation)
Envoyer à &Bluetooth: C:\Program Files\WIDCOMM\Logiciel Bluetooth\btsendto_ie_ctx.htm [2003/05/29 13:53:12 | 00,001,320 | ---- | M] ()
Open with Scansoft PDF Converter 3.0: C:\Program Files\ScanSoft\OmniPage15.0\PDFConverter3\ieshellext.dll [2005/04/12 11:16:02 | 00,045,056 | ---- | M] (ScanSoft, Inc.)

========== (O9) IE Extensions ==========

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Extensions\]
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}: Console Java (Sun) -- C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll (Sun Microsystems, Inc.)
{92780B25-18CC-41C8-B9BE-3C9C571A8263}: Recherche -- C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
{e2e2dd38-d088-4134-82b7-f2ba38496583}: @xpsp3res.dll,-20001 -- C:\WINDOWS\network diagnostic\xpnetdiag.exe (Microsoft Corporation)
{FB5F1910-F110-11d2-BB9E-00C04F795683}: Messenger -- C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
{FB5F1910-F110-11d2-BB9E-00C04F795683}: Windows Messenger -- C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)

========== (O12) Internet Explorer Plugins ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\]
PluginsPage: "" = http://activex.microsoft.com/controls/find.asp?ext=%s&mime=%s
PluginsPageFriendlyName: "" = Microsoft ActiveX Gallery

========== (O13) Default Prefixes ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix]
""=http://

========== (O15) Trusted Sites ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
33 domain(s) and sub-domain(s) not assigned to a zone.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
41 domain(s) and sub-domain(s) not assigned to a zone.

========== (O16) DPF ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\]
{0742B9EF-8C83-41CA-BFBA-830A59E23533}: https://support.microsoft.com/OAS/ActiveX/MSDcode.cab -- Reg Error: Key does not exist or could not be opened.
{17492023-C23A-453E-A040-C7C580BBF700}: http://download.microsoft.com/download/ ... ontrol.cab -- Windows Genuine Advantage Validation Tool
{3E68E405-C6DE-49FF-83AE-41EE9F4C36CE}: http://office.microsoft.com/officeupdat ... /opuc3.cab -- Office Update Installation Engine
{42E1F024-ECC3-456F-B98A-4CE5ACDBF25C}: https://ssl-tb.sitadelle.com/selfcare.c ... Config.ocx -- ActiveFormX Contrôle
{56393399-041A-4650-94C7-13DFCB1F4665}: http://www3.ca.com/securityadvisor/pest ... stscan.cab -- PSFormX Control
{5D86DDB5-BDF9-441B-9E9E-D4730F4EE499}: http://www.bitdefender.fr/scan8/oscan8.cab -- BDSCANONLINE Control
{6531D99C-0D0E-4293-B3CB-A3E1D0D41847}: http://aspglobal.ahnlab.com/asp/cab/AhnASP.cab -- AhnASP Control
{6E32070A-766D-4EE6-879C-DC1FA91D2FC3}: http://update.microsoft.com/microsoftup ... 2678003750 -- MUWebControl Class
{74D05D43-3236-11D4-BDCD-00C04F9A3B61}: http://a840.g.akamai.net/7/840/537/2005 ... scan53.cab -- HouseCall Control
{7B297BFD-85E4-4092-B2AF-16A91B2EA103}: http://www.ca.com/us/securityadvisor/vi ... ebscan.cab -- Reg Error: Key does not exist or could not be opened.
{8AD9C840-044E-11D1-B3E9-00805F499D93}: http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab -- Java Plug-in 1.6.0_07
{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}: http://fpdownload.macromedia.com/get/fl ... rashim.cab -- Reg Error: Key does not exist or could not be opened.
{BB21F850-63F4-4EC9-BF9D-565BD30C9AE9}: http://ax.emsisoft.com/asquared.cab -- a-squared Scanner
{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab -- Java Plug-in 1.6.0_05
{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab -- Java Plug-in 1.6.0_07
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab -- Java Plug-in 1.6.0_07
{CE3409C4-9E26-4F8E-83E4-778498F9E7B4}: http://www.photoways.com/clients/uploader_v2.2.0.6.cab -- Reg Error: Key does not exist or could not be opened.
{D27CDB6E-AE6D-11CF-96B8-444553540000}: http://download.macromedia.com/pub/shoc ... sh5r42.cab -- Shockwave Flash Object
{E36C5562-C4E0-4220-BCB2-1C671E3A5916}: file:///C:/DRIVERS/snapsys/HDDDiag/bin/npseatools.cab -- Reg Error: Key does not exist or could not be opened.

========== (O17) DNS Name Servers ==========

{1B8F7FD5-BD15-49CA-BEEA-28F5847EA193} (Servers: | Description: Carte réseau 1394)
{40DDCCA4-3C9D-41A3-B128-FF4397B58660} (Servers: | Description: )
{6D581BD2-3023-48F3-8820-761EE209CD4A} (Servers: | Description: )
{6E406F32-D6C0-42A6-973F-FA620FD63FCE} (Servers: | Description: )
{83BA01AE-388E-4EF8-A68B-A8EBC7AFFDAE} (Servers: | Description: Realtek RTL8139/810x Family Fast Ethernet NIC)
{A402D69B-9A75-44B9-94DF-8A77B943F249} (Servers: | Description: )

========== (O20) AppInit_DLLs ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_Dlls"=sockspy.dll
>[2006/01/26 20:19:52 | 00,073,728 | ---- | M] () -- C:\WINDOWS\system32\sockspy.dll

========== (O20) Winlogon Notify Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\]
AtiExtEvent: "DllName" = Ati2evxx.dll -- C:\WINDOWS\system32\ati2evxx.dll (ATI Technologies Inc.)
WgaLogon: "DllName" = WgaLogon.dll -- C:\WINDOWS\system32\WgaLogon.dll (Microsoft Corporation)

========== (O21) SSODL Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"WPDShServiceObj"={AAA288BA-9A4C-45B0-95D7-94D524869DB5} (HKLM) -- C:\WINDOWS\system32\WPDShServiceObj.dll (Microsoft Corporation)

========== Shell Execute Hooks ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}" (HKLM) -- C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll (GRISOFT s.r.o.)

========== Safeboot Options ==========

"AlternateShell"=cmd.exe

========== CDRom AutoRun Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom]
"AutoRun" = 1

========== Files/Folders - Created Within 30 Days ==========

[4 C:\WINDOWS\*.tmp files]
[2008/10/03 14:16:07 | 00,000,134 | ---- | C] () -- D:\Documents and Settings\Richard.1043768403116.000\Mes documents\reparlsa.reg
[2008/10/02 14:10:40 | 00,000,000 | ---D | C] -- D:\Documents and Settings\Richard.1043768403116.000\Bureau\Norton Antivirus 2005 (Full Version) with crack
[2008/10/02 10:24:34 | 00,000,000 | ---D | C] -- C:\Avenger
[2008/10/02 10:23:44 | 00,006,177 | ---- | C] () -- C:\backup.reg
[2008/10/02 10:23:35 | 00,135,168 | ---- | C] () -- C:\zip.exe
[2008/10/02 10:23:35 | 00,019,286 | ---- | C] () -- C:\cleanup.exe
[2008/10/02 10:23:35 | 00,000,574 | ---- | C] () -- C:\cleanup.bat
[2008/10/02 10:01:57 | 00,731,136 | ---- | C] () -- D:\Documents and Settings\Richard.1043768403116.000\Bureau\avenger.exe
[2008/10/01 09:33:44 | 00,000,543 | ---- | C] () -- D:\Documents and Settings\All Users\Bureau\Navilog1.lnk
[2008/10/01 09:32:00 | 00,571,687 | ---- | C] (IL-MAFIOSO ) -- D:\Documents and Settings\Richard.1043768403116.000\Bureau\Navilog1.exe
[2008/10/01 09:31:16 | 00,419,840 | ---- | C] (OldTimer Tools) -- D:\Documents and Settings\Richard.1043768403116.000\Bureau\OTViewIt.exe
[2008/09/30 19:10:05 | 00,115,462 | ---- | C] () -- D:\Documents and Settings\Richard.1043768403116.000\Bureau\Page_1 copie.jpg
[2008/09/29 11:32:24 | 00,091,440 | ---- | C] () -- C:\WINDOWS\System32\GDIPFONTCACHEV1.DAT
[2008/09/28 20:39:25 | 00,024,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\STKIT432.DLL
[2008/09/28 20:39:19 | 00,000,635 | ---- | C] () -- D:\Documents and Settings\All Users\Bureau\Registry Mechanic.lnk
[2008/09/28 20:39:14 | 00,000,000 | ---D | C] -- C:\Program Files\Registry Mechanic
[2008/09/28 18:17:57 | 00,000,000 | -H-D | C] -- C:\WINDOWS\PIF
[2008/09/28 17:49:28 | 00,000,000 | ---D | C] -- D:\Documents and Settings\Richard.1043768403116.000\Bureau\Madagascar 2008
[2008/09/25 14:18:14 | 00,295,432 | ---- | C] () -- D:\Documents and Settings\Richard.1043768403116.000\Mes documents\Untitled1.comicdoc
[2008/09/25 13:05:41 | 00,000,000 | ---D | C] -- C:\Program Files\MSECache
[2008/09/25 12:38:21 | 00,000,000 | ---D | C] -- D:\Documents and Settings\Richard.1043768403116.000\Mes documents\Comic Life
[2008/09/25 12:37:15 | 00,000,004 | RHS- | C] () -- D:\Documents and Settings\All Users\Application Data\sysqcl1129139270.dat
[2008/09/25 12:29:18 | 00,000,000 | ---D | C] -- C:\Program Files\plasq
[2008/09/25 12:28:49 | 00,000,000 | ---D | C] -- C:\Program Files\Fichiers communs\Wise Installation Wizard
[2008/09/22 20:02:20 | 00,000,000 | ---D | C] -- D:\Documents and Settings\Richard.1043768403116.000\Bureau\DancefloorFGSummer2008[1]
[2008/09/19 10:54:17 | 00,000,000 | ---D | C] -- D:\Documents and Settings\Richard.1043768403116.000\Mes documents\BitTorrent Downloads
[2008/09/19 09:07:34 | 00,000,598 | ---- | C] () -- D:\Documents and Settings\Richard.1043768403116.000\Mes documents\Mes dossiers de partage.lnk
[2008/09/19 09:07:17 | 00,000,000 | ---D | C] -- D:\Documents and Settings\Richard.1043768403116.000\Mes documents\Mes fichiers reçus
[2008/09/03 22:19:29 | 00,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2008/09/03 22:07:28 | 00,000,000 | ---D | C] -- C:\WINDOWS\ServicePackFiles
[2008/09/03 21:59:36 | 00,000,000 | -H-D | C] -- C:\WINDOWS\$NtServicePackUninstall$

========== Files - Modified Within 30 Days ==========

[246 C:\WINDOWS\System32\*.tmp files]
[4 C:\WINDOWS\*.tmp files]
[2008/10/03 14:36:07 | 00,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2008/10/03 14:34:03 | 00,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2008/10/03 14:33:57 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2008/10/03 14:33:54 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2008/10/03 14:33:52 | 10,731,39712 | -HS- | M] () -- C:\hiberfil.sys
[2008/10/03 14:32:45 | 00,081,984 | ---- | M] () -- C:\WINDOWS\System32\bdod.bin
[2008/10/03 14:32:45 | 00,000,012 | ---- | M] () -- C:\WINDOWS\bthservsdp.dat
[2008/10/03 14:32:15 | 00,006,177 | ---- | M] () -- C:\backup.reg
[2008/10/03 14:32:14 | 00,135,168 | ---- | M] () -- C:\zip.exe
[2008/10/03 14:32:14 | 00,019,286 | ---- | M] () -- C:\cleanup.exe
[2008/10/03 14:32:14 | 00,000,574 | ---- | M] () -- C:\cleanup.bat
[2008/10/03 14:30:00 | 00,000,242 | ---- | M] () -- C:\WINDOWS\tasks\Configurer mon PC.job
[2008/10/03 14:27:54 | 00,012,800 | -HS- | M] () -- D:\Documents and Settings\Richard.1043768403116.000\Bureau\Thumbs.db
@Alternate Data Stream - 0 bytes -> D:\Documents and Settings\Richard.1043768403116.000\Bureau\Thumbs.db:encryptable
[2008/10/03 14:23:18 | 00,000,134 | ---- | M] () -- D:\Documents and Settings\Richard.1043768403116.000\Mes documents\reparlsa.reg
[2008/10/03 14:04:02 | 00,000,598 | ---- | M] () -- D:\Documents and Settings\Richard.1043768403116.000\Mes documents\Mes dossiers de partage.lnk
[2008/10/03 14:03:40 | 00,001,140 | ---- | M] () -- C:\WINDOWS\win.ini
[2008/10/01 09:33:44 | 00,000,543 | ---- | M] () -- D:\Documents and Settings\All Users\Bureau\Navilog1.lnk
[2008/10/01 09:32:02 | 00,571,687 | ---- | M] (IL-MAFIOSO ) -- D:\Documents and Settings\Richard.1043768403116.000\Bureau\Navilog1.exe
[2008/10/01 09:31:16 | 00,419,840 | ---- | M] (OldTimer Tools) -- D:\Documents and Settings\Richard.1043768403116.000\Bureau\OTViewIt.exe
[2008/09/30 19:10:08 | 00,115,462 | ---- | M] () -- D:\Documents and Settings\Richard.1043768403116.000\Bureau\Page_1 copie.jpg
[2008/09/30 17:06:22 | 00,019,968 | ---- | M] () -- D:\Documents and Settings\Richard.1043768403116.000\Mes documents\2008.xls
[2008/09/29 11:32:30 | 00,091,440 | ---- | M] () -- C:\WINDOWS\System32\GDIPFONTCACHEV1.DAT
[2008/09/29 11:20:02 | 00,323,520 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2008/09/28 20:39:19 | 00,000,635 | ---- | M] () -- D:\Documents and Settings\All Users\Bureau\Registry Mechanic.lnk
[2008/09/25 14:18:14 | 00,295,432 | ---- | M] () -- D:\Documents and Settings\Richard.1043768403116.000\Mes documents\Untitled1.comicdoc
[2008/09/25 13:09:51 | 00,091,440 | ---- | M] () -- D:\Documents and Settings\Richard.1043768403116.000\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2008/09/25 12:51:21 | 00,090,624 | ---- | M] () -- D:\Documents and Settings\Richard.1043768403116.000\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/09/25 12:37:15 | 00,000,004 | RHS- | M] () -- D:\Documents and Settings\All Users\Application Data\sysqcl1129139270.dat
[2008/09/23 11:43:23 | 00,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2008/09/22 21:29:42 | 02,641,324 | -H-- | M] () -- D:\Documents and Settings\Richard.1043768403116.000\Local Settings\Application Data\IconCache.db
[2008/09/18 09:51:07 | 00,011,264 | ---- | M] () -- D:\Documents and Settings\Richard.1043768403116.000\Mes documents\Annuaire maison.wdb
[2008/09/16 16:56:02 | 00,022,528 | ---- | M] () -- D:\Documents and Settings\Richard.1043768403116.000\Mes documents\Annuaire maison A5.xls
[2008/09/16 12:10:58 | 00,033,792 | ---- | M] () -- D:\Documents and Settings\Richard.1043768403116.000\Mes documents\ASCT.xls
[2008/09/16 11:52:00 | 00,019,456 | ---- | M] () -- D:\Documents and Settings\Richard.1043768403116.000\Mes documents\Annuaire divers.xls
[2008/09/16 11:49:47 | 00,022,016 | ---- | M] () -- D:\Documents and Settings\Richard.1043768403116.000\Mes documents\ADC.xls
[2008/09/12 19:50:29 | 00,060,928 | ---- | M] () -- D:\Documents and Settings\Richard.1043768403116.000\Mes documents\Collecte page 1.xls
[2008/09/12 19:29:15 | 00,017,408 | ---- | M] () -- D:\Documents and Settings\Richard.1043768403116.000\Mes documents\Collecte page 2.xls
[2008/09/10 13:22:56 | 00,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2008/09/04 15:41:27 | 00,000,425 | ---- | M] () -- C:\WINDOWS\horinfgl.ini
[2008/09/03 22:23:56 | 00,478,396 | ---- | M] () -- C:\WINDOWS\System32\perfh00C.dat
[2008/09/03 22:23:56 | 00,409,418 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2008/09/03 22:23:56 | 00,079,362 | ---- | M] () -- C:\WINDOWS\System32\perfc00C.dat
[2008/09/03 22:23:56 | 00,065,186 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2008/09/03 22:23:55 | 01,043,990 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2008/09/03 22:18:20 | 00,096,384 | ---- | M] () -- C:\WINDOWS\System32\drivers\sptd6925.sys
[2008/09/03 22:02:37 | 00,252,240 | ---- | M] () -- C:\NTLDR
[2008/09/03 21:43:19 | 00,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb
[2008/09/03 21:43:19 | 00,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb
<End>
richou
 
Messages: 81
Inscription: 14 Nov 2007, 15:25
Localisation: Caen

Messagede richou » 03 Oct 2008, 13:51

et enfin le extras :

OTViewIt Extras logfile created on: 03/10/2008 14:38:36 - Run 3
OTViewIt by OldTimer - Version 1.0.9.2 Folder = D:\Documents and Settings\Richard.1043768403116.000\Bureau
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy

1023,36 Mb Total Physical Memory | 567,72 Mb Available Physical Memory | 55,48% Memory free
2,40 Gb Paging File | 1,98 Gb Available in Paging File | 82,42% Paging File free
Paging file location(s): C:\pagefile.sys 0 0;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 29,99 Gb Total Space | 6,84 Gb Free Space | 22,81% Space Free | Partition Type: NTFS
Drive D: | 196,88 Gb Total Space | 164,08 Gb Free Space | 83,34% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive K: | 488,00 Mb Total Space | 0,67 Mb Free Space | 0,14% Space Free | Partition Type: FAT

Computer Name: 1043768403116
Current User Name: Richard
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Whitelist: On
File Age = 30 Days

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled"=1
"AntiVirusDisableNotify"=0
"FirewallDisableNotify"=0
"UpdatesDisableNotify"=0
"AntiVirusOverride"=0
"FirewallOverride"=0
"SerialNumber"=A109A-K13-3ZXD-BAP5-TE
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[2008/04/14 04:34:21 | 00,142,848 | ---- | M] (Microsoft Corporation) -- %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
[2005/05/31 12:14:04 | 00,259,184 | ---- | M] (America Online, Inc.) -- C:\Program Files\AOL 9.0\waol.exe:*:Enabled:AOL 9.0
[2008/04/13 20:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
File not found -- C:\Program Files\MSN Messenger\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)
[2007/01/19 12:55:02 | 05,674,352 | ---- | M] (Microsoft Corporation) -- C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1
[2007/01/04 16:10:02 | 00,297,752 | ---- | M] (Microsoft Corporation) -- C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
[2008/04/14 04:34:21 | 00,142,848 | ---- | M] (Microsoft Corporation) -- %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
[2005/05/31 12:13:50 | 00,038,000 | ---- | M] (America Online, Inc.) -- C:\Program Files\AOL 9.0\aol.exe:*:Disabled:AOL
[2005/05/31 12:14:04 | 00,259,184 | ---- | M] (America Online, Inc.) -- C:\Program Files\AOL 9.0\waol.exe:*:Disabled:AOL 9.0
[2004/12/25 17:54:04 | 00,163,328 | ---- | M] (Inventime) -- C:\APPS\Inventime\my.exe:*:Enabled:INVENTIME
[2007/09/08 01:01:54 | 00,043,008 | ---- | M] () -- C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent
[2006/12/04 12:53:32 | 00,139,305 | ---- | M] (IncrediMail, Ltd.) -- C:\Program Files\IncrediMail\bin\IMApp.exe:*:Enabled:IncrediMail
[2006/12/04 12:53:32 | 00,204,843 | ---- | M] (IncrediMail, Ltd.) -- C:\Program Files\IncrediMail\bin\IncMail.exe:*:Enabled:IncrediMail
[2006/10/31 15:02:28 | 00,086,058 | ---- | M] (IncrediMail, Ltd.) -- C:\Program Files\IncrediMail\bin\ImpCnt.exe:*:Enabled:IncrediMail
[2005/08/15 18:38:13 | 00,081,920 | ---- | M] (Lime Wire, LLC) -- C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire
[2008/04/13 20:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
File not found -- C:\Program Files\MSN Messenger\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)
[2006/12/04 12:53:32 | 00,278,568 | ---- | M] (IncrediMail, Ltd.) -- C:\Program Files\IncrediMail\bin\ImLc.exe:*:Enabled:IncrediMail
[2006/09/14 16:15:24 | 05,001,216 | ---- | M] (http://www.emule-project.net) -- C:\Program Files\eMule\emule.exe:*:Enabled:eMule
File not found -- C:\Program Files\SHARE 1.0 EX2\Share.exe:*:Enabled:Share
[2008/04/14 04:34:01 | 00,083,456 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test
[2008/04/14 04:34:20 | 00,033,792 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\rundll32.exe:*:Enabled:Exécuter une DLL en tant qu'application
[2008/01/15 04:22:48 | 19,926,824 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes
[2007/07/24 16:17:08 | 00,229,376 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour
File not found -- C:\Program Files\Magentic\bin\MgImp.exe:*:Enabled:Magentic
File not found -- C:\Program Files\Magentic\bin\Magentic.exe:*:Enabled:Magentic
File not found -- C:\Program Files\Magentic\bin\MgApp.exe:*:Enabled:Magentic
File not found -- C:\Program Files\GameSpy Arcade\Aphex.exe:*:Enabled:GameSpy Arcade
File not found -- C:\Program Files\Wyzo\wyzo.exe:*:Disabled:Wyzo
[2005/05/31 12:13:50 | 00,038,000 | ---- | M] (America Online, Inc.) -- %ProgramFiles%\AOL 9.0\aol.exe:*:Enabled:AOL
File not found -- %ProgramFiles%\UBISOFT\Splinter Cell Pandora Tomorrow\logo_ubi.exe:*:Enabled:SPLINTER CELL PANDORA
File not found -- %ProgramFiles%\UBISOFT\Splinter Cell Pandora Tomorrow\pandora.exe:*:Enabled:PANDORA
[2007/01/19 12:55:02 | 05,674,352 | ---- | M] (Microsoft Corporation) -- C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1
[2007/01/04 16:10:02 | 00,297,752 | ---- | M] (Microsoft Corporation) -- C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)

========== (O10) Winsock2 Catalogs ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\]
NameSpace_Catalog5\Catalog_Entries\000000000004 [mdnsNSP] -- C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
NameSpace_Catalog5\Catalog_Entries\000000000005 [Espace de noms Bluetooth] -- C:\WINDOWS\system32\wshbth.dll (Microsoft Corporation)

========== (O18) Protocol Handlers ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
ipp: [HKLM - No CLSID value]
[2005/09/20 12:33:58 | 00,843,984 | ---- | M] (Microsoft Corporation) C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL ipp\0x00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAMON.BINDER]
[2007/01/19 12:53:24 | 00,063,344 | ---- | M] (Microsoft Corporation) C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll (livecall:{828030A1-22C1-4009-854F-8E305202313F} (HKLM) [Reg Error: Value does not exist or could not be read.])
msdaipp: [HKLM - No CLSID value]
[2005/09/20 12:33:58 | 00,843,984 | ---- | M] (Microsoft Corporation) C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL msdaipp\0x00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAMON.BINDER]
[2005/09/20 12:33:58 | 00,843,984 | ---- | M] (Microsoft Corporation) C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL msdaipp\oledb:{E1D2BF40-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAIPP.BINDER]
[2007/01/19 12:53:24 | 00,063,344 | ---- | M] (Microsoft Corporation) C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll (msnim:{828030A1-22C1-4009-854F-8E305202313F} (HKLM) [Reg Error: Value does not exist or could not be read.])
[2007/03/14 13:10:22 | 07,255,384 | ---- | M] (Microsoft Corporation) C:\Program Files\Fichiers communs\Microsoft Shared\Web Components\10\OWC10.DLL (mso-offdap:{3D9F03FA-7A94-11D3-BE81-0050048385D1} (HKLM) [Data Page Pluggable Protocol mso-offdap Handler])
[2007/05/10 13:45:34 | 08,069,464 | ---- | M] (Microsoft Corporation) C:\Program Files\Fichiers communs\Microsoft Shared\Web Components\11\OWC11.DLL (mso-offdap11:{32505114-5902-49B2-880A-1F7738E5A384} (HKLM) [Data Page Plugable Protocal mso-offdap11 Handler])

========== (O18) Protocol Filters ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter\] - Protocol Filters
[2007/04/19 13:57:40 | 00,046,432 | ---- | M] (Microsoft Corporation) C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE11\MSOXMLMF.DLL text/xml:{807553E5-5146-11D5-A672-00B0D022E945} (HKLM) [Reg Error: Value does not exist or could not be read.]

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0B7DDCD3-D6D8-4366-A6D8-9B6495A2925E}"=ScanSoft OmniPage 15.0
"{0BEDBD4E-2D34-47B5-9973-57E62B29307C}"=Panneau de contrôle ATI
"{162DDD86-C087-4E59-B7A8-0C1D8F884A9A}"=Adobe Fonts All
"{1967D67C-6F3F-4001-9644-BAC704F7EE84}"=Samsung PC Studio
"{21657574-BD54-48A2-9450-EB03B2C7FC29}"=Sonic MyDVD
"{220F6386-5D1F-4DA5-94DB-F12133C3AE2C}"=Philips SPC 900NC PC Camera
"{22524CA1-515C-4153-9807-52AE65F73B5F}"=BitDefender Antivirus Plus v10
"{265FCC3B-4814-4B2B-89D6-217DFB8AD886}"=Adobe Device Central CS3
"{3248F0A8-6813-11D6-A77B-00B0D0160050}"=Java(TM) 6 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160070}"=Java(TM) 6 Update 7
"{350C940c-3D7C-4EE8-BAA9-00BCB3D54227}"=WebFldrs XP
"{3F4EC965-28EF-45C3-B063-04B25D4E9679}"=WIDCOMM Bluetooth Software
"{3F50AF3B-8997-4916-0095-99D63DDB785A}"=Harry Potter TM
"{4B35F00C-E63D-40DC-9839-DF15A33EAC46}"=Grand Theft Auto Vice City
"{51DC4D9C-F729-48A7-9CE0-BC77529ECCA2}"=Adobe WinSoft Linguistics Plugin
"{602A205F-8D02-48EE-8782-262B2103B984}"=ScanSoft PDF Converter 3.0
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}"=PowerDVD
"{7302810D-7ACF-4339-B27B-57016CAADDCD}"=Adobe Asset Services CS3
"{73B79E83-490B-460D-B0D6-2C7B73980325}"=Adobe Stock Photos CS3
"{7D1D6A24-65D4-454C-8815-4F08A5FFF12C}"=Macromedia Shockwave Player
"{85309D89-7BE9-4094-BB17-24999C6118FC}"=ArcSoft PhotoStudio 5.5
"{89ACA875-BDB9-443C-B7C7-D74D3BDE8FE2}"=Philips VLounge
"{900A92BA-19EF-4A34-86CF-7B6C85BDD971}"=VC_MergeModuleToMSI
"{9011040C-6000-11D3-8CFE-0150048383C9}"=Microsoft Office Professional Edition 2003
"{90120000-0020-040C-0000-0000000FF1CE}"=Module de compatibilité pour Microsoft Office System 2007
"{91D829E6-F1D1-433F-861F-0552DFED0EAD}"=Adobe PDF Library Files
"{93656878-FF8B-4935-99BB-F3F260037C57}"=Lara Croft Tomb Raider: The Angel Of Darkness
"{9541FED0-327F-4DF0-8B96-EF57EF622F19}"=Sonic RecordNow!
"{9A394342-4A68-4EBA-85A6-55B559F4E700}"=Microsoft .NET Framework 1.1 French Language Pack
"{9BC76CCE-A9EC-4A3A-9B51-D823805E1D1F}"=SolidConverterPDF
"{A16E2D86-7D92-48F4-9649-6029C96D4D8F}"=L'Internet ADSL de Cegetel
"{A3088CD2-612B-11D3-AF43-00C04F443448}"=Microsoft Works 2000
"{A4464AC3-D85E-4649-8748-706191063DF6}"=Adobe Anchor Service CS3
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}"=Microsoft Visual C++ 2005 Redistributable
"{A78A65E4-1D88-477A-83B4-3EC540F6A55A}"=Adobe Type Support
"{AC76BA86-7AD7-1036-7B44-A81200000003}"=Adobe Reader 8.1.2 - Français
"{AD1D8B40-F83C-41CA-BA08-9DB8D1653316}"=ScanSoft PDF Create 3.0
"{AED353B9-E6D7-406F-B007-2C55C5265EB3}"=Adobe Camera Raw 4.0
"{B056DB05-BF39-49A0-AAB8-C8FA49D9660C}"=Micro Application - PrintPratic 3
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1"=Spybot - Search & Destroy
"{B508B3F1-A24A-32C0-B310-85786919EF28}"=Microsoft .NET Framework 2.0 Service Pack 1
"{B85C4D19-6CEB-48CF-BD98-C887AC8C6F94}"=iTunes
"{B9242864-2841-4ADE-86E0-8F90F91B04DD}"=Logitech Gaming Software
"{BA0601E1-B65C-11D5-80A9-0000B494D9A6}"=PC Booster
"{BB148BFF-D96D-48B6-9B4A-243DCC6DD444}"=Comic Life
"{BF18C55F-791F-4C17-AB75-E397EE01C14B}"=Adobe Version Cue CS3 Client
"{BFD96B89-B769-4CD6-B11E-E79FFD46F067}"=QuickTime
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}"=Microsoft .NET Framework 1.1
"{CBF7A9A4-C0D4-4BA0-8991-C9B7D90A5298}"=Adobe Setup
"{CE52110A-7773-444F-9E5D-4A45E4792DB6}"=Adobe Bridge Start Meeting
"{CF23AFD7-3078-4134-8823-EBF6D1FE6FAD}"=Canon MP450
"{D417C96A-FCC7-4590-A1BB-FAF73F5BC98E}"=GTA San Andreas
"{D446BA40-1F5F-44EB-A794-0AC14F809C79}"=Adobe Default Language CS3
"{D8FC8E35-D397-4C16-87AE-141A625221E4}"=Adobe CMaps
"{DDDD90B2-80F2-413A-8A8E-38C5076A7DBA}"=Dragon NaturallySpeaking 9
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}"=Codeur Windows Media Série 9
"{E5C28906-EC86-404E-BB4F-6AB2590451FF}"=Adobe Linguistics CS3
"{F0CF6455-EDD8-41C6-A96A-223874E660CC}"=Adobe XMP Panels CS3
"{F32F1F7C-322D-46B9-B69A-5C3EDC88B74C}"=Adobe Photoshop CS3
"{F3697BA5-C8D8-4925-ACCA-F486C76BAD33}"=Adobe Help Viewer 1.1
"{F36CFE58-47C0-4D75-995B-E0172563FA83}"=Adobe ExtendScript Toolkit 2
"{F5346614-B7C4-4E94-826A-E2363155233D}"=EasyCleaner
"{F6326B60-1B1D-4ABF-BFCD-7B7404F44411}"=Windows Live Messenger
"{FABA59CC-347B-478B-B2A7-37BF0885CACB}"=Adobe Bridge CS3
"{FB08F381-6533-4108-B7DD-039E11FBC27E}"=Realtek AC'97 Audio
"Adobe Flash Player ActiveX"=Adobe Flash Player ActiveX
"Adobe_8d0dc9390f2c596455e1446b5918a40"=Adobe Photoshop CS3
"a-squared Free_is1"=a-squared Free 3.0
"AVGAntiSpyware75"=AVG Anti-Spyware 7.5
"BitTorrent"=BitTorrent 5.0.9
"CCleaner"=CCleaner (remove only)
"Desperados - Une aventure au Far West 1.01"=Desperados - Une aventure au Far West 1.01
"DVD Shrink_is1"=DVD Shrink 3.2
"EAX Unified"=EAX Unified
"eMule"=eMule
"FIFA 2000"=FIFA 2000
"Foxit Reader"=Foxit Reader
"HijackThis"=HijackThis 2.0.2
"IDNMitigationAPIs"=Microsoft Internationalized Domain Names Mitigation APIs
"ie7"=Windows Internet Explorer 7
"IncrediMail"=IncrediMail Xe
"InstallShield_{93656878-FF8B-4935-99BB-F3F260037C57}"=Lara Croft Tomb Raider: The Angel Of Darkness
"Kaspersky On-line Scanner"=Kaspersky On-line Scanner
"LimeWire"=LimeWire PRO 4.9.23
"Messenger Plus! Live"=Messenger Plus! Live
"Microsoft .NET Framework 1.1 (1033)"=Microsoft .NET Framework 1.1
"MP Navigator 2.0"=Canon MP Navigator 2.0
"MSCompPackV1"=Microsoft Compression Client Pack 1.0 for Windows XP
"Navilog1_is1"=Navilog1 3.6.6
"Nero - Burning Rom!UninstallKey"=Nero 6 Ultra Edition
"NeroVision!UninstallKey"=Nero Digital
"Network Play System"=EA Network Play System
"Neuf_Kit"=Neuf - Kit de connexion
"NLSDownlevelMapping"=Microsoft National Language Support Downlevel APIs
"PhotoFiltre"=PhotoFiltre
"Registry Mechanic_is1"=Registry Mechanic 7.0
"SpywareBlaster_is1"=SpywareBlaster 4.1
"Téléchargement PHOTOWAYS"=Téléchargement PHOTOWAYS 3.0.7
"TomTom HOME"=TomTom HOME
"VLC media player"=VideoLAN VLC media player 0.8.6h
"Vodafone 804SS USB driver"=Vodafone 804SS USB driver Software
"Windows Media Format Runtime"=Windows Media Format 11 runtime
"Windows Media Player"=Lecteur Windows Media 11
"Windows XP Service"=Windows XP Service Pack 3
"WinRAR archiver"=Archiveur WinRAR
"WinZip"=WinZip
"WMFDist11"=Windows Media Format 11 runtime
"wmp11"=Windows Media Player 11
"Wudf01000"=Microsoft User-Mode Driver Framework Feature Pack 1.0

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 12/09/2008 13:53:03 | Computer Name = 1043768403116 | Source = Application Hang | ID = 1002
Description = Application bloquée WINWORD.EXE, version 11.0.6568.0, module bloqué
hungapp, version 0.0.0.0, adresse de blocage 0x00000000.

Error - 12/09/2008 13:54:09 | Computer Name = 1043768403116 | Source = Application Hang | ID = 1002
Description = Application bloquée WINWORD.EXE, version 11.0.6568.0, module bloqué
hungapp, version 0.0.0.0, adresse de blocage 0x00000000.

Error - 17/09/2008 08:26:36 | Computer Name = 1043768403116 | Source = Application Hang | ID = 1002
Description = Application bloquée bdlite.exe, version 10.1.0.2, module bloqué hungapp,
version 0.0.0.0, adresse de blocage 0x00000000.

Error - 25/09/2008 07:51:51 | Computer Name = 1043768403116 | Source = Application Error | ID = 1000
Description = Application défaillante iexplore.exe, version 7.0.6000.16705, module
défaillant kernel32.dll, version 5.1.2600.5512, adresse de défaillance 0x00012aeb.

Error - 28/09/2008 13:12:36 | Computer Name = 1043768403116 | Source = Application Error | ID = 1000
Description = Application défaillante iexplore.exe, version 7.0.6000.16705, module
défaillant unknown, version 0.0.0.0, adresse de défaillance 0x00f8176c.

Error - 29/09/2008 05:57:30 | Computer Name = 1043768403116 | Source = Application Error | ID = 1000
Description = Application défaillante drwtsn32.exe, version 5.1.2600.0, module défaillant
dbghelp.dll, version 5.1.2600.5512, adresse de défaillance 0x0001295d.

Error - 29/09/2008 05:57:39 | Computer Name = 1043768403116 | Source = Application Hang | ID = 1002
Description = Application bloquée iexplore.exe, version 7.0.6000.16705, module bloqué
hungapp, version 0.0.0.0, adresse de blocage 0x00000000.

Error - 30/09/2008 08:08:09 | Computer Name = 1043768403116 | Source = Application Error | ID = 1000
Description = Application défaillante iexplore.exe, version 7.0.6000.16705, module
défaillant kernel32.dll, version 5.1.2600.5512, adresse de défaillance 0x00012aeb.

Error - 30/09/2008 13:05:22 | Computer Name = 1043768403116 | Source = Application Hang | ID = 1002
Description = Application bloquée notepad.exe, version 5.1.2600.5512, module bloqué
hungapp, version 0.0.0.0, adresse de blocage 0x00000000.

Error - 30/09/2008 13:05:23 | Computer Name = 1043768403116 | Source = Application Hang | ID = 1002
Description = Application bloquée notepad.exe, version 5.1.2600.5512, module bloqué
hungapp, version 0.0.0.0, adresse de blocage 0x00000000.

[ System Events ]
Error - 02/10/2008 04:25:16 | Computer Name = 1043768403116 | Source = Service Control Manager | ID = 7000
Description = Le service Planificateur LiveUpdate automatique n'a pas pu démarrer
en raison de l'erreur : %%3

Error - 02/10/2008 04:25:33 | Computer Name = 1043768403116 | Source = Service Control Manager | ID = 7026
Description = Le pilote de démarrage système ou d'amorçage suivant n'a pas pu se
charger : abp480n5 adpu160m agp440 agpCPQ Aha154x aic78u2 aic78xx AliIde alim1541 amdagp
amsint
asc
asc3350p
asc3550
cbidf
cd20xrnt
CmdIde
Cpqarray
dac2w2k
dac960nt
dpti2o
hpn
i2omp
ini910u
IntelIde
mraid35x
perc2
perc2hib
ql1080
Ql10wnt
ql12160
ql1240
ql1280
sisagp
Sparrow
symc810
symc8xx
sym_hi
sym_u3
TosIde
ultra
viaagp
ViaIde

Error - 03/10/2008 08:03:11 | Computer Name = 1043768403116 | Source = Dhcp | ID = 1000
Description = Votre ordinateur a perdu le bail de son adresse IP 192.168.1.20 sur
la carte réseau d'adresse réseau 0013D3948AAF.

Error - 03/10/2008 08:34:28 | Computer Name = 1043768403116 | Source = Service Control Manager | ID = 7000
Description = Le service General Purpose USB Driver (adildr.sys) n'a pas pu démarrer
en raison de l'erreur : %%2

Error - 03/10/2008 08:34:28 | Computer Name = 1043768403116 | Source = Service Control Manager | ID = 7000
Description = Le service Bluetooth Serial Driver n'a pas pu démarrer en raison de
l'erreur : %%2

Error - 03/10/2008 08:34:28 | Computer Name = 1043768403116 | Source = Service Control Manager | ID = 7000
Description = Le service Bluetooth Port Client Driver n'a pas pu démarrer en raison
de l'erreur : %%2

Error - 03/10/2008 08:34:28 | Computer Name = 1043768403116 | Source = Service Control Manager | ID = 7000
Description = Le service Planificateur LiveUpdate automatique n'a pas pu démarrer
en raison de l'erreur : %%3

Error - 03/10/2008 08:35:59 | Computer Name = 1043768403116 | Source = Service Control Manager | ID = 7022
Description = Le service StarWind iSCSI Service est en attente de démarrage.

Error - 03/10/2008 08:36:01 | Computer Name = 1043768403116 | Source = Service Control Manager | ID = 7022
Description = Le service Acquisition d'image Windows (WIA) est en attente de démarrage.

Error - 03/10/2008 08:36:02 | Computer Name = 1043768403116 | Source = Service Control Manager | ID = 7026
Description = Le pilote de démarrage système ou d'amorçage suivant n'a pas pu se
charger : abp480n5 adpu160m agp440 agpCPQ Aha154x aic78u2 aic78xx AliIde alim1541 amdagp
amsint
asc
asc3350p
asc3550
cbidf
cd20xrnt
CmdIde
Cpqarray
dac2w2k
dac960nt
dpti2o
hpn
i2omp
ini910u
IntelIde
mraid35x
perc2
perc2hib
ql1080
Ql10wnt
ql12160
ql1240
ql1280
sisagp
Sparrow
symc810
symc8xx
sym_hi
sym_u3
TosIde
ultra
viaagp
ViaIde


<End>
richou
 
Messages: 81
Inscription: 14 Nov 2007, 15:25
Localisation: Caen

Messagede nickW » 04 Oct 2008, 18:42

Bonsoir,

Si le PC ne présente plus de symptômes d'infection, voici quelques conseils supplémentaires (sécurisation & optimisation) à appliquer:


ImageUn conseil important:
Désinstaller toutes les versions obsolètes de Java de Sun dont les failles sont utilisées par les "malveillants" (Voir dans Ajout/Suppression de programmes) - Java(TM) 6 Update 5.


ImageUn conseil important:
Désactiver un service:

Ouvrir la console de gestion des services:
Démarrer--->Exécuter
Taper services.msc puis cliquer sur OK

Descendre jusqu'à Planificateur LiveUpdate automatique
Faire un clic droit dessus et choisir Propriétés
Vérifier que dans la case "Chemin d'accès des fichiers exécutables" il y a bien C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
Dans Type de démarrage, choisir Désactivé
Cliquer sur Appliquer, puis sur OK


ImageUn conseil important:
Proscrire l'utilisation de P2P illicite!
eMule est l'antithèse de la sécurité (© Jim Rakoto).
BitTorrent également.


ImageUn conseil:
Image Il est préférable de supprimer OTViewIt (fichier téléchargé OTViewIt.exe et fichiers résultats OTViewIt.txt et Extras.txt situés sur le Bureau).
Image Il est préférable de supprimer Navilog1 via Ajout/Suppression de programmes
Image Il est préférable de supprimer le fichier reparlsa.reg
Image Il est préférable de supprimer The Avenger (fichier téléchargé avenger.zip, exécutable avenger.exe, fichier(s) de travail aven*.txt et fichier rapport SystemDrive\avenger.txt).
Note: The Avenger a également sauvegardé les modifications qu'il a effectuées dans le fichier archive %SystemDrive%\avenger\backup.zip. Après avoir vérifié que tous les logiciels du PC fonctionnent correctement, il sera possible de supprimer cette archive.

Image Vider les quarantaines de l'antivirus et de l'anti-spyware.



Voilì, voilò, voilà.

Salut,

PS:
Si tu considères que ce sujet est clos, peux-tu mettre [OK] devant le titre du premier message. Voir ICI.
Merci.
nickW - Image
30/07/2012: Plus de désinfection de PC jusqu'à nouvel ordre.
Pas de demande d'analyse de log en MP (Message Privé)
Mes configs
Avatar de l’utilisateur
nickW
Modérateur
 
Messages: 21698
Inscription: 20 Mai 2004, 17:41
Localisation: Dordogne/Île de France

Messagede richou » 06 Oct 2008, 18:25

Bonjour Nickw,

voila j'ai fait toutes tes manips et tout marche.
Je te remercie beaucoup.
Peux tu me dire si je peux supprimer quelques chose dans c:
voila ce qu'il y a : (je voulais faire un copie colle mais cela ne marche pas)
donc il y a des dossiers : APPS, ATI TECHNOLOGIES, AVENGER, COKTEL, CONFIG.MSI, GARMIN, PROGRAM FILES,RC, TEMPS, WINDOWS
et des dossiers textes : bcbtrmv, conmgr, dxnlog, fixnavi, gercc, lgsinst, myinventimesetup, rcparam, saudit, xscan
un dossier "inscription dans le registre" : backup
un dossier "fichier de commande ms dos" : cleanup
un dossier application : cleanup
un fichier asg : ncpst.asg
un fichier application ms dos : ntdetect
un fichier : ntldr
et un fichier zip

et dans d: il y a des dossiers : config.msi, documents and settings, e40ac0624a9d3c014d6daa34e7, road challenge
il y a un fichier texte : bdwizreg
un fichier de commande msdos : getpaths
et un fichier asg : ncpst2.asg

voila !
cela ne me dérange pas mais si cela peut faire de la place...
merci de ta reponse
richou
 
Messages: 81
Inscription: 14 Nov 2007, 15:25
Localisation: Caen

Messagede nickW » 06 Oct 2008, 23:40

Bonsoir,

Tu peux supprimer ces fichiers sur C:\

C:\backup.reg
C:\zip.exe
C:\cleanup.exe
C:\cleanup.bat
C:\fixnavi.txt

Je ne connais pas les autres, qui ont été créés avant/après mon intervention.

Salut,
nickW - Image
30/07/2012: Plus de désinfection de PC jusqu'à nouvel ordre.
Pas de demande d'analyse de log en MP (Message Privé)
Mes configs
Avatar de l’utilisateur
nickW
Modérateur
 
Messages: 21698
Inscription: 20 Mai 2004, 17:41
Localisation: Dordogne/Île de France

Messagede richou » 07 Oct 2008, 15:42

Bonjour Nickw,
voila tout est fait, je te remercie et peut etre à une prochaine fois.
merci[/b]
richou
 
Messages: 81
Inscription: 14 Nov 2007, 15:25
Localisation: Caen

Précédente

Retourner vers Sécurité (Contamination - Décontamination)

Qui est en ligne

Utilisateurs parcourant ce forum: Aucun utilisateur enregistré et 10 invités

cron