Demande d'analyse de logs

Sécurité et insécurité. Virus, Trojans, Spywares, Failles etc. …

Modérateur: Modérateurs et Modératrices

Règles du forum
Assiste.com a suspendu l'assistance à la décontamination après presque 15 ans sur l'ancien forum puis celui-ci. Voir :

Procédure de décontamination 1 - Anti-malware
Décontamination anti-malwares

Procédure de décontamination 2 - Anti-malware et antivirus (La Manip)
La Manip - Procédure standard de décontamination

Entretien périodique d'un PC sous Windows
Entretien périodique d'un PC sous Windows

Protection des navigateurs, de la navigation et de la vie privée
Protéger le navigateur, la navigation et la vie privée

rapport extra

Messagede nithael34 » 16 Nov 2008, 18:28

OTListIt Extras logfile created on: 11/11/2008 21:08:07 - Run 2
OTListIt by OldTimer - Version 1.0.11.0 Folder = C:\Documents and Settings\didou\Bureau
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy

511,36 Mb Total Physical Memory | 232,38 Mb Available Physical Memory | 45,44% Memory free
1,22 Gb Paging File | 0,87 Gb Available in Paging File | 71,49% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37,25 Gb Total Space | 20,39 Gb Free Space | 54,74% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: DIDOU-0308A3852
Current User Name: didou
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Whitelist: On
File Age = 30 Days

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[2007/10/18 11:34:04 | 05,724,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger
[2007/10/02 17:18:24 | 00,304,488 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)
[2006/10/10 13:44:50 | 00,557,568 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
[2004/10/13 17:24:37 | 01,694,208 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger
File not found -- C:\Program Files\eMule\emule.exe:*:Enabled:eMule
[2007/10/18 11:34:04 | 05,724,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger
[2007/10/02 17:18:24 | 00,304,488 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)
[2006/10/10 13:44:50 | 00,557,568 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
File not found -- C:\Program Files\Winamp Remote\bin\Orb.exe:*:Enabled:Orb
File not found -- C:\Program Files\Winamp Remote\bin\OrbTray.exe:*:Enabled:OrbTray
File not found -- C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe:*:Enabled:Orb Stream Client
[2006/02/19 04:21:22 | 00,288,472 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe
[2006/02/19 05:24:52 | 00,239,320 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe
[2006/04/21 00:13:30 | 00,231,000 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe
[2006/04/20 21:28:12 | 00,040,960 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe
[2006/04/20 23:43:46 | 00,087,640 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe
[2006/02/17 00:19:34 | 00,192,512 | ---- | M] () -- C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe
[2006/02/16 22:49:52 | 01,085,440 | R--- | M] (Hewlett-Packard) -- C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe
[2006/04/21 00:06:26 | 00,181,848 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe
[2006/02/15 10:37:26 | 00,147,511 | R--- | M] (Hewlett-Packard) -- C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe
[2006/04/21 00:13:00 | 00,456,280 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe
[2006/02/09 16:43:36 | 00,110,592 | R--- | M] (Hewlett-Packard) -- C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe
[2006/02/09 16:41:28 | 00,573,440 | ---- | M] ( ) -- C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe
[2006/04/20 23:42:18 | 00,063,064 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe
[2006/02/19 05:29:46 | 00,139,264 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe:*:Enabled:hpqnrs08.exe
File not found -- C:\Program Files\Wanadoo\GestMAJ.exe:*:Disabled:GestMAJ

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"_{7F05E704-30A6-421A-97A7-8EEB1C7FF010}" = CorelDRAW(R) Graphics Suite X4
"_{CE2DA11A-917F-4CF5-AB55-755EC115DD10}" = CorelDRAW(R) Graphics Suite X4 - Windows Shell Extension
"{09DA4F91-2A09-4232-AB8C-6BC740096DE3}" = Sonic Update Manager
"{0A65A3BD-54B5-4d0d-B084-7688507813F5}" = SlideShow
"{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI Control Panel
"{0CB3C535-1171-4A20-B549-E2CB5DEB9723}" = MySQL Connector/ODBC 3.51
"{11B569C2-4BF6-4ED0-9D17-A4273943CB24}" = Adobe Photoshop Album 2.0 Edition Découverte
"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = HP DLA
"{15C0AF59-4877-49B6-B8C6-A61CE54515F5}" = cp_OnlineProjectsConfig
"{1881AE03-2BD4-11D4-86BF-00508B10AA88}" = Diagnostics pour Windows
"{2376813B-2E5A-4641-B7B3-A0D5ADB55229}" = HPPhotoSmartExpress
"{2F151B50-B434-4838-B51D-70442EBA093E}" = OpenMG Secure Module 4.1.00
"{2F58D60D-2BFD-4467-9B4D-64E7355C329D}" = Sonic_PrimoSDK
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java(TM) 6 Update 5
"{33BF0960-DBA3-4187-B6CC-C969FCFA2D25}" = SkinsHP1
"{350C940c-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{363790D2-DA98-41DD-9C9F-69FA36B169DE}" = PanoStandAlone
"{41E776A5-9B12-416D-9A12-B4F7B044EBED}" = CP_Package_Basic1
"{44A27085-0616-4181-A0C3-81C7ECA17F73}" = CorelDRAW Graphics Suite X4
"{45B8A76B-57EC-4242-B019-066400CD8428}" = BufferChm
"{4EA684E9-5C81-4033-A696-3019EC57AC3A}" = HPProductAssistant
"{5370668E-D4AF-41A5-8098-826F35B50D85}" = Visual Basic for Applications (R) Core - French
"{53EE9E42-CECB-4C92-BF76-9CA65DAF8F1C}" = FullDPAppQFolder
"{57B2281D-A34A-4a48-8C68-169B8873659D}" = c4100_Help
"{66910000-8B30-4973-A159-6371345AFFA5}" = WebReg
"{6696D9A4-28A8-4F5A-8E9A-2E8974C8C39C}" = RandMap
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{68763C27-235D-4165-A961-FDEA228CE504}" = AiOSoftwareNPI
"{6909F917-5499-482e-9AA1-FAD06A99F231}" = Toolbox
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{7131646D-CD3C-40F4-97B9-CD9E4E6262EF}" = Microsoft .NET Framework 2.0
"{7148F0A8-6813-11D6-A77B-00B0D0142030}" = Java 2 Runtime Environment, SE v1.4.2_03
"{736C803C-DD3B-4015-BC51-AFB9E67B9076}" = Readme
"{7B312BFD-6C04-4409-AB6F-DD41CCD67463}" = muvee autoProducer 6.1
"{7C03270C-4FAB-4F5C-B10D-52FEDA190790}" = DocumentViewerQFolder
"{7E7B7865-6C80-4373-8BC1-C2EB9431F9DE}" = ProductContextNPI
"{7F05E704-30A6-421A-97A7-8EEB1C7FF010}" = CorelDRAW Graphics SUite X4 - ICA
"{7F05E704-30A6-421A-97A7-8EEB1C7FF012}" = CorelDRAW Graphics Suite X4 - Capture
"{7F05E704-30A6-421A-97A7-8EEB1C7FF013}" = CorelDRAW Graphics Suite X4 - Draw
"{7F05E704-30A6-421A-97A7-8EEB1C7FF014}" = CorelDRAW Graphics Suite X4 - PP
"{7F05E704-30A6-421A-97A7-8EEB1C7FF016}" = CorelDRAW Graphics Suite X4 - Content
"{7F05E704-30A6-421A-97A7-8EEB1C7FF017}" = CorelDRAW Graphics Suite X4 - Filters
"{7F05E704-30A6-421A-97A7-8EEB1C7FF019}" = CorelDRAW Graphics Suite X4 - FontNav
"{8331C3EA-0C91-43AA-A4D4-27221C631139}" = Status
"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
"{8A4CE7FD-9657-4B06-9943-E1819F3D5D67}" = DocProc
"{8CE4E6E9-9D55-43FB-9DDB-688C976BFC05}" = Unload
"{9113040C-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Basic Edition 2003
"{929408E6-D265-4174-805F-81D1D914E2A4}" = QuickTime
"{93656878-FF8B-4935-99BB-F3F260037C57}" = Lara Croft Tomb Raider: Angel Of Darkeness
"{95120000-00AF-040C-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (French)
"{9527450C-64B3-11D5-9B31-000021116B62}" = SmartCamera Ver 2.1
"{9541FED0-327F-4DF0-8B96-EF57EF622F19}" = RecordNow!
"{97AA0C55-AFAD-4126-B21C-F1318FB6DADA}" = Realtek RTL8139/810x Fast Ethernet NIC Driver Setup
"{98E8A2EF-4EAE-43B8-A172-74842B764777}" = InterVideo WinDVD
"{996512CF-F35B-48DE-9291-557FA5316967}" = ScannerCopy
"{9A394342-4A68-4EBA-85A6-55B559F4E700}" = Microsoft .NET Framework 1.1 French Language Pack
"{9D0798D0-AF6C-4E62-94B1-AEBF1A43E00A}" = CorelDRAW Graphics Suite X4 - IPM
"{9D306690-3173-42CD-94C6-9EF9318AF24B}" = CorelDRAW Graphics Suite X4 - Lang FR
"{A29800BA-0BF1-4E63-9F31-DF05A87F4104}" = InstantShareDevices
"{A70FA218-6598-4AC9-813D-63597C5DD068}" = Galerie de photos Windows Live
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-7AD7-1036-7B44-A70700000002}" = Adobe Reader 7.0.7 - Français
"{AFA4E5FD-ED70-4D92-99D0-162FD56DC986}" = Assistant de connexion Windows Live
"{B2157760-AA3C-4E2E-BFE6-D20BC52495D9}" = cp_PosterPrintConfig
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B61D21B6-469D-4423-B161-62DB20B8A70E}" = Visual Basic for Applications (R) Core - English
"{B6286A44-7505-471A-A72B-04EC2DB2F442}" = CueTour
"{B69CFE29-FD03-4E0A-87A7-6ED97F98E5B3}" = CP_Panorama1Config
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B7666229-351B-47D9-AA6F-DF777CF04BBF}" = Caesar IV
"{B9724615-DC4C-49C6-B741-44CFE412CDAF}" = USB PC Cam Plus
"{BADF6744-3787-48F6-B8C9-4C4995401D65}" = Windows Live Messenger
"{BB85ED9C-AFC9-43BD-B8DC-258C3C7DF72E}" = HP Software Update
"{BDBE2F3E-42DB-4d4a-8CB1-19BA765DBC6C}" = HP Photosmart, Officejet and Deskjet 7.0.A
"{BF439B41-0252-48DE-8B8B-0430CB26A181}" = CorelDRAW Graphics Suite X4 - VBA
"{C1C6767D-B395-43CB-BF99-051B58B86DA6}" = PhotoGallery
"{C7F54CF8-D6FB-4E0A-93A3-E68AE0D6C476}" = SolutionCenter
"{C871525F-7116-4d26-BA6D-215F59B6F88B}" = C4100
"{C8753E28-2680-49BF-BD48-DD38FD086EFE}" = AiO_Scan_CDA
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2DA11A-917F-4CF5-AB55-755EC115DD10}" = CorelDRAW(R) Graphics Suite X4 - Windows Shell Extension
"{D050D7362D214723AD585B541FFB6C11}" = DivX Content Uploader
"{DB81779E-7CC5-4630-BCFC-754004956444}" = Visual Basic for Applications (R) Core
"{DBC20735-34E6-4E97-A9E5-2066B66B243D}" = TrayApp
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{E1B80DEE-A795-4258-8445-074C06AE3AB8}" = MarketResearch
"{E837279E-4C3F-411A-8E3D-0EFD97F818E3}" = Bluetooth by hp
"{ED2C557E-9C18-41FF-B58E-A05EEF0B3B5F}" = CP_CalendarTemplates1
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F157460F-720E-482f-8625-AD7843891E5F}" = InstantShareDevicesMFC
"{F3760724-B29D-465B-BC53-E5D72095BCC4}" = Scan
"{F6076EF9-08E1-442F-B6A2-BFB61B295A14}" = Fax_CDA
"{FB15E224-67C3-491F-9F5C-F257BC418412}" = Destinations
"{FBB980B0-63F8-4B48-8D65-90F1D9F81D9F}" = NewCopy_CDA
"{FD44E544-E7D0-4DBA-9FA0-8AE1A1300390}" = Windows Live installer
"{FE7E1DD7-EBCE-4696-ADE2-22BDBF2372DA}" = DocumentViewer
"2DA959FE3D6F0F5BC313481E72071D510DD786FB" = Windows Driver Package - Intel (w29n51) net (12/19/2007 9.0.4.39)
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Agere Systems Soft Modem" = Agere Systems AC'97 Modem
"All ATI Software" = ATI - Utilitaire de désinstallation du logiciel
"ATI Display Driver" = ATI Display Driver
"avast!" = avast! Antivirus
"B85443866E9FD9203DE836DBCC8A4F6220A821C3" = Windows Driver Package - Intel (NETw5x32) net (07/08/2008 12.0.0.82)
"Blender" = Blender (remove only)
"Caesar 3" = Caesar 3
"ConvertMovie 5.0" = ConvertMovie 5.0
"Debut" = Debut
"ExpressBurn" = Express Burn
"Farm Frenzy_is1" = Farm Frenzy fr
"GOM Player" = GOM Player
"Google Video Uploader" = Google Video Uploader
"HP Document Viewer" = HP Document Viewer 7.0
"HP Imaging Device Functions" = HP Imaging Device Functions 7.0
"HP Photo & Imaging" = HP Photosmart Premier Software 6.5
"HP Solution Center & Imaging Support Tools" = HP Solution Center 7.0
"HPExtendedCapabilities" = HP Customer Participation Program 7.0
"HPOCR" = OCR Software by I.R.I.S 7.0
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"InstallShield_{2F151B50-B434-4838-B51D-70442EBA093E}" = OpenMG Secure Module 4.1.00
"InstallShield_{929408E6-D265-4174-805F-81D1D914E2A4}" = QuickTime
"InstallShield_{93656878-FF8B-4935-99BB-F3F260037C57}" = Lara Croft Tomb Raider : L’Ange des Ténèbres
"InstallShield_{B9724615-DC4C-49C6-B741-44CFE412CDAF}" = USB PC Cam Plus
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 2.0" = Microsoft .NET Framework 2.0
"Mozilla Firefox (2.0.0.14)" = Mozilla Firefox (2.0.0.14)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MSN Pictures Displayer" = MSN Pictures Displayer 4.6
"Nero - Burning Rom!UninstallKey" = Nero 6 Ultra Edition
"NeroVision!UninstallKey" = NeroVision Express 2
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"OpenMG HotFix4.1-05-13-31-01" = OpenMG Limited Patch 4.1-05-13-31-01
"Prism" = Prism Video Converter
"Prison Tycoon 2_is1" = Prison Tycoon 2
"RealPlayer 6.0" = RealPlayer
"Switch" = Switch
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Utilitaires Sierra" = Utilitaires Sierra
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Lecteur Windows Media 11
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== Last 10 Event Log Errors ==========

[ Antivirus Events ]
Error - 16/07/2008 05:57:45 | Computer Name = DIDOU-0308A3852 | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
E:\DCIM\100DSCIM\PICT1071.JPG failed, 0000A420.

Error - 16/07/2008 05:57:45 | Computer Name = DIDOU-0308A3852 | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
E:\DCIM\100DSCIM\PICT1072.JPG failed, 0000A420.

Error - 16/07/2008 05:57:45 | Computer Name = DIDOU-0308A3852 | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
E:\DCIM\100DSCIM\PICT1073.JPG failed, 0000A420.

Error - 16/07/2008 05:57:45 | Computer Name = DIDOU-0308A3852 | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
E:\DCIM\100DSCIM\PICT1074.JPG failed, 0000A420.

Error - 16/07/2008 05:57:45 | Computer Name = DIDOU-0308A3852 | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
E:\DCIM\100DSCIM\PICT1075.JPG failed, 0000A420.

Error - 16/07/2008 05:57:45 | Computer Name = DIDOU-0308A3852 | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
E:\DCIM\100DSCIM\PICT1076.JPG failed, 0000A420.

Error - 20/08/2008 09:14:29 | Computer Name = DIDOU-0308A3852 | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
D:\gay pride 2008\Thumbs.db failed, 0000001E.

Error - 20/08/2008 09:18:22 | Computer Name = DIDOU-0308A3852 | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
D:\grande motte\Thumbs.db failed, 0000001E.

Error - 23/10/2008 06:07:35 | Computer Name = DIDOU-0308A3852 | Source = avast! | ID = 33554522
Description = Internal error has occurred in module aswar scan function failed!,
function A0000111.

Error - 30/10/2008 15:05:32 | Computer Name = DIDOU-0308A3852 | Source = avast! | ID = 33554522
Description = Internal error has occurred in module aswar scan function failed!,
function A0000111.

[ Application Events ]
Error - 24/10/2008 18:32:44 | Computer Name = DIDOU-0308A3852 | Source = Application Error | ID = 1000
Description = Application défaillante farm.exe, version 1.2.1.0, module défaillant
ntdll.dll, version 5.1.2600.2180, adresse de défaillance 0x0001103c.

Error - 24/10/2008 20:59:59 | Computer Name = DIDOU-0308A3852 | Source = Application Error | ID = 1000
Description = Application défaillante farm.exe, version 1.2.1.0, module défaillant
ntdll.dll, version 5.1.2600.2180, adresse de défaillance 0x000111de.

Error - 26/10/2008 12:11:45 | Computer Name = DIDOU-0308A3852 | Source = Application Hang | ID = 1002
Description = Application bloquée msnmsgr.exe, version 8.5.1302.1018, module bloqué
hungapp, version 0.0.0.0, adresse de blocage 0x00000000.

Error - 26/10/2008 12:11:54 | Computer Name = DIDOU-0308A3852 | Source = Application Hang | ID = 1001
Description = Détecteur d'erreurs 553528827.

Error - 26/10/2008 16:05:50 | Computer Name = DIDOU-0308A3852 | Source = Application Error | ID = 1000
Description = Application défaillante farm.exe, version 1.2.1.0, module défaillant
ntdll.dll, version 5.1.2600.2180, adresse de défaillance 0x000111e0.

Error - 27/10/2008 16:06:28 | Computer Name = DIDOU-0308A3852 | Source = Application Hang | ID = 1002
Description = Application bloquée firefox.exe, version 1.8.20080.40413, module bloqué
hungapp, version 0.0.0.0, adresse de blocage 0x00000000.

Error - 27/10/2008 16:06:58 | Computer Name = DIDOU-0308A3852 | Source = Application Hang | ID = 1001
Description = Détecteur d'erreurs 713234062.

Error - 28/10/2008 22:11:52 | Computer Name = DIDOU-0308A3852 | Source = Application Error | ID = 1000
Description = Application défaillante farm.exe, version 1.2.1.0, module défaillant
ntdll.dll, version 5.1.2600.2180, adresse de défaillance 0x000111cd.

Error - 30/10/2008 12:58:14 | Computer Name = DIDOU-0308A3852 | Source = Application Error | ID = 1000
Description = Application défaillante farm.exe, version 1.2.1.0, module défaillant
ntdll.dll, version 5.1.2600.2180, adresse de défaillance 0x0001103c.

Error - 31/10/2008 01:10:04 | Computer Name = DIDOU-0308A3852 | Source = Application Error | ID = 1000
Description = Application défaillante farm.exe, version 1.2.1.0, module défaillant
ntdll.dll, version 5.1.2600.2180, adresse de défaillance 0x0001103c.

[ Application Events ]
Error - 24/10/2008 18:32:44 | Computer Name = DIDOU-0308A3852 | Source = Application Error | ID = 1000
Description = Application défaillante farm.exe, version 1.2.1.0, module défaillant
ntdll.dll, version 5.1.2600.2180, adresse de défaillance 0x0001103c.

Error - 24/10/2008 20:59:59 | Computer Name = DIDOU-0308A3852 | Source = Application Error | ID = 1000
Description = Application défaillante farm.exe, version 1.2.1.0, module défaillant
ntdll.dll, version 5.1.2600.2180, adresse de défaillance 0x000111de.

Error - 26/10/2008 12:11:45 | Computer Name = DIDOU-0308A3852 | Source = Application Hang | ID = 1002
Description = Application bloquée msnmsgr.exe, version 8.5.1302.1018, module bloqué
hungapp, version 0.0.0.0, adresse de blocage 0x00000000.

Error - 26/10/2008 12:11:54 | Computer Name = DIDOU-0308A3852 | Source = Application Hang | ID = 1001
Description = Détecteur d'erreurs 553528827.

Error - 26/10/2008 16:05:50 | Computer Name = DIDOU-0308A3852 | Source = Application Error | ID = 1000
Description = Application défaillante farm.exe, version 1.2.1.0, module défaillant
ntdll.dll, version 5.1.2600.2180, adresse de défaillance 0x000111e0.

Error - 27/10/2008 16:06:28 | Computer Name = DIDOU-0308A3852 | Source = Application Hang | ID = 1002
Description = Application bloquée firefox.exe, version 1.8.20080.40413, module bloqué
hungapp, version 0.0.0.0, adresse de blocage 0x00000000.

Error - 27/10/2008 16:06:58 | Computer Name = DIDOU-0308A3852 | Source = Application Hang | ID = 1001
Description = Détecteur d'erreurs 713234062.

Error - 28/10/2008 22:11:52 | Computer Name = DIDOU-0308A3852 | Source = Application Error | ID = 1000
Description = Application défaillante farm.exe, version 1.2.1.0, module défaillant
ntdll.dll, version 5.1.2600.2180, adresse de défaillance 0x000111cd.

Error - 30/10/2008 12:58:14 | Computer Name = DIDOU-0308A3852 | Source = Application Error | ID = 1000
Description = Application défaillante farm.exe, version 1.2.1.0, module défaillant
ntdll.dll, version 5.1.2600.2180, adresse de défaillance 0x0001103c.

Error - 31/10/2008 01:10:04 | Computer Name = DIDOU-0308A3852 | Source = Application Error | ID = 1000
Description = Application défaillante farm.exe, version 1.2.1.0, module défaillant
ntdll.dll, version 5.1.2600.2180, adresse de défaillance 0x0001103c.

[ System Events ]
Error - 30/10/2008 06:00:05 | Computer Name = DIDOU-0308A3852 | Source = DCOM | ID = 10010
Description = Le serveur {5C4C8078-24CF-4C71-B05E-8B1D935DB5AC} ne s'est pas enregistré
sur DCOM avant la fin du temps imparti.

Error - 11/11/2008 06:41:12 | Computer Name = DIDOU-0308A3852 | Source = DCOM | ID = 10010
Description = Le serveur {5C4C8078-24CF-4C71-B05E-8B1D935DB5AC} ne s'est pas enregistré
sur DCOM avant la fin du temps imparti.


<End>
nithael34
 
Messages: 14
Inscription: 23 Oct 2008, 19:51

rapport OTlistIt

Messagede nithael34 » 16 Nov 2008, 18:29

OTListIt logfile created on: 11/11/2008 21:08:07 - Run 2
OTListIt by OldTimer - Version 1.0.11.0 Folder = C:\Documents and Settings\didou\Bureau
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy

511,36 Mb Total Physical Memory | 232,38 Mb Available Physical Memory | 45,44% Memory free
1,22 Gb Paging File | 0,87 Gb Available in Paging File | 71,49% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37,25 Gb Total Space | 20,39 Gb Free Space | 54,74% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: DIDOU-0308A3852
Current User Name: didou
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Whitelist: On
File Age = 30 Days

========== Processes ==========

[2003/11/13 15:36:54 | 00,385,024 | ---- | M] () -- C:\WINDOWS\system32\ati2evxx.exe
[2008/10/23 15:24:08 | 00,611,664 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
[2008/07/19 15:25:06 | 00,016,056 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
[2008/07/19 15:38:28 | 00,147,640 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe
[2003/09/12 11:32:46 | 00,135,168 | ---- | M] (WIDCOMM, Inc.) -- C:\Program Files\WIDCOMM\Logiciel Bluetooth\bin\btwdins.exe
[2006/11/02 19:40:12 | 00,174,656 | ---- | M] () -- C:\WINDOWS\system32\PSIService.exe
[2007/07/24 10:15:14 | 00,185,632 | ---- | M] (Protexis Inc.) -- c:\Program Files\Fichiers communs\Protexis\License Service\PsiService_2.exe
[2002/09/20 16:50:10 | 00,045,056 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
[2005/01/14 09:32:38 | 00,053,248 | ---- | M] () -- C:\WINDOWS\system32\PAStiSvc.exe
[2004/08/05 13:00:00 | 00,013,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wscntfy.exe
[2003/07/15 22:09:18 | 00,110,592 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
[2003/07/15 22:08:10 | 00,618,496 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
[2003/09/26 01:04:00 | 00,114,741 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\dla\tfswctrl.exe
[2008/07/19 15:38:34 | 00,078,008 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashDisp.exe
[2007/12/04 17:30:21 | 00,155,648 | ---- | M] (Apple Computer, Inc.) -- C:\Program Files\QuickTime\qttask.exe
[2003/05/05 12:16:00 | 00,088,267 | R--- | M] (Agere Systems) -- C:\WINDOWS\AGRSMMSG.exe
[2006/02/19 02:41:10 | 00,049,152 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
[2008/08/03 22:07:24 | 00,185,896 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
[2008/02/22 04:25:21 | 00,144,784 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
[2007/10/18 11:34:04 | 05,724,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\msnmsgr.exe
[2003/09/12 11:42:00 | 00,503,869 | ---- | M] (WIDCOMM, Inc.) -- C:\Program Files\WIDCOMM\Logiciel Bluetooth\BTTray.exe
[2006/02/19 04:21:22 | 00,288,472 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
[2008/09/22 10:17:24 | 04,708,864 | ---- | M] () -- C:\Program Files\MSN Pictures Displayer\MSN Pictures Displayer.exe
[2008/07/19 15:38:04 | 00,250,040 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
[2008/07/23 15:25:45 | 00,348,344 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
[2004/08/05 13:00:00 | 00,216,576 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\osk.exe
[2004/08/05 13:00:00 | 00,006,656 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msswchx.exe
[2004/10/13 17:24:37 | 01,694,208 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe
[2006/02/10 07:56:12 | 00,479,232 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
[2006/02/19 05:24:52 | 00,239,320 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe
[2008/10/26 14:06:34 | 00,417,792 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\didou\Bureau\OTListIt.exe

========== (O23) Win32 Services ==========

[2008/10/23 15:24:08 | 00,611,664 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe -- (aawservice [Auto | Running])
[2005/09/23 06:28:32 | 00,029,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
[2008/07/19 15:25:06 | 00,016,056 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe -- (aswUpdSv [Auto | Running])
[2003/11/13 15:36:54 | 00,385,024 | ---- | M] () -- C:\WINDOWS\system32\ati2evxx.exe -- (Ati HotKey Poller [Auto | Running])
[2008/07/19 15:38:28 | 00,147,640 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe -- (avast! Antivirus [Auto | Running])
[2008/07/19 15:38:04 | 00,250,040 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe -- (avast! Mail Scanner [On_Demand | Running])
[2008/07/23 15:25:45 | 00,348,344 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe -- (avast! Web Scanner [On_Demand | Running])
File not found -- -- (Boonty Games [Disabled | Stopped])
[2003/09/12 11:32:46 | 00,135,168 | ---- | M] (WIDCOMM, Inc.) -- C:\Program Files\WIDCOMM\Logiciel Bluetooth\bin\btwdins.exe -- (btwdins [Auto | Running])
[2005/09/23 06:28:56 | 00,066,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
[2005/04/04 00:41:10 | 00,069,632 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped])
[2005/01/26 15:30:04 | 00,053,337 | ---- | M] (Sony Corporation) -- C:\Program Files\Fichiers communs\Sony Shared\AVLib\MSCSPTISRV.exe -- (MSCSPTISRV [On_Demand | Stopped])
[2003/07/28 20:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
[2005/01/26 15:25:34 | 00,053,337 | ---- | M] (Sony Corporation) -- C:\Program Files\Fichiers communs\Sony Shared\AVLib\PACSPTISVR.exe -- (PACSPTISVR [On_Demand | Stopped])
[2006/03/03 21:03:10 | 00,069,632 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12 [Unknown | Stopped])
[2006/11/02 19:40:12 | 00,174,656 | ---- | M] () -- C:\WINDOWS\system32\PSIService.exe -- (ProtexisLicensing [Auto | Running])
[2007/07/24 10:15:14 | 00,185,632 | ---- | M] (Protexis Inc.) -- c:\Program Files\Fichiers communs\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2 [Auto | Running])
[2002/09/20 16:50:10 | 00,045,056 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe -- (SoundMAX Agent Service (default) [Auto | Running])
[2005/01/26 15:20:14 | 00,069,718 | ---- | M] (Sony Corporation) -- C:\Program Files\Fichiers communs\Sony Shared\AVLib\SPTISRV.exe -- (SPTISRV [On_Demand | Stopped])
[2005/01/14 09:32:38 | 00,053,248 | ---- | M] () -- C:\WINDOWS\system32\PAStiSvc.exe -- (STI Simulator [Auto | Running])
[2007/10/18 11:31:54 | 00,098,328 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\usnsvc.exe -- (usnjsvc [On_Demand | Stopped])
[2007/10/25 15:27:54 | 00,266,240 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\installer\WLSetupSvc.exe -- (WLSetupSvc [On_Demand | Stopped])
[2006/11/03 09:59:14 | 00,918,016 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc [On_Demand | Stopped])

========== Driver Services ==========

[2008/07/19 15:32:15 | 00,026,944 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4 [System | Running])
[2003/03/12 14:34:48 | 00,100,224 | ---- | M] (Andrea Electronics Corporation) -- C:\WINDOWS\system32\drivers\aeaudio.sys -- (aeaudio [On_Demand | Running])
[2003/05/05 12:16:00 | 01,170,464 | R--- | M] (Agere Systems) -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem [On_Demand | Running])
[2008/07/19 15:37:42 | 00,020,560 | ---- | M] (ALWIL Software) -- C:\WINDOWS\system32\drivers\aswFsBlk.sys -- (aswFsBlk [Auto | Running])
[2008/07/19 15:37:21 | 00,094,416 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2 [Auto | Running])
[2008/07/19 15:33:42 | 00,023,152 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr [On_Demand | Running])
[2008/07/19 15:35:18 | 00,078,416 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP [System | Running])
[2008/07/19 15:32:36 | 00,042,912 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi [System | Running])
[2003/11/13 15:47:00 | 00,640,000 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag [On_Demand | Running])
[2003/09/12 11:01:00 | 00,030,267 | ---- | M] (WIDCOMM, Inc.) -- C:\WINDOWS\system32\drivers\btport.sys -- (BTDriver [On_Demand | Running])
[2003/09/12 11:08:40 | 01,258,138 | ---- | M] (WIDCOMM, Inc.) -- C:\WINDOWS\system32\drivers\btkrnl.sys -- (BTKRNL [Boot | Running])
[2003/09/12 11:12:46 | 00,022,183 | ---- | M] () -- C:\WINDOWS\system32\drivers\btserial.sys -- (BTSERIAL [Auto | Running])
[2003/09/12 11:12:14 | 00,222,876 | ---- | M] (WIDCOMM, Inc.) -- C:\WINDOWS\system32\drivers\btslbcsp.sys -- (BTSLBCSP [Auto | Running])
[2003/09/12 11:06:58 | 00,146,716 | ---- | M] (WIDCOMM, Inc.) -- C:\WINDOWS\system32\drivers\btwdndis.sys -- (BTWDNDIS [On_Demand | Running])
[2003/09/12 10:54:28 | 00,052,664 | ---- | M] (WIDCOMM, Inc.) -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB [On_Demand | Stopped])
[2004/03/08 11:55:50 | 00,013,567 | ---- | M] (B.H.A Corporation) -- C:\WINDOWS\System32\drivers\CDRBSDRV.SYS -- (cdrbsdrv [System | Running])
[2002/08/19 14:35:44 | 00,019,845 | ---- | M] () -- C:\WINDOWS\system32\drivers\Cpqdfw.sys -- (cpqdfw [Auto | Running])
[1998/09/30 07:36:06 | 00,154,436 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\Cqcpu.sys -- (cqcpu [Auto | Running])
[1999/05/19 14:00:50 | 00,018,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\CQ_MEM.SYS -- (cq_mem [Auto | Running])
[2003/10/29 03:21:00 | 00,084,640 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\drvmcdb.sys -- (drvmcdb [Boot | Running])
[2003/06/20 02:56:00 | 00,040,448 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\drvnddm.sys -- (drvnddm [Auto | Running])
[2006/04/13 02:04:39 | 00,049,664 | R--- | M] (HP) -- C:\WINDOWS\system32\drivers\HPZid412.sys -- (HPZid412 [On_Demand | Stopped])
[2006/04/13 02:04:39 | 00,016,496 | R--- | M] (HP) -- C:\WINDOWS\system32\drivers\HPZipr12.sys -- (HPZipr12 [On_Demand | Stopped])
[2006/04/13 02:04:39 | 00,021,568 | R--- | M] (HP) -- C:\WINDOWS\system32\drivers\HPZius12.sys -- (HPZius12 [On_Demand | Stopped])
[2004/08/05 13:00:00 | 00,040,320 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\nmnt.sys -- (nm [On_Demand | Stopped])
[2005/02/24 12:29:14 | 00,162,176 | ---- | M] () -- C:\WINDOWS\system32\drivers\PFC027.sys -- (PAC207 [On_Demand | Stopped])
[2003/08/04 13:22:44 | 00,016,128 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) -- C:\WINDOWS\system32\PCANDIS5.SYS -- (PCANDIS5 [On_Demand | Stopped])
[2004/08/05 13:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink [On_Demand | Running])
[2007/03/08 00:51:00 | 00,043,528 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\pxhelp20.sys -- (PxHelp20 [Boot | Running])
[2003/03/17 22:00:02 | 00,046,976 | ---- | M] (Realtek Semiconductor Corporation ) -- C:\WINDOWS\system32\drivers\R8139n51.sys -- (rtl8139 [On_Demand | Running])
[2007/11/13 11:25:54 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv [On_Demand | Stopped])
[2001/08/23 18:21:42 | 00,036,937 | ---- | M] (SMC) -- C:\WINDOWS\system32\drivers\smcirda.sys -- (SMCIRDA [On_Demand | Running])
[2003/05/27 17:05:42 | 00,578,304 | ---- | M] (Analog Devices, Inc.) -- C:\WINDOWS\system32\drivers\smwdm.sys -- (smwdm [On_Demand | Running])
[2003/07/14 11:28:40 | 00,005,621 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\sscdbhk5.sys -- (sscdbhk5 [System | Running])
[2003/07/14 11:28:22 | 00,023,219 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\ssrtln.sys -- (ssrtln [System | Running])
[2003/07/15 21:48:44 | 00,270,384 | ---- | M] (Synaptics, Inc.) -- C:\WINDOWS\system32\drivers\SynTP.sys -- (SynTP [On_Demand | Running])
[2003/09/26 01:04:00 | 00,025,685 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\dla\tfsnboio.sys -- (tfsnboio [Auto | Running])
[2003/09/26 01:04:00 | 00,034,837 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\dla\tfsncofs.sys -- (tfsncofs [Auto | Running])
[2003/09/26 01:04:00 | 00,004,117 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\dla\tfsndrct.sys -- (tfsndrct [Auto | Running])
[2003/09/26 01:04:00 | 00,002,265 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\dla\tfsndres.sys -- (tfsndres [Auto | Running])
[2003/09/26 01:04:00 | 00,083,572 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\dla\tfsnifs.sys -- (tfsnifs [Auto | Running])
[2003/09/26 01:04:00 | 00,014,229 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\dla\tfsnopio.sys -- (tfsnopio [Auto | Running])
[2003/09/26 01:04:00 | 00,006,357 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\dla\tfsnpool.sys -- (tfsnpool [Auto | Running])
[2003/09/26 01:04:00 | 00,098,164 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\dla\tfsnudf.sys -- (tfsnudf [Auto | Running])
[2003/09/26 01:04:00 | 00,100,373 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\dla\tfsnudfa.sys -- (tfsnudfa [Auto | Running])
[2004/08/05 13:00:00 | 00,012,416 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\tunmp.sys -- (tunmp [On_Demand | Stopped])
[2003/12/04 12:49:42 | 01,987,712 | R--- | M] (Intel® Corporation) -- C:\WINDOWS\system32\drivers\w22n51.sys -- (w22n51 [On_Demand | Stopped])
[2008/01/07 13:36:16 | 02,216,064 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\system32\drivers\w29n51.sys -- (w29n51 [On_Demand | Running])
[2003/03/20 17:24:34 | 00,026,240 | ---- | M] (Winbond Electronics Corp.) -- C:\WINDOWS\system32\drivers\wbsd.sys -- (WBSD [On_Demand | Running])

========== Internet Explorer ==========

HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL =
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Live Search
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.orange.fr
HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,AutoSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/saautosearch.aspx
HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



HKU\S-1-5-21-343818398-1935655697-854245398-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
HKU\S-1-5-21-343818398-1935655697-854245398-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
HKU\S-1-5-21-343818398-1935655697-854245398-1003\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Live Search
HKU\S-1-5-21-343818398-1935655697-854245398-1003\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
HKU\S-1-5-21-343818398-1935655697-854245398-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.orange.fr
HKU\S-1-5-21-343818398-1935655697-854245398-1003\SOFTWARE\Microsoft\Internet Explorer\Search,AutoSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/saautosearch.aspx
HKU\S-1-5-21-343818398-1935655697-854245398-1003\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
HKU\S-1-5-21-343818398-1935655697-854245398-1003\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
HKU\S-1-5-21-343818398-1935655697-854245398-1003\S-1-5-21-343818398-1935655697-854245398-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

O1 HOSTS File: (268289 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 123topsearch.com
O1 - Hosts: 127.0.0.1 www.123topsearch.com
O1 - Hosts: 127.0.0.1 132.com
O1 - Hosts: 127.0.0.1 www.132.com
O1 - Hosts: 127.0.0.1 www.136136.net
O1 - Hosts: 127.0.0.1 136136.net
O1 - Hosts: 9285 more lines...
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (no name) - {42AE1DA1-FF60-4435-A81F-9B6538F865A6} - C:\WINDOWS\system32\geBuTljI.dll ()
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Programme d'aide de l'Assistant de connexion Windows Live) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (no name) - {92C57B4C-9C74-417E-B17D-F3E47597302F} - Reg Error: Key does not exist or could not be opened. File not found
O2 - BHO: (no name) - {CFFB60ED-F4CE-4CE2-9532-37F09D61025C} - C:\WINDOWS\system32\wvUMgDvu.dll File not found
O2 - BHO: (no name) - {f121da47-1bb7-42b1-affc-bcfd92b86ce6} - C:\WINDOWS\system32\bwphzg.dll ()
O4 - HKLM..\Run: [AGRSMMSG] AGRSMMSG.exe (Agere Systems)
O4 - HKLM..\Run: [ATIModeChange] Ati2mdxx.exe (ATI Technologies, Inc.)
O4 - HKLM..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe (ATI Technologies, Inc.)
O4 - HKLM..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe (ALWIL Software)
O4 - HKLM..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe ()
O4 - HKLM..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe (Sonic Solutions)
O4 - HKLM..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime (Apple Computer, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot (RealNetworks, Inc.)
O4 - HKLM..\Run: [UpdateManager] "C:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe" /r (Sonic Solutions)
O4 - HKCU..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (Microsoft Corporation)
O4 - HKCU..\Run: [RecordNow!] File not found
O4 - HKU\S-1-5-21-343818398-1935655697-854245398-1003..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (Microsoft Corporation)
O4 - HKU\S-1-5-21-343818398-1935655697-854245398-1003..\Run: [RecordNow!] File not found
O4 - Startup: C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\BTTray.lnk = C:\Program Files\WIDCOMM\Logiciel Bluetooth\BTTray.exe (WIDCOMM, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Démarrage rapide de HP Photosmart Premier.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe (Hewlett-Packard Development Company, L.P.)
O4 - Startup: C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Development Company, L.P.)
O4 - Startup: C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Documents and Settings\didou\Menu Démarrer\Programmes\Démarrage\MSN Pictures Displayer.lnk = C:\Program Files\MSN Pictures Displayer\MSN Pictures Displayer.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 95 00 00 00 [binary data]
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-343818398-1935655697-854245398-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 95 00 00 00 [binary data]
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Envoyer à &Bluetooth - C:\Program Files\WIDCOMM\Logiciel Bluetooth\btsendto_ie_ctx.htm
O9 - Extra 'Tools' menuitem : Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\npjpi160_05.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Logiciel Bluetooth\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Logiciel Bluetooth\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O15 - HKLM\..Trusted Sites: 47 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Sites: 46 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\.DEFAULT\..Trusted Sites: 46 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-18\..Trusted Sites: 46 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-21-343818398-1935655697-854245398-1003\..Trusted Sites: 46 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_05)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 212.27.54.252,212.27.53.252
O18 - Protocol\Handler: - ipp - No CLSID value found
O18 - Protocol\Handler: - ipp\0x00000001 - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler: - livecall - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation)
O18 - Protocol\Handler: - msdaipp - No CLSID value found
O18 - Protocol\Handler: - msdaipp\0x00000001 - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler: - msdaipp\oledb - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler: - ms-itss - C:\Program Files\Fichiers communs\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
O18 - Protocol\Handler: - msnim - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation)
O18 - Protocol\Handler: - mso-offdap11 - C:\Program Files\Fichiers communs\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Filter: - text/xml - C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - See sections below for AppInitDlls and Winlogon settings

========== AppInit_DLLs ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_Dlls" = bwphzg.dll
>[2008/10/27 20:36:42 | 00,132,608 | ---- | M] () -- C:\WINDOWS\system32\bwphzg.dll

========== Winlogon Notify Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\]
geBuTljI: "DllName" = geBuTljI.dll -- C:\WINDOWS\system32\geBuTljI.dll ()

========== Shell Execute Hooks ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{42AE1DA1-FF60-4435-A81F-9B6538F865A6}" (HKLM) -- C:\WINDOWS\system32\geBuTljI.dll ()

========== Safeboot Options ==========

"AlternateShell" = cmd.exe

========== CDRom AutoRun Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom]
"AutoRun" = 1

========== Autorun Files on Drives ==========

AUTOEXEC.BAT [PATH=%PATH%;C:\PROGRA~1\FICHIE~1\MUVEET~1\030625 | PATH=%PATH%;C:\PROGRA~1\FICHIE~1\MUVEET~1\030625 | ]
[2008/03/04 18:49:28 | 00,000,100 | ---- | M] () -- C:\AUTOEXEC.BAT -- [ NTFS ]

========== MountPoints2 ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5cb7f4a7-f742-11dc-af3a-000fb3174da5}\Shell]
"" = AutoRun



[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6b718904-b404-11dc-aef4-000fb3174da5}\Shell\Auto\command]
"" = AdobeR.exe e


========== Files/Folders - Created Within 30 Days ==========

[6 C:\WINDOWS\System32\*.tmp files]
[2008/11/11 20:34:40 | 00,000,000 | ---D | C] -- C:\Documents and Settings\didou\Local Settings\Mes documents\Nouveau dossier
[2008/11/11 20:33:48 | 00,000,000 | ---D | C] -- C:\Documents and Settings\didou\Local Settings\Mes documents\a voir
[2008/11/11 20:28:27 | 00,000,000 | ---D | C] -- C:\Documents and Settings\didou\Application Data\Apple Computer
[2008/11/11 20:26:55 | 00,054,156 | -H-- | C] () -- C:\WINDOWS\QTFont.qfn
[2008/11/11 20:26:55 | 00,001,409 | ---- | C] () -- C:\WINDOWS\QTFont.for
[2008/11/11 11:49:26 | 00,000,000 | ---D | C] -- C:\Documents and Settings\didou\Bureau\a faire a lordi
[2008/10/27 20:36:42 | 00,132,608 | ---- | C] () -- C:\WINDOWS\System32\bwphzg.dll
[2008/10/27 20:36:41 | 00,132,608 | ---- | C] () -- C:\WINDOWS\System32\slnmhqoq.dll
[2008/10/27 20:35:20 | 01,027,624 | -HS- | C] () -- C:\WINDOWS\System32\uukappoh.ini
[2008/10/27 20:35:08 | 00,076,416 | ---- | C] () -- C:\WINDOWS\System32\hoppakuu.dll
[2008/10/26 14:49:40 | 00,000,000 | ---D | C] -- C:\_OTMoveIt
[2008/10/26 14:16:50 | 00,401,720 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\didou\Local Settings\Mes documents\HijackThis.exe
[2008/10/26 14:13:16 | 00,000,000 | ---D | C] -- C:\Documents and Settings\didou\Local Settings\Mes documents\hjt
[2008/10/26 14:10:21 | 00,334,848 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\didou\Bureau\OTMoveIt3.exe
[2008/10/26 14:10:14 | 00,417,792 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\didou\Bureau\OTListIt.exe
[2008/10/24 19:57:34 | 00,001,517 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\Farm Frenzy.lnk
[2008/10/24 19:55:58 | 00,000,000 | ---D | C] -- C:\Program Files\Boonty
[2008/10/24 13:29:05 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2008/10/24 13:10:56 | 00,000,000 | ---D | C] -- C:\Documents and Settings\didou\Bureau\anti viru$
[2008/10/23 23:04:24 | 00,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2008/10/23 22:49:16 | 00,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2008/10/23 21:15:58 | 00,446,976 | ---- | C] () -- C:\WINDOWS\System32\ShellMPD.dll
[2008/10/23 21:03:44 | 00,013,750 | ---- | C] () -- C:\WINDOWS\System32\wpa.dbl
[2008/10/23 21:03:18 | 00,160,344 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2008/10/23 15:20:07 | 00,000,000 | ---D | C] -- C:\Program Files\Lavasoft
[2008/10/23 15:20:07 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Lavasoft
[2008/10/23 15:18:13 | 00,000,000 | ---D | C] -- C:\Program Files\Fichiers communs\Wise Installation Wizard
[2008/10/23 12:01:24 | 53,626,8800 | -HS- | C] () -- C:\hiberfil.sys
[2008/10/23 01:17:24 | 00,000,000 | ---D | C] -- C:\Program Files\MSXML 6.0
[2008/10/22 23:24:12 | 00,034,176 | ---- | C] () -- C:\WINDOWS\System32\geBuTljI.dll
[2008/10/22 19:25:51 | 00,000,788 | ---- | C] () -- C:\Documents and Settings\didou\Menu Démarrer\Programmes\Démarrage\MSN Pictures Displayer.lnk
[2008/10/22 19:25:49 | 00,000,000 | ---D | C] -- C:\Documents and Settings\didou\Application Data\MSN Pictures Displayer
[2008/10/22 19:25:12 | 00,000,000 | ---D | C] -- C:\Program Files\MSN Pictures Displayer
[2008/10/22 19:24:22 | 05,432,391 | ---- | C] (Sébastien BEGOUIN ) -- C:\Documents and Settings\didou\Local Settings\Mes documents\Install MPD.exe
[2008/10/22 18:20:11 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\CatRoot_bak
[2008/10/22 18:17:31 | 00,000,538 | ---- | C] () -- C:\Documents and Settings\didou\Local Settings\Mes documents\Mes dossiers de partage.lnk
[2008/10/21 22:27:06 | 00,065,559 | ---- | C] () -- C:\WINDOWS\System32\sysbase32.dll
[2008/10/21 16:01:07 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\BigFishGamesCache
[2008/10/18 13:23:08 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\FarmFrenzy2
[2008/10/18 11:30:24 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\BOONTY
[2008/10/18 11:29:46 | 00,000,000 | ---D | C] -- C:\Program Files\BoontyGames
[2008/10/17 16:51:56 | 00,000,000 | ---D | C] -- C:\Documents and Settings\didou\Local Settings\Mes documents\clé u$b chouchou
[2008/10/17 15:17:37 | 00,008,704 | -HS- | C] () -- C:\WINDOWS\System32\Thumbs.db
@Alternate Data Stream - 0 bytes -> C:\WINDOWS\System32\Thumbs.db:encryptable
[2008/10/13 11:35:45 | 00,032,768 | ---- | C] () -- C:\Documents and Settings\didou\Local Settings\Mes documents\Retransmissions de texto chouchou.doc
[2008/10/13 09:38:29 | 00,006,144 | -HS- | C] () -- C:\WINDOWS\Thumbs.db
@Alternate Data Stream - 0 bytes -> C:\WINDOWS\Thumbs.db:encryptable


========== Files - Modified Within 30 Days ==========

[6 C:\WINDOWS\System32\*.tmp files]
[4 C:\WINDOWS\*.tmp files]
[2008/11/11 21:01:43 | 00,000,268 | -H-- | M] () -- C:\sqmdata13.sqm
[2008/11/11 21:01:42 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt13.sqm
[2008/11/11 20:59:08 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2008/11/11 20:58:51 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2008/11/11 20:58:48 | 53,626,8800 | -HS- | M] () -- C:\hiberfil.sys
[2008/11/11 20:57:35 | 00,000,172 | -H-- | M] () -- C:\sqmnoopt12.sqm
[2008/11/11 20:57:35 | 00,000,172 | -H-- | M] () -- C:\sqmdata12.sqm
[2008/11/11 20:52:29 | 00,000,268 | -H-- | M] () -- C:\sqmdata11.sqm
[2008/11/11 20:52:28 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt11.sqm
[2008/11/11 20:29:14 | 00,000,172 | -H-- | M] () -- C:\sqmnoopt10.sqm
[2008/11/11 20:29:14 | 00,000,172 | -H-- | M] () -- C:\sqmdata10.sqm
[2008/11/11 20:26:55 | 00,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2008/11/11 20:26:55 | 00,001,409 | ---- | M] () -- C:\WINDOWS\QTFont.for
[2008/11/11 20:26:53 | 00,000,268 | -H-- | M] () -- C:\sqmdata09.sqm
[2008/11/11 20:26:52 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt09.sqm
[2008/11/11 20:16:13 | 00,000,268 | -H-- | M] () -- C:\sqmdata08.sqm
[2008/11/11 20:16:12 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt08.sqm
[2008/11/11 20:08:24 | 00,000,172 | -H-- | M] () -- C:\sqmnoopt07.sqm
[2008/11/11 20:08:24 | 00,000,172 | -H-- | M] () -- C:\sqmdata07.sqm
[2008/11/11 20:08:18 | 00,000,268 | -H-- | M] () -- C:\sqmdata06.sqm
[2008/11/11 20:08:18 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt06.sqm
[2008/11/11 19:58:29 | 00,000,172 | -H-- | M] () -- C:\sqmnoopt05.sqm
[2008/11/11 19:58:29 | 00,000,172 | -H-- | M] () -- C:\sqmdata05.sqm
[2008/11/11 19:45:13 | 00,000,268 | -H-- | M] () -- C:\sqmdata04.sqm
[2008/11/11 19:45:12 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt04.sqm
[2008/11/11 11:52:30 | 00,000,268 | -H-- | M] () -- C:\sqmdata03.sqm
[2008/11/11 11:52:29 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt03.sqm
[2008/11/11 11:35:45 | 00,013,750 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2008/10/30 11:02:46 | 00,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2008/10/29 17:54:59 | 00,102,912 | ---- | M] () -- C:\Documents and Settings\didou\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/10/28 13:04:46 | 00,000,538 | ---- | M] () -- C:\Documents and Settings\didou\Local Settings\Mes documents\Mes dossiers de partage.lnk
[2008/10/27 20:36:42 | 00,132,608 | ---- | M] () -- C:\WINDOWS\System32\slnmhqoq.dll
[2008/10/27 20:36:42 | 00,132,608 | ---- | M] () -- C:\WINDOWS\System32\bwphzg.dll
[2008/10/27 20:35:32 | 01,027,624 | -HS- | M] () -- C:\WINDOWS\System32\uukappoh.ini
[2008/10/27 20:35:10 | 00,076,416 | ---- | M] () -- C:\WINDOWS\System32\hoppakuu.dll
[2008/10/26 14:07:00 | 00,334,848 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\didou\Bureau\OTMoveIt3.exe
[2008/10/26 14:06:34 | 00,417,792 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\didou\Bureau\OTListIt.exe
[2008/10/26 14:04:26 | 00,468,728 | ---- | M] () -- C:\WINDOWS\System32\perfh00C.dat
[2008/10/26 14:04:26 | 00,401,398 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2008/10/26 14:04:26 | 00,075,704 | ---- | M] () -- C:\WINDOWS\System32\perfc00C.dat
[2008/10/26 14:04:26 | 00,062,678 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2008/10/26 14:04:24 | 01,019,064 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2008/10/25 14:58:30 | 00,001,574 | ---- | M] () -- C:\WINDOWS\Cpqdiag.ini
[2008/10/25 14:55:39 | 00,000,083 | ---- | M] () -- C:\WINDOWS\factory.ini
[2008/10/25 12:59:53 | 00,001,176 | ---- | M] () -- C:\WINDOWS\CPQERR.INI
[2008/10/25 12:46:19 | 00,002,050 | ---- | M] () -- C:\WINDOWS\ACT_CFG.INI
[2008/10/24 19:57:35 | 00,001,517 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\Farm Frenzy.lnk
[2008/10/24 11:36:35 | 00,008,704 | -HS- | M] () -- C:\WINDOWS\System32\Thumbs.db
@Alternate Data Stream - 0 bytes -> C:\WINDOWS\System32\Thumbs.db:encryptable
[2008/10/23 21:15:59 | 00,446,976 | ---- | M] () -- C:\WINDOWS\System32\ShellMPD.dll
[2008/10/23 21:12:04 | 00,013,692 | ---- | M] () -- C:\WINDOWS\System32\wpa.bak
[2008/10/23 21:03:18 | 00,160,344 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2008/10/23 01:26:41 | 00,001,055 | ---- | M] () -- C:\WINDOWS\win.ini
[2008/10/22 23:24:12 | 00,034,176 | ---- | M] () -- C:\WINDOWS\System32\geBuTljI.dll
[2008/10/22 23:18:20 | 00,003,140 | -HS- | M] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2008/10/22 23:07:55 | 00,000,168 | RHS- | M] () -- C:\WINDOWS\System32\563ADC7B55.sys
[2008/10/22 19:25:51 | 00,000,788 | ---- | M] () -- C:\Documents and Settings\didou\Menu Démarrer\Programmes\Démarrage\MSN Pictures Displayer.lnk
[2008/10/22 19:24:39 | 05,432,391 | ---- | M] (Sébastien BEGOUIN ) -- C:\Documents and Settings\didou\Local Settings\Mes documents\Install MPD.exe
[2008/10/22 14:45:40 | 00,000,268 | -H-- | M] () -- C:\sqmdata02.sqm
[2008/10/22 14:45:40 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt02.sqm
[2008/10/22 12:20:10 | 00,003,140 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\KGyGaAvL.sys
[2008/10/22 12:19:56 | 00,000,088 | RHS- | M] () -- C:\Documents and Settings\All Users\Application Data\563ADC7B55.sys
[2008/10/22 02:48:33 | 00,000,268 | -H-- | M] () -- C:\sqmdata01.sqm
[2008/10/22 02:48:33 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt01.sqm
[2008/10/21 22:27:06 | 00,065,559 | ---- | M] () -- C:\WINDOWS\System32\sysbase32.dll
[2008/10/20 04:42:37 | 00,000,268 | -H-- | M] () -- C:\sqmdata00.sqm
[2008/10/20 04:42:37 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt00.sqm
[2008/10/19 17:12:18 | 00,000,268 | -H-- | M] () -- C:\sqmdata19.sqm
[2008/10/19 17:12:18 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt19.sqm
[2008/10/19 17:01:49 | 00,000,268 | -H-- | M] () -- C:\sqmdata18.sqm
[2008/10/19 17:01:49 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt18.sqm
[2008/10/17 15:16:57 | 00,006,144 | -HS- | M] () -- C:\WINDOWS\Thumbs.db
@Alternate Data Stream - 0 bytes -> C:\WINDOWS\Thumbs.db:encryptable
[2008/10/13 11:35:45 | 00,032,768 | ---- | M] () -- C:\Documents and Settings\didou\Local Settings\Mes documents\Retransmissions de texto chouchou.doc

<End>
nithael34
 
Messages: 14
Inscription: 23 Oct 2008, 19:51

constatations

Messagede nithael34 » 16 Nov 2008, 18:33

Aujourd'hui grâce à cette analyse mon pc va beaucoup mieux il ne rame plus, il ne beug plus, il à enfin réussi à mettre les mise à jour via update, ce qu'il ne faisait plus. Je ne vois aucun soucis particulier. Je te remercie. Dis moi si tout est normal en fonction des rapports que je t'ai transmis. Merci encore.
nithael34
 
Messages: 14
Inscription: 23 Oct 2008, 19:51

Messagede nickW » 17 Nov 2008, 01:26

Bonsoir,

Il reste quelques nettoyages à faire:

Étape 1: OTMoveIt3 (de OldTimer)
Ouvrir une fenêtre du Bloc-notes, via Démarrer---->Exécuter, taper notepad puis cliquer sur OK
Sélectionner toutes les lignes de la zone blanche située sous "Code:" ci-dessous, puis appuyer simultanément sur les touches Ctrl et C
Code: Tout sélectionner
rien
:Processes
explorer.exe

:Reg
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{42AE1DA1-FF60-4435-A81F-9B6538F865A6}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{92C57B4C-9C74-417E-B17D-F3E47597302F}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CFFB60ED-F4CE-4CE2-9532-37F09D61025C}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{f121da47-1bb7-42b1-affc-bcfd92b86ce6}]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\geBuTljI]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{42AE1DA1-FF60-4435-A81F-9B6538F865A6}"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_Dlls"=""

:Files
C:\WINDOWS\System32\bwphzg.dll
C:\WINDOWS\System32\slnmhqoq.dll
C:\WINDOWS\System32\uukappoh.ini
C:\WINDOWS\System32\hoppakuu.dll
C:\WINDOWS\System32\geBuTljI.dll

:Commands
[emptytemp]
[start explorer]



Retourner dans la fenêtre du Bloc-notes, faire un clic droit dans la fenêtre et choisir Coller
Vérifier dans le menu Format (en haut) que "Retour automatique à ligne" n'est pas actif (pas coché).
Enregistrer le fichier sous le nom OTMI-1.txt
Fermer le Bloc-notes.
Note: Les lignes de la zone Code ci-dessus ont été créées exclusivement pour CET utilisateur.
si vous n'êtes pas CET utilisateur, il ne faut pas les utiliser: elles pourraient endommager votre système.



Étape 2: OTMoveIt3 (de OldTimer)
Faire un double clic sur OTMoveIt3.exe pour lancer l'outil.
Ouvrir le fichier OTMI-1.txt dans le Bloc-notes.
En sélectionner toutes les lignes puis appuyer simultanément sur les touches Ctrl et C

Retourner dans la fenêtre de OTMoveIt3, faire un clic droit dans la fenêtre située sur la gauche nommée "Paste Instructions for Items to be Moved"
Image et choisir Coller.

Cliquer sur le bouton MoveIt!: Image
Attendre la fin du travail de l'outil puis fermer OTMoveIt3.
Note: Un redémarrage est parfois nécessaire. S'il est demandé, cliquer sur Oui/Yes


Étape 3: Résultats
Envoyer en réponse le rapport de OTMoveIt3 (contenu du fichier Lecteur\_OTMoveIt\MovedFiles\********_******.log - les *** sont des chiffres représentant la date [moisjourannée] et l'heure)
[Lecteur représente la partition depuis laquelle OTMoveIt3 a été lancé, généralement C:]



Ceci fait, si le PC ne présente plus de symptômes d'infection, voici quelques conseils supplémentaires (sécurisation & optimisation) à appliquer:

ImageUn conseil important:
Il faut créer un nouveau point de restauration système.
Après nettoyage du PC, il faut vider les fichiers stockés dans les dossiers de la Restauration système, puis créer un nouveau point de restauration qui sera utilisable en cas de problème.
Méthode:
Désactiver la restauration système, réactiver la restauration système, puis créer un nouveau point de restauration.
Explications détaillées:
http://assiste.com.free.fr/p/comment/co ... ation.html


ImageUn conseil important:
Il faut installer un vrai pare-feu.
Voir ICI et ICI.
Penser à désactiver complètement celui de Windows XP (y compris dans les services).


ImageUn conseil:
Avast! n'est plus un bon antivirus (en tout cas dans sa version gratuite)!
Si tu comprends un peu l'anglais, le logiciel antivirus Avira Antivir Personal est actuellement bien plus "réactif" vis à vis des nouveaux nuisibles que avast!
Voir:
http://assiste.com.free.fr/p/logitheque/antivir.html
http://www.free-av.com/en/products/1/av ... virus.html
Téléchargement: http://www.free-av.com/en/download/download_servers.php
Lire aussi cet article de Malekal_morte
Présentation sur libellules.ch (avec traduction anglais---->français des principaux termes): http://www.libellules.ch/tuto_antivir.php


ImageUn conseil important:
Installer la nouvelle version de Java de Sun.

Version actuelle: Java Runtime Environment (JRE) 6 Update 10
*- http://java.sun.com/javase/downloads/index.jsp (prendre le fichier jre-6u10-windows-i586-p.exe, 15,52 MB)

Puis en désinstaller toutes les versions obsolètes dont les failles sont utilisées par les "malveillants" (Voir dans Ajout/Suppression de programmes).
Page d'Assiste: http://assiste.com.free.fr/p/abc/c/anti_java.html


ImageUn conseil:
Lire Quel comportement devez-vous adopter en tout temps?
Lire les Recommandations du "kit de sécurité", et en appliquer les mesures préventives.


ImageUn conseil:
Penser aux mises à jour.
Adobe Reader 9: http://www.adobe.com/fr/products/reader/
Note:
Si tu veux absolument conserver Adobe Reader, je te conseille d'essayer Adobe Reader SpeedUp 1.36
Sinon, il existe un autre programme pour lire des fichiers PDF, bien moins gourmand en ressources, et gratuit:
Foxit Reader: http://www.foxitsoftware.com/pdf/rd_intro.php
Note: une importante faille de sécurité a été découverte il y a quelques temps dans Adobe Reader versions 8.1.2 et antérieures.


ImageUn conseil:
Supprimer la connexion Internet créée avec le kit Orange/Wanadoo, et la recréer manuellement.
En effet, les kits d'installation fournis par les FAIs installent des tas de "bidules" aux fonctions assez floues, et qui sont parfois considérés comme des "espions".
Une page d'explications: http://www.faqoe.com/index.php?bas=/connexionmanel.htm
Une autre page d'explications: http://www.porciello.com/adsl/
(Il faut avoir sous les yeux la lettre envoyée par le FAI contenant les codes d'accès)


ImageUn conseil:
Il est possible d'alléger la procédure de démarrage et de libérer quelques ressources système.
Certains programmes sont considérés comme "inutiles au démarrage": ils sont lancés systématiquement à chaque démarrage du système (même si l'on ne s'en sert pas), ils restent actifs et utilisent des ressources du système.
Il est indispensable de consulter la liste des startups (programmes lancés au démarrage) d'après Pacman (Paul Collins) pour prendre sa décision (les garder au démarrage ou non). Voir ICI.
Version téléchargeable (clic droit sur le lien): http://assiste.com.free.fr/ftp/Startups-vf.chm
Image Note: Le site n'est pas à jour, il faut utiliser la version téléchargeable.
Sont dans ce cas:

O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe--->mise à jour automatique: mieux vaut la faire soi-même
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"--->mise à jour automatique: mieux vaut la faire soi-même
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe--->lire attentivement la liste de Pacman
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background--->lire attentivement la liste de Pacman
O4 - Startup: MSN Pictures Displayer.lnk = C:\Program Files\MSN Pictures Displayer\MSN Pictures Displayer.exe
O4 - Global Startup: Démarrage rapide de HP Photosmart Premier.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe--->lui préférer Adobe Reader SpeedUp 1.36 ou tester Foxit Reader

Il est possible d'utiliser Spybot-S&D (dans Outils---->Démarrage système) pour décocher les lignes correspondant aux programmes dont tu veux supprimer le lancement automatique à chaque démarrage du système (sauf indications particulières dans la liste de Pacman).
Si tu as ensuite des regrets, il te suffira de recocher ces lignes.


ImageUn conseil:
Image Il est préférable de supprimer OTListIt (fichier téléchargé OTListIt.exe et fichiers résultats OTListIt.txt et Extras.txt situés sur le Bureau).
Image Il est préférable de supprimer OTMoveIt3 (fichier téléchargé OTMoveIt3.exe situé sur le Bureau et fichiers de travail OTfichiers*.txt et OTMI-*.txt).
Note: Le dossier Lecteur\_OTMoveIt contient des sauvegardes. Après avoir vérifié que tous les logiciels du PC fonctionnent correctement, il sera possible de supprimer ce dossier.
Image Il est préférable de supprimer le fichier reparlsa.reg
Image Vider les quarantaines de l'antivirus et de l'anti-spyware.


ImageUn conseil:
Réactiver TeaTimer de Spybot-S&D selon la méthode ci-dessous:
Note: [SystemDrive représente la partition sur laquelle est installé le système, généralement C:]
  • Supprimer tous les clichés du Registre créés par TeaTimer de Spybot-S&D
    Aller avec l'Explorateur Windows jusqu'au dossier:
    SystemDrive\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Snapshots2

    Mettre dans une archive (fichier .zip) tous les fichiers qui s'y trouvent pour les sauvegarder, puis supprimer tous ces fichiers (ne conserver que l'archive de sauvegarde).
  • Re-lancer TeaTimer de Spybot-S&D.
    Aller avec l'Explorateur Windows jusqu'au dossier d'installation de Spybot-S&D, par défaut SystemDrive\Program Files\Spybot - Search & Destroy.
    Faire un double clic sur TeaTimer.exe pour le lancer.
  • Arrêter TeaTimer de Spybot-S&D de façon à enregistrer de nouveaux clichés du Registre.
    Dans la barre système (à coté de l'horloge), faire un clic droit sur l'icône de Résident de Spybot-SD puis choisir Quitter Résident de Spybot-S&D.
    Lors de cette procédure d'arrêt, il y a sauvegarde des clichés du Registre créés par TeaTimer de Spybot-S&D.
  • Re-lancer TeaTimer de Spybot-S&D.
    Aller avec l'Explorateur Windows jusqu'au dossier d'installation de Spybot-S&D, par défaut SystemDrive\Program Files\Spybot - Search & Destroy.
    Faire un double clic sur TeaTimer.exe pour le lancer.
  • Réactiver le lancement automatique de TeaTimer.
    Lancer Spybot-S&D, Mode avancé, Outils, Résident, cocher la case située devant TeaTimer. Fermer Spybot-S&D.



Voilì, voilò, voilà.

Salut,

PS:
Si tu considères que ce sujet est clos, peux-tu mettre [OK] devant le titre du premier message. Voir ICI.
Merci.
nickW - Image
30/07/2012: Plus de désinfection de PC jusqu'à nouvel ordre.
Pas de demande d'analyse de log en MP (Message Privé)
Mes configs
Avatar de l’utilisateur
nickW
Modérateur
 
Messages: 21698
Inscription: 20 Mai 2004, 17:41
Localisation: Dordogne/Île de France

Précédente

Retourner vers Sécurité (Contamination - Décontamination)

Qui est en ligne

Utilisateurs parcourant ce forum: Aucun utilisateur enregistré et 34 invités