suis-je obliger de télécharger AVG ?

Sécurité et insécurité. Virus, Trojans, Spywares, Failles etc. …

Modérateur: Modérateurs et Modératrices

Règles du forum
Assiste.com a suspendu l'assistance à la décontamination après presque 15 ans sur l'ancien forum puis celui-ci. Voir :

Procédure de décontamination 1 - Anti-malware
Décontamination anti-malwares

Procédure de décontamination 2 - Anti-malware et antivirus (La Manip)
La Manip - Procédure standard de décontamination

Entretien périodique d'un PC sous Windows
Entretien périodique d'un PC sous Windows

Protection des navigateurs, de la navigation et de la vie privée
Protéger le navigateur, la navigation et la vie privée

suis-je obliger de télécharger AVG ?

Messagede sporen » 16 Jan 2009, 22:25

bonjour
si j'ai déja un AV, suis vraiment obliger de télécharger AVG et de l'installer pour procéder a un nettoyage en suivant "LA MANIP" ?

merci
Windows XP - sous C.A antivirus
sporen
 
Messages: 11
Inscription: 16 Jan 2009, 22:21

Messagede nickW » 17 Jan 2009, 01:07

Bonsoir,

La Manip n'est pas à jour: AVG Anti-Spyware, en tant qu'application autonome et gratuite, n'existe plus.

Si tu penses que ton PC est infecté, il faut créer puis envoyer deux logs détaillés:

Étape 1: OTListIt2 (de OldTimer), téléchargement
Télécharger OTListIt2.exe depuis http://oldtimer.geekstogo.com/OTListIt2.exe
Enregistrer ce fichier sur le Bureau.


Étape 2: OTListIt2 (de OldTimer)
Fermer toutes les fenêtres de programme ouvertes.

Faire un double clic sur OTListIt2.exe pour lancer l'outil.
Sous Windows Vista, faire un clic droit sur OTListIt2.exe puis choisir "Exécuter en tant qu'Administrateur" pour lancer l'outil.

L'écran principal de OTListIt2 s'affiche:
Image

Si ce n'est déjà fait, dans le paragraphe Extra Registry, cocher le bouton-radio Use SafeList

Cocher (en haut) la case située devant Scan All Users: Image

Puis cliquer sur le bouton Run Scan: Image

Laisser l'outil travailler sans l'interrompre.
Lorsque l'outil a terminé, il y a ouverture d'une fenêtre du Bloc-notes contenant un rapport (log).
Fermer le Bloc-notes.
Le second rapport est visible dans la Barre des tâches. Le fermer également.
Fermer la fenêtre de OTListIt2.


Étape 3: Résultats
Créer un nouveau sujet dans le sous-forum Logs HijackThis (Demandes d'analyse de logs), et y décrire précisément les symptômes d'infection.
Envoyer ensuite dans ce sujet dans deux messages distincts (à cause de la longueur des logs):
*- les deux rapports de OTListIt2 (contenu des fichiers OTListIt.txt et Extras.txt situés sur le Bureau).
Les rapports envoyés sur le forum doivent se terminer par une ligne contenant <End>. Si ce n'est pas le cas, ils sont incomplets, et doivent alors être découpés en plusieurs messages.

Note importante: Pour l'envoi des rapports (logs), il ne faut pas créer de nouveau sujet, mais cliquer sur le bouton "Répondre"
Image pour continuer dans le même fil de discussion.


Salut,
nickW - Image
30/07/2012: Plus de désinfection de PC jusqu'à nouvel ordre.
Pas de demande d'analyse de log en MP (Message Privé)
Mes configs
Avatar de l’utilisateur
nickW
Modérateur
 
Messages: 21698
Inscription: 20 Mai 2004, 17:41
Localisation: Dordogne/Île de France

Messagede sporen » 17 Jan 2009, 20:18

:D salut, bon j'y ai passé la majeure partie de la nuit :oops: et pense avoir fait de bonne chose , j'ai ssuivi la procédure "la manip" et cela a l'air de fonctionner , je n'ai juste pas installer AVG.
pour finaliser j'ai fait un scan depuis trend micro comme indiquer résultat :

CRYP_YODAC X 1 infec
DIAL_RAS.IO X 1 infec
DIAL_RAS.IV X 4 infec
ADWAR_MEMWATCHER X 1 infec
ADWAR_SIDE SEACH X 1 infec

j'ai tout supprimer via TrendScan et re fait un nouveau scan , avec un résultat = 0 infec !! :wink:

Mais j'ai toujours ce symptome : mon ventilateur me donne a penser que qque chose utilise mom proc ! car il ventile fort puis rien et repart de plus belle , bref pas du tout comme d'habitude, pour un hyper-taiding ...
aurais tu une idée ?
sinon demain je vais faire la manip que tu me préconise car j'ai fait celle-ci.
Merci en tout cas , votre aide , disponible sur le site est géniale et très bien détaillée.
Seul chose a dire sur l'étape 1 - CCleaner : vous préconisez de le telecharger en version SLIM , mais celle-ci ne correspond pas aux information que vous donner par la suite et de plus est toute en Anglais et pas moyen de faire de modif de Labgue.
Alors j'ai carrément pris la version standart ( celle "préconiser") .. voila si cela peut aider

Bonne soirée et a demain pour la suite.

Stéph.
Windows XP - sous C.A antivirus
sporen
 
Messages: 11
Inscription: 16 Jan 2009, 22:21

Messagede nickW » 18 Jan 2009, 00:02

Bonsoir,

La version standard installe une barre d'outils ... qu'il faut désinstaller ensuite.

La version Slim permet de choisir la langue française.


Salut,
nickW - Image
30/07/2012: Plus de désinfection de PC jusqu'à nouvel ordre.
Pas de demande d'analyse de log en MP (Message Privé)
Mes configs
Avatar de l’utilisateur
nickW
Modérateur
 
Messages: 21698
Inscription: 20 Mai 2004, 17:41
Localisation: Dordogne/Île de France

Messagede sporen » 18 Jan 2009, 22:55

voici les analyses résultatss des analyse , peux tu me dire si tout est ok ?

OTListIt Extras logfile created on: 18/01/2009 22:28:55 - Run
OTListIt2 by OldTimer - Version 1.0.3.0 Folder = C:\Documents and Settings\Parents\Bureau
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy

511,48 Mb Total Physical Memory | 317,76 Mb Available Physical Memory | 62,13% Memory free
1,22 Gb Paging File | 0,88 Gb Available in Paging File | 71,87% Paging File free
Paging file location(s): C:\pagefile.sys 1536 2000;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74,55 Gb Total Space | 35,68 Gb Free Space | 47,87% Space Free | Partition Type: NTFS
Drive D: | 68,64 Gb Total Space | 6,61 Gb Free Space | 9,64% Space Free | Partition Type: NTFS
Drive E: | 5,85 Gb Total Space | 2,02 Gb Free Space | 34,52% Space Free | Partition Type: FAT32
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: SALON
Current User Name: Parents
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Output = Standard
File Age = 30 Days
Company Name Whitelist: On

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\IcmpSettings]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[2008/04/13 19:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
[2007/01/19 11:55:02 | 05,674,352 | ---- | M] (Microsoft Corporation) -- C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1
[2007/01/04 15:10:02 | 00,297,752 | ---- | M] (Microsoft Corporation) -- C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
File not found -- C:\Program Files\CA\eTrust Antivirus\InocIT.exe:*:Enabled:eTrust Antivirus
File not found -- C:\Program Files\MSN\MSNCoreFiles\msn6.exe:*:Enabled:MSN Explorer
[2005/03/23 15:24:34 | 02,899,968 | ---- | M] (Kerio Technologies) -- C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe:*:Enabled:Kerio Personal Firewall 4 - GUI
[2008/04/13 19:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
[2007/01/19 11:55:02 | 05,674,352 | ---- | M] (Microsoft Corporation) -- C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1
[2007/01/04 15:10:02 | 00,297,752 | ---- | M] (Microsoft Corporation) -- C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)
[2008/11/20 13:20:48 | 14,294,824 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes
[2008/12/12 11:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0000040C-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Premium
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{04460044-9149-45C6-A806-F2BF9CFCE762}" = Encyclopédie Microsoft Encarta 2004
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI Control Panel
"{174D5678-D941-433C-BD23-58A5C7B0D36D}" = Jasc Animation Shop 3
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1D643CD2-4DD6-11D7-A4E0-000874180BB3}" = Microsoft Money
"{20C45B32-5AB6-46A4-94EF-58950CAF05E5}" = EPSON Attach To Email
"{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = PowerCinema 2.0
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 11
"{29A87AEB-FBA0-4298-B629-D40F386BFC3D}" = ArcSoft Camera Suite
"{2A88F1BF-7041-4E42-84B1-6B4ACB83AC64}" = EPSON Scan Assistant
"{2CCBABCB-6427-4A55-B091-49864623C43F}" = Google Toolbar for Firefox
"{2F151B50-B434-4838-B51D-70442EBA093E}" = OpenMG Secure Module 4.1.00
"{318AB667-3230-41B5-A617-CB3BF748D371}" = iTunes
"{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6
"{350C940c-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3EA9D975-BFDC-4E8E-B88B-0446FBC8CA66}" = HydraVision
"{41FC7856-55A1-41A6-94B1-15A1E3C050B8}" = Corsair Flash Voyager Utility
"{43DCF766-6838-4F9A-8C91-D92DA586DFA7}" = Visionneuse Journal Windows Microsoft
"{4E79A62F-7A2D-4058-BCE0-94E6B9E2F162}" = USB Disk Win98 Driver
"{532EFE70-19BC-4F0F-8F50-D5F15C243133}" = Kerio Personal Firewall
"{56D833FD-1A45-486F-9CC0-AE0A0529D085}" = Désinstaller CD Entreprises & Décideurs
"{57383270-6F61-4DC8-A9B8-C1745FC29F38}" = E-Microscope
"{58E653BE-BD68-4D68-BB2E-3AE1B925AAD0}" = Labtec WebCam
"{5A8D3524-79DB-11D5-99D1-00010256D40E}" = SD Viewer for DSC
"{5DA7BC15-18D3-41A0-9F59-838DA3EAEF17}" = EPSON Easy Photo Print
"{622C377C-CF0D-492A-BC20-0480381A79E3}" = MySecurityCenter License Service
"{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}" = Windows Genuine Advantage v1.3.0254.0
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6B103F43-069C-11D6-9EA2-0050BAE317E1}" = Home Cinema XL II
"{6BFF4534-7608-41F0-85F7-31A0569D8960}" = eTrust Registration
"{7148F0A8-6813-11D6-A77B-00B0D0142060}" = Java 2 Runtime Environment, SE v1.4.2_06
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7D9B8EE1-7E8E-411C-8F36-2A26D2D20D5F}" = HotFix Q0306270
"{7F14F68C-17FA-4F88-B3FD-7F449C1EBF32}" = EPSON Web-To-Page
"{8704D51E-25B7-4F23-81E7-AA4F54790220}" = Microsoft AutoRoute v11.0
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8C64E149-54BA-11D6-91B1-00500462BE80}" = Extension Système de Microsoft Money
"{900A92BA-19EF-4A34-86CF-7B6C85BDD971}" = VC_MergeModuleToMSI
"{90120000-0020-040C-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{9028040C-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional avec FrontPage
"{AB2347E4-153B-4194-AA3B-97C0A662B369}" = PC Connectivity Solution
"{AC76BA86-7AD7-1036-7B44-A81200000003}" = Adobe Reader 8.1.2 - Français
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B508B3F1-A24A-32C0-B310-85786919EF28}" = Microsoft .NET Framework 2.0 Service Pack 1
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{BE59B914-9B32-43E5-8D2C-521D2F4B06BB}" = MP3 Creation Pack for WinXP
"{C584F675-3A50-4234-91E5-8435FB71A3C6}" = Mission Vétérinaire - Je soigne les animaux familiers
"{D1696920-9794-4BBC-8A30-7A88763DE5A2}" = ABBYY FineReader 5.0 Sprint
"{DC67641A-05C4-4FED-A462-1EB1DC6CF2F5}" = ArcSoft Software Suite
"{E86BC406-944E-41F6-ADE6-2C136734C96B}" = EPSON File Manager
"{EC4455AB-F155-4CC1-A4C5-88F3777F9886}" = Apple Mobile Device Support
"{F6326B60-1B1D-4ABF-BFCD-7B7404F44411}" = Windows Live Messenger
"{F958CA02-BB40-4007-894B-258729456EE4}" = QuickTime
"{FCE65C4E-B0E8-4FBD-AD16-EDCBE6CD591F}" = Extension HighMAT pour l'Assistant Graver un CD de Microsoft Windows XP
"4CFD94C379217A02D5EA067615FF789CD731BCDB" = Windows Driver Package - Nokia (WUDFRd) WPD (11/03/2006 6.82.26.2)
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"All ATI Software" = ATI - Utilitaire de désinstallation du logiciel
"ATI Display Driver" = ATI Display Driver
"cciss_av" = CA Anti-Virus
"CCleaner" = CCleaner (remove only)
"CdaC13Ba" = SafeCast Shared Components
"CDex" = CDex extraction audio
"C-Media Audio" = C-Media 3D Audio
"DiViDiX Génération 2.5 Final" = DiViDiX Génération 2.5 Final
"Easy-WebPrint" = Easy-WebPrint
"EPSON Printer and Utilities" = EPSON Logiciel imprimante
"ESD68 Guide d'utilisation" = ESD68 Guide d'utilisation
"EVEREST Home Edition_is1" = EVEREST Home Edition v2.20
"GVAO" = GVAO
"GVAO Install" = GVAO Install 15
"GVAOInstall" = GVAOInstall 15.04
"HijackThis" = HijackThis 2.0.2
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"InstallShield_{20C45B32-5AB6-46A4-94EF-58950CAF05E5}" = EPSON Attach To Email
"InstallShield_{2F151B50-B434-4838-B51D-70442EBA093E}" = OpenMG Secure Module 4.1.00
"Je Gère Ma Mediathèque" = Je Gère Ma Mediathèque 2.0
"LabtecDrv" = Programme de gestion Camera de Logitech®
"LiveReg" = LiveReg (Symantec Corporation)
"LiveUpdate" = LiveUpdate 1.80 (Symantec Corporation)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Micro Application - Jeu de Tarot 345" = Micro Application - Jeu de Tarot 345
"Mozilla Firefox (3.0.5)" = Mozilla Firefox (3.0.5)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MSPUB5" = Microsoft Publisher 98
"Nero - Burning Rom!UninstallKey" = Ahead Nero OEM
"Nero BurnRights!UninstallKey" = Ahead Nero BurnRights
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NMPUninstallKey" = Ahead NeroMediaPlayer
"OpenMG HotFix4.1-05-13-31-01" = OpenMG Limited Patch 4.1-05-13-31-01
"Picasa2" = Picasa 2
"Shockwave" = Shockwave
"ShockwaveFlash" = Adobe Flash Player 9 ActiveX
"Slim U2 TA" = Slim U2 TA
"Spybot - Search & Destroy_is1" = Spybot - Search & Destroy 1.5.2.20
"TAPBar" = Barre de confiance CM-CIC
"TomTom HOME" = TomTom HOME
"VETWIN32Vp5" = CA Anti-Virus
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Lecteur Windows Media 11
"Windows XP Service" = Windows XP Service Pack 3
"WinRAR archiver" = Archiveur WinRAR
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Works2004Setup" = Sélecteur d'installation de Microsoft Works 2004
"Wudf01005" = Microsoft User-Mode Driver Framework Feature Pack 1.5
"X10Hardware" = X10 Hardware(TM)
"XviD" = XviD Video Codec 22032003-1 (Koepi's developer build)

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 20/11/2008 02:59:05 | Computer Name = SALON | Source = WinMgmt | ID = 27
Description = WinMgmt n'a pas pu ouvrir le fichier de stockage. Il est possible
que les autorisations d'accès à "<SystemRoot>\System32\WBEM\Repository", l'espace
disque ou la mémoire soit insuffisants.

Error - 20/11/2008 02:59:08 | Computer Name = SALON | Source = SecurityCenter | ID = 1802
Description = Le service Centre de sécurité de Windows n'a pas pu établir de requêtes
d'événements avec WMI pour contrôler le programme antivirus et le pare-feu tiers.

Error - 20/11/2008 15:15:19 | Computer Name = SALON | Source = MsiInstaller | ID = 10005
Description = Product: eTrust Registration -- The installer has encountered an unexpected
error installing this package. This may indicate a problem with this package. The
error code is 2203. The arguments are: C:\WINDOWS\Installer\2a47eb0.ipi, -2147287008,


Error - 21/11/2008 13:15:27 | Computer Name = SALON | Source = Spybot - Search & Destroy | ID = 0
Description =

Error - 07/12/2008 10:16:18 | Computer Name = SALON | Source = Application Error | ID = 1000
Description = Application défaillante isafe.exe, version 8.0.9.0, module défaillant
isafserv.dll, version 8.0.9.0, adresse de défaillance 0x00011790.

Error - 16/12/2008 15:32:06 | Computer Name = SALON | Source = Application Error | ID = 1000
Description = Application défaillante mahjongfortuna2.dll, version 0.0.0.0, module
défaillant msvcrt.dll, version 7.0.2600.5512, adresse de défaillance 0x00037032.

Error - 16/12/2008 15:32:31 | Computer Name = SALON | Source = Application Error | ID = 1001
Description = Détecteur d'erreurs 949172003.

Error - 20/12/2008 15:03:20 | Computer Name = SALON | Source = Application Error | ID = 1000
Description = Application défaillante mahjongfortuna2.dll, version 0.0.0.0, module
défaillant unknown, version 0.0.0.0, adresse de défaillance 0x031e2643.

Error - 20/12/2008 15:03:34 | Computer Name = SALON | Source = Application Error | ID = 1001
Description = Détecteur d'erreurs 1064438607.

Error - 29/12/2008 10:19:32 | Computer Name = SALON | Source = Application Error | ID = 1000
Description = Application défaillante explorer.exe, version 6.0.2900.5512, module
défaillant bicubic_resizer.ax, version 1.3.0.0, adresse de défaillance 0x00001380.

[ System Events ]
Error - 18/01/2009 15:47:55 | Computer Name = SALON | Source = DCOM | ID = 10005
Description = DCOM a reçu l'erreur "%5" lors de la mise en route du service usnjsvc
avec les arguments "" pour démarrer le serveur : {98AC5C33-EE18-4EC2-BE25-3B16EE8F75F1}

Error - 18/01/2009 15:47:55 | Computer Name = SALON | Source = Service Control Manager | ID = 7000
Description = Le service Service Messenger Sharing Folders USN Journal Reader n'a
pas pu démarrer en raison de l'erreur : %%5

Error - 18/01/2009 16:30:55 | Computer Name = SALON | Source = DCOM | ID = 10005
Description = DCOM a reçu l'erreur "%5" lors de la mise en route du service usnjsvc
avec les arguments "" pour démarrer le serveur : {98AC5C33-EE18-4EC2-BE25-3B16EE8F75F1}

Error - 18/01/2009 16:30:55 | Computer Name = SALON | Source = Service Control Manager | ID = 7000
Description = Le service Service Messenger Sharing Folders USN Journal Reader n'a
pas pu démarrer en raison de l'erreur : %%5

Error - 18/01/2009 16:31:06 | Computer Name = SALON | Source = DCOM | ID = 10005
Description = DCOM a reçu l'erreur "%5" lors de la mise en route du service usnjsvc
avec les arguments "" pour démarrer le serveur : {98AC5C33-EE18-4EC2-BE25-3B16EE8F75F1}

Error - 18/01/2009 16:31:06 | Computer Name = SALON | Source = Service Control Manager | ID = 7000
Description = Le service Service Messenger Sharing Folders USN Journal Reader n'a
pas pu démarrer en raison de l'erreur : %%5

Error - 18/01/2009 16:31:16 | Computer Name = SALON | Source = DCOM | ID = 10005
Description = DCOM a reçu l'erreur "%5" lors de la mise en route du service usnjsvc
avec les arguments "" pour démarrer le serveur : {98AC5C33-EE18-4EC2-BE25-3B16EE8F75F1}

Error - 18/01/2009 16:31:16 | Computer Name = SALON | Source = Service Control Manager | ID = 7000
Description = Le service Service Messenger Sharing Folders USN Journal Reader n'a
pas pu démarrer en raison de l'erreur : %%5

Error - 18/01/2009 16:31:27 | Computer Name = SALON | Source = DCOM | ID = 10005
Description = DCOM a reçu l'erreur "%5" lors de la mise en route du service usnjsvc
avec les arguments "" pour démarrer le serveur : {98AC5C33-EE18-4EC2-BE25-3B16EE8F75F1}

Error - 18/01/2009 16:31:27 | Computer Name = SALON | Source = Service Control Manager | ID = 7000
Description = Le service Service Messenger Sharing Folders USN Journal Reader n'a
pas pu démarrer en raison de l'erreur : %%5


<End>
Windows XP - sous C.A antivirus
sporen
 
Messages: 11
Inscription: 16 Jan 2009, 22:21

Messagede sporen » 18 Jan 2009, 22:56

et le deuxieme :
OTListIt logfile created on: 18/01/2009 22:28:55 - Run
OTListIt2 by OldTimer - Version 1.0.3.0 Folder = C:\Documents and Settings\Parents\Bureau
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy

511,48 Mb Total Physical Memory | 317,76 Mb Available Physical Memory | 62,13% Memory free
1,22 Gb Paging File | 0,88 Gb Available in Paging File | 71,87% Paging File free
Paging file location(s): C:\pagefile.sys 1536 2000;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74,55 Gb Total Space | 35,68 Gb Free Space | 47,87% Space Free | Partition Type: NTFS
Drive D: | 68,64 Gb Total Space | 6,61 Gb Free Space | 9,64% Space Free | Partition Type: NTFS
Drive E: | 5,85 Gb Total Space | 2,02 Gb Free Space | 34,52% Space Free | Partition Type: FAT32
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: SALON
Current User Name: Parents
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Output = Standard
File Age = 30 Days
Company Name Whitelist: On

========== Processes (SafeList) ==========

[2008/11/07 14:28:16 | 00,132,424 | ---- | M] (Apple Inc.) -- C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
[2003/08/12 21:10:00 | 00,335,872 | ---- | M] (ATI Technologies, Inc.) -- C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
[2008/12/12 11:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
[2003/10/31 18:42:40 | 00,032,768 | ---- | M] (Cyberlink Corp.) -- C:\Program Files\Medion Home Cinema XL II\PowerDVD\PDVDServ.exe
[2004/04/18 11:55:37 | 00,054,784 | ---- | M] (Macrovision) -- C:\WINDOWS\system32\drivers\CDAC11BA.EXE
[2008/08/30 15:14:36 | 00,144,696 | ---- | M] (Computer Associates International, Inc.) -- C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\isafe.exe
[2004/02/12 15:59:58 | 00,077,824 | ---- | M] (Labtec Inc.) -- C:\Program Files\Logitech\Video\LogiTray.exe
[2004/05/06 11:22:40 | 00,040,960 | ---- | M] () -- C:\WINDOWS\vsnpstd.exe
[2009/01/17 00:32:05 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
[2008/04/14 03:34:20 | 00,033,792 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\rundll32.exe
[2003/08/05 09:43:04 | 00,045,056 | R--- | M] (Prolific Technology Inc.) -- C:\WINDOWS\system32\HotFixQ0306270.exe
[2004/01/06 13:02:00 | 00,610,304 | ---- | M] (Pmx. Electronics Ltd.) -- C:\WINDOWS\twain_32\SlimU2TA\HotKey.Exe
[2008/11/20 21:26:52 | 00,247,024 | ---- | M] (CA, Inc.) -- C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe
[2008/08/30 15:14:36 | 00,234,736 | ---- | M] (CA, Inc.) -- C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\cavrid.exe
[2005/03/23 15:27:18 | 01,941,504 | ---- | M] (Kerio Technologies) -- C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
[2005/09/14 20:44:14 | 00,065,536 | ---- | M] (ali) -- C:\Program Files\USB Disk Win98 Driver\Res.exe
[2003/08/04 14:54:52 | 00,215,552 | R--- | M] (Intersil Americas Inc.) -- C:\WINDOWS\system32\PRISMSTA.exe
[2008/11/20 13:20:54 | 00,290,088 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunesHelper.exe
[2008/11/14 19:06:02 | 00,078,696 | ---- | M] () -- C:\Program Files\MySecurityCenter\Programs\Service.exe
[2005/09/13 08:45:16 | 00,053,248 | R--- | M] (Prolific Technology Inc.) -- C:\WINDOWS\system32\IoctlSvc.exe
[2004/01/21 02:24:22 | 00,135,214 | ---- | M] (Labtec Inc.) -- C:\WINDOWS\system32\LVComS.exe
[2006/04/19 16:21:12 | 00,094,208 | R--- | M] (Prolific Technology Inc.) -- C:\Program Files\Corsair\Corsair Flash Voyager Utility\PLBkMon.exe
[2009/01/17 00:32:06 | 00,136,600 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
[2003/04/24 13:00:00 | 00,019,456 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\tcpsvcs.exe
[2008/09/16 11:16:08 | 01,833,296 | RHS- | M] (Safer Networking Limited) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
[2007/10/23 22:18:15 | 00,443,968 | ---- | M] (Google Inc.) -- C:\Program Files\Picasa2\PicasaMediaDetector.exe
[2008/04/14 03:34:22 | 00,033,280 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\snmp.exe
[2005/03/23 15:24:34 | 02,899,968 | ---- | M] (Kerio Technologies) -- C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
[2008/08/30 15:14:38 | 00,255,216 | ---- | M] (CA, Inc.) -- C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\vetmsg.exe
[2004/06/09 17:40:46 | 01,462,272 | ---- | M] (Inventel) -- C:\Program Files\Inventel\Gateway\WLANCFG.EXE
[2001/11/12 13:31:48 | 00,020,480 | ---- | M] (X10) -- C:\Program Files\Common Files\X10\Common\X10nets.exe
[2008/11/20 21:26:52 | 00,214,256 | ---- | M] (CA, Inc.) -- C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
[2008/11/20 13:20:44 | 00,536,872 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe
[2005/03/23 15:24:34 | 02,899,968 | ---- | M] (Kerio Technologies) -- C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
[2009/01/18 22:25:03 | 00,419,328 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Parents\Bureau\OTListIt2.exe

========== (O23) Win32 Services (SafeList) ==========

[2008/11/07 14:28:16 | 00,132,424 | ---- | M] (Apple Inc.) -- C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device [Auto | Running])
[2007/10/24 01:47:22 | 00,033,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
[2008/12/12 11:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service [Auto | Running])
[2004/04/18 11:55:37 | 00,054,784 | ---- | M] (Macrovision) -- C:\WINDOWS\system32\drivers\CDAC11BA.EXE -- (C-DillaCdaC11BA [Auto | Running])
[2008/11/20 21:26:52 | 00,214,256 | ---- | M] (CA, Inc.) -- C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe -- (CaCCProvSP [On_Demand | Running])
[2008/08/30 15:14:36 | 00,144,696 | ---- | M] (Computer Associates International, Inc.) -- C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\isafe.exe -- (CAISafe [Auto | Running])
[2007/10/24 01:47:40 | 00,070,144 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
File not found -- -- (FAH@C:+TeamFolding2+FAH502-Console.exe [Disabled | Stopped])
[2008/08/01 16:23:50 | 00,414,720 | ---- | M] () -- C:\TeamFolding\Folding@home-Win32-x86.exe -- (Folding@home-CPU-[1] [Disabled | Stopped])
[2008/08/01 16:23:50 | 00,414,720 | ---- | M] () -- C:\TeamFolding2\Folding@home-Win32-x86.exe -- (Folding@home-CPU-[3] [Disabled | Stopped])
[2007/01/04 02:40:21 | 00,136,120 | ---- | M] (Google) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc [On_Demand | Stopped])
[2008/11/20 13:20:44 | 00,536,872 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service [On_Demand | Running])
[2009/01/17 00:32:05 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService [Auto | Running])
[2005/03/23 15:27:18 | 01,941,504 | ---- | M] (Kerio Technologies) -- C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe -- (KPF4 [Auto | Running])
File not found -- -- (MSCSPTISRV [On_Demand | Stopped])
[2008/11/14 19:06:02 | 00,078,696 | ---- | M] () -- C:\Program Files\MySecurityCenter\Programs\Service.exe -- (MySecurityCenter License Service [Auto | Running])
File not found -- -- (PACSPTISVR [On_Demand | Stopped])
[2005/09/13 08:45:16 | 00,053,248 | R--- | M] (Prolific Technology Inc.) -- C:\WINDOWS\system32\IoctlSvc.exe -- (PLFlash DeviceIoControl Service [Auto | Running])
[2006/11/06 14:21:10 | 00,210,432 | ---- | M] (Nokia.) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer [On_Demand | Stopped])
[2003/04/24 13:00:00 | 00,019,456 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\tcpsvcs.exe -- (SimpTcp [Auto | Running])
[2008/04/14 03:34:22 | 00,033,280 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\snmp.exe -- (SNMP [Auto | Running])
[2008/04/14 03:34:22 | 00,008,704 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\snmptrap.exe -- (SNMPTRAP [On_Demand | Stopped])
File not found -- -- (SPTISRV [On_Demand | Stopped])
[2007/01/19 11:54:14 | 00,097,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\MSN Messenger\usnsvc.exe -- (usnjsvc [On_Demand | Stopped])
[2008/08/30 15:14:38 | 00,255,216 | ---- | M] (CA, Inc.) -- C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\vetmsg.exe -- (VETMSGNT [Auto | Running])
[2004/06/09 17:40:46 | 01,462,272 | ---- | M] (Inventel) -- C:\Program Files\Inventel\Gateway\WLANCFG.EXE -- (Wlancfg [Auto | Running])
[2006/11/03 09:59:14 | 00,918,016 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc [On_Demand | Stopped])
[2001/11/12 13:31:48 | 00,020,480 | ---- | M] (X10) -- C:\Program Files\Common Files\X10\Common\X10nets.exe -- (x10nets [On_Demand | Running])

========== Driver Services (SafeList) ==========

[2002/07/17 07:53:02 | 00,016,877 | ---- | M] (Adaptec) -- C:\WINDOWS\system32\drivers\ASPI32.SYS -- (Aspi32 [Auto | Running])
[2003/08/12 21:34:30 | 00,594,432 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag [On_Demand | Running])
[2003/06/05 07:04:22 | 00,350,752 | R--- | M] (Philips Semiconductors) -- C:\WINDOWS\system32\drivers\Cap7134.sys -- (Cap7134 [On_Demand | Running])
[2004/04/18 11:25:00 | 00,012,464 | ---- | M] (Macrovision Europe Ltd) -- C:\WINDOWS\system32\drivers\CdaC15BA.SYS -- (CdaC15BA [Auto | Running])
[2003/09/12 21:39:00 | 00,745,920 | ---- | M] (C-Media Inc) -- C:\WINDOWS\system32\drivers\cmuda.sys -- (cmuda [On_Demand | Running])
[2006/03/19 19:48:13 | 00,028,672 | ---- | M] () -- C:\WINDOWS\system32\drivers\CO_Mon.sys -- (CO_Mon [On_Demand | Stopped])
[2002/10/29 20:20:30 | 00,040,960 | R--- | M] (VIA Technologies, Inc. ) -- C:\WINDOWS\system32\drivers\fetnd5b.sys -- (FETNDISB [On_Demand | Running])
[2005/03/21 14:39:16 | 00,270,336 | ---- | M] (Kerio Technologies) -- C:\WINDOWS\system32\drivers\fwdrv.sys -- (fwdrv [System | Running])
[2008/04/17 13:12:54 | 00,015,464 | ---- | M] (GEAR Software Inc.) -- C:\WINDOWS\system32\drivers\GEARAspiWDM.sys -- (GEARAspiWDM [On_Demand | Running])
[2003/05/22 16:44:44 | 00,670,203 | R--- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\ctxs51.sys -- (Intels51 [On_Demand | Running])
[2008/04/14 03:05:15 | 00,014,720 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\kbdhid.sys -- (kbdhid [System | Running])
[2001/08/17 22:00:04 | 00,002,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\msmpu401.sys -- (ms_mpu401 [On_Demand | Running])
[2004/11/28 21:12:09 | 00,017,134 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) -- C:\WINDOWS\system32\PCANDIS5.sys -- (PCANDIS5 [On_Demand | Stopped])
[2004/01/21 02:14:46 | 00,005,915 | ---- | M] (Labtec Inc.) -- C:\WINDOWS\system32\drivers\lv302af.sys -- (pepifilter [On_Demand | Running])
[2003/09/20 08:45:48 | 00,021,248 | ---- | M] (Padus, Inc.) -- C:\WINDOWS\system32\drivers\pfc.sys -- (pfc [On_Demand | Running])
[2003/06/12 07:47:42 | 00,024,704 | R--- | M] (Philips Semiconductors) -- C:\WINDOWS\system32\drivers\PhTVTune.sys -- (PhTVTune [On_Demand | Running])
[2004/01/21 02:14:42 | 00,271,360 | ---- | M] (Labtec Inc.) -- C:\WINDOWS\system32\drivers\LV302AV.SYS -- (PID_08A0 [On_Demand | Running])
[2003/10/06 10:29:08 | 00,007,424 | R--- | M] (Prolific Technology Inc.) -- C:\WINDOWS\system32\drivers\plff.sys -- (PLFF [Boot | Running])
[2003/08/07 15:36:48 | 00,362,688 | R--- | M] (Intersil Americas Inc.) -- C:\WINDOWS\system32\drivers\PRISMA00.sys -- (PRISM_A00 [On_Demand | Stopped])
[2004/03/30 18:29:48 | 00,374,816 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\drivers\PRISMA02.sys -- (PRISM_A02 [On_Demand | Stopped])
[2003/04/24 13:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink [On_Demand | Running])
[2008/01/09 12:18:08 | 00,043,528 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\pxhelp20.sys -- (PxHelp20 [Boot | Running])
[2007/11/13 11:25:54 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv [Auto | Running])
[2004/05/04 20:01:28 | 00,302,592 | ---- | M] () -- C:\WINDOWS\system32\drivers\snpstd.sys -- (snpstd [On_Demand | Stopped])
[2001/08/17 20:56:16 | 00,007,552 | ---- | M] (Sony Corporation) -- C:\WINDOWS\system32\drivers\SONYPVU1.SYS -- (SONYPVU1 [On_Demand | Stopped])
[2008/06/20 12:08:27 | 00,225,856 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\tcpip6.sys -- (Tcpip6 [System | Running])
[2009/01/17 00:41:59 | 00,102,664 | ---- | M] (Trend Micro Inc.) -- C:\WINDOWS\system32\drivers\tmcomm.sys -- (tmcomm [Auto | Running])
[2008/04/13 19:56:01 | 00,012,288 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\tunmp.sys -- (tunmp [On_Demand | Running])
[2008/04/13 19:45:12 | 00,060,032 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\usbaudio.sys -- (usbaudio [On_Demand | Running])
[2008/08/30 15:14:36 | 00,026,352 | ---- | M] (Computer Associates International, Inc.) -- C:\WINDOWS\system32\drivers\vet-filt.sys -- (VET-FILT [System | Running])
[2008/08/30 15:14:34 | 00,021,104 | ---- | M] (Computer Associates International, Inc.) -- C:\WINDOWS\system32\drivers\vet-rec.sys -- (VET-REC [System | Running])
[2008/11/20 21:26:51 | 00,108,368 | ---- | M] (Computer Associates International, Inc.) -- C:\WINDOWS\system32\drivers\veteboot.sys -- (VETEBOOT [On_Demand | Running])
[2008/11/20 21:26:51 | 00,880,560 | ---- | M] (Computer Associates International, Inc.) -- C:\WINDOWS\system32\drivers\vetefile.sys -- (VETEFILE [System | Running])
[2008/08/30 15:14:28 | 00,021,488 | ---- | M] (Computer Associates International, Inc.) -- C:\WINDOWS\system32\drivers\vetfddnt.sys -- (VETFDDNT [System | Running])
[2008/08/30 15:14:34 | 00,032,240 | ---- | M] (Computer Associates International, Inc.) -- C:\WINDOWS\system32\drivers\vetmonnt.sys -- (VETMONNT [System | Running])
[2001/11/14 18:07:42 | 00,010,761 | ---- | M] (X10 Wireless Technology, Inc.) -- C:\WINDOWS\system32\drivers\x10uif.sys -- (X10UIF [On_Demand | Stopped])

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dl ... ar=msnhome
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL =
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions =
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dl ... ar=msnhome
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

HKU\S-1-5-19\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

HKU\S-1-5-20\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

HKU\S-1-5-21-1214440339-343818398-839522115-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
HKU\S-1-5-21-1214440339-343818398-839522115-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
HKU\S-1-5-21-1214440339-343818398-839522115-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions =
HKU\S-1-5-21-1214440339-343818398-839522115-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
HKU\S-1-5-21-1214440339-343818398-839522115-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dl ... ar=msnhome
HKU\S-1-5-21-1214440339-343818398-839522115-1004\S-1-5-21-1214440339-343818398-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
HKU\S-1-5-21-1214440339-343818398-839522115-1004\S-1-5-21-1214440339-343818398-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

O1 HOSTS File: (291314 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.123topsearch.com
O1 - Hosts: 127.0.0.1 123topsearch.com
O1 - Hosts: 127.0.0.1 www.132.com
O1 - Hosts: 127.0.0.1 132.com
O1 - Hosts: 127.0.0.1 www.136136.net
O1 - Hosts: 127.0.0.1 136136.net
O1 - Hosts: 127.0.0.1 www.163ns.com
O1 - Hosts: 127.0.0.1 163ns.com
O1 - Hosts: 127.0.0.1 171203.com
O1 - Hosts: 127.0.0.1 17-plus.com
O1 - Hosts: 127.0.0.1 www.1800searchonline.com
O1 - Hosts: 127.0.0.1 1800searchonline.com
O1 - Hosts: 127.0.0.1 www.180searchassistant.com
O1 - Hosts: 10030 more lines...
O2 - BHO: (Aide pour le lien d'Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (dsWebAllowBHO Class) - {2F85D76C-0569-466F-A488-493E6BD0E955} - C:\Program Files\Windows Desktop Search\dsWebAllow.dll (Microsoft Corporation)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - Reg Error: Key does not exist or could not be opened. File not found
O2 - BHO: (BHO Barre de Confiance CM-CIC) - {988B07F5-7392-455A-8A1F-64935CB8B6ED} - C:\Program Files\BarreConfCMCIC\TAPbar.dll (Euro-Information)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O2 - BHO: (EpsonToolBandKicker Class) - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - Reg Error: Key does not exist or could not be opened. File not found
O3 - HKLM\..\Toolbar: (Barre de confiance CM-CIC) - {55BDF3B0-C0A8-481A-B8A6-01CD2BE0F3FD} - C:\Program Files\BarreConfCMCIC\TAPbar.dll (Euro-Information)
O3 - HKLM\..\Toolbar: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O3 - HKCU\..\Toolbar: (no name) - {0494D0D9-F8E0-41AD-92A3-14154ECE70AC} - Reg Error: Key does not exist or could not be opened. File not found
O3 - HKCU\..\Toolbar: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - Reg Error: Key does not exist or could not be opened. File not found
O3 - HKCU\..\Toolbar: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - Reg Error: Key does not exist or could not be opened. File not found
O3 - HKCU\..\Toolbar: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - Reg Error: Key does not exist or could not be opened. File not found
O3 - HKCU\..\Toolbar: (no name) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O3 - HKU\S-1-5-21-1214440339-343818398-839522115-1004\..\Toolbar: (no name) - {0494D0D9-F8E0-41AD-92A3-14154ECE70AC} - Reg Error: Key does not exist or could not be opened. File not found
O3 - HKU\S-1-5-21-1214440339-343818398-839522115-1004\..\Toolbar: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - Reg Error: Key does not exist or could not be opened. File not found
O3 - HKU\S-1-5-21-1214440339-343818398-839522115-1004\..\Toolbar: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - Reg Error: Key does not exist or could not be opened. File not found
O3 - HKU\S-1-5-21-1214440339-343818398-839522115-1004\..\Toolbar: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - Reg Error: Key does not exist or could not be opened. File not found
O3 - HKU\S-1-5-21-1214440339-343818398-839522115-1004\..\Toolbar: (no name) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe (ATI Technologies, Inc.)
O4 - HKLM..\Run: [BluetoothAuthenticationAgent] rundll32.exe irprops.cpl,,BluetoothAuthenticationAgent (Microsoft Corporation)
O4 - HKLM..\Run: [CAVRID] "C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe" (CA, Inc.)
O4 - HKLM..\Run: [cctray] "C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe" (CA, Inc.)
O4 - HKLM..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd File not found
O4 - HKLM..\Run: [CORSAIR_PLUtil] C:\Program Files\Corsair\Corsair Flash Voyager Utility\PLBkMon.exe (Prolific Technology Inc.)
O4 - HKLM..\Run: [EPSON Stylus D68 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAAE.EXE /P23 "EPSON Stylus D68 Series" /O6 "USB002" /M "Stylus D68" (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [Error Nuker] C:\Program Files\Error Nuker\bin\ErrorNuker.exe autostart File not found
O4 - HKLM..\Run: [HotKey] C:\WINDOWS\Twain_32\SlimU2TA\HotKey.exe (Pmx. Electronics Ltd.)
O4 - HKLM..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" (Apple Inc.)
O4 - HKLM..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k File not found
O4 - HKLM..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\Video\ISStart.exe (Labtec Inc.)
O4 - HKLM..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe (Labtec Inc.)
O4 - HKLM..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe (Labtec Inc.)
O4 - HKLM..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [PCMService] "C:\Program Files\Medion Home Cinema XL II\PowerCinema\PCMService.exe" ()
O4 - HKLM..\Run: [PLFFAP] C:\WINDOWS\system32\HotfixQ0306270.exe (Prolific Technology Inc.)
O4 - HKLM..\Run: [PRISMSTA.EXE] PRISMSTA.EXE START (Intersil Americas Inc.)
O4 - HKLM..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime (Apple Inc.)
O4 - HKLM..\Run: [RemoteControl] "C:\Program Files\Medion Home Cinema XL II\PowerDVD\PDVDServ.exe" (Cyberlink Corp.)
O4 - HKLM..\Run: [setc] C:\Program Files\MySecurityCenter\Programs\setc.exe (MySecurityCenter)
O4 - HKLM..\Run: [snpstd] C:\WINDOWS\vsnpstd.exe ()
O4 - HKLM..\Run: [SpybotSnD] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck (Safer Networking Limited)
O4 - HKLM..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [USB Storage Toolbox] C:\Program Files\USB Disk Win98 Driver\Res.EXE (ali)
O4 - HKCU..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (Google Inc.)
O4 - HKCU..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized File not found
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
O4 - HKU\S-1-5-21-1214440339-343818398-839522115-1004..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (Google Inc.)
O4 - HKU\S-1-5-21-1214440339-343818398-839522115-1004..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized File not found
O4 - HKU\S-1-5-21-1214440339-343818398-839522115-1004..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
O4 - Startup: C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe (Microsoft Corporation)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLogoff = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoClose = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = -1

O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1214440339-343818398-839522115-1004\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1214440339-343818398-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1214440339-343818398-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLogoff = 0
O7 - HKU\S-1-5-21-1214440339-343818398-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoClose = 0
O7 - HKU\S-1-5-21-1214440339-343818398-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = -1

O7 - HKU\S-1-5-21-1214440339-343818398-839522115-1004_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\messenger\msmsgs.exe (Microsoft Corporation)
O15 - HKLM\..Trusted Sites: 48 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Sites: 48 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\.DEFAULT\..Trusted Sites: 48 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-18\..Trusted Sites: 48 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-19\..Trusted Sites: 31 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-20\..Trusted Sites: 31 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-21-1214440339-343818398-839522115-1004\..Trusted Sites: 48 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/templates/ieawsdc.cab (Microsoft Office Template and Media Control)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://www.apple.com/qtactivex/qtplugin.cab (QuickTime Object)
O16 - DPF: {03C543A1-C090-418F-A1D0-FB96380D601D} http://www.thepaymentcentre.com/build/preload.cab (preload control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {19E28AFC-EAE3-4CE5-AC83-2407B42F57C9} http://download.microsoft.com/download/ ... 9887248484 (MSSecurityAdvisor Class)
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} http://security.symantec.com/sscv6/Shar ... vSniff.cab (Symantec AntiVirus scanner)
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} http://office.microsoft.com/officeupdat ... t/opuc.cab (Office Update Installation Engine)
O16 - DPF: {4B48D5DF-9021-45F7-A240-60304302A215} http://download.microsoft.com/download/ ... leaner.cab (Malicious Software Removal Tool)
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} http://messenger.zone.msn.com/FR-FR/a-U ... E_UNO1.cab (UnoCtrl Class)
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} http://security.symantec.com/sscv6/Shar ... /cabsa.cab (Symantec RuFSI Utility Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftup ... 1311785231 (MUWebControl Class)
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} http://www3.ca.com/securityadvisor/viru ... ebscan.cab (WScanCtl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} http://acs.pandasoftware.com/activescan ... asinst.cab (ActiveScan Installer Class)
O16 - DPF: {B79A53C0-1DAC-4636-BACE-FD086A7A79BF} https://static.impots.gouv.fr/tdir/stat ... DP-1.1.cab (AdSignerLCContrl Class)
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} http://messenger.zone.msn.com/binary/ZI ... b56649.cab (MSN Games - Installer)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/Me ... b56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/s ... wflash.cab (Shockwave Flash Object)
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} http://chat.msn.com/bin/msnchat45.cab (MSN Chat Control 4.5)
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} http://messenger.zone.msn.com/binary/Mi ... b56986.cab (Minesweeper Flags Class)
O16 - DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} https://secure.gopetslive.com/dev/GoPetsWeb.cab (GoPetsWeb Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 80.10.246.2,80.10.126.129
O18 - Protocol\Handler: - ipp - No CLSID value found
O18 - Protocol\Handler: - ipp\0x00000001 - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler: - livecall - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll (Microsoft Corporation)
O18 - Protocol\Handler: - msdaipp - No CLSID value found
O18 - Protocol\Handler: - msdaipp\0x00000001 - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler: - msdaipp\oledb - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler: - ms-itss - C:\Program Files\Fichiers communs\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler: - msnim - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll (Microsoft Corporation)
O18 - Protocol\Handler: - mso-offdap - C:\Program Files\Fichiers communs\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O20 - See sections below for AppInitDlls and Winlogon settings

========== Shell Execute Hooks ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}" (HKLM) -- C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll (Microsoft Corporation)

========== Safeboot Options ==========

"AlternateShell" = cmd.exe

========== CDRom AutoRun Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom]
"AutoRun" = 1

========== Autorun Files on Drives ==========

AUTOEXEC.BAT []
[1999/01/09 22:16:50 | 00,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT -- [ NTFS ]

========== Files/Folders - Created Within 30 Days ==========

[1 C:\*.tmp files]
[2009/01/18 22:25:03 | 00,419,328 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Parents\Bureau\OTListIt2.exe
[2009/01/18 13:28:26 | 00,081,408 | ---- | C] (Glaister Consulting) -- C:\duper.exe
[2009/01/18 13:28:26 | 00,000,000 | ---D | C] -- C:\Duper HTML
[2009/01/17 00:45:28 | 00,102,664 | ---- | C] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\tmcomm.sys
[2009/01/16 23:59:30 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Parents\Bureau\SmitfraudFix
[2009/01/16 23:20:40 | 00,000,000 | ---D | C] -- C:\VundoFix Backups
[2009/01/16 22:58:54 | 00,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2009/01/16 22:52:25 | 00,396,288 | ---- | C] () -- C:\Documents and Settings\Parents\Mes documents\mots de pass.ppt
[2009/01/16 22:14:54 | 00,576,868 | ---- | C] (IL-MAFIOSO ) -- C:\Documents and Settings\Parents\Bureau\Navilog1.exe
[2008/12/29 12:43:23 | 00,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2008/12/28 20:52:46 | 00,000,795 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\DivX Player.lnk
[2008/12/28 20:51:51 | 00,000,806 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\DivX Converter.lnk
[2008/12/26 21:44:32 | 00,000,580 | ---- | C] () -- C:\Documents and Settings\Parents\Bureau\Raccourci vers 1603478468.gif.lnk
[2008/12/25 16:56:47 | 00,002,137 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\iTunes.lnk
[2008/12/25 16:55:25 | 00,000,000 | ---D | C] -- C:\Program Files\iPod
[2008/12/25 16:54:48 | 00,000,000 | ---D | C] -- C:\Program Files\iTunes
[2008/12/25 16:54:48 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
[2008/12/25 16:51:19 | 00,001,604 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\QuickTime Player.lnk
[2008/12/25 16:49:33 | 00,000,284 | ---- | C] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2008/12/25 16:49:24 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Parents\Local Settings\Application Data\Apple
[2008/12/25 16:47:51 | 00,000,000 | ---D | C] -- C:\Program Files\Fichiers communs\Apple
[2008/12/25 16:47:50 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Apple

========== Files - Modified Within 30 Days ==========

[1 C:\*.tmp files]
[3 C:\WINDOWS\System32\*.tmp files]
[1 C:\WINDOWS\*.tmp files]
[2009/01/18 22:25:03 | 00,419,328 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Parents\Bureau\OTListIt2.exe
[2009/01/18 20:39:20 | 00,000,416 | ---- | M] () -- C:\WINDOWS\tasks\Symantec NetDetect.job
[2009/01/18 18:16:20 | 00,000,963 | ---- | M] () -- C:\Documents and Settings\Parents\Bureau\Spybot - Search & Destroy.lnk
[2009/01/18 17:00:00 | 00,000,332 | ---- | M] () -- C:\WINDOWS\tasks\Spybot - Search & Destroy - Scheduled Task.job
[2009/01/18 10:24:01 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/01/18 10:23:54 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/01/17 19:39:42 | 00,002,137 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\iTunes.lnk
[2009/01/17 10:50:45 | 00,291,314 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2009/01/17 07:22:31 | 00,288,024 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20090117-105045.backup
[2009/01/17 00:41:59 | 00,102,664 | ---- | M] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\tmcomm.sys
[2009/01/17 00:09:02 | 00,005,166 | ---- | M] () -- C:\WINDOWS\System32\tmp.reg
[2009/01/17 00:08:56 | 00,290,796 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.bak
[2009/01/16 22:52:25 | 00,396,288 | ---- | M] () -- C:\Documents and Settings\Parents\Mes documents\mots de pass.ppt
[2009/01/16 22:14:56 | 00,576,868 | ---- | M] (IL-MAFIOSO ) -- C:\Documents and Settings\Parents\Bureau\Navilog1.exe
[2009/01/16 20:34:59 | 00,001,382 | ---- | M] () -- C:\WINDOWS\win.ini
[2009/01/16 20:34:59 | 00,000,277 | ---- | M] () -- C:\WINDOWS\SYSTEM.INI
[2009/01/16 20:34:59 | 00,000,216 | RHS- | M] () -- C:\boot.ini
[2009/01/16 20:03:35 | 00,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2009/01/12 13:46:23 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2009/01/10 02:35:28 | 20,853,704 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe
[2009/01/09 19:33:12 | 00,179,712 | ---- | M] () -- C:\Documents and Settings\Parents\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/01/04 18:38:22 | 00,038,496 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/01/04 18:38:18 | 00,015,504 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/01/01 19:42:25 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2008/12/30 09:59:13 | 00,290,833 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20090110-111130.backup
[2008/12/28 20:52:46 | 00,000,795 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\DivX Player.lnk
[2008/12/28 20:51:51 | 00,000,806 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\DivX Converter.lnk
[2008/12/28 20:50:09 | 00,001,476 | ---- | M] () -- C:\Documents and Settings\Parents\Bureau\DivX Movies.lnk
[2008/12/26 21:44:32 | 00,000,580 | ---- | M] () -- C:\Documents and Settings\Parents\Bureau\Raccourci vers 1603478468.gif.lnk
[2008/12/25 16:51:20 | 00,001,604 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\QuickTime Player.lnk
[2008/12/21 18:46:31 | 00,000,485 | ---- | M] () -- C:\WINDOWS\videoimp.ini

========== Alternate Data Streams ==========

@Alternate Data Stream - 88 bytes -> %SystemRoot%\Bloc-note.EXE:SummaryInformation
@Alternate Data Stream - 88 bytes -> %CommonProgramFiles%\FDEUnInstaller.exe:SummaryInformation
@Alternate Data Stream - 0 bytes -> %UserProfile%\Mes documents\Thumbs.db:encryptable
@Alternate Data Stream - 0 bytes -> %SystemRoot%\Thumbs.db:encryptable
@Alternate Data Stream - 0 bytes -> %SystemRoot%\Bloc-note.EXE:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
@Alternate Data Stream - 0 bytes -> %CommonProgramFiles%\FDEUnInstaller.exe:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
<End>
Windows XP - sous C.A antivirus
sporen
 
Messages: 11
Inscription: 16 Jan 2009, 22:21

Messagede nickW » 19 Jan 2009, 01:48

Bonsoir,

Quels sont tes programmes de sécurité actifs?
CA Internet Security Suite
Kerio Personal Firewall 4
MySecurityCenter


Est-ce toi qui as installé Error Nuker (inactif actuellement)?

A suivre,
nickW - Image
30/07/2012: Plus de désinfection de PC jusqu'à nouvel ordre.
Pas de demande d'analyse de log en MP (Message Privé)
Mes configs
Avatar de l’utilisateur
nickW
Modérateur
 
Messages: 21698
Inscription: 20 Mai 2004, 17:41
Localisation: Dordogne/Île de France

Messagede sporen » 19 Jan 2009, 21:25

bonsoir,
alors j'ai:

- C.A Sécurity Center comme anti virus
- Kerio Personnal Firewall
- Spybot

non je n'ai pas installer ce program ?error Nuker je ne connais pas.
Windows XP - sous C.A antivirus
sporen
 
Messages: 11
Inscription: 16 Jan 2009, 22:21

Messagede nickW » 20 Jan 2009, 00:11

Bonsoir,

Tu as installé Windows Desktop Search (ou bien il s'est installé automatiquement avec le SP3).
En anglais: http://en.wikipedia.org/wiki/Windows_Desktop_Search

L'indexation des fichiers peut expliquer l'utilisation du PC.


As-tu vérifié les logs du pare-feu (demandes de connexion inconnues)?


A suivre,
nickW - Image
30/07/2012: Plus de désinfection de PC jusqu'à nouvel ordre.
Pas de demande d'analyse de log en MP (Message Privé)
Mes configs
Avatar de l’utilisateur
nickW
Modérateur
 
Messages: 21698
Inscription: 20 Mai 2004, 17:41
Localisation: Dordogne/Île de France

Messagede sporen » 21 Jan 2009, 17:33

bonjour,
j'ai un peu de mal a te suivre !! désolé mais je ne suis pas une lumière dans les termes .... ni en anglais !

Es-ce obligatoire d'avoir une indexation des dossier ?
Si non , comment faire pour supprimer celle-ci ?

quand au log du pare-feu je pense que tu me parle de Kério , mais comme j'utilise la version gratuite je n'ai pas accès a tout le programme.

Désolé d'être aussi mauvais mais c'est la que je m'aperçois que j'ai réellement besoin d'aide .

Mais tu ne m'a pas vraiment dis ce qu'il en résultait vraiment des différents log que je t'es mis . Y a t il qque chose de vraiment important ou bizarre dans ceux -ci ?
Windows XP - sous C.A antivirus
sporen
 
Messages: 11
Inscription: 16 Jan 2009, 22:21

Suivante

Retourner vers Sécurité (Contamination - Décontamination)

Qui est en ligne

Utilisateurs parcourant ce forum: Aucun utilisateur enregistré et 18 invités

cron