Assiste.Forums

de **mortier** » 20 Jan 2009, 20:02

Bonjour, et meilleurs voeux

je pense être infecté par trojan ou autre ver, virus etc.
J'ai contacté mon FAI (Alice) suivi les instructions et j'ai toujours le même problème je tourne au ralenti.
D'après le FAI ma connexion arrive 6/7 Mega en effectuant je ne sais plus quelle manip j'ai vérifié c'est ok.Pour accéder à internet c'est long très long je pense qu'un logiciel ou infection me "bouffe" ma connection
Que faire ?

les caractéristiques du PC:
Microsoft Windows XP
Edition familiale
Version 2002
Service pack 3
AMD Athlon(tm) 64 Processor
3200+
2.01 GHz, 1,00 Go de RAM

Antivirus avast version gratuite
Ad-Aware SE Personal
et CCCleaner

Si vous pouvez m'aider je vous en remercie d'avance

j'ai fais une analyse HijackThis je vous la joins:

Logfile of HijackThis v1.99.1
Scan saved at 19:02:30, on 20/01/09
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\ATKKBService.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Ahead\InCD\InCD.exe
C:\PROGRA~1\Lexmark\PHOTOC~1\LXBLKsk.exe
C:\Program Files\TechCity Solutions\AliceSAV\AliceAgent.exe
C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Spyware Doctor\pctsGui.exe
C:\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.aliceadsl.fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://fr.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.aliceadsl.fr
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Alice ADSL
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [LXBLKsk] C:\PROGRA~1\Lexmark\PHOTOC~1\LXBLKsk.exe
O4 - HKLM\..\Run: [MemoryCardManager] C:\Program Files\Lexmark\Lexmark Photo Center\MemoryCardManager.exe -startup
O4 - HKLM\..\Run: [AliceSAV] C:\Program Files\TechCity Solutions\AliceSAV\AliceAgent.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www.ca.com/fr/securityadvisor/vi ... ebscan.cab
O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Unknown owner - C:\Program Files\Java\jre6\bin\jqs.exe" -service -config "C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf (file missing)
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Unknown owner - C:\Program Files\Norton AntiVirus\navapsvc.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Planificateur LiveUpdate automatique - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe

de **nickW** » 21 Jan 2009, 01:06

Bonsoir,

Tu as utilisé une version obsolète de HijackThis, et en plus il est mal installé.

Nous n'en aurons pas besoin, mais voici comment installer la dernière version:
HijackThis (de TrendMicro), installation
Télécharger HijackThis de TrendMicro depuis la page:
http://www.trendsecure.com/portal/en-US ... s/download
Cliquer sur le lien: Download HijackThis Installer
Enregistrer ce fichier sur le Bureau.

Lancer l'installation par un double clic sur HJTInstall.exe
Si elle s'affiche, lire et accepter la licence (cliquer sur le bouton I Accept)
Fermer HijackThis.

Peux-tu créer puis envoyer deux rapports (logs) détaillés:

Note: Ces manips doivent être effectuées en ayant ouvert une session avec les "droits Administrateur" (ne pas utiliser le profil utilisateur nommé "Administrateur" visible en mode sans échec).
Sous Windows XP, pour vérifier si un compte a les droits "Administrateur":
Démarrer---->Paramètres---->Panneau de configuration---->Comptes d'utilisateurs
A côté de l'icône représentant certains comptes (hormis celui nommé "Administrateur"), il est indiqué "Administrateur de l'ordinateur"
C'est l'un de ces comptes qu'il faudra utiliser.

Étape 1: OTListIt2 (de OldTimer), téléchargement
Télécharger OTListIt2.exe depuis http://oldtimer.geekstogo.com/OTListIt2.exe
Enregistrer ce fichier sur le Bureau.

Étape 2: OTListIt2 (de OldTimer)
Fermer toutes les fenêtres de programme ouvertes.

Faire un double clic sur OTListIt2.exe pour lancer l'outil.

L'écran principal de OTListIt2 s'affiche:

Si ce n'est déjà fait, dans le paragraphe Extra Registry, cocher le bouton-radio Use SafeList

Cocher (en haut) la case située devant Scan All Users:

Puis cliquer sur le bouton Run Scan:

Laisser l'outil travailler sans l'interrompre.
Lorsque l'outil a terminé, il y a ouverture d'une fenêtre du Bloc-notes contenant un rapport (log).
Fermer le Bloc-notes.
Le second rapport est visible dans la Barre des tâches. Le fermer également.
Fermer la fenêtre de OTListIt2.

Étape 3: Résultats
Envoyer ensuite en réponse dans deux messages distincts (à cause de la longueur des logs):
*- les deux rapports de OTListIt2 (contenu des fichiers OTListIt.txt et Extras.txt situés sur le Bureau).
Les rapports envoyés sur le forum doivent se terminer par une ligne contenant <End>. Si ce n'est pas le cas, ils sont incomplets, et doivent alors être découpés en plusieurs messages.

Note importante: Pour l'envoi de ta(tes) réponse(s), il ne faut pas créer un nouveau sujet, mais cliquer sur le bouton "Répondre"

pour continuer dans ce fil de discussion.

A suivre,

de **mortier** » 21 Jan 2009, 19:37

Bonjour et merci de répondre aussi rapidement,
j'ai effectué la manip avec OTListIt2 j'envoie donc un log par contre je ne retrouve pas le 2nd: Extras.txt j' ai utilisé la fonction "rechercher"sur quelques emplacements résultat rien!

Je vais réassayer la procédure
Merci

OTListIt logfile created on: 21/01/09 19:13:36 - Run 2
OTListIt2 by OldTimer - Version 1.0.3.0 Folder = C:\Documents and Settings\Armand\Bureau
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yy

1023,48 Mb Total Physical Memory | 582,35 Mb Available Physical Memory | 56,90% Memory free
3,90 Gb Paging File | 3,22 Gb Available in Paging File | 82,59% Paging File free
Paging file location(s): C:\pagefile.sys 3072 4096;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 189,91 Gb Total Space | 76,42 Gb Free Space | 40,24% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: MORTIER
Current User Name: Armand
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Output = Standard
File Age = 30 Days
Company Name Whitelist: On

========== Processes (SafeList) ==========

[2005/06/10 17:19:38 | 00,869,888 | ---- | M] (Nero AG) -- C:\Program Files\Ahead\InCD\InCDsrv.exe
[2008/11/26 18:12:08 | 00,018,752 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
[2008/11/26 18:18:46 | 00,155,160 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe
[2003/03/26 15:17:14 | 00,303,104 | ---- | M] (Lexmark International, Inc.) -- C:\WINDOWS\system32\LEXBCES.EXE
[2003/03/26 15:16:04 | 00,174,592 | ---- | M] (Lexmark International, Inc.) -- C:\WINDOWS\system32\LEXPPS.EXE
[2004/07/20 14:15:20 | 00,090,112 | ---- | M] (ASUSTeK COMPUTER INC.) -- C:\WINDOWS\ATKKBService.exe
[2008/10/03 17:48:26 | 00,168,432 | ---- | M] (Google) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
[2008/11/10 05:43:40 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
[2005/02/24 00:32:00 | 00,127,043 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe
[2008/06/13 16:29:14 | 00,356,920 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\pctsAuxs.exe
[2008/10/09 13:47:42 | 01,079,176 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\pctsSvc.exe
[2006/03/30 08:15:44 | 00,096,341 | ---- | M] (Canon Inc.) -- C:\Program Files\Canon\CAL\CALMAIN.exe
[2008/11/26 18:18:32 | 00,254,040 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
[2008/11/26 18:16:23 | 00,352,920 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
[2005/06/10 15:20:06 | 01,397,760 | ---- | M] (Nero AG) -- C:\Program Files\Ahead\InCD\InCD.exe
[2003/03/26 10:11:44 | 00,282,624 | ---- | M] ( ) -- C:\Program Files\Lexmark\Photo Card Reader\lxblksk.exe
[2005/09/14 17:15:40 | 00,080,384 | ---- | M] (TechCity Solutions France) -- C:\Program Files\TechCity Solutions\AliceSAV\AliceAgent.exe
[2003/12/08 16:35:14 | 00,032,768 | ---- | M] (Cyberlink Corp.) -- C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
[2008/11/26 18:18:51 | 00,081,000 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashDisp.exe
[2008/08/04 00:02:20 | 00,036,352 | ---- | M] () -- C:\Program Files\Winamp\winampa.exe
[2008/11/10 05:43:42 | 00,136,600 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
[2008/08/25 12:36:36 | 01,168,264 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\pctsTray.exe
[2008/10/15 08:06:26 | 00,633,632 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe
[2009/01/21 19:00:14 | 00,419,328 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Armand\Bureau\OTListIt2.exe

========== (O23) Win32 Services (SafeList) ==========

File not found -- -- (Acsvcvcvnpq.50 [On_Demand | Stopped])
[2007/10/24 00:47:22 | 00,033,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
[2008/11/26 18:12:08 | 00,018,752 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe -- (aswUpdSv [Auto | Running])
[2004/07/20 14:15:20 | 00,090,112 | ---- | M] (ASUSTeK COMPUTER INC.) -- C:\WINDOWS\ATKKBService.exe -- (ATKKeyboardService [Auto | Running])
[2008/11/26 18:18:46 | 00,155,160 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe -- (avast! Antivirus [Auto | Running])
[2008/11/26 18:18:32 | 00,254,040 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe -- (avast! Mail Scanner [On_Demand | Running])
[2008/11/26 18:16:23 | 00,352,920 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe -- (avast! Web Scanner [On_Demand | Running])
[2006/03/30 08:15:44 | 00,096,341 | ---- | M] (Canon Inc.) -- C:\Program Files\Canon\CAL\CALMAIN.exe -- (CCALib8 [Auto | Running])
[2007/10/24 00:47:40 | 00,070,144 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
[2007/10/09 12:58:12 | 00,036,864 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Stopped])
[2008/10/03 17:48:26 | 00,168,432 | ---- | M] (Google) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc [Auto | Running])
[2007/10/11 09:55:10 | 00,864,256 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc [Unknown | Stopped])
[2005/06/10 17:19:38 | 00,869,888 | ---- | M] (Nero AG) -- C:\Program Files\Ahead\InCD\InCDsrv.exe -- (InCDsrv [Auto | Running])
[2008/11/10 05:43:40 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService [Auto | Running])
[2003/03/26 15:17:14 | 00,303,104 | ---- | M] (Lexmark International, Inc.) -- C:\WINDOWS\system32\LEXBCES.EXE -- (LexBceS [Auto | Running])
File not found -- -- (navapsvc [Auto | Stopped])
[2007/10/11 09:55:14 | 00,122,880 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled | Stopped])
[2005/02/24 00:32:00 | 00,127,043 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe -- (NVSvc [Auto | Running])
File not found -- -- (Planificateur LiveUpdate automatique [Auto | Stopped])
[2008/06/13 16:29:14 | 00,356,920 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\pctsAuxs.exe -- (sdAuxService [Auto | Running])
[2008/10/09 13:47:42 | 01,079,176 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\pctsSvc.exe -- (sdCoreService [Auto | Running])
[2006/11/03 09:59:14 | 00,918,016 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc [On_Demand | Stopped])

========== Driver Services (SafeList) ==========

[2008/11/26 18:15:35 | 00,026,944 | ---- | M] (ALWIL Software) -- C:\WINDOWS\system32\drivers\aavmker4.sys -- (Aavmker4 [System | Running])
[2005/04/19 03:40:52 | 02,317,504 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM [On_Demand | Running])
[2005/03/09 07:53:00 | 00,036,352 | R--- | M] (Advanced Micro Devices) -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8 [System | Stopped])
[1999/09/10 11:06:00 | 00,025,244 | ---- | M] (Adaptec) -- C:\WINDOWS\system32\drivers\Aspi32.sys -- (Aspi32 [Auto | Running])
[2004/07/20 14:19:16 | 00,020,096 | ---- | M] (ASUSTeK COMPUTER INC.) -- C:\WINDOWS\system32\drivers\atkkbnt.sys -- (asuskbnt [System | Running])
[2008/11/26 18:17:25 | 00,020,560 | ---- | M] (ALWIL Software) -- C:\WINDOWS\system32\drivers\aswFsBlk.sys -- (aswFsBlk [Auto | Running])
[2008/11/26 18:18:18 | 00,094,032 | ---- | M] (ALWIL Software) -- C:\WINDOWS\system32\drivers\aswmon2.sys -- (aswMon2 [Auto | Running])
[2008/11/26 18:16:29 | 00,023,152 | ---- | M] (ALWIL Software) -- C:\WINDOWS\system32\drivers\aswRdr.sys -- (aswRdr [On_Demand | Running])
[2008/11/26 18:17:36 | 00,111,184 | ---- | M] (ALWIL Software) -- C:\WINDOWS\system32\drivers\aswSP.sys -- (aswSP [System | Running])
[2008/11/26 18:16:38 | 00,050,864 | ---- | M] (ALWIL Software) -- C:\WINDOWS\system32\drivers\aswTdi.sys -- (aswTdi [System | Running])
[2001/08/17 22:04:48 | 00,171,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\camdrv30.sys -- (Camdrv30 [On_Demand | Stopped])
[2007/08/30 09:00:00 | 00,395,312 | ---- | M] (Symantec Corporation) -- C:\Program Files\Fichiers communs\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl [System | Running])
[2004/12/14 16:55:22 | 00,009,472 | R--- | M] (ASUSTeK Computer Inc.) -- C:\WINDOWS\system32\drivers\EIO.sys -- (EIO [Auto | Running])
[2008/08/25 12:36:28 | 00,040,840 | ---- | M] (PCTools Research Pty Ltd.) -- C:\WINDOWS\system32\drivers\ikfilesec.sys -- (IKFileSec [Boot | Running])
[2008/08/25 12:36:28 | 00,066,952 | ---- | M] (PCTools Research Pty Ltd.) -- C:\WINDOWS\system32\drivers\iksysflt.sys -- (IKSysFlt [System | Running])
[2008/08/25 12:36:30 | 00,081,288 | ---- | M] (PCTools Research Pty Ltd.) -- C:\WINDOWS\system32\drivers\iksyssec.sys -- (IKSysSec [System | Running])
[2005/06/10 17:12:12 | 00,099,584 | ---- | M] (Nero AG) -- C:\WINDOWS\system32\drivers\InCDfs.sys -- (InCDfs [Disabled | Running])
[2005/06/10 17:11:50 | 00,029,696 | ---- | M] (Nero AG) -- C:\WINDOWS\system32\drivers\InCDpass.sys -- (InCDPass [System | Running])
[2005/06/10 15:11:44 | 00,028,160 | ---- | M] (Nero AG) -- C:\WINDOWS\system32\drivers\InCDrm.sys -- (incdrm [System | Running])
[2008/04/13 19:53:09 | 00,040,320 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\nmnt.sys -- (nm [On_Demand | Stopped])
[2005/02/24 00:32:00 | 03,454,144 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv [On_Demand | Running])
[2004/12/07 09:15:54 | 00,087,936 | R--- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\drivers\nvatabus.sys -- (nvatabus [Boot | Running])
[2004/11/24 10:42:46 | 00,033,408 | R--- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD [On_Demand | Running])
[2004/11/24 10:42:48 | 00,012,928 | R--- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus [On_Demand | Running])
[2008/04/13 19:56:06 | 00,088,320 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\nwlnkipx.sys -- (NwlnkIpx [Auto | Running])
[2004/08/05 13:00:00 | 00,063,232 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\nwlnknb.sys -- (NwlnkNb [Auto | Running])
[2004/08/05 13:00:00 | 00,055,936 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\nwlnkspx.sys -- (NwlnkSpx [Auto | Running])
[2003/12/05 10:46:36 | 00,010,368 | ---- | M] (Padus, Inc.) -- C:\WINDOWS\system32\drivers\pfc.sys -- (pfc [On_Demand | Running])
[2004/08/05 13:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink [On_Demand | Running])
[2007/03/08 00:51:00 | 00,043,528 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\pxhelp20.sys -- (PxHelp20 [Boot | Running])
[2007/11/13 11:25:54 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv [On_Demand | Stopped])
[2007/09/14 22:15:10 | 00,158,064 | ---- | M] (Symantec Corporation) -- C:\Program Files\Fichiers communs\Symantec Shared\SymcData\ids-diskless\20071002.003\SymIDSCo.sys -- (SYMIDSCO [On_Demand | Stopped])
[2008/06/20 12:08:27 | 00,225,856 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\tcpip6.sys -- (Tcpip6 [System | Running])
[2008/04/13 19:56:01 | 00,012,288 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\tunmp.sys -- (tunmp [On_Demand | Running])
[2008/04/13 19:56:49 | 00,012,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\usb8023.sys -- (USB_RNDIS_51 [On_Demand | Running])

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://fr.yahoo.com
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL =
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions =
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.aliceadsl.fr
HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.aliceadsl.fr
URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key does not exist or could not be opened. File not found
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

HKU\S-1-5-21-790525478-527237240-1801674531-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
HKU\S-1-5-21-790525478-527237240-1801674531-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions =
HKU\S-1-5-21-790525478-527237240-1801674531-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
HKU\S-1-5-21-790525478-527237240-1801674531-1004\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
HKU\S-1-5-21-790525478-527237240-1801674531-1004\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
HKU\S-1-5-21-790525478-527237240-1801674531-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.aliceadsl.fr
HKU\S-1-5-21-790525478-527237240-1801674531-1004\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.aliceadsl.fr
URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key does not exist or could not be opened. File not found
HKU\S-1-5-21-790525478-527237240-1801674531-1004\S-1-5-21-790525478-527237240-1801674531-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

O1 HOSTS File: (50834 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 0.0.0.0 123spywar.com
O1 - Hosts: 0.0.0.0 www.123spywar.com
O1 - Hosts: 0.0.0.0 1clickspyclean.com
O1 - Hosts: 0.0.0.0 www.1clickspyclean.com
O1 - Hosts: 0.0.0.0 1clicksuite.net
O1 - Hosts: 0.0.0.0 www.1clicksuite.net
O1 - Hosts: 0.0.0.0 1spyware-removal.com
O1 - Hosts: 0.0.0.0 www.1spyware-removal.com
O1 - Hosts: 0.0.0.0 1spywarekiller.com
O1 - Hosts: 0.0.0.0 www.1spywarekiller.com
O1 - Hosts: 0.0.0.0 1stantivirus.com
O1 - Hosts: 0.0.0.0 www.1stantivirus.com
O1 - Hosts: 0.0.0.0 1stspywar.com
O1 - Hosts: 0.0.0.0 www.1stspywar.com
O1 - Hosts: 0.0.0.0 2-antispyware.com
O1 - Hosts: 0.0.0.0 www.2-antispyware.com
O1 - Hosts: 0.0.0.0 3bsoftware.com
O1 - Hosts: 0.0.0.0 www.3bsoftware.com
O1 - Hosts: 0.0.0.0 actualresearch.com
O1 - Hosts: 0.0.0.0 www.actualresearch.com
O1 - Hosts: 0.0.0.0 abletostop.com
O1 - Hosts: 0.0.0.0 www.abletostop.com
O1 - Hosts: 0.0.0.0 aboutblankremover.com
O1 - Hosts: 0.0.0.0 www.aboutblankremover.com
O1 - Hosts: 1735 more lines...
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll (Google Inc.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKCU\..\Toolbar: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - Reg Error: Key does not exist or could not be opened. File not found
O3 - HKCU\..\Toolbar: (no name) - {5CBE2611-C31B-401F-89BC-4CBB25E853D7} - Reg Error: Key does not exist or could not be opened. File not found
O3 - HKCU\..\Toolbar: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key does not exist or could not be opened. File not found
O3 - HKU\.DEFAULT\..\Toolbar: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - Reg Error: Key does not exist or could not be opened. File not found
O3 - HKU\S-1-5-18\..\Toolbar: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - Reg Error: Key does not exist or could not be opened. File not found
O3 - HKU\S-1-5-21-790525478-527237240-1801674531-1004\..\Toolbar: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - Reg Error: Key does not exist or could not be opened. File not found
O3 - HKU\S-1-5-21-790525478-527237240-1801674531-1004\..\Toolbar: (no name) - {5CBE2611-C31B-401F-89BC-4CBB25E853D7} - Reg Error: Key does not exist or could not be opened. File not found
O3 - HKU\S-1-5-21-790525478-527237240-1801674531-1004\..\Toolbar: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key does not exist or could not be opened. File not found
O4 - HKLM..\Run: [AliceSAV] C:\Program Files\TechCity Solutions\AliceSAV\AliceAgent.exe (TechCity Solutions France)
O4 - HKLM..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe (ALWIL Software)
O4 - HKLM..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe (Nero AG)
O4 - HKLM..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe" (PC Tools)
O4 - HKLM..\Run: [LXBLKsk] C:\PROGRA~1\Lexmark\PHOTOC~1\LXBLKsk.exe ( )
O4 - HKLM..\Run: [MemoryCardManager] C:\Program Files\Lexmark\Lexmark Photo Center\MemoryCardManager.exe -startup ()
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] nwiz.exe /install (NVIDIA Corporation)
O4 - HKLM..\Run: [RemoteControl] "C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe" (Cyberlink Corp.)
O4 - HKLM..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe" ()
O4 - HKCU..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe" (Ahead Software AG)
O4 - HKCU..\Run: [PowerBar] File not found
O4 - HKU\S-1-5-21-790525478-527237240-1801674531-1004..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe" (Ahead Software AG)
O4 - HKU\S-1-5-21-790525478-527237240-1801674531-1004..\Run: [PowerBar] File not found
O4 - Startup: C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 36
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = FF FF FF FF [binary data]

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-790525478-527237240-1801674531-1004\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-790525478-527237240-1801674531-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 36
O7 - HKU\S-1-5-21-790525478-527237240-1801674531-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = FF FF FF FF [binary data]

O7 - HKU\S-1-5-21-790525478-527237240-1801674531-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKU\S-1-5-21-790525478-527237240-1801674531-1004_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O15 - HKLM\..Trusted Sites: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shoc ... tor/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {41564D57-9980-0010-8000-00AA00389B71} http://download.microsoft.com/download/ ... mvadvd.cab (Reg Error: Key does not exist or could not be opened.)
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} http://www.ca.com/fr/securityadvisor/vi ... ebscan.cab (WScanCtl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/fl ... rashim.cab (Reg Error: Key does not exist or could not be opened.)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Reg Error: Key does not exist or could not be opened.)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Reg Error: Key does not exist or could not be opened.)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Reg Error: Key does not exist or could not be opened.)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Reg Error: Key does not exist or could not be opened.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Reg Error: Key does not exist or could not be opened.)
O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/pub/sh ... wflash.cab (Shockwave Flash Object)
O18 - Protocol\Handler: - cdo - C:\Program Files\Fichiers communs\Microsoft Shared\Web Folders\PKMCDO.DLL (Microsoft Corporation)
O18 - Protocol\Handler: - ipp - No CLSID value found
O18 - Protocol\Handler: - ipp\0x00000001 - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler: - msdaipp - No CLSID value found
O18 - Protocol\Handler: - msdaipp\0x00000001 - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler: - msdaipp\oledb - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler: - mso-offdap - C:\Program Files\Fichiers communs\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O20 - See sections below for AppInitDlls and Winlogon settings

========== Safeboot Options ==========

"AlternateShell" = cmd.exe

========== CDRom AutoRun Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom]
"AutoRun" = 0

========== Autorun Files on Drives ==========

AUTOEXEC.BAT []
[2005/11/02 00:23:28 | 00,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT -- [ NTFS ]

autorun.inf []
[2007/07/22 14:28:29 00,000,000 | ---D | M] -- C:\autorun.inf -- [ NTFS ]

========== MountPoints2 ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4fce9886-c4f6-11db-b244-0013d36520eb}\Shell\Auto\command]
"" = AdobeR.exe e

========== Files/Folders - Created Within 30 Days ==========

[2009/01/21 18:59:58 | 00,419,328 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Armand\Bureau\OTListIt2.exe
[2009/01/21 18:16:29 | 00,001,734 | ---- | C] () -- C:\Documents and Settings\Armand\Bureau\HijackThis.lnk
[2009/01/21 18:16:29 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2009/01/21 12:28:28 | 00,016,896 | ---- | C] () -- C:\Documents and Settings\Armand\Mes documents\FC09-004CINQ.xls
[2009/01/21 12:26:50 | 00,040,782 | ---- | C] () -- C:\Documents and Settings\Armand\Mes documents\FC09-005TER.pdf
[2009/01/19 21:59:40 | 00,001,637 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\Spyware Doctor.lnk
[2009/01/19 21:59:38 | 00,081,288 | ---- | C] (PCTools Research Pty Ltd.) -- C:\WINDOWS\System32\drivers\iksyssec.sys
[2009/01/19 21:59:38 | 00,066,952 | ---- | C] (PCTools Research Pty Ltd.) -- C:\WINDOWS\System32\drivers\iksysflt.sys
[2009/01/19 21:59:38 | 00,040,840 | ---- | C] (PCTools Research Pty Ltd.) -- C:\WINDOWS\System32\drivers\ikfilesec.sys
[2009/01/19 21:59:38 | 00,029,576 | ---- | C] (PCTools Research Pty Ltd.) -- C:\WINDOWS\System32\drivers\kcom.sys
[2009/01/19 21:59:29 | 00,000,000 | ---D | C] -- C:\Program Files\Spyware Doctor
[2009/01/19 21:59:29 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Armand\Application Data\PC Tools
[2009/01/15 19:52:31 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Armand\Bureau\BALBINO MEDELLIN
[2009/01/12 21:18:49 | 00,077,824 | ---- | C] () -- C:\WINDOWS\System32\xvid.ax
[2009/01/12 21:18:49 | 00,000,000 | ---D | C] -- C:\Program Files\Xvid
[2009/01/12 21:06:14 | 00,278,528 | ---- | C] (Real Networks, Inc) -- C:\WINDOWS\System32\pncrt.dll
[2009/01/12 21:06:13 | 00,000,000 | ---D | C] -- C:\Program Files\Real Alternative
[2009/01/12 21:06:13 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Armand\Local Settings\Application Data\Real
[2009/01/12 21:06:13 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Armand\Application Data\Real
[2009/01/12 21:06:13 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Real
[2009/01/12 21:04:26 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Apple Computer
[2009/01/12 21:04:19 | 00,000,000 | ---D | C] -- C:\Program Files\QuickTime Alternative
[2009/01/12 20:53:38 | 00,164,352 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2009/01/12 20:53:37 | 00,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini
[2009/01/12 20:53:35 | 00,287,744 | ---- | C] (Kristal StudioDFileDescription) -- C:\WINDOWS\System32\divxa32.acm
[2009/01/12 20:53:35 | 00,232,448 | ---- | C] (Fraunhofer Institut Integrierte Schaltungen IIS) -- C:\WINDOWS\System32\mp3fhg.acm
[2009/01/12 20:53:35 | 00,118,784 | ---- | C] (fccHandler) -- C:\WINDOWS\System32\ac3acm.acm
[2009/01/12 20:53:35 | 00,000,414 | ---- | C] () -- C:\WINDOWS\System32\lame_acm.xml
[2009/01/12 20:53:34 | 02,041,363 | ---- | C] () -- C:\WINDOWS\System32\x264vfw.dll
[2009/01/12 20:53:34 | 00,630,784 | ---- | C] (On2.com) -- C:\WINDOWS\System32\vp7vfw.dll
[2009/01/12 20:53:34 | 00,438,272 | ---- | C] (On2.com) -- C:\WINDOWS\System32\vp6vfw.dll
[2009/01/12 20:53:34 | 00,039,936 | ---- | C] (Disappearing Inc.) -- C:\WINDOWS\System32\huffyuv.dll
[2009/01/12 20:53:33 | 00,765,952 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2009/01/12 20:53:33 | 00,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2009/01/12 20:53:31 | 00,007,680 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2009/01/12 20:53:31 | 00,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2009/01/12 20:53:30 | 00,000,000 | ---D | C] -- C:\Program Files\K-Lite Codec Pack
[2009/01/12 20:32:28 | 00,000,000 | ---D | C] -- C:\Program Files\Full Pack Codecs
[2009/01/12 20:29:53 | 00,352,461 | ---- | C] () -- C:\install_FullPackCodecs_FR.exe
[2009/01/09 15:57:57 | 01,161,216 | ---- | C] () -- C:\Documents and Settings\Armand\Bureau\Guide_accès_ressources_DI.DOC
[2009/01/07 20:50:00 | 00,000,000 | ---D | C] -- C:\Program Files\Sun
[2009/01/07 20:49:53 | 00,000,000 | ---D | C] -- C:\Program Files\Stellarium
[2009/01/07 18:41:02 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Armand\Application Data\EoRezo
[2009/01/05 18:04:37 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Armand\Bureau\Bonardi
[2009/01/04 10:39:37 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Armand\Application Data\DivX
[2009/01/04 10:38:42 | 00,000,795 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\DivX Player.lnk
[2009/01/04 10:38:28 | 00,000,806 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\DivX Converter.lnk
[2009/01/04 10:38:13 | 00,001,480 | ---- | C] () -- C:\Documents and Settings\Armand\Bureau\DivX Movies.lnk
[2009/01/04 10:38:13 | 00,000,000 | ---D | C] -- C:\Program Files\DivX
[2008/12/23 22:49:00 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Armand\Mes documents\DTE.2008
[2008/12/23 22:48:32 | 00,000,000 | R--D | C] -- C:\Documents and Settings\Armand\Mes documents\tôt!

========== Files - Modified Within 30 Days ==========

[4 C:\WINDOWS\System32\*.tmp files]
[4 C:\WINDOWS\*.tmp files]
[2009/01/21 19:00:14 | 00,419,328 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Armand\Bureau\OTListIt2.exe
[2009/01/21 18:16:29 | 00,001,734 | ---- | M] () -- C:\Documents and Settings\Armand\Bureau\HijackThis.lnk
[2009/01/21 15:59:55 | 00,000,022 | ---- | M] () -- C:\WINDOWS\FLASHKSK.INI
[2009/01/21 15:59:48 | 00,003,230 | ---- | M] () -- C:\WINDOWS\LXBLCAH.ini
[2009/01/21 15:59:41 | 00,023,773 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2009/01/21 15:59:35 | 00,002,422 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/01/21 15:56:20 | 00,003,121 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2009/01/21 15:55:02 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/01/21 15:54:57 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/01/21 12:28:31 | 00,016,896 | ---- | M] () -- C:\Documents and Settings\Armand\Mes documents\FC09-004CINQ.xls
[2009/01/21 12:26:53 | 00,040,782 | ---- | M] () -- C:\Documents and Settings\Armand\Mes documents\FC09-005TER.pdf
[2009/01/20 22:19:52 | 01,579,098 | -H-- | M] () -- C:\Documents and Settings\Armand\Local Settings\Application Data\IconCache.db
[2009/01/20 21:53:08 | 00,009,216 | ---- | M] () -- C:\Documents and Settings\Armand\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/01/19 22:00:46 | 01,123,208 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/01/19 22:00:46 | 00,510,736 | ---- | M] () -- C:\WINDOWS\System32\perfh00C.dat
[2009/01/19 22:00:46 | 00,441,624 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/01/19 22:00:46 | 00,084,818 | ---- | M] () -- C:\WINDOWS\System32\perfc00C.dat
[2009/01/19 22:00:46 | 00,071,308 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/01/19 21:59:40 | 00,001,637 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\Spyware Doctor.lnk
[2009/01/17 11:21:18 | 00,000,477 | ---- | M] () -- C:\WINDOWS\lexstat.ini
[2009/01/16 18:18:17 | 00,045,384 | -H-- | M] () -- C:\Documents and Settings\Armand\Mes documents\ZbThumbnail.info
[2009/01/12 21:16:39 | 00,000,795 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\DivX Player.lnk
[2009/01/12 21:16:24 | 00,000,806 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\DivX Converter.lnk
[2009/01/12 21:15:56 | 00,001,480 | ---- | M] () -- C:\Documents and Settings\Armand\Bureau\DivX Movies.lnk
[2009/01/12 21:10:38 | 00,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2009/01/12 20:33:02 | 00,031,904 | ---- | M] () -- C:\Documents and Settings\Armand\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2009/01/12 20:31:38 | 00,352,461 | ---- | M] () -- C:\install_FullPackCodecs_FR.exe
[2009/01/12 20:19:34 | 00,000,190 | ---- | M] () -- C:\WINDOWS\QTW.INI
[2009/01/11 11:29:49 | 00,149,992 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/01/10 02:35:28 | 20,853,704 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe
[2009/01/09 16:05:27 | 01,161,216 | ---- | M] () -- C:\Documents and Settings\Armand\Bureau\Guide_accès_ressources_DI.DOC

========== Alternate Data Streams ==========

@Alternate Data Stream - 88 bytes -> %UserProfile%\Mes documents\ZbThumbnail.info:SummaryInformation
@Alternate Data Stream - 114 bytes -> %AllUsersProfile%\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 0 bytes -> %UserProfile%\Mes documents\ZbThumbnail.info:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
@Alternate Data Stream - 0 bytes -> %UserProfile%\Mes documents\Thumbs.db:encryptable
@Alternate Data Stream - 0 bytes -> %UserProfile%\Bureau\Thumbs.db:encryptable
@Alternate Data Stream - 0 bytes -> %SystemRoot%\Thumbs.db:encryptable
@Alternate Data Stream - 0 bytes -> %SystemDrive%\install_FullPackCodecs_FR.exe:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
<End>

de **mortier** » 21 Jan 2009, 19:47

Re-Bonjour
toutes mes excuses j'ai du envoyer 3 fois le même message avec msg d'erreur et en actualisant il est parti ...

de **nickW** » 22 Jan 2009, 00:18

Bonsoir,

Il y a une trace d'infection.
Cette infection s'installe via des clés USB.
J'ignore si elle est active, mais il faut la nettoyer:

Note: Ces manips doivent être effectuées en ayant ouvert une session avec les "droits Administrateur" (ne pas utiliser le profil utilisateur nommé "Administrateur" visible en mode sans échec).
Sous Windows XP, pour vérifier si un compte a les droits "Administrateur":
Démarrer---->Paramètres---->Panneau de configuration---->Comptes d'utilisateurs
A côté de l'icône représentant certains comptes (hormis celui nommé "Administrateur"), il est indiqué "Administrateur de l'ordinateur"
C'est l'un de ces comptes qu'il faudra utiliser en mode sans échec.

Flash_Disinfector (de sUBs)
Télécharger l'outil depuis l'un des deux liens ci-dessous:
http://www.techsupportforum.com/sectool ... fector.exe
http://download.bleepingcomputer.com/sU ... fector.exe
Faire un clic droit sur l'un des liens ci-dessus, puis enregistrer le fichier sur le Bureau.

Fermer absolument toutes les applications, ainsi que les navigateurs (ne pas oublier d'enregistrer tous les documents en cours de modification).

Faire un double clic sur Flash_Disinfector.exe pour lancer l'exécution de l'outil.

L'écran intitulé "Start - Flash_Disinfector" te demande de brancher ta(tes) clé(s) USB si tu en as: il faut que tu le fasses. Ensuite, cliquer sur OK.
L'affichage du Bureau va disparaître: c'est normal.

Lorsque le travail de l'outil est terminé, sur l'écran affichant "Done !!", cliquer sur OK.

Note:
S'il y a de nombreuses clés USB à désinfecter, il faut renouveler l'opération en branchant les clés non traitées une à une.

Ceci fait, une vérification à faire:

Tu as installé un fichier hosts. As-tu pensé à désactiver le service Client DNS?

Ouvrir la console de gestion des services:
Démarrer--->Exécuter
Taper services.msc puis cliquer sur OK

Descendre jusqu'à Client DNS
Faire un clic droit dessus et choisir Propriétés
Dans Statut du service, cliquer sur Arrêter (s'il n'est pas déjà arrêté)
Cliquer sur Appliquer,
Dans Type de démarrage, choisir Désactivé
Cliquer sur Appliquer, puis sur OK
Faire redémarrer le PC.

Après ces deux manips, comment se comporte le PC?

A suivre,

de **mortier** » 22 Jan 2009, 18:33

Bonsoir et merci des recommandations,

j'ai effectué la procédure et après redémarrage j'ai lancé internet sur quelques sites habituels: le temps de réponse me parait plus court.
Mais j'ai l'impression de ne pas être encore dans la grande performance il y a t-il une autre opération de nettoyage ?
Dois je changer d'antivirus (Avast version gratuite) ou tout simplement suivre les recommandations sur le site pour assurer la protection du Pc ?

Merci encore de la rapidité d'intervention

de **nickW** » 23 Jan 2009, 01:07

Bonsoir,

Primo, deux services inutiles qu'il faut désactiver:

Ouvrir la console de gestion des services:
Démarrer--->Exécuter
Taper services.msc puis cliquer sur OK

Descendre jusqu'à Service Norton AntiVirus Auto-Protect
Faire un clic droit dessus et choisir Propriétés
Dans Type de démarrage, choisir Désactivé
Cliquer sur Appliquer, puis sur OK

Faire de même avec Planificateur LiveUpdate automatique

Secundo, peux-tu créer puis envoyer deux nouveaux logs OTListIt2:
Note: J'ai mis en rouge la manip à effectuer pour avoir le second rapport. :wink:

Étape 1: OTListIt2 (de OldTimer)
Fermer toutes les fenêtres de programme ouvertes.

Faire un double clic sur OTListIt2.exe pour lancer l'outil.

L'écran principal de OTListIt2 s'affiche:

Si ce n'est déjà fait, dans le paragraphe Extra Registry, cocher le bouton-radio Use SafeList

Cocher (en haut) la case située devant Scan All Users:

Puis cliquer sur le bouton Run Scan:

Laisser l'outil travailler sans l'interrompre.
Lorsque l'outil a terminé, il y a ouverture d'une fenêtre du Bloc-notes contenant un rapport (log).
Fermer le Bloc-notes.
Le second rapport est visible dans la Barre des tâches. Le fermer également.
Fermer la fenêtre de OTListIt2.

Étape 2: Résultats
Envoyer en réponse dans deux messages distincts (à cause de la longueur des logs):
*- les deux rapports de OTListIt2 (contenu des fichiers OTListIt.txt et Extras.txt situés sur le Bureau).
Les rapports envoyés sur le forum doivent se terminer par une ligne contenant <End>. Si ce n'est pas le cas, ils sont incomplets, et doivent alors être découpés en plusieurs messages.

Note importante: Pour l'envoi de ta(tes) réponse(s), il ne faut pas créer un nouveau sujet, mais cliquer sur le bouton "Répondre"

pour continuer dans ce fil de discussion.

A suivre,

de **mortier** » 23 Jan 2009, 17:17

Bonjour
voilà cette fois jai les 2 rapports
Merci

OTListIt logfile created on: 23/01/09 17:12:22 - Run 6
OTListIt2 by OldTimer - Version 1.0.3.0 Folder = C:\Documents and Settings\Armand\Bureau
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yy

1023,48 Mb Total Physical Memory | 680,83 Mb Available Physical Memory | 66,52% Memory free
3,90 Gb Paging File | 3,60 Gb Available in Paging File | 92,30% Paging File free
Paging file location(s): C:\pagefile.sys 3072 4096;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 189,91 Gb Total Space | 76,22 Gb Free Space | 40,14% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 5,17 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: MORTIER
Current User Name: Armand
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Output = Standard
File Age = 30 Days
Company Name Whitelist: On

========== Processes (SafeList) ==========

[2005/06/10 17:19:38 | 00,869,888 | ---- | M] (Nero AG) -- C:\Program Files\Ahead\InCD\InCDsrv.exe
[2008/11/26 18:12:08 | 00,018,752 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
[2008/11/26 18:18:46 | 00,155,160 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe
[2003/03/26 15:17:14 | 00,303,104 | ---- | M] (Lexmark International, Inc.) -- C:\WINDOWS\system32\LEXBCES.EXE
[2003/03/26 15:16:04 | 00,174,592 | ---- | M] (Lexmark International, Inc.) -- C:\WINDOWS\system32\LEXPPS.EXE
[2004/07/20 14:15:20 | 00,090,112 | ---- | M] (ASUSTeK COMPUTER INC.) -- C:\WINDOWS\ATKKBService.exe
[2008/10/03 17:48:26 | 00,168,432 | ---- | M] (Google) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
[2008/11/10 05:43:40 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
[2005/02/24 00:32:00 | 00,127,043 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe
[2006/03/30 08:15:44 | 00,096,341 | ---- | M] (Canon Inc.) -- C:\Program Files\Canon\CAL\CALMAIN.exe
[2008/11/26 18:18:32 | 00,254,040 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
[2008/11/26 18:16:23 | 00,352,920 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
[2005/06/10 15:20:06 | 01,397,760 | ---- | M] (Nero AG) -- C:\Program Files\Ahead\InCD\InCD.exe
[2003/03/26 10:11:44 | 00,282,624 | ---- | M] ( ) -- C:\Program Files\Lexmark\Photo Card Reader\lxblksk.exe
[2005/09/14 17:15:40 | 00,080,384 | ---- | M] (TechCity Solutions France) -- C:\Program Files\TechCity Solutions\AliceSAV\AliceAgent.exe
[2003/12/08 16:35:14 | 00,032,768 | ---- | M] (Cyberlink Corp.) -- C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
[2008/11/26 18:18:51 | 00,081,000 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashDisp.exe
[2008/08/04 00:02:20 | 00,036,352 | ---- | M] () -- C:\Program Files\Winamp\winampa.exe
[2008/11/10 05:43:42 | 00,136,600 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
[2009/01/21 19:00:14 | 00,419,328 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Armand\Bureau\OTListIt2.exe

========== (O23) Win32 Services (SafeList) ==========

File not found -- -- (Acsvcvcvnpq.50 [On_Demand | Stopped])
[2007/10/24 00:47:22 | 00,033,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
[2008/11/26 18:12:08 | 00,018,752 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe -- (aswUpdSv [Auto | Running])
[2004/07/20 14:15:20 | 00,090,112 | ---- | M] (ASUSTeK COMPUTER INC.) -- C:\WINDOWS\ATKKBService.exe -- (ATKKeyboardService [Auto | Running])
[2008/11/26 18:18:46 | 00,155,160 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe -- (avast! Antivirus [Auto | Running])
[2008/11/26 18:18:32 | 00,254,040 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe -- (avast! Mail Scanner [On_Demand | Running])
[2008/11/26 18:16:23 | 00,352,920 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe -- (avast! Web Scanner [On_Demand | Running])
[2006/03/30 08:15:44 | 00,096,341 | ---- | M] (Canon Inc.) -- C:\Program Files\Canon\CAL\CALMAIN.exe -- (CCALib8 [Auto | Running])
[2007/10/24 00:47:40 | 00,070,144 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
[2007/10/09 12:58:12 | 00,036,864 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Stopped])
[2008/10/03 17:48:26 | 00,168,432 | ---- | M] (Google) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc [Auto | Running])
[2007/10/11 09:55:10 | 00,864,256 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc [Unknown | Stopped])
[2005/06/10 17:19:38 | 00,869,888 | ---- | M] (Nero AG) -- C:\Program Files\Ahead\InCD\InCDsrv.exe -- (InCDsrv [Auto | Running])
[2008/11/10 05:43:40 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService [Auto | Running])
[2003/03/26 15:17:14 | 00,303,104 | ---- | M] (Lexmark International, Inc.) -- C:\WINDOWS\system32\LEXBCES.EXE -- (LexBceS [Auto | Running])
File not found -- -- (navapsvc [Disabled | Stopped])
[2007/10/11 09:55:14 | 00,122,880 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled | Stopped])
[2005/02/24 00:32:00 | 00,127,043 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe -- (NVSvc [Auto | Running])
File not found -- -- (Planificateur LiveUpdate automatique [Disabled | Stopped])
[2006/11/03 09:59:14 | 00,918,016 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc [On_Demand | Stopped])

========== Driver Services (SafeList) ==========

[2008/11/26 18:15:35 | 00,026,944 | ---- | M] (ALWIL Software) -- C:\WINDOWS\system32\drivers\aavmker4.sys -- (Aavmker4 [System | Running])
[2005/04/19 03:40:52 | 02,317,504 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM [On_Demand | Running])
[2005/03/09 07:53:00 | 00,036,352 | R--- | M] (Advanced Micro Devices) -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8 [System | Stopped])
[1999/09/10 11:06:00 | 00,025,244 | ---- | M] (Adaptec) -- C:\WINDOWS\system32\drivers\Aspi32.sys -- (Aspi32 [Auto | Running])
[2004/07/20 14:19:16 | 00,020,096 | ---- | M] (ASUSTeK COMPUTER INC.) -- C:\WINDOWS\system32\drivers\atkkbnt.sys -- (asuskbnt [System | Running])
[2008/11/26 18:17:25 | 00,020,560 | ---- | M] (ALWIL Software) -- C:\WINDOWS\system32\drivers\aswFsBlk.sys -- (aswFsBlk [Auto | Running])
[2008/11/26 18:18:18 | 00,094,032 | ---- | M] (ALWIL Software) -- C:\WINDOWS\system32\drivers\aswmon2.sys -- (aswMon2 [Auto | Running])
[2008/11/26 18:16:29 | 00,023,152 | ---- | M] (ALWIL Software) -- C:\WINDOWS\system32\drivers\aswRdr.sys -- (aswRdr [On_Demand | Running])
[2008/11/26 18:17:36 | 00,111,184 | ---- | M] (ALWIL Software) -- C:\WINDOWS\system32\drivers\aswSP.sys -- (aswSP [System | Running])
[2008/11/26 18:16:38 | 00,050,864 | ---- | M] (ALWIL Software) -- C:\WINDOWS\system32\drivers\aswTdi.sys -- (aswTdi [System | Running])
[2001/08/17 22:04:48 | 00,171,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\camdrv30.sys -- (Camdrv30 [On_Demand | Stopped])
[2007/08/30 09:00:00 | 00,395,312 | ---- | M] (Symantec Corporation) -- C:\Program Files\Fichiers communs\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl [System | Running])
[2004/12/14 16:55:22 | 00,009,472 | R--- | M] (ASUSTeK Computer Inc.) -- C:\WINDOWS\system32\drivers\EIO.sys -- (EIO [Auto | Running])
[2005/06/10 17:12:12 | 00,099,584 | ---- | M] (Nero AG) -- C:\WINDOWS\system32\drivers\InCDfs.sys -- (InCDfs [Disabled | Running])
[2005/06/10 17:11:50 | 00,029,696 | ---- | M] (Nero AG) -- C:\WINDOWS\system32\drivers\InCDpass.sys -- (InCDPass [System | Running])
[2005/06/10 15:11:44 | 00,028,160 | ---- | M] (Nero AG) -- C:\WINDOWS\system32\drivers\InCDrm.sys -- (incdrm [System | Running])
[2008/04/13 19:53:09 | 00,040,320 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\nmnt.sys -- (nm [On_Demand | Stopped])
[2005/02/24 00:32:00 | 03,454,144 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv [On_Demand | Running])
[2004/12/07 09:15:54 | 00,087,936 | R--- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\drivers\nvatabus.sys -- (nvatabus [Boot | Running])
[2004/11/24 10:42:46 | 00,033,408 | R--- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD [On_Demand | Running])
[2004/11/24 10:42:48 | 00,012,928 | R--- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus [On_Demand | Running])
[2008/04/13 19:56:06 | 00,088,320 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\nwlnkipx.sys -- (NwlnkIpx [Auto | Running])
[2004/08/05 13:00:00 | 00,063,232 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\nwlnknb.sys -- (NwlnkNb [Auto | Running])
[2004/08/05 13:00:00 | 00,055,936 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\nwlnkspx.sys -- (NwlnkSpx [Auto | Running])
[2003/12/05 10:46:36 | 00,010,368 | ---- | M] (Padus, Inc.) -- C:\WINDOWS\system32\drivers\pfc.sys -- (pfc [On_Demand | Running])
[2004/08/05 13:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink [On_Demand | Running])
[2007/03/08 00:51:00 | 00,043,528 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\pxhelp20.sys -- (PxHelp20 [Boot | Running])
[2007/11/13 11:25:54 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv [On_Demand | Stopped])
[2007/09/14 22:15:10 | 00,158,064 | ---- | M] (Symantec Corporation) -- C:\Program Files\Fichiers communs\Symantec Shared\SymcData\ids-diskless\20071002.003\SymIDSCo.sys -- (SYMIDSCO [On_Demand | Stopped])
[2008/06/20 12:08:27 | 00,225,856 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\tcpip6.sys -- (Tcpip6 [System | Running])
[2008/04/13 19:56:01 | 00,012,288 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\tunmp.sys -- (tunmp [On_Demand | Running])
[2008/04/13 19:56:49 | 00,012,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\usb8023.sys -- (USB_RNDIS_51 [On_Demand | Running])

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://fr.yahoo.com
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL =
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions =
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.aliceadsl.fr
HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.aliceadsl.fr
URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key does not exist or could not be opened. File not found
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

HKU\S-1-5-21-790525478-527237240-1801674531-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
HKU\S-1-5-21-790525478-527237240-1801674531-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions =
HKU\S-1-5-21-790525478-527237240-1801674531-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
HKU\S-1-5-21-790525478-527237240-1801674531-1004\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
HKU\S-1-5-21-790525478-527237240-1801674531-1004\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
HKU\S-1-5-21-790525478-527237240-1801674531-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.aliceadsl.fr
HKU\S-1-5-21-790525478-527237240-1801674531-1004\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.aliceadsl.fr
URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key does not exist or could not be opened. File not found
HKU\S-1-5-21-790525478-527237240-1801674531-1004\S-1-5-21-790525478-527237240-1801674531-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

O1 HOSTS File: (50834 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 0.0.0.0 123spywar.com
O1 - Hosts: 0.0.0.0 www.123spywar.com
O1 - Hosts: 0.0.0.0 1clickspyclean.com
O1 - Hosts: 0.0.0.0 www.1clickspyclean.com
O1 - Hosts: 0.0.0.0 1clicksuite.net
O1 - Hosts: 0.0.0.0 www.1clicksuite.net
O1 - Hosts: 0.0.0.0 1spyware-removal.com
O1 - Hosts: 0.0.0.0 www.1spyware-removal.com
O1 - Hosts: 0.0.0.0 1spywarekiller.com
O1 - Hosts: 0.0.0.0 www.1spywarekiller.com
O1 - Hosts: 0.0.0.0 1stantivirus.com
O1 - Hosts: 0.0.0.0 www.1stantivirus.com
O1 - Hosts: 0.0.0.0 1stspywar.com
O1 - Hosts: 0.0.0.0 www.1stspywar.com
O1 - Hosts: 0.0.0.0 2-antispyware.com
O1 - Hosts: 0.0.0.0 www.2-antispyware.com
O1 - Hosts: 0.0.0.0 3bsoftware.com
O1 - Hosts: 0.0.0.0 www.3bsoftware.com
O1 - Hosts: 0.0.0.0 actualresearch.com
O1 - Hosts: 0.0.0.0 www.actualresearch.com
O1 - Hosts: 0.0.0.0 abletostop.com
O1 - Hosts: 0.0.0.0 www.abletostop.com
O1 - Hosts: 0.0.0.0 aboutblankremover.com
O1 - Hosts: 0.0.0.0 www.aboutblankremover.com
O1 - Hosts: 1735 more lines...
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll (Google Inc.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKCU\..\Toolbar: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - Reg Error: Key does not exist or could not be opened. File not found
O3 - HKCU\..\Toolbar: (no name) - {5CBE2611-C31B-401F-89BC-4CBB25E853D7} - Reg Error: Key does not exist or could not be opened. File not found
O3 - HKCU\..\Toolbar: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key does not exist or could not be opened. File not found
O3 - HKU\.DEFAULT\..\Toolbar: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - Reg Error: Key does not exist or could not be opened. File not found
O3 - HKU\S-1-5-18\..\Toolbar: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - Reg Error: Key does not exist or could not be opened. File not found
O3 - HKU\S-1-5-21-790525478-527237240-1801674531-1004\..\Toolbar: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - Reg Error: Key does not exist or could not be opened. File not found
O3 - HKU\S-1-5-21-790525478-527237240-1801674531-1004\..\Toolbar: (no name) - {5CBE2611-C31B-401F-89BC-4CBB25E853D7} - Reg Error: Key does not exist or could not be opened. File not found
O3 - HKU\S-1-5-21-790525478-527237240-1801674531-1004\..\Toolbar: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key does not exist or could not be opened. File not found
O4 - HKLM..\Run: [AliceSAV] C:\Program Files\TechCity Solutions\AliceSAV\AliceAgent.exe (TechCity Solutions France)
O4 - HKLM..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe (ALWIL Software)
O4 - HKLM..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe (Nero AG)
O4 - HKLM..\Run: [LXBLKsk] C:\PROGRA~1\Lexmark\PHOTOC~1\LXBLKsk.exe ( )
O4 - HKLM..\Run: [MemoryCardManager] C:\Program Files\Lexmark\Lexmark Photo Center\MemoryCardManager.exe -startup ()
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] nwiz.exe /install (NVIDIA Corporation)
O4 - HKLM..\Run: [RemoteControl] "C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe" (Cyberlink Corp.)
O4 - HKLM..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe" ()
O4 - HKCU..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe" (Ahead Software AG)
O4 - HKCU..\Run: [PowerBar] File not found
O4 - HKU\S-1-5-21-790525478-527237240-1801674531-1004..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe" (Ahead Software AG)
O4 - HKU\S-1-5-21-790525478-527237240-1801674531-1004..\Run: [PowerBar] File not found
O4 - Startup: C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 36
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = FF FF FF FF [binary data]

O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-790525478-527237240-1801674531-1004\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-790525478-527237240-1801674531-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 36
O7 - HKU\S-1-5-21-790525478-527237240-1801674531-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = FF FF FF FF [binary data]

O7 - HKU\S-1-5-21-790525478-527237240-1801674531-1004_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O15 - HKLM\..Trusted Sites: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shoc ... tor/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {41564D57-9980-0010-8000-00AA00389B71} http://download.microsoft.com/download/ ... mvadvd.cab (Reg Error: Key does not exist or could not be opened.)
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} http://www.ca.com/fr/securityadvisor/vi ... ebscan.cab (WScanCtl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/fl ... rashim.cab (Reg Error: Key does not exist or could not be opened.)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Reg Error: Key does not exist or could not be opened.)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Reg Error: Key does not exist or could not be opened.)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Reg Error: Key does not exist or could not be opened.)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Reg Error: Key does not exist or could not be opened.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Reg Error: Key does not exist or could not be opened.)
O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/pub/sh ... wflash.cab (Shockwave Flash Object)
O18 - Protocol\Handler: - cdo - C:\Program Files\Fichiers communs\Microsoft Shared\Web Folders\PKMCDO.DLL (Microsoft Corporation)
O18 - Protocol\Handler: - ipp - No CLSID value found
O18 - Protocol\Handler: - ipp\0x00000001 - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler: - msdaipp - No CLSID value found
O18 - Protocol\Handler: - msdaipp\0x00000001 - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler: - msdaipp\oledb - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler: - mso-offdap - C:\Program Files\Fichiers communs\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O20 - See sections below for AppInitDlls and Winlogon settings

========== Safeboot Options ==========

"AlternateShell" = cmd.exe

========== CDRom AutoRun Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom]
"AutoRun" = 0

========== Autorun Files on Drives ==========

AUTOEXEC.BAT []
[2005/11/02 00:23:28 | 00,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT -- [ NTFS ]

autorun.inf []
[2007/07/22 14:28:29 00,000,000 | ---D | M] -- C:\autorun.inf -- [ NTFS ]

Autorun.exe [MZ | ]
[2006/10/13 13:50:51 | 03,834,762 | R--- | M] (Macromedia, Inc.) -- E:\Autorun.exe -- [ CDFS ]

autorun.inf [[autorun] | open=autorun.exe | icon=AOE.ICO | ]
[2006/10/17 16:24:41 | 00,000,041 | RH-- | M] () -- E:\autorun.inf -- [ CDFS ]

========== MountPoints2 ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4fce9886-c4f6-11db-b244-0013d36520eb}\Shell\Auto\command]
"" = AdobeR.exe e

========== Files/Folders - Created Within 30 Days ==========

[2009/01/23 16:24:59 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Armand\Bureau\Virus
[2009/01/22 17:37:50 | 00,132,597 | ---- | C] () -- C:\Documents and Settings\Armand\Bureau\Flash_Disinfector.exe
[2009/01/21 20:58:11 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Armand\Bureau\Martin Scorsese Presents The Blues_7 CD Box (2003)
[2009/01/21 18:59:58 | 00,419,328 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Armand\Bureau\OTListIt2.exe
[2009/01/21 18:16:29 | 00,001,734 | ---- | C] () -- C:\Documents and Settings\Armand\Bureau\HijackThis.lnk
[2009/01/21 18:16:29 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2009/01/21 12:28:28 | 00,016,896 | ---- | C] () -- C:\Documents and Settings\Armand\Mes documents\FC09-004CINQ.xls
[2009/01/21 12:26:50 | 00,040,782 | ---- | C] () -- C:\Documents and Settings\Armand\Mes documents\FC09-005TER.pdf
[2009/01/15 19:52:31 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Armand\Bureau\BALBINO MEDELLIN
[2009/01/12 21:18:49 | 00,077,824 | ---- | C] () -- C:\WINDOWS\System32\xvid.ax
[2009/01/12 21:18:49 | 00,000,000 | ---D | C] -- C:\Program Files\Xvid
[2009/01/12 21:06:14 | 00,278,528 | ---- | C] (Real Networks, Inc) -- C:\WINDOWS\System32\pncrt.dll
[2009/01/12 21:06:13 | 00,000,000 | ---D | C] -- C:\Program Files\Real Alternative
[2009/01/12 21:06:13 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Armand\Local Settings\Application Data\Real
[2009/01/12 21:06:13 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Armand\Application Data\Real
[2009/01/12 21:06:13 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Real
[2009/01/12 21:04:26 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Apple Computer
[2009/01/12 21:04:19 | 00,000,000 | ---D | C] -- C:\Program Files\QuickTime Alternative
[2009/01/12 20:53:38 | 00,164,352 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2009/01/12 20:53:37 | 00,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini
[2009/01/12 20:53:35 | 00,287,744 | ---- | C] (Kristal StudioDFileDescription) -- C:\WINDOWS\System32\divxa32.acm
[2009/01/12 20:53:35 | 00,232,448 | ---- | C] (Fraunhofer Institut Integrierte Schaltungen IIS) -- C:\WINDOWS\System32\mp3fhg.acm
[2009/01/12 20:53:35 | 00,118,784 | ---- | C] (fccHandler) -- C:\WINDOWS\System32\ac3acm.acm
[2009/01/12 20:53:35 | 00,000,414 | ---- | C] () -- C:\WINDOWS\System32\lame_acm.xml
[2009/01/12 20:53:34 | 02,041,363 | ---- | C] () -- C:\WINDOWS\System32\x264vfw.dll
[2009/01/12 20:53:34 | 00,630,784 | ---- | C] (On2.com) -- C:\WINDOWS\System32\vp7vfw.dll
[2009/01/12 20:53:34 | 00,438,272 | ---- | C] (On2.com) -- C:\WINDOWS\System32\vp6vfw.dll
[2009/01/12 20:53:34 | 00,039,936 | ---- | C] (Disappearing Inc.) -- C:\WINDOWS\System32\huffyuv.dll
[2009/01/12 20:53:33 | 00,765,952 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2009/01/12 20:53:33 | 00,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2009/01/12 20:53:31 | 00,007,680 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2009/01/12 20:53:31 | 00,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2009/01/12 20:53:30 | 00,000,000 | ---D | C] -- C:\Program Files\K-Lite Codec Pack
[2009/01/12 20:32:28 | 00,000,000 | ---D | C] -- C:\Program Files\Full Pack Codecs
[2009/01/12 20:29:53 | 00,352,461 | ---- | C] () -- C:\install_FullPackCodecs_FR.exe
[2009/01/09 15:57:57 | 01,161,216 | ---- | C] () -- C:\Documents and Settings\Armand\Bureau\Guide_accès_ressources_DI.DOC
[2009/01/07 20:50:00 | 00,000,000 | ---D | C] -- C:\Program Files\Sun
[2009/01/07 20:49:53 | 00,000,000 | ---D | C] -- C:\Program Files\Stellarium
[2009/01/07 18:41:02 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Armand\Application Data\EoRezo
[2009/01/05 18:04:37 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Armand\Bureau\Bonardi
[2009/01/04 10:39:37 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Armand\Application Data\DivX
[2009/01/04 10:38:42 | 00,000,795 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\DivX Player.lnk
[2009/01/04 10:38:28 | 00,000,806 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\DivX Converter.lnk
[2009/01/04 10:38:13 | 00,001,480 | ---- | C] () -- C:\Documents and Settings\Armand\Bureau\DivX Movies.lnk
[2009/01/04 10:38:13 | 00,000,000 | ---D | C] -- C:\Program Files\DivX

========== Files - Modified Within 30 Days ==========

[4 C:\WINDOWS\System32\*.tmp files]
[4 C:\WINDOWS\*.tmp files]
[2009/01/23 17:03:15 | 00,000,480 | ---- | M] () -- C:\WINDOWS\lexstat.ini
[2009/01/23 13:36:01 | 00,000,022 | ---- | M] () -- C:\WINDOWS\FLASHKSK.INI
[2009/01/23 13:35:55 | 00,003,230 | ---- | M] () -- C:\WINDOWS\LXBLCAH.ini
[2009/01/23 13:35:54 | 00,023,773 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2009/01/23 13:35:54 | 00,002,422 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/01/23 13:31:47 | 00,003,121 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2009/01/23 13:30:45 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/01/23 13:30:40 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/01/22 23:00:33 | 02,111,074 | -H-- | M] () -- C:\Documents and Settings\Armand\Local Settings\Application Data\IconCache.db
[2009/01/22 20:27:28 | 00,031,904 | ---- | M] () -- C:\Documents and Settings\Armand\Application Data\GDIPFONTCACHEV1.DAT
[2009/01/22 18:52:40 | 00,009,728 | ---- | M] () -- C:\Documents and Settings\Armand\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/01/22 17:37:50 | 00,132,597 | ---- | M] () -- C:\Documents and Settings\Armand\Bureau\Flash_Disinfector.exe
[2009/01/21 19:00:14 | 00,419,328 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Armand\Bureau\OTListIt2.exe
[2009/01/21 18:16:29 | 00,001,734 | ---- | M] () -- C:\Documents and Settings\Armand\Bureau\HijackThis.lnk
[2009/01/21 12:28:31 | 00,016,896 | ---- | M] () -- C:\Documents and Settings\Armand\Mes documents\FC09-004CINQ.xls
[2009/01/21 12:26:53 | 00,040,782 | ---- | M] () -- C:\Documents and Settings\Armand\Mes documents\FC09-005TER.pdf
[2009/01/19 22:00:46 | 01,123,208 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/01/19 22:00:46 | 00,510,736 | ---- | M] () -- C:\WINDOWS\System32\perfh00C.dat
[2009/01/19 22:00:46 | 00,441,624 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/01/19 22:00:46 | 00,084,818 | ---- | M] () -- C:\WINDOWS\System32\perfc00C.dat
[2009/01/19 22:00:46 | 00,071,308 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/01/16 18:18:17 | 00,045,384 | -H-- | M] () -- C:\Documents and Settings\Armand\Mes documents\ZbThumbnail.info
[2009/01/12 21:16:39 | 00,000,795 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\DivX Player.lnk
[2009/01/12 21:16:24 | 00,000,806 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\DivX Converter.lnk
[2009/01/12 21:15:56 | 00,001,480 | ---- | M] () -- C:\Documents and Settings\Armand\Bureau\DivX Movies.lnk
[2009/01/12 21:10:38 | 00,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2009/01/12 20:33:02 | 00,031,904 | ---- | M] () -- C:\Documents and Settings\Armand\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2009/01/12 20:31:38 | 00,352,461 | ---- | M] () -- C:\install_FullPackCodecs_FR.exe
[2009/01/12 20:19:34 | 00,000,190 | ---- | M] () -- C:\WINDOWS\QTW.INI
[2009/01/11 11:29:49 | 00,149,992 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/01/10 02:35:28 | 20,853,704 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe
[2009/01/09 16:05:27 | 01,161,216 | ---- | M] () -- C:\Documents and Settings\Armand\Bureau\Guide_accès_ressources_DI.DOC

========== Alternate Data Streams ==========

@Alternate Data Stream - 88 bytes -> %UserProfile%\Mes documents\ZbThumbnail.info:SummaryInformation
@Alternate Data Stream - 104 bytes -> %AllUsersProfile%\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 0 bytes -> %UserProfile%\Mes documents\ZbThumbnail.info:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
@Alternate Data Stream - 0 bytes -> %UserProfile%\Mes documents\Thumbs.db:encryptable
@Alternate Data Stream - 0 bytes -> %UserProfile%\Bureau\Thumbs.db:encryptable
@Alternate Data Stream - 0 bytes -> %UserProfile%\Bureau\Flash_Disinfector.exe:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
@Alternate Data Stream - 0 bytes -> %SystemRoot%\Thumbs.db:encryptable
@Alternate Data Stream - 0 bytes -> %SystemDrive%\install_FullPackCodecs_FR.exe:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
<End>

de **mortier** » 23 Jan 2009, 17:19

Bonjour
voilà cette fois jai les 2 rapports
Merci

OTListIt logfile created on: 23/01/09 17:12:22 - Run 6
OTListIt2 by OldTimer - Version 1.0.3.0 Folder = C:\Documents and Settings\Armand\Bureau
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yy

1023,48 Mb Total Physical Memory | 680,83 Mb Available Physical Memory | 66,52% Memory free
3,90 Gb Paging File | 3,60 Gb Available in Paging File | 92,30% Paging File free
Paging file location(s): C:\pagefile.sys 3072 4096;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 189,91 Gb Total Space | 76,22 Gb Free Space | 40,14% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 5,17 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: MORTIER
Current User Name: Armand
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Output = Standard
File Age = 30 Days
Company Name Whitelist: On

========== Processes (SafeList) ==========

[2005/06/10 17:19:38 | 00,869,888 | ---- | M] (Nero AG) -- C:\Program Files\Ahead\InCD\InCDsrv.exe
[2008/11/26 18:12:08 | 00,018,752 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
[2008/11/26 18:18:46 | 00,155,160 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe
[2003/03/26 15:17:14 | 00,303,104 | ---- | M] (Lexmark International, Inc.) -- C:\WINDOWS\system32\LEXBCES.EXE
[2003/03/26 15:16:04 | 00,174,592 | ---- | M] (Lexmark International, Inc.) -- C:\WINDOWS\system32\LEXPPS.EXE
[2004/07/20 14:15:20 | 00,090,112 | ---- | M] (ASUSTeK COMPUTER INC.) -- C:\WINDOWS\ATKKBService.exe
[2008/10/03 17:48:26 | 00,168,432 | ---- | M] (Google) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
[2008/11/10 05:43:40 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
[2005/02/24 00:32:00 | 00,127,043 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe
[2006/03/30 08:15:44 | 00,096,341 | ---- | M] (Canon Inc.) -- C:\Program Files\Canon\CAL\CALMAIN.exe
[2008/11/26 18:18:32 | 00,254,040 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
[2008/11/26 18:16:23 | 00,352,920 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
[2005/06/10 15:20:06 | 01,397,760 | ---- | M] (Nero AG) -- C:\Program Files\Ahead\InCD\InCD.exe
[2003/03/26 10:11:44 | 00,282,624 | ---- | M] ( ) -- C:\Program Files\Lexmark\Photo Card Reader\lxblksk.exe
[2005/09/14 17:15:40 | 00,080,384 | ---- | M] (TechCity Solutions France) -- C:\Program Files\TechCity Solutions\AliceSAV\AliceAgent.exe
[2003/12/08 16:35:14 | 00,032,768 | ---- | M] (Cyberlink Corp.) -- C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
[2008/11/26 18:18:51 | 00,081,000 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashDisp.exe
[2008/08/04 00:02:20 | 00,036,352 | ---- | M] () -- C:\Program Files\Winamp\winampa.exe
[2008/11/10 05:43:42 | 00,136,600 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
[2009/01/21 19:00:14 | 00,419,328 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Armand\Bureau\OTListIt2.exe

========== (O23) Win32 Services (SafeList) ==========

File not found -- -- (Acsvcvcvnpq.50 [On_Demand | Stopped])
[2007/10/24 00:47:22 | 00,033,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
[2008/11/26 18:12:08 | 00,018,752 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe -- (aswUpdSv [Auto | Running])
[2004/07/20 14:15:20 | 00,090,112 | ---- | M] (ASUSTeK COMPUTER INC.) -- C:\WINDOWS\ATKKBService.exe -- (ATKKeyboardService [Auto | Running])
[2008/11/26 18:18:46 | 00,155,160 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe -- (avast! Antivirus [Auto | Running])
[2008/11/26 18:18:32 | 00,254,040 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe -- (avast! Mail Scanner [On_Demand | Running])
[2008/11/26 18:16:23 | 00,352,920 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe -- (avast! Web Scanner [On_Demand | Running])
[2006/03/30 08:15:44 | 00,096,341 | ---- | M] (Canon Inc.) -- C:\Program Files\Canon\CAL\CALMAIN.exe -- (CCALib8 [Auto | Running])
[2007/10/24 00:47:40 | 00,070,144 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
[2007/10/09 12:58:12 | 00,036,864 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Stopped])
[2008/10/03 17:48:26 | 00,168,432 | ---- | M] (Google) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc [Auto | Running])
[2007/10/11 09:55:10 | 00,864,256 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc [Unknown | Stopped])
[2005/06/10 17:19:38 | 00,869,888 | ---- | M] (Nero AG) -- C:\Program Files\Ahead\InCD\InCDsrv.exe -- (InCDsrv [Auto | Running])
[2008/11/10 05:43:40 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService [Auto | Running])
[2003/03/26 15:17:14 | 00,303,104 | ---- | M] (Lexmark International, Inc.) -- C:\WINDOWS\system32\LEXBCES.EXE -- (LexBceS [Auto | Running])
File not found -- -- (navapsvc [Disabled | Stopped])
[2007/10/11 09:55:14 | 00,122,880 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled | Stopped])
[2005/02/24 00:32:00 | 00,127,043 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe -- (NVSvc [Auto | Running])
File not found -- -- (Planificateur LiveUpdate automatique [Disabled | Stopped])
[2006/11/03 09:59:14 | 00,918,016 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc [On_Demand | Stopped])

========== Driver Services (SafeList) ==========

[2008/11/26 18:15:35 | 00,026,944 | ---- | M] (ALWIL Software) -- C:\WINDOWS\system32\drivers\aavmker4.sys -- (Aavmker4 [System | Running])
[2005/04/19 03:40:52 | 02,317,504 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM [On_Demand | Running])
[2005/03/09 07:53:00 | 00,036,352 | R--- | M] (Advanced Micro Devices) -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8 [System | Stopped])
[1999/09/10 11:06:00 | 00,025,244 | ---- | M] (Adaptec) -- C:\WINDOWS\system32\drivers\Aspi32.sys -- (Aspi32 [Auto | Running])
[2004/07/20 14:19:16 | 00,020,096 | ---- | M] (ASUSTeK COMPUTER INC.) -- C:\WINDOWS\system32\drivers\atkkbnt.sys -- (asuskbnt [System | Running])
[2008/11/26 18:17:25 | 00,020,560 | ---- | M] (ALWIL Software) -- C:\WINDOWS\system32\drivers\aswFsBlk.sys -- (aswFsBlk [Auto | Running])
[2008/11/26 18:18:18 | 00,094,032 | ---- | M] (ALWIL Software) -- C:\WINDOWS\system32\drivers\aswmon2.sys -- (aswMon2 [Auto | Running])
[2008/11/26 18:16:29 | 00,023,152 | ---- | M] (ALWIL Software) -- C:\WINDOWS\system32\drivers\aswRdr.sys -- (aswRdr [On_Demand | Running])
[2008/11/26 18:17:36 | 00,111,184 | ---- | M] (ALWIL Software) -- C:\WINDOWS\system32\drivers\aswSP.sys -- (aswSP [System | Running])
[2008/11/26 18:16:38 | 00,050,864 | ---- | M] (ALWIL Software) -- C:\WINDOWS\system32\drivers\aswTdi.sys -- (aswTdi [System | Running])
[2001/08/17 22:04:48 | 00,171,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\camdrv30.sys -- (Camdrv30 [On_Demand | Stopped])
[2007/08/30 09:00:00 | 00,395,312 | ---- | M] (Symantec Corporation) -- C:\Program Files\Fichiers communs\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl [System | Running])
[2004/12/14 16:55:22 | 00,009,472 | R--- | M] (ASUSTeK Computer Inc.) -- C:\WINDOWS\system32\drivers\EIO.sys -- (EIO [Auto | Running])
[2005/06/10 17:12:12 | 00,099,584 | ---- | M] (Nero AG) -- C:\WINDOWS\system32\drivers\InCDfs.sys -- (InCDfs [Disabled | Running])
[2005/06/10 17:11:50 | 00,029,696 | ---- | M] (Nero AG) -- C:\WINDOWS\system32\drivers\InCDpass.sys -- (InCDPass [System | Running])
[2005/06/10 15:11:44 | 00,028,160 | ---- | M] (Nero AG) -- C:\WINDOWS\system32\drivers\InCDrm.sys -- (incdrm [System | Running])
[2008/04/13 19:53:09 | 00,040,320 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\nmnt.sys -- (nm [On_Demand | Stopped])
[2005/02/24 00:32:00 | 03,454,144 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv [On_Demand | Running])
[2004/12/07 09:15:54 | 00,087,936 | R--- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\drivers\nvatabus.sys -- (nvatabus [Boot | Running])
[2004/11/24 10:42:46 | 00,033,408 | R--- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD [On_Demand | Running])
[2004/11/24 10:42:48 | 00,012,928 | R--- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus [On_Demand | Running])
[2008/04/13 19:56:06 | 00,088,320 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\nwlnkipx.sys -- (NwlnkIpx [Auto | Running])
[2004/08/05 13:00:00 | 00,063,232 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\nwlnknb.sys -- (NwlnkNb [Auto | Running])
[2004/08/05 13:00:00 | 00,055,936 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\nwlnkspx.sys -- (NwlnkSpx [Auto | Running])
[2003/12/05 10:46:36 | 00,010,368 | ---- | M] (Padus, Inc.) -- C:\WINDOWS\system32\drivers\pfc.sys -- (pfc [On_Demand | Running])
[2004/08/05 13:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink [On_Demand | Running])
[2007/03/08 00:51:00 | 00,043,528 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\pxhelp20.sys -- (PxHelp20 [Boot | Running])
[2007/11/13 11:25:54 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv [On_Demand | Stopped])
[2007/09/14 22:15:10 | 00,158,064 | ---- | M] (Symantec Corporation) -- C:\Program Files\Fichiers communs\Symantec Shared\SymcData\ids-diskless\20071002.003\SymIDSCo.sys -- (SYMIDSCO [On_Demand | Stopped])
[2008/06/20 12:08:27 | 00,225,856 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\tcpip6.sys -- (Tcpip6 [System | Running])
[2008/04/13 19:56:01 | 00,012,288 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\tunmp.sys -- (tunmp [On_Demand | Running])
[2008/04/13 19:56:49 | 00,012,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\usb8023.sys -- (USB_RNDIS_51 [On_Demand | Running])

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://fr.yahoo.com
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL =
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions =
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.aliceadsl.fr
HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.aliceadsl.fr
URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key does not exist or could not be opened. File not found
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

HKU\S-1-5-21-790525478-527237240-1801674531-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
HKU\S-1-5-21-790525478-527237240-1801674531-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions =
HKU\S-1-5-21-790525478-527237240-1801674531-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
HKU\S-1-5-21-790525478-527237240-1801674531-1004\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
HKU\S-1-5-21-790525478-527237240-1801674531-1004\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
HKU\S-1-5-21-790525478-527237240-1801674531-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.aliceadsl.fr
HKU\S-1-5-21-790525478-527237240-1801674531-1004\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.aliceadsl.fr
URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key does not exist or could not be opened. File not found
HKU\S-1-5-21-790525478-527237240-1801674531-1004\S-1-5-21-790525478-527237240-1801674531-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

O1 HOSTS File: (50834 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 0.0.0.0 123spywar.com
O1 - Hosts: 0.0.0.0 www.123spywar.com
O1 - Hosts: 0.0.0.0 1clickspyclean.com
O1 - Hosts: 0.0.0.0 www.1clickspyclean.com
O1 - Hosts: 0.0.0.0 1clicksuite.net
O1 - Hosts: 0.0.0.0 www.1clicksuite.net
O1 - Hosts: 0.0.0.0 1spyware-removal.com
O1 - Hosts: 0.0.0.0 www.1spyware-removal.com
O1 - Hosts: 0.0.0.0 1spywarekiller.com
O1 - Hosts: 0.0.0.0 www.1spywarekiller.com
O1 - Hosts: 0.0.0.0 1stantivirus.com
O1 - Hosts: 0.0.0.0 www.1stantivirus.com
O1 - Hosts: 0.0.0.0 1stspywar.com
O1 - Hosts: 0.0.0.0 www.1stspywar.com
O1 - Hosts: 0.0.0.0 2-antispyware.com
O1 - Hosts: 0.0.0.0 www.2-antispyware.com
O1 - Hosts: 0.0.0.0 3bsoftware.com
O1 - Hosts: 0.0.0.0 www.3bsoftware.com
O1 - Hosts: 0.0.0.0 actualresearch.com
O1 - Hosts: 0.0.0.0 www.actualresearch.com
O1 - Hosts: 0.0.0.0 abletostop.com
O1 - Hosts: 0.0.0.0 www.abletostop.com
O1 - Hosts: 0.0.0.0 aboutblankremover.com
O1 - Hosts: 0.0.0.0 www.aboutblankremover.com
O1 - Hosts: 1735 more lines...
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll (Google Inc.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKCU\..\Toolbar: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - Reg Error: Key does not exist or could not be opened. File not found
O3 - HKCU\..\Toolbar: (no name) - {5CBE2611-C31B-401F-89BC-4CBB25E853D7} - Reg Error: Key does not exist or could not be opened. File not found
O3 - HKCU\..\Toolbar: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key does not exist or could not be opened. File not found
O3 - HKU\.DEFAULT\..\Toolbar: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - Reg Error: Key does not exist or could not be opened. File not found
O3 - HKU\S-1-5-18\..\Toolbar: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - Reg Error: Key does not exist or could not be opened. File not found
O3 - HKU\S-1-5-21-790525478-527237240-1801674531-1004\..\Toolbar: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - Reg Error: Key does not exist or could not be opened. File not found
O3 - HKU\S-1-5-21-790525478-527237240-1801674531-1004\..\Toolbar: (no name) - {5CBE2611-C31B-401F-89BC-4CBB25E853D7} - Reg Error: Key does not exist or could not be opened. File not found
O3 - HKU\S-1-5-21-790525478-527237240-1801674531-1004\..\Toolbar: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key does not exist or could not be opened. File not found
O4 - HKLM..\Run: [AliceSAV] C:\Program Files\TechCity Solutions\AliceSAV\AliceAgent.exe (TechCity Solutions France)
O4 - HKLM..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe (ALWIL Software)
O4 - HKLM..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe (Nero AG)
O4 - HKLM..\Run: [LXBLKsk] C:\PROGRA~1\Lexmark\PHOTOC~1\LXBLKsk.exe ( )
O4 - HKLM..\Run: [MemoryCardManager] C:\Program Files\Lexmark\Lexmark Photo Center\MemoryCardManager.exe -startup ()
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] nwiz.exe /install (NVIDIA Corporation)
O4 - HKLM..\Run: [RemoteControl] "C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe" (Cyberlink Corp.)
O4 - HKLM..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe" ()
O4 - HKCU..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe" (Ahead Software AG)
O4 - HKCU..\Run: [PowerBar] File not found
O4 - HKU\S-1-5-21-790525478-527237240-1801674531-1004..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe" (Ahead Software AG)
O4 - HKU\S-1-5-21-790525478-527237240-1801674531-1004..\Run: [PowerBar] File not found
O4 - Startup: C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 36
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = FF FF FF FF [binary data]

O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-790525478-527237240-1801674531-1004\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-790525478-527237240-1801674531-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 36
O7 - HKU\S-1-5-21-790525478-527237240-1801674531-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = FF FF FF FF [binary data]

O7 - HKU\S-1-5-21-790525478-527237240-1801674531-1004_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O15 - HKLM\..Trusted Sites: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shoc ... tor/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {41564D57-9980-0010-8000-00AA00389B71} http://download.microsoft.com/download/ ... mvadvd.cab (Reg Error: Key does not exist or could not be opened.)
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} http://www.ca.com/fr/securityadvisor/vi ... ebscan.cab (WScanCtl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/fl ... rashim.cab (Reg Error: Key does not exist or could not be opened.)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Reg Error: Key does not exist or could not be opened.)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Reg Error: Key does not exist or could not be opened.)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Reg Error: Key does not exist or could not be opened.)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Reg Error: Key does not exist or could not be opened.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Reg Error: Key does not exist or could not be opened.)
O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/pub/sh ... wflash.cab (Shockwave Flash Object)
O18 - Protocol\Handler: - cdo - C:\Program Files\Fichiers communs\Microsoft Shared\Web Folders\PKMCDO.DLL (Microsoft Corporation)
O18 - Protocol\Handler: - ipp - No CLSID value found
O18 - Protocol\Handler: - ipp\0x00000001 - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler: - msdaipp - No CLSID value found
O18 - Protocol\Handler: - msdaipp\0x00000001 - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler: - msdaipp\oledb - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler: - mso-offdap - C:\Program Files\Fichiers communs\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O20 - See sections below for AppInitDlls and Winlogon settings

========== Safeboot Options ==========

"AlternateShell" = cmd.exe

========== CDRom AutoRun Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom]
"AutoRun" = 0

========== Autorun Files on Drives ==========

AUTOEXEC.BAT []
[2005/11/02 00:23:28 | 00,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT -- [ NTFS ]

autorun.inf []
[2007/07/22 14:28:29 00,000,000 | ---D | M] -- C:\autorun.inf -- [ NTFS ]

Autorun.exe [MZ | ]
[2006/10/13 13:50:51 | 03,834,762 | R--- | M] (Macromedia, Inc.) -- E:\Autorun.exe -- [ CDFS ]

autorun.inf [[autorun] | open=autorun.exe | icon=AOE.ICO | ]
[2006/10/17 16:24:41 | 00,000,041 | RH-- | M] () -- E:\autorun.inf -- [ CDFS ]

========== MountPoints2 ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4fce9886-c4f6-11db-b244-0013d36520eb}\Shell\Auto\command]
"" = AdobeR.exe e

========== Files/Folders - Created Within 30 Days ==========

[2009/01/23 16:24:59 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Armand\Bureau\Virus
[2009/01/22 17:37:50 | 00,132,597 | ---- | C] () -- C:\Documents and Settings\Armand\Bureau\Flash_Disinfector.exe
[2009/01/21 20:58:11 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Armand\Bureau\Martin Scorsese Presents The Blues_7 CD Box (2003)
[2009/01/21 18:59:58 | 00,419,328 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Armand\Bureau\OTListIt2.exe
[2009/01/21 18:16:29 | 00,001,734 | ---- | C] () -- C:\Documents and Settings\Armand\Bureau\HijackThis.lnk
[2009/01/21 18:16:29 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2009/01/21 12:28:28 | 00,016,896 | ---- | C] () -- C:\Documents and Settings\Armand\Mes documents\FC09-004CINQ.xls
[2009/01/21 12:26:50 | 00,040,782 | ---- | C] () -- C:\Documents and Settings\Armand\Mes documents\FC09-005TER.pdf
[2009/01/15 19:52:31 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Armand\Bureau\BALBINO MEDELLIN
[2009/01/12 21:18:49 | 00,077,824 | ---- | C] () -- C:\WINDOWS\System32\xvid.ax
[2009/01/12 21:18:49 | 00,000,000 | ---D | C] -- C:\Program Files\Xvid
[2009/01/12 21:06:14 | 00,278,528 | ---- | C] (Real Networks, Inc) -- C:\WINDOWS\System32\pncrt.dll
[2009/01/12 21:06:13 | 00,000,000 | ---D | C] -- C:\Program Files\Real Alternative
[2009/01/12 21:06:13 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Armand\Local Settings\Application Data\Real
[2009/01/12 21:06:13 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Armand\Application Data\Real
[2009/01/12 21:06:13 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Real
[2009/01/12 21:04:26 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Apple Computer
[2009/01/12 21:04:19 | 00,000,000 | ---D | C] -- C:\Program Files\QuickTime Alternative
[2009/01/12 20:53:38 | 00,164,352 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2009/01/12 20:53:37 | 00,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini
[2009/01/12 20:53:35 | 00,287,744 | ---- | C] (Kristal StudioDFileDescription) -- C:\WINDOWS\System32\divxa32.acm
[2009/01/12 20:53:35 | 00,232,448 | ---- | C] (Fraunhofer Institut Integrierte Schaltungen IIS) -- C:\WINDOWS\System32\mp3fhg.acm
[2009/01/12 20:53:35 | 00,118,784 | ---- | C] (fccHandler) -- C:\WINDOWS\System32\ac3acm.acm
[2009/01/12 20:53:35 | 00,000,414 | ---- | C] () -- C:\WINDOWS\System32\lame_acm.xml
[2009/01/12 20:53:34 | 02,041,363 | ---- | C] () -- C:\WINDOWS\System32\x264vfw.dll
[2009/01/12 20:53:34 | 00,630,784 | ---- | C] (On2.com) -- C:\WINDOWS\System32\vp7vfw.dll
[2009/01/12 20:53:34 | 00,438,272 | ---- | C] (On2.com) -- C:\WINDOWS\System32\vp6vfw.dll
[2009/01/12 20:53:34 | 00,039,936 | ---- | C] (Disappearing Inc.) -- C:\WINDOWS\System32\huffyuv.dll
[2009/01/12 20:53:33 | 00,765,952 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2009/01/12 20:53:33 | 00,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2009/01/12 20:53:31 | 00,007,680 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2009/01/12 20:53:31 | 00,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2009/01/12 20:53:30 | 00,000,000 | ---D | C] -- C:\Program Files\K-Lite Codec Pack
[2009/01/12 20:32:28 | 00,000,000 | ---D | C] -- C:\Program Files\Full Pack Codecs
[2009/01/12 20:29:53 | 00,352,461 | ---- | C] () -- C:\install_FullPackCodecs_FR.exe
[2009/01/09 15:57:57 | 01,161,216 | ---- | C] () -- C:\Documents and Settings\Armand\Bureau\Guide_accès_ressources_DI.DOC
[2009/01/07 20:50:00 | 00,000,000 | ---D | C] -- C:\Program Files\Sun
[2009/01/07 20:49:53 | 00,000,000 | ---D | C] -- C:\Program Files\Stellarium
[2009/01/07 18:41:02 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Armand\Application Data\EoRezo
[2009/01/05 18:04:37 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Armand\Bureau\Bonardi
[2009/01/04 10:39:37 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Armand\Application Data\DivX
[2009/01/04 10:38:42 | 00,000,795 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\DivX Player.lnk
[2009/01/04 10:38:28 | 00,000,806 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\DivX Converter.lnk
[2009/01/04 10:38:13 | 00,001,480 | ---- | C] () -- C:\Documents and Settings\Armand\Bureau\DivX Movies.lnk
[2009/01/04 10:38:13 | 00,000,000 | ---D | C] -- C:\Program Files\DivX

========== Files - Modified Within 30 Days ==========

[4 C:\WINDOWS\System32\*.tmp files]
[4 C:\WINDOWS\*.tmp files]
[2009/01/23 17:03:15 | 00,000,480 | ---- | M] () -- C:\WINDOWS\lexstat.ini
[2009/01/23 13:36:01 | 00,000,022 | ---- | M] () -- C:\WINDOWS\FLASHKSK.INI
[2009/01/23 13:35:55 | 00,003,230 | ---- | M] () -- C:\WINDOWS\LXBLCAH.ini
[2009/01/23 13:35:54 | 00,023,773 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2009/01/23 13:35:54 | 00,002,422 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/01/23 13:31:47 | 00,003,121 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2009/01/23 13:30:45 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/01/23 13:30:40 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/01/22 23:00:33 | 02,111,074 | -H-- | M] () -- C:\Documents and Settings\Armand\Local Settings\Application Data\IconCache.db
[2009/01/22 20:27:28 | 00,031,904 | ---- | M] () -- C:\Documents and Settings\Armand\Application Data\GDIPFONTCACHEV1.DAT
[2009/01/22 18:52:40 | 00,009,728 | ---- | M] () -- C:\Documents and Settings\Armand\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/01/22 17:37:50 | 00,132,597 | ---- | M] () -- C:\Documents and Settings\Armand\Bureau\Flash_Disinfector.exe
[2009/01/21 19:00:14 | 00,419,328 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Armand\Bureau\OTListIt2.exe
[2009/01/21 18:16:29 | 00,001,734 | ---- | M] () -- C:\Documents and Settings\Armand\Bureau\HijackThis.lnk
[2009/01/21 12:28:31 | 00,016,896 | ---- | M] () -- C:\Documents and Settings\Armand\Mes documents\FC09-004CINQ.xls
[2009/01/21 12:26:53 | 00,040,782 | ---- | M] () -- C:\Documents and Settings\Armand\Mes documents\FC09-005TER.pdf
[2009/01/19 22:00:46 | 01,123,208 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/01/19 22:00:46 | 00,510,736 | ---- | M] () -- C:\WINDOWS\System32\perfh00C.dat
[2009/01/19 22:00:46 | 00,441,624 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/01/19 22:00:46 | 00,084,818 | ---- | M] () -- C:\WINDOWS\System32\perfc00C.dat
[2009/01/19 22:00:46 | 00,071,308 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/01/16 18:18:17 | 00,045,384 | -H-- | M] () -- C:\Documents and Settings\Armand\Mes documents\ZbThumbnail.info
[2009/01/12 21:16:39 | 00,000,795 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\DivX Player.lnk
[2009/01/12 21:16:24 | 00,000,806 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\DivX Converter.lnk
[2009/01/12 21:15:56 | 00,001,480 | ---- | M] () -- C:\Documents and Settings\Armand\Bureau\DivX Movies.lnk
[2009/01/12 21:10:38 | 00,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2009/01/12 20:33:02 | 00,031,904 | ---- | M] () -- C:\Documents and Settings\Armand\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2009/01/12 20:31:38 | 00,352,461 | ---- | M] () -- C:\install_FullPackCodecs_FR.exe
[2009/01/12 20:19:34 | 00,000,190 | ---- | M] () -- C:\WINDOWS\QTW.INI
[2009/01/11 11:29:49 | 00,149,992 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/01/10 02:35:28 | 20,853,704 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe
[2009/01/09 16:05:27 | 01,161,216 | ---- | M] () -- C:\Documents and Settings\Armand\Bureau\Guide_accès_ressources_DI.DOC

========== Alternate Data Streams ==========

@Alternate Data Stream - 88 bytes -> %UserProfile%\Mes documents\ZbThumbnail.info:SummaryInformation
@Alternate Data Stream - 104 bytes -> %AllUsersProfile%\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 0 bytes -> %UserProfile%\Mes documents\ZbThumbnail.info:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
@Alternate Data Stream - 0 bytes -> %UserProfile%\Mes documents\Thumbs.db:encryptable
@Alternate Data Stream - 0 bytes -> %UserProfile%\Bureau\Thumbs.db:encryptable
@Alternate Data Stream - 0 bytes -> %UserProfile%\Bureau\Flash_Disinfector.exe:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
@Alternate Data Stream - 0 bytes -> %SystemRoot%\Thumbs.db:encryptable
@Alternate Data Stream - 0 bytes -> %SystemDrive%\install_FullPackCodecs_FR.exe:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
<End>

de **mortier** » 23 Jan 2009, 17:31

Re-Bonjour
2nd log: Extras

J'ai oublié de signaler un détail qui est certainement important depuis un peu plus d'un mois les titres des fichiers (audio,vidéo, images...dans Mes documents) changent de couleurs c.à.d. la couleur de police automatique est noire, depuis progressivement les polices deviennent bleues ?! au début un ou deux titres et depuis comme une épidémie ils changent de couleurs sans avoir changer aucun paramètre

Merci

OTListIt Extras logfile created on: 23/01/09 17:12:23 - Run 6
OTListIt2 by OldTimer - Version 1.0.3.0 Folder = C:\Documents and Settings\Armand\Bureau
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yy

1023,48 Mb Total Physical Memory | 680,83 Mb Available Physical Memory | 66,52% Memory free
3,90 Gb Paging File | 3,60 Gb Available in Paging File | 92,30% Paging File free
Paging file location(s): C:\pagefile.sys 3072 4096;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 189,91 Gb Total Space | 76,22 Gb Free Space | 40,14% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 5,17 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: MORTIER
Current User Name: Armand
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Output = Standard
File Age = 30 Days
Company Name Whitelist: On

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 1
"FirewallDisableNotify" = 1
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
File not found -- C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:MSN Messenger 7.5
[2008/04/13 19:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
[2003/03/26 15:16:04 | 00,174,592 | ---- | M] (Lexmark International, Inc.) -- C:\WINDOWS\system32\LEXPPS.EXE:*:Enabled:LEXPPS.EXE
[2008/10/15 08:06:26 | 00,633,632 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\IEXPLORE.EXE:*:Enabled:Internet Explorer
[2008/04/14 03:34:13 | 01,695,232 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger
File not found -- C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:MSN Messenger 7.5
File not found -- C:\Program Files\K-Lite Codec Pack\Media Player Classic\mplayerc.exe:*:Enabled:Media Player Classic
[2008/04/13 19:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
[2007/11/15 20:33:43 | 05,537,792 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Games\Age of Empires\Empires.exe:*:Enabled:Age of Empires
[2006/10/18 17:33:19 | 06,737,965 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Games\Age of Empires II\EMPIRES2.EXE:*:Disabled:Age of Empires II
[2001/06/15 22:37:34 | 06,877,229 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Games\Age of Empires II\age2_x1\age2_x1.exe:*:Disabled:Age of Empires II Expansion
[2008/08/01 18:41:24 | 05,480,448 | ---- | M] (http://www.emule-project.net) -- C:\Program Files\eMule\emule.exe:*:Enabled:eMule
File not found -- C:\Program Files\BitComet\BitComet.exe:*:Disabled:BitComet - a BitTorrent Client
[2008/02/20 09:30:50 | 00,147,456 | ---- | M] (IPortent) -- C:\Program Files\Zapu\Zapu\wDivi.exe:*:Disabled:Zapu Control
File not found -- C:\Program Files\Winamp Remote\bin\Orb.exe:*:Enabled:Orb
File not found -- C:\Program Files\Winamp Remote\bin\OrbTray.exe:*:Enabled:OrbTray
File not found -- C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe:*:Enabled:Orb Stream Client

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{121634B0-2F4B-11D3-ADA3-00C04F52DD52}" = Windows Installer Clean Up
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = Multimedia Launcher
"{26A24AE4-039D-4CA4-87B4-2F83216010FF}" = Java(TM) 6 Update 11
"{2BA00471-0328-3743-93BD-FA813353A783}" = Microsoft .NET Framework 3.0 Service Pack 1
"{315ACD04-BCEB-478B-9B1D-5431D0E6CB11}" = ASUS Enhanced Display Driver
"{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java(TM) SE Runtime Environment 6 Update 1
"{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java(TM) 6 Update 2
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java(TM) 6 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java(TM) 6 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{350C940c-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3A0221AD-D30B-4320-8F9B-1D0F0E6C6843}" = Kit de Connexion Alice ADSL
"{3A2AF807-9F9F-43C9-A24A-17B617238B74}" = OpenOffice.org Installer 1.0
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{523BD5B6-E904-493C-B902-1BC9B7D44DF4}" = Lexmark Photo Center
"{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}" = Windows Genuine Advantage v1.3.0254.0
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{6901DD22-527A-41EF-9059-E81FEDE9E494}" = Windows Presentation Foundation Language Pack (FRA)
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{9011040C-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional
"{9030040C-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Media Content
"{97034E1C-B178-4B5E-A1C4-203E225CC6FF}" = SanagaPlayer
"{9A394342-4A68-4EBA-85A6-55B559F4E700}" = Microsoft .NET Framework 1.1 French Language Pack
"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
"{AC76BA86-7AD7-1036-7B44-A90000000001}" = Adobe Reader 9 - Français
"{AC76BA86-7AD7-5464-3428-800000000003}" = Spelling Dictionaries Support For Adobe Reader 8
"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B168C59D-5FCF-4EEC-B464-BFA7A8266150}" = Windows Communication Foundation Language Pack - FRA
"{B508B3F1-A24A-32C0-B310-85786919EF28}" = Microsoft .NET Framework 2.0 Service Pack 1
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = PowerProducer
"{B84C141C-9A13-44BE-9A69-301D7B11D836}" = Windows Workflow Foundation FR Language Pack
"{B97CF5C3-0487-11D8-A36E-0050BAE317E1}" = DVD Solution
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{E3C080B0-23F5-49AF-89F8-8E8DBC89E659}" = Microsoft .NET Framework 3.0 French Language Pack
"{F196AC50-7C95-42E1-9947-BDAB18BF3C8C}" = Microsoft .NET Framework 2.0 Language Pack - FRA
"{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio
"7-Zip" = 7-Zip 3.13
"Ad-Aware SE Personal" = Ad-Aware SE Personal
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player
"Age of Empires" = Microsoft Age of Empires
"Age of Empires 2.0" = Microsoft Age of Empires II
"Age of Empires II: The Conquerors Expansion 1.0" = Microsoft Age of Empires II : The Conquerors Expansion
"AliceSAV" = Alice Auto-diagnostic
"Atlas mondial Encarta 2.0" = Atlas Mondial Microsoft Encarta
"avast!" = avast! Antivirus
"CAL" = Canon Camera Access Library
"CameraWindowDVC5" = Canon Camera Window DC_DV 5 for ZoomBrowser EX
"CameraWindowDVC6" = Canon Camera Window DC_DV 6 for ZoomBrowser EX
"CameraWindowMC" = Canon Camera Window MC 6 for ZoomBrowser EX
"Canon G.726 WMP-Decoder" = Canon G.726 WMP-Decoder
"CANON iMAGE GATEWAY Task" = CANON iMAGE GATEWAY Task for ZoomBrowser EX
"Canon Internet Library for ZoomBrowser EX" = Canon Internet Library for ZoomBrowser EX
"CCleaner" = CCleaner (remove only)
"CD-reef version S118 (édition 1999.4)" = CD-reef version S118 (édition 1999.4)
"CSCLIB" = Canon Camera Support Core Library
"Dicobat version 1.1" = Dicobat version 1.1
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"eMule" = eMule
"EOS Utility" = Canon Utilities EOS Utility
"foobar2000" = foobar2000
"Full Pack" = Full Pack Codecs
"Google Updater" = Outil de mise à jour Google
"HijackThis" = HijackThis 2.0.2
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"InCD!UninstallKey" = InCD
"InstallShield_{523BD5B6-E904-493C-B902-1BC9B7D44DF4}" = Centre d'imagerie Lexmark
"KLiteCodecPack_is1" = K-Lite Codec Pack 4.2.4 (Full) BETA
"Language pack for Ad-Aware SE" = Language pack for Ad-Aware SE
"Lexmark Z700-P700 Series" = Lexmark Z700-P700 Series
"Lexmark Z700-P700 Series Photo Card Reader V3.00" = Lexmark Z700-P700 Series Photo Card Reader
"MediaInfo" = MediaInfo 0.7.5.5
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 2.0 Language Pack - FRA" = Module de prise en charge linguistique de Microsoft .NET Framework 2.0 - FRA
"Microsoft .NET Framework 3.0 French Language Pack" = Module de prise en charge linguistique du français de Microsoft .NET Framework 3.0
"MovieEditTask" = Canon MovieEdit Task for ZoomBrowser EX
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"Nero - Burning Rom!UninstallKey" = Nero OEM
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA Drivers" = NVIDIA Drivers
"PhotoStitch" = Canon Utilities PhotoStitch
"Picasa2" = Picasa 2
"QuicktimeAlt_is1" = QuickTime Alternative 2.7.0
"RAW Image Task" = Canon RAW Image Task for ZoomBrowser EX
"RealAlt_is1" = Real Alternative 1.9.0
"RemoteCaptureTask" = Canon RemoteCapture Task for ZoomBrowser EX
"ShockwaveFlash" = Adobe Flash Player 9 ActiveX
"Solitude for Windows" = Solitude for Windows
"Stellarium_is1" = Stellarium 0.8.2
"WIC" = Windows Imaging Component
"Winamp" = Winamp
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Lecteur Windows Media 11
"Windows XP Service" = Windows XP Service Pack 3
"WinLibre_is1" = WinLibre
"WinRAR archiver" = Archiveur WinRAR
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"XPSEPSCLP" = XML Paper Specification Shared Components Language Pack 1.0
"Xvid_is1" = Xvid 1.1.3 final uninstall
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX

========== Last 10 Event Log Errors ==========

[ Antivirus Events ]
Error - 18/10/07 20:15:35 | Computer Name = MORTIER | Source = avast! | ID = 33554522
Description = Scan of "Z:\" area failed with 00000003 error (function avfilesScanReal
failed).

Error - 30/12/07 13:17:44 | Computer Name = MORTIER | Source = avast! | ID = 33554522
Description = Scan of "E:\" area failed with 00000015 error (function avfilesScanReal
failed).

Error - 01/02/08 15:40:35 | Computer Name = MORTIER | Source = avast! | ID = 33554522
Description = Scan of "Y:\" area failed with 00000003 error (function avfilesScanReal
failed).

Error - 01/02/08 15:40:35 | Computer Name = MORTIER | Source = avast! | ID = 33554522
Description = Scan of "Z:\" area failed with 00000003 error (function avfilesScanReal
failed).

Error - 07/04/08 01:17:47 | Computer Name = MORTIER | Source = avast! | ID = 33554522
Description = Internal error has occurred in module aswar scan function failed!,
function C0000005.

Error - 12/12/08 15:06:46 | Computer Name = MORTIER | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\WINDOWS\SoftwareDistribution\Download\075927282ce89a5c78a9e45d2662ba68\BIT1C.tmp
failed, 00000026.

Error - 12/12/08 15:36:47 | Computer Name = MORTIER | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\WINDOWS\SoftwareDistribution\Download\075927282ce89a5c78a9e45d2662ba68\BIT1C.tmp
failed, 00000026.

Error - 12/12/08 16:06:47 | Computer Name = MORTIER | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\WINDOWS\SoftwareDistribution\Download\075927282ce89a5c78a9e45d2662ba68\BIT1C.tmp
failed, 00000026.

Error - 12/12/08 16:36:47 | Computer Name = MORTIER | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\WINDOWS\SoftwareDistribution\Download\075927282ce89a5c78a9e45d2662ba68\BIT1C.tmp
failed, 00000026.

[ Application Events ]
Error - 03/01/09 12:33:02 | Computer Name = MORTIER | Source = Application Hang | ID = 1002
Description = Application bloquée iexplore.exe, version 7.0.6000.16762, module bloqué
hungapp, version 0.0.0.0, adresse de blocage 0x00000000.

Error - 06/01/09 12:20:00 | Computer Name = MORTIER | Source = Application Hang | ID = 1002
Description = Application bloquée iexplore.exe, version 7.0.6000.16762, module bloqué
hungapp, version 0.0.0.0, adresse de blocage 0x00000000.

Error - 07/01/09 14:58:08 | Computer Name = MORTIER | Source = MsiInstaller | ID = 11704
Description = Produit : OpenOffice.org Installer 1.0 -- Erreur 1704.L'installation
de Microsoft Office XP Professional est actuellement interrompue. Vous devez annuler
les modifications apportées par cette installation pour continuer. Voulez-vous
annuler les modifications ?

Error - 07/01/09 14:58:57 | Computer Name = MORTIER | Source = MsiInstaller | ID = 11706
Description = Produit : Microsoft Office XP Professional -- Erreur 1706. Le programme
d'installation ne peut pas trouver les fichiers requis. Vérifiez votre connexion
au réseau ou votre lecteur de CD-ROM. Pour des solutions éventuelles à ce problème,
consultez C:\Program Files\Microsoft Office\Office10\1036\SETUP.HLP.

Error - 07/01/09 16:20:27 | Computer Name = MORTIER | Source = Application Error | ID = 1000
Description = Application défaillante emule.exe, version 0.49.1.27, module défaillant
emule.exe, version 0.49.1.27, adresse de défaillance 0x0020523d.

Error - 10/01/09 07:31:47 | Computer Name = MORTIER | Source = Application Hang | ID = 1002
Description = Application bloquée WINWORD.EXE, version 10.0.2627.0, module bloqué
hungapp, version 0.0.0.0, adresse de blocage 0x00000000.

Error - 12/01/09 15:17:49 | Computer Name = MORTIER | Source = Application Error | ID = 1000
Description = Application défaillante sanagaplayer.exe, version 1.0.0.1, module
défaillant sanaga~1.ocx, version 1.0.0.1, adresse de défaillance 0x00001df3.

Error - 15/01/09 03:46:58 | Computer Name = MORTIER | Source = Application Hang | ID = 1002
Description = Application bloquée iexplore.exe, version 7.0.6000.16762, module bloqué
hungapp, version 0.0.0.0, adresse de blocage 0x00000000.

Error - 15/01/09 04:15:36 | Computer Name = MORTIER | Source = Application Hang | ID = 1002
Description = Application bloquée iexplore.exe, version 7.0.6000.16762, module bloqué
hungapp, version 0.0.0.0, adresse de blocage 0x00000000.

Error - 20/01/09 04:54:24 | Computer Name = MORTIER | Source = Application Hang | ID = 1002
Description = Application bloquée iexplore.exe, version 7.0.6000.16762, module bloqué
hungapp, version 0.0.0.0, adresse de blocage 0x00000000.

[ System Events ]
Error - 22/01/09 11:05:17 | Computer Name = MORTIER | Source = Service Control Manager | ID = 7000
Description = Le service Planificateur LiveUpdate automatique n'a pas pu démarrer
en raison de l'erreur : %%3

Error - 22/01/09 12:59:02 | Computer Name = MORTIER | Source = Service Control Manager | ID = 7000
Description = Le service Service Norton AntiVirus Auto-Protect n'a pas pu démarrer
en raison de l'erreur : %%3

Error - 22/01/09 12:59:02 | Computer Name = MORTIER | Source = Service Control Manager | ID = 7000
Description = Le service Planificateur LiveUpdate automatique n'a pas pu démarrer
en raison de l'erreur : %%3

Error - 23/01/09 06:32:37 | Computer Name = MORTIER | Source = Service Control Manager | ID = 7000
Description = Le service Service Norton AntiVirus Auto-Protect n'a pas pu démarrer
en raison de l'erreur : %%3

Error - 23/01/09 06:32:37 | Computer Name = MORTIER | Source = Service Control Manager | ID = 7000
Description = Le service Planificateur LiveUpdate automatique n'a pas pu démarrer
en raison de l'erreur : %%3

Error - 23/01/09 08:31:01 | Computer Name = MORTIER | Source = Service Control Manager | ID = 7000
Description = Le service Service Norton AntiVirus Auto-Protect n'a pas pu démarrer
en raison de l'erreur : %%3

Error - 23/01/09 08:31:01 | Computer Name = MORTIER | Source = Service Control Manager | ID = 7000
Description = Le service Planificateur LiveUpdate automatique n'a pas pu démarrer
en raison de l'erreur : %%3

Error - 23/01/09 11:25:45 | Computer Name = MORTIER | Source = SideBySide | ID = 16842784
Description = L'assemblage dépendant Microsoft.VC80.MFCLOC ne peut pas être trouvé.
La dernière erreur était L'assemblage référencé n'est pas installé sur votre système.

Error - 23/01/09 11:25:45 | Computer Name = MORTIER | Source = SideBySide | ID = 16842811
Description = Resolve Partial Assembly a échoué pour Microsoft.VC80.MFCLOC. Message
d'erreur de référence : L'assemblage référencé n'est pas installé sur votre système.
.

Error - 23/01/09 11:25:45 | Computer Name = MORTIER | Source = SideBySide | ID = 16842811
Description = Generate Activation Context a échoué pour C:\Program Files\DivX\DivX
Converter\Microsoft.VC80.MFC\MFC80U.DLL. Message d'erreur de référence : Opération
réussie. .

<End>

Assiste.Forums

difficultés avec internet demande d'aide et analyse log

difficultés avec internet demande d'aide et analyse log

OTListIt.txt

excuses

Manip effectuées

Qui est en ligne