difficultés avec internet demande d'aide et analyse log

Sécurité et insécurité. Virus, Trojans, Spywares, Failles etc. …

Modérateur: Modérateurs et Modératrices

Règles du forum
Assiste.com a suspendu l'assistance à la décontamination après presque 15 ans sur l'ancien forum puis celui-ci. Voir :

Procédure de décontamination 1 - Anti-malware
Décontamination anti-malwares

Procédure de décontamination 2 - Anti-malware et antivirus (La Manip)
La Manip - Procédure standard de décontamination

Entretien périodique d'un PC sous Windows
Entretien périodique d'un PC sous Windows

Protection des navigateurs, de la navigation et de la vie privée
Protéger le navigateur, la navigation et la vie privée

Messagede nickW » 24 Jan 2009, 22:07

Bonsoir,

Il y a encore des éléments actifs appartenant à Symantec (Norton).
Je pense que tu as cherché à le désinstaller, mais cette suppression est incomplète.
Peux-tu utiliser cet utilitaire (fourni par Symantec) pour parachever cette désinstallation:
Télécharger et exécuter l'outil de désinstallation Norton


Suite du nettoyage:

Étape 1: Désinstallation
Démarrer-->Paramètres-->Panneau de Configuration-->Ajout/Suppression de programmes
Rechercher et désinstaller (si trouvé) eoRezo


Étape 2: OTMoveIt3 (de OldTimer)
Télécharger OTMoveIt3 via un clic droit sur le lien ci-dessous:
http://oldtimer.geekstogo.com/OTMoveIt3.exe
Enregistrer le fichier sur le Bureau.

Ouvrir une fenêtre du Bloc-notes, via Démarrer---->Exécuter, taper notepad puis cliquer sur OK
Sélectionner toutes les lignes de la zone blanche située sous "Code:" ci-dessous, puis appuyer simultanément sur les touches Ctrl et C

Code: Tout sélectionner
rien
:Processes
explorer.exe

:Reg
[-HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4fce9886-c4f6-11db-b244-0013d36520eb}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{5CBE2611-C31B-401F-89BC-4CBB25E853D7}"=-

:Commands
[start explorer]
[emptytemp]



Retourner dans la fenêtre du Bloc-notes, faire un clic droit dans la fenêtre et choisir Coller
Vérifier dans le menu Format (en haut) que "Retour automatique à ligne" n'est pas actif (pas coché).
Enregistrer le fichier sous le nom OTMI-1.txt
Fermer le Bloc-notes.
Note: Les lignes de la zone Code ci-dessus ont été créées exclusivement pour CET utilisateur: mortier.
si vous n'êtes pas CET utilisateur, il ne faut pas les utiliser: elles pourraient endommager votre système.



Étape 3: Pas de processus de contrôle en temps réel
Désactiver le module résident de l'antivirus et celui de l'antispyware.


Étape 4: OTMoveIt3 (de OldTimer)
Faire un double clic sur OTMoveIt3.exe pour lancer l'outil.
Ouvrir le fichier OTMI-1.txt dans le Bloc-notes.
Dans le Bloc-notes, cliquer sur le menu Edition (en haut) et choisir Sélectionner tout.
Dans le Bloc-notes, cliquer sur le menu Edition (en haut) et choisir Copier.

Retourner dans la fenêtre de OTMoveIt3, faire un clic droit dans la fenêtre située sur la gauche nommée "Paste Instructions for Items to be Moved" Image et choisir Coller.

Cliquer sur le bouton MoveIt!: Image
Attendre la fin du travail de l'outil puis fermer OTMoveIt3.
Note: Un redémarrage est parfois nécessaire. S'il est demandé, cliquer sur Oui/Yes


Étape 5: Processus de contrôle en temps réel
Important: Réactiver le module résident de l'antivirus et celui de l'antispyware.


Étape 6: OTListIt2 (de OldTimer)
Fermer toutes les fenêtres de programme ouvertes.

Faire un double clic sur OTListIt2.exe pour lancer l'outil.

L'écran principal de OTListIt2 s'affiche:
Image

Cocher (en haut) la case située devant Scan All Users: Image

Puis cliquer sur le bouton Run Scan: Image

Laisser l'outil travailler sans l'interrompre.
Lorsque l'outil a terminé, il y a ouverture d'une fenêtre du Bloc-notes contenant un rapport (log).
Fermer le Bloc-notes.
Fermer la fenêtre de OTListIt2.


Étape 7: Résultats
Envoyer en réponse:
*- le rapport de OTMoveIt3 (contenu du fichier Lecteur\_OTMoveIt\MovedFiles\********_******.log - les *** sont des chiffres représentant la date [moisjourannée] et l'heure)
[Lecteur représente la partition depuis laquelle OTMoveIt3 a été lancé, généralement C:]

Envoyer ensuite en réponse dans un message distinct (à cause de la longueur du log):
*- le rapport principal de OTListIt2 (contenu du fichier OTListIt2.txt situé sur le Bureau).
Le rapport envoyé sur le forum doit se terminer par une ligne contenant <End>. Si ce n'est pas le cas, il est incomplet, et doit alors être découpé en plusieurs messages.

Note importante: Pour l'envoi de ta(tes) réponse(s), il ne faut pas créer un nouveau sujet, mais cliquer sur le bouton "Répondre"
Image pour continuer dans ce fil de discussion.

A suivre,
nickW - Image
30/07/2012: Plus de désinfection de PC jusqu'à nouvel ordre.
Pas de demande d'analyse de log en MP (Message Privé)
Mes configs
Avatar de l’utilisateur
nickW
Modérateur
 
Messages: 21698
Inscription: 20 Mai 2004, 17:41
Localisation: Dordogne/Île de France

:D

Messagede mortier » 25 Jan 2009, 01:57

Bonjour,
avant d'envoyer les logs je signale qu'internet à l'air de tourner plus vite "comme avant"
tu n'as pas répondu au sujet des polices de fichiers qui changent de couleur y-a-t-il une explication?

OTListIt logfile created on: 25/01/09 01:47:50 - Run 7
OTListIt2 by OldTimer - Version 1.0.3.0 Folder = C:\Documents and Settings\Armand\Bureau
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yy

1023,48 Mb Total Physical Memory | 697,28 Mb Available Physical Memory | 68,13% Memory free
3,90 Gb Paging File | 3,62 Gb Available in Paging File | 92,79% Paging File free
Paging file location(s): C:\pagefile.sys 3072 4096;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 189,91 Gb Total Space | 75,74 Gb Free Space | 39,88% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
Drive H: | 983,72 Mb Total Space | 585,98 Mb Free Space | 59,57% Space Free | Partition Type: FAT
I: Drive not present or media not loaded

Computer Name: MORTIER
Current User Name: Armand
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Output = Standard
File Age = 30 Days
Company Name Whitelist: On

========== Processes (SafeList) ==========

[2005/06/10 17:19:38 | 00,869,888 | ---- | M] (Nero AG) -- C:\Program Files\Ahead\InCD\InCDsrv.exe
[2008/11/26 18:12:08 | 00,018,752 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
[2008/11/26 18:18:46 | 00,155,160 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe
[2003/03/26 15:17:14 | 00,303,104 | ---- | M] (Lexmark International, Inc.) -- C:\WINDOWS\system32\LEXBCES.EXE
[2003/03/26 15:16:04 | 00,174,592 | ---- | M] (Lexmark International, Inc.) -- C:\WINDOWS\system32\LEXPPS.EXE
[2004/07/20 14:15:20 | 00,090,112 | ---- | M] (ASUSTeK COMPUTER INC.) -- C:\WINDOWS\ATKKBService.exe
[2008/10/03 17:48:26 | 00,168,432 | ---- | M] (Google) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
[2008/11/10 05:43:40 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
[2005/02/24 00:32:00 | 00,127,043 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe
[2006/03/30 08:15:44 | 00,096,341 | ---- | M] (Canon Inc.) -- C:\Program Files\Canon\CAL\CALMAIN.exe
[2005/06/10 15:20:06 | 01,397,760 | ---- | M] (Nero AG) -- C:\Program Files\Ahead\InCD\InCD.exe
[2003/03/26 10:11:44 | 00,282,624 | ---- | M] ( ) -- C:\Program Files\Lexmark\Photo Card Reader\lxblksk.exe
[2005/09/14 17:15:40 | 00,080,384 | ---- | M] (TechCity Solutions France) -- C:\Program Files\TechCity Solutions\AliceSAV\AliceAgent.exe
[2003/12/08 16:35:14 | 00,032,768 | ---- | M] (Cyberlink Corp.) -- C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
[2008/11/26 18:18:51 | 00,081,000 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashDisp.exe
[2008/08/04 00:02:20 | 00,036,352 | ---- | M] () -- C:\Program Files\Winamp\winampa.exe
[2008/11/10 05:43:42 | 00,136,600 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
[2008/11/26 18:16:23 | 00,352,920 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
[2008/11/26 18:18:32 | 00,254,040 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
[2009/01/21 19:00:14 | 00,419,328 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Armand\Bureau\OTListIt2.exe

========== (O23) Win32 Services (SafeList) ==========

File not found -- -- (Acsvcvcvnpq.50 [On_Demand | Stopped])
[2007/10/24 00:47:22 | 00,033,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
[2008/11/26 18:12:08 | 00,018,752 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe -- (aswUpdSv [Auto | Running])
[2004/07/20 14:15:20 | 00,090,112 | ---- | M] (ASUSTeK COMPUTER INC.) -- C:\WINDOWS\ATKKBService.exe -- (ATKKeyboardService [Auto | Running])
[2008/11/26 18:18:46 | 00,155,160 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe -- (avast! Antivirus [Auto | Running])
[2008/11/26 18:18:32 | 00,254,040 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe -- (avast! Mail Scanner [On_Demand | Running])
[2008/11/26 18:16:23 | 00,352,920 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe -- (avast! Web Scanner [On_Demand | Running])
[2006/03/30 08:15:44 | 00,096,341 | ---- | M] (Canon Inc.) -- C:\Program Files\Canon\CAL\CALMAIN.exe -- (CCALib8 [Auto | Running])
[2007/10/24 00:47:40 | 00,070,144 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
[2007/10/09 12:58:12 | 00,036,864 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Stopped])
[2008/10/03 17:48:26 | 00,168,432 | ---- | M] (Google) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc [Auto | Running])
[2007/10/11 09:55:10 | 00,864,256 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc [Unknown | Stopped])
[2005/06/10 17:19:38 | 00,869,888 | ---- | M] (Nero AG) -- C:\Program Files\Ahead\InCD\InCDsrv.exe -- (InCDsrv [Auto | Running])
[2008/11/10 05:43:40 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService [Auto | Running])
[2003/03/26 15:17:14 | 00,303,104 | ---- | M] (Lexmark International, Inc.) -- C:\WINDOWS\system32\LEXBCES.EXE -- (LexBceS [Auto | Running])
[2007/10/11 09:55:14 | 00,122,880 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled | Stopped])
[2005/02/24 00:32:00 | 00,127,043 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe -- (NVSvc [Auto | Running])
File not found -- -- (Planificateur LiveUpdate automatique [Disabled | Stopped])
[2006/11/03 09:59:14 | 00,918,016 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc [On_Demand | Stopped])

========== Driver Services (SafeList) ==========

[2008/11/26 18:15:35 | 00,026,944 | ---- | M] (ALWIL Software) -- C:\WINDOWS\system32\drivers\aavmker4.sys -- (Aavmker4 [System | Running])
[2005/04/19 03:40:52 | 02,317,504 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM [On_Demand | Running])
[2005/03/09 07:53:00 | 00,036,352 | R--- | M] (Advanced Micro Devices) -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8 [System | Stopped])
[1999/09/10 11:06:00 | 00,025,244 | ---- | M] (Adaptec) -- C:\WINDOWS\system32\drivers\Aspi32.sys -- (Aspi32 [Auto | Running])
[2004/07/20 14:19:16 | 00,020,096 | ---- | M] (ASUSTeK COMPUTER INC.) -- C:\WINDOWS\system32\drivers\atkkbnt.sys -- (asuskbnt [System | Running])
[2008/11/26 18:17:25 | 00,020,560 | ---- | M] (ALWIL Software) -- C:\WINDOWS\system32\drivers\aswFsBlk.sys -- (aswFsBlk [Auto | Running])
[2008/11/26 18:18:18 | 00,094,032 | ---- | M] (ALWIL Software) -- C:\WINDOWS\system32\drivers\aswmon2.sys -- (aswMon2 [Auto | Running])
[2008/11/26 18:16:29 | 00,023,152 | ---- | M] (ALWIL Software) -- C:\WINDOWS\system32\drivers\aswRdr.sys -- (aswRdr [On_Demand | Running])
[2008/11/26 18:17:36 | 00,111,184 | ---- | M] (ALWIL Software) -- C:\WINDOWS\system32\drivers\aswSP.sys -- (aswSP [System | Running])
[2008/11/26 18:16:38 | 00,050,864 | ---- | M] (ALWIL Software) -- C:\WINDOWS\system32\drivers\aswTdi.sys -- (aswTdi [System | Running])
[2001/08/17 22:04:48 | 00,171,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\camdrv30.sys -- (Camdrv30 [On_Demand | Stopped])
[2004/12/14 16:55:22 | 00,009,472 | R--- | M] (ASUSTeK Computer Inc.) -- C:\WINDOWS\system32\drivers\EIO.sys -- (EIO [Auto | Running])
[2005/06/10 17:12:12 | 00,099,584 | ---- | M] (Nero AG) -- C:\WINDOWS\system32\drivers\InCDfs.sys -- (InCDfs [Disabled | Running])
[2005/06/10 17:11:50 | 00,029,696 | ---- | M] (Nero AG) -- C:\WINDOWS\system32\drivers\InCDpass.sys -- (InCDPass [System | Running])
[2005/06/10 15:11:44 | 00,028,160 | ---- | M] (Nero AG) -- C:\WINDOWS\system32\drivers\InCDrm.sys -- (incdrm [System | Running])
[2008/04/13 19:53:09 | 00,040,320 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\nmnt.sys -- (nm [On_Demand | Stopped])
[2005/02/24 00:32:00 | 03,454,144 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv [On_Demand | Running])
[2004/12/07 09:15:54 | 00,087,936 | R--- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\drivers\nvatabus.sys -- (nvatabus [Boot | Running])
[2004/11/24 10:42:46 | 00,033,408 | R--- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD [On_Demand | Running])
[2004/11/24 10:42:48 | 00,012,928 | R--- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus [On_Demand | Running])
[2008/04/13 19:56:06 | 00,088,320 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\nwlnkipx.sys -- (NwlnkIpx [Auto | Running])
[2004/08/05 13:00:00 | 00,063,232 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\nwlnknb.sys -- (NwlnkNb [Auto | Running])
[2004/08/05 13:00:00 | 00,055,936 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\nwlnkspx.sys -- (NwlnkSpx [Auto | Running])
[2003/12/05 10:46:36 | 00,010,368 | ---- | M] (Padus, Inc.) -- C:\WINDOWS\system32\drivers\pfc.sys -- (pfc [On_Demand | Running])
[2004/08/05 13:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink [On_Demand | Running])
[2007/03/08 00:51:00 | 00,043,528 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\pxhelp20.sys -- (PxHelp20 [Boot | Running])
[2007/11/13 11:25:54 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv [On_Demand | Stopped])
[2008/06/20 12:08:27 | 00,225,856 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\tcpip6.sys -- (Tcpip6 [System | Running])
[2008/04/13 19:56:01 | 00,012,288 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\tunmp.sys -- (tunmp [On_Demand | Running])
[2008/04/13 19:56:49 | 00,012,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\usb8023.sys -- (USB_RNDIS_51 [On_Demand | Running])

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://fr.yahoo.com
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL =
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions =
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.aliceadsl.fr
HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.aliceadsl.fr
URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key does not exist or could not be opened. File not found
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



HKU\S-1-5-21-790525478-527237240-1801674531-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
HKU\S-1-5-21-790525478-527237240-1801674531-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions =
HKU\S-1-5-21-790525478-527237240-1801674531-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
HKU\S-1-5-21-790525478-527237240-1801674531-1004\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
HKU\S-1-5-21-790525478-527237240-1801674531-1004\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
HKU\S-1-5-21-790525478-527237240-1801674531-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.aliceadsl.fr
HKU\S-1-5-21-790525478-527237240-1801674531-1004\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.aliceadsl.fr
URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key does not exist or could not be opened. File not found
HKU\S-1-5-21-790525478-527237240-1801674531-1004\S-1-5-21-790525478-527237240-1801674531-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

O1 HOSTS File: (50834 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 0.0.0.0 123spywar.com
O1 - Hosts: 0.0.0.0 www.123spywar.com
O1 - Hosts: 0.0.0.0 1clickspyclean.com
O1 - Hosts: 0.0.0.0 www.1clickspyclean.com
O1 - Hosts: 0.0.0.0 1clicksuite.net
O1 - Hosts: 0.0.0.0 www.1clicksuite.net
O1 - Hosts: 0.0.0.0 1spyware-removal.com
O1 - Hosts: 0.0.0.0 www.1spyware-removal.com
O1 - Hosts: 0.0.0.0 1spywarekiller.com
O1 - Hosts: 0.0.0.0 www.1spywarekiller.com
O1 - Hosts: 0.0.0.0 1stantivirus.com
O1 - Hosts: 0.0.0.0 www.1stantivirus.com
O1 - Hosts: 0.0.0.0 1stspywar.com
O1 - Hosts: 0.0.0.0 www.1stspywar.com
O1 - Hosts: 0.0.0.0 2-antispyware.com
O1 - Hosts: 0.0.0.0 www.2-antispyware.com
O1 - Hosts: 0.0.0.0 3bsoftware.com
O1 - Hosts: 0.0.0.0 www.3bsoftware.com
O1 - Hosts: 0.0.0.0 actualresearch.com
O1 - Hosts: 0.0.0.0 www.actualresearch.com
O1 - Hosts: 0.0.0.0 abletostop.com
O1 - Hosts: 0.0.0.0 www.abletostop.com
O1 - Hosts: 0.0.0.0 aboutblankremover.com
O1 - Hosts: 0.0.0.0 www.aboutblankremover.com
O1 - Hosts: 1735 more lines...
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll (Google Inc.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKCU\..\Toolbar: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - Reg Error: Key does not exist or could not be opened. File not found
O3 - HKCU\..\Toolbar: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key does not exist or could not be opened. File not found
O3 - HKU\.DEFAULT\..\Toolbar: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - Reg Error: Key does not exist or could not be opened. File not found
O3 - HKU\S-1-5-18\..\Toolbar: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - Reg Error: Key does not exist or could not be opened. File not found
O3 - HKU\S-1-5-21-790525478-527237240-1801674531-1004\..\Toolbar: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - Reg Error: Key does not exist or could not be opened. File not found
O3 - HKU\S-1-5-21-790525478-527237240-1801674531-1004\..\Toolbar: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key does not exist or could not be opened. File not found
O4 - HKLM..\Run: [AliceSAV] C:\Program Files\TechCity Solutions\AliceSAV\AliceAgent.exe (TechCity Solutions France)
O4 - HKLM..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe (ALWIL Software)
O4 - HKLM..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe (Nero AG)
O4 - HKLM..\Run: [LXBLKsk] C:\PROGRA~1\Lexmark\PHOTOC~1\LXBLKsk.exe ( )
O4 - HKLM..\Run: [MemoryCardManager] C:\Program Files\Lexmark\Lexmark Photo Center\MemoryCardManager.exe -startup ()
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] nwiz.exe /install (NVIDIA Corporation)
O4 - HKLM..\Run: [RemoteControl] "C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe" (Cyberlink Corp.)
O4 - HKLM..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe" ()
O4 - HKCU..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe" (Ahead Software AG)
O4 - HKCU..\Run: [PowerBar] File not found
O4 - HKU\S-1-5-21-790525478-527237240-1801674531-1004..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe" (Ahead Software AG)
O4 - HKU\S-1-5-21-790525478-527237240-1801674531-1004..\Run: [PowerBar] File not found
O4 - Startup: C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 36
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = FF FF FF FF [binary data]

O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-790525478-527237240-1801674531-1004\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-790525478-527237240-1801674531-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 36
O7 - HKU\S-1-5-21-790525478-527237240-1801674531-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = FF FF FF FF [binary data]

O7 - HKU\S-1-5-21-790525478-527237240-1801674531-1004_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O15 - HKLM\..Trusted Sites: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shoc ... tor/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {41564D57-9980-0010-8000-00AA00389B71} http://download.microsoft.com/download/ ... mvadvd.cab (Reg Error: Key does not exist or could not be opened.)
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} http://www.ca.com/fr/securityadvisor/vi ... ebscan.cab (WScanCtl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/fl ... rashim.cab (Reg Error: Key does not exist or could not be opened.)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Reg Error: Key does not exist or could not be opened.)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Reg Error: Key does not exist or could not be opened.)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Reg Error: Key does not exist or could not be opened.)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Reg Error: Key does not exist or could not be opened.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Reg Error: Key does not exist or could not be opened.)
O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/pub/sh ... wflash.cab (Shockwave Flash Object)
O18 - Protocol\Handler: - cdo - C:\Program Files\Fichiers communs\Microsoft Shared\Web Folders\PKMCDO.DLL (Microsoft Corporation)
O18 - Protocol\Handler: - ipp - No CLSID value found
O18 - Protocol\Handler: - ipp\0x00000001 - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler: - msdaipp - No CLSID value found
O18 - Protocol\Handler: - msdaipp\0x00000001 - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler: - msdaipp\oledb - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler: - mso-offdap - C:\Program Files\Fichiers communs\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O20 - See sections below for AppInitDlls and Winlogon settings

========== Safeboot Options ==========

"AlternateShell" = cmd.exe

========== CDRom AutoRun Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom]
"AutoRun" = 0

========== Autorun Files on Drives ==========

AUTOEXEC.BAT []
[2005/11/02 00:23:28 | 00,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT -- [ NTFS ]

autorun.inf []
[2007/07/22 14:28:29 00,000,000 | ---D | M] -- C:\autorun.inf -- [ NTFS ]

autorun.inf []
[2009/01/22 17:46:18 00,000,000 | RHSD | M] -- H:\autorun.inf -- [ FAT ]

========== Files/Folders - Created Within 30 Days ==========

[2009/01/25 01:39:19 | 00,000,000 | ---D | C] -- C:\_OTMoveIt
[2009/01/25 01:27:41 | 00,348,160 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Armand\Bureau\OTMoveIt3.exe
[2009/01/25 01:20:47 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NortonInstaller
[2009/01/25 01:18:55 | 02,404,352 | ---- | C] () -- C:\Documents and Settings\Armand\Bureau\Norton_Removal_Tool.exe
[2009/01/23 16:24:59 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Armand\Bureau\Virus
[2009/01/22 17:37:50 | 00,132,597 | ---- | C] () -- C:\Documents and Settings\Armand\Bureau\Flash_Disinfector.exe
[2009/01/21 20:58:11 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Armand\Bureau\Martin Scorsese Presents The Blues_7 CD Box (2003)
[2009/01/21 18:59:58 | 00,419,328 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Armand\Bureau\OTListIt2.exe
[2009/01/21 18:16:29 | 00,001,734 | ---- | C] () -- C:\Documents and Settings\Armand\Bureau\HijackThis.lnk
[2009/01/21 18:16:29 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2009/01/21 12:28:28 | 00,016,896 | ---- | C] () -- C:\Documents and Settings\Armand\Mes documents\FC09-004CINQ.xls
[2009/01/21 12:26:50 | 00,040,782 | ---- | C] () -- C:\Documents and Settings\Armand\Mes documents\FC09-005TER.pdf
[2009/01/15 19:52:31 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Armand\Bureau\BALBINO MEDELLIN
[2009/01/12 21:18:49 | 00,077,824 | ---- | C] () -- C:\WINDOWS\System32\xvid.ax
[2009/01/12 21:18:49 | 00,000,000 | ---D | C] -- C:\Program Files\Xvid
[2009/01/12 21:06:14 | 00,278,528 | ---- | C] (Real Networks, Inc) -- C:\WINDOWS\System32\pncrt.dll
[2009/01/12 21:06:13 | 00,000,000 | ---D | C] -- C:\Program Files\Real Alternative
[2009/01/12 21:06:13 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Armand\Local Settings\Application Data\Real
[2009/01/12 21:06:13 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Armand\Application Data\Real
[2009/01/12 21:06:13 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Real
[2009/01/12 21:04:26 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Apple Computer
[2009/01/12 21:04:19 | 00,000,000 | ---D | C] -- C:\Program Files\QuickTime Alternative
[2009/01/12 20:53:38 | 00,164,352 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2009/01/12 20:53:37 | 00,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini
[2009/01/12 20:53:35 | 00,287,744 | ---- | C] (Kristal StudioDFileDescription) -- C:\WINDOWS\System32\divxa32.acm
[2009/01/12 20:53:35 | 00,232,448 | ---- | C] (Fraunhofer Institut Integrierte Schaltungen IIS) -- C:\WINDOWS\System32\mp3fhg.acm
[2009/01/12 20:53:35 | 00,118,784 | ---- | C] (fccHandler) -- C:\WINDOWS\System32\ac3acm.acm
[2009/01/12 20:53:35 | 00,000,414 | ---- | C] () -- C:\WINDOWS\System32\lame_acm.xml
[2009/01/12 20:53:34 | 02,041,363 | ---- | C] () -- C:\WINDOWS\System32\x264vfw.dll
[2009/01/12 20:53:34 | 00,630,784 | ---- | C] (On2.com) -- C:\WINDOWS\System32\vp7vfw.dll
[2009/01/12 20:53:34 | 00,438,272 | ---- | C] (On2.com) -- C:\WINDOWS\System32\vp6vfw.dll
[2009/01/12 20:53:34 | 00,039,936 | ---- | C] (Disappearing Inc.) -- C:\WINDOWS\System32\huffyuv.dll
[2009/01/12 20:53:33 | 00,765,952 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2009/01/12 20:53:33 | 00,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2009/01/12 20:53:31 | 00,007,680 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2009/01/12 20:53:31 | 00,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2009/01/12 20:53:30 | 00,000,000 | ---D | C] -- C:\Program Files\K-Lite Codec Pack
[2009/01/12 20:32:28 | 00,000,000 | ---D | C] -- C:\Program Files\Full Pack Codecs
[2009/01/12 20:29:53 | 00,352,461 | ---- | C] () -- C:\install_FullPackCodecs_FR.exe
[2009/01/09 15:57:57 | 01,161,216 | ---- | C] () -- C:\Documents and Settings\Armand\Bureau\Guide_accès_ressources_DI.DOC
[2009/01/07 20:50:00 | 00,000,000 | ---D | C] -- C:\Program Files\Sun
[2009/01/07 20:49:53 | 00,000,000 | ---D | C] -- C:\Program Files\Stellarium
[2009/01/07 18:41:02 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Armand\Application Data\EoRezo
[2009/01/05 18:04:37 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Armand\Bureau\Bonardi
[2009/01/04 10:39:37 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Armand\Application Data\DivX
[2009/01/04 10:38:42 | 00,000,795 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\DivX Player.lnk
[2009/01/04 10:38:28 | 00,000,806 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\DivX Converter.lnk
[2009/01/04 10:38:13 | 00,001,480 | ---- | C] () -- C:\Documents and Settings\Armand\Bureau\DivX Movies.lnk
[2009/01/04 10:38:13 | 00,000,000 | ---D | C] -- C:\Program Files\DivX

========== Files - Modified Within 30 Days ==========

[4 C:\WINDOWS\System32\*.tmp files]
[4 C:\WINDOWS\*.tmp files]
[2009/01/25 01:42:46 | 00,000,022 | ---- | M] () -- C:\WINDOWS\FLASHKSK.INI
[2009/01/25 01:42:36 | 00,003,230 | ---- | M] () -- C:\WINDOWS\LXBLCAH.ini
[2009/01/25 01:42:35 | 00,023,773 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2009/01/25 01:42:16 | 00,003,121 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2009/01/25 01:41:56 | 00,002,422 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/01/25 01:41:19 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/01/25 01:41:15 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/01/25 01:27:41 | 00,348,160 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Armand\Bureau\OTMoveIt3.exe
[2009/01/25 01:18:55 | 02,404,352 | ---- | M] () -- C:\Documents and Settings\Armand\Bureau\Norton_Removal_Tool.exe
[2009/01/25 01:14:49 | 00,000,480 | ---- | M] () -- C:\WINDOWS\lexstat.ini
[2009/01/24 10:52:06 | 00,010,240 | ---- | M] () -- C:\Documents and Settings\Armand\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/01/24 02:01:36 | 01,578,210 | -H-- | M] () -- C:\Documents and Settings\Armand\Local Settings\Application Data\IconCache.db
[2009/01/23 23:40:30 | 00,001,548 | ---- | M] () -- C:\Documents and Settings\Armand\Bureau\CCleaner.lnk
[2009/01/22 20:27:28 | 00,031,904 | ---- | M] () -- C:\Documents and Settings\Armand\Application Data\GDIPFONTCACHEV1.DAT
[2009/01/22 17:37:50 | 00,132,597 | ---- | M] () -- C:\Documents and Settings\Armand\Bureau\Flash_Disinfector.exe
[2009/01/21 19:00:14 | 00,419,328 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Armand\Bureau\OTListIt2.exe
[2009/01/21 18:16:29 | 00,001,734 | ---- | M] () -- C:\Documents and Settings\Armand\Bureau\HijackThis.lnk
[2009/01/21 12:28:31 | 00,016,896 | ---- | M] () -- C:\Documents and Settings\Armand\Mes documents\FC09-004CINQ.xls
[2009/01/21 12:26:53 | 00,040,782 | ---- | M] () -- C:\Documents and Settings\Armand\Mes documents\FC09-005TER.pdf
[2009/01/19 22:00:46 | 01,123,208 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/01/19 22:00:46 | 00,510,736 | ---- | M] () -- C:\WINDOWS\System32\perfh00C.dat
[2009/01/19 22:00:46 | 00,441,624 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/01/19 22:00:46 | 00,084,818 | ---- | M] () -- C:\WINDOWS\System32\perfc00C.dat
[2009/01/19 22:00:46 | 00,071,308 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/01/16 18:18:17 | 00,045,384 | -H-- | M] () -- C:\Documents and Settings\Armand\Mes documents\ZbThumbnail.info
[2009/01/12 21:16:39 | 00,000,795 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\DivX Player.lnk
[2009/01/12 21:16:24 | 00,000,806 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\DivX Converter.lnk
[2009/01/12 21:15:56 | 00,001,480 | ---- | M] () -- C:\Documents and Settings\Armand\Bureau\DivX Movies.lnk
[2009/01/12 21:10:38 | 00,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2009/01/12 20:33:02 | 00,031,904 | ---- | M] () -- C:\Documents and Settings\Armand\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2009/01/12 20:31:38 | 00,352,461 | ---- | M] () -- C:\install_FullPackCodecs_FR.exe
[2009/01/12 20:19:34 | 00,000,190 | ---- | M] () -- C:\WINDOWS\QTW.INI
[2009/01/11 11:29:49 | 00,149,992 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/01/10 02:35:28 | 20,853,704 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe
[2009/01/09 16:05:27 | 01,161,216 | ---- | M] () -- C:\Documents and Settings\Armand\Bureau\Guide_accès_ressources_DI.DOC

========== Alternate Data Streams ==========

@Alternate Data Stream - 88 bytes -> %UserProfile%\Mes documents\ZbThumbnail.info:SummaryInformation
@Alternate Data Stream - 104 bytes -> %AllUsersProfile%\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 0 bytes -> %UserProfile%\Mes documents\ZbThumbnail.info:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
@Alternate Data Stream - 0 bytes -> %UserProfile%\Mes documents\Thumbs.db:encryptable
@Alternate Data Stream - 0 bytes -> %UserProfile%\Bureau\Thumbs.db:encryptable
@Alternate Data Stream - 0 bytes -> %UserProfile%\Bureau\Flash_Disinfector.exe:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
@Alternate Data Stream - 0 bytes -> %SystemRoot%\Thumbs.db:encryptable
@Alternate Data Stream - 0 bytes -> %SystemDrive%\install_FullPackCodecs_FR.exe:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
<End>
Morty
mortier
 
Messages: 27
Inscription: 14 Juil 2007, 10:02
Localisation: 84700-Sorgues

Messagede mortier » 25 Jan 2009, 01:59

Re-bonsoir
2nd log

et Merci
OTListIt Extras logfile created on: 25/01/09 01:47:50 - Run 7
OTListIt2 by OldTimer - Version 1.0.3.0 Folder = C:\Documents and Settings\Armand\Bureau
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yy

1023,48 Mb Total Physical Memory | 697,28 Mb Available Physical Memory | 68,13% Memory free
3,90 Gb Paging File | 3,62 Gb Available in Paging File | 92,79% Paging File free
Paging file location(s): C:\pagefile.sys 3072 4096;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 189,91 Gb Total Space | 75,74 Gb Free Space | 39,88% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
Drive H: | 983,72 Mb Total Space | 585,98 Mb Free Space | 59,57% Space Free | Partition Type: FAT
I: Drive not present or media not loaded

Computer Name: MORTIER
Current User Name: Armand
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Output = Standard
File Age = 30 Days
Company Name Whitelist: On

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 1
"FirewallDisableNotify" = 1
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
File not found -- C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:MSN Messenger 7.5
[2008/04/13 19:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
[2003/03/26 15:16:04 | 00,174,592 | ---- | M] (Lexmark International, Inc.) -- C:\WINDOWS\system32\LEXPPS.EXE:*:Enabled:LEXPPS.EXE
[2008/10/15 08:06:26 | 00,633,632 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\IEXPLORE.EXE:*:Enabled:Internet Explorer
[2008/04/14 03:34:13 | 01,695,232 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger
File not found -- C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:MSN Messenger 7.5
File not found -- C:\Program Files\K-Lite Codec Pack\Media Player Classic\mplayerc.exe:*:Enabled:Media Player Classic
[2008/04/13 19:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
[2007/11/15 20:33:43 | 05,537,792 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Games\Age of Empires\Empires.exe:*:Enabled:Age of Empires
[2006/10/18 17:33:19 | 06,737,965 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Games\Age of Empires II\EMPIRES2.EXE:*:Disabled:Age of Empires II
[2001/06/15 22:37:34 | 06,877,229 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Games\Age of Empires II\age2_x1\age2_x1.exe:*:Disabled:Age of Empires II Expansion
[2008/08/01 18:41:24 | 05,480,448 | ---- | M] (http://www.emule-project.net) -- C:\Program Files\eMule\emule.exe:*:Enabled:eMule
File not found -- C:\Program Files\BitComet\BitComet.exe:*:Disabled:BitComet - a BitTorrent Client
[2008/02/20 09:30:50 | 00,147,456 | ---- | M] (IPortent) -- C:\Program Files\Zapu\Zapu\wDivi.exe:*:Disabled:Zapu Control
File not found -- C:\Program Files\Winamp Remote\bin\Orb.exe:*:Enabled:Orb
File not found -- C:\Program Files\Winamp Remote\bin\OrbTray.exe:*:Enabled:OrbTray
File not found -- C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe:*:Enabled:Orb Stream Client
File not found -- C:\Documents and Settings\Armand\Local Settings\Temp\WZSE0.TMP\SymNRT.exe:*:Enabled:Norton Removal Tool

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{121634B0-2F4B-11D3-ADA3-00C04F52DD52}" = Windows Installer Clean Up
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = Multimedia Launcher
"{26A24AE4-039D-4CA4-87B4-2F83216010FF}" = Java(TM) 6 Update 11
"{2BA00471-0328-3743-93BD-FA813353A783}" = Microsoft .NET Framework 3.0 Service Pack 1
"{315ACD04-BCEB-478B-9B1D-5431D0E6CB11}" = ASUS Enhanced Display Driver
"{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java(TM) SE Runtime Environment 6 Update 1
"{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java(TM) 6 Update 2
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java(TM) 6 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java(TM) 6 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{350C940c-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3A0221AD-D30B-4320-8F9B-1D0F0E6C6843}" = Kit de Connexion Alice ADSL
"{3A2AF807-9F9F-43C9-A24A-17B617238B74}" = OpenOffice.org Installer 1.0
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{523BD5B6-E904-493C-B902-1BC9B7D44DF4}" = Lexmark Photo Center
"{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}" = Windows Genuine Advantage v1.3.0254.0
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{6901DD22-527A-41EF-9059-E81FEDE9E494}" = Windows Presentation Foundation Language Pack (FRA)
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{9011040C-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional
"{9030040C-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Media Content
"{97034E1C-B178-4B5E-A1C4-203E225CC6FF}" = SanagaPlayer
"{9A394342-4A68-4EBA-85A6-55B559F4E700}" = Microsoft .NET Framework 1.1 French Language Pack
"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
"{AC76BA86-7AD7-1036-7B44-A90000000001}" = Adobe Reader 9 - Français
"{AC76BA86-7AD7-5464-3428-800000000003}" = Spelling Dictionaries Support For Adobe Reader 8
"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B168C59D-5FCF-4EEC-B464-BFA7A8266150}" = Windows Communication Foundation Language Pack - FRA
"{B508B3F1-A24A-32C0-B310-85786919EF28}" = Microsoft .NET Framework 2.0 Service Pack 1
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = PowerProducer
"{B84C141C-9A13-44BE-9A69-301D7B11D836}" = Windows Workflow Foundation FR Language Pack
"{B97CF5C3-0487-11D8-A36E-0050BAE317E1}" = DVD Solution
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{E3C080B0-23F5-49AF-89F8-8E8DBC89E659}" = Microsoft .NET Framework 3.0 French Language Pack
"{F196AC50-7C95-42E1-9947-BDAB18BF3C8C}" = Microsoft .NET Framework 2.0 Language Pack - FRA
"{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio
"7-Zip" = 7-Zip 3.13
"Ad-Aware SE Personal" = Ad-Aware SE Personal
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player
"Age of Empires" = Microsoft Age of Empires
"Age of Empires 2.0" = Microsoft Age of Empires II
"Age of Empires II: The Conquerors Expansion 1.0" = Microsoft Age of Empires II : The Conquerors Expansion
"AliceSAV" = Alice Auto-diagnostic
"Atlas mondial Encarta 2.0" = Atlas Mondial Microsoft Encarta
"avast!" = avast! Antivirus
"CAL" = Canon Camera Access Library
"CameraWindowDVC5" = Canon Camera Window DC_DV 5 for ZoomBrowser EX
"CameraWindowDVC6" = Canon Camera Window DC_DV 6 for ZoomBrowser EX
"CameraWindowMC" = Canon Camera Window MC 6 for ZoomBrowser EX
"Canon G.726 WMP-Decoder" = Canon G.726 WMP-Decoder
"CANON iMAGE GATEWAY Task" = CANON iMAGE GATEWAY Task for ZoomBrowser EX
"Canon Internet Library for ZoomBrowser EX" = Canon Internet Library for ZoomBrowser EX
"CCleaner" = CCleaner (remove only)
"CD-reef version S118 (édition 1999.4)" = CD-reef version S118 (édition 1999.4)
"CSCLIB" = Canon Camera Support Core Library
"Dicobat version 1.1" = Dicobat version 1.1
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"eMule" = eMule
"EOS Utility" = Canon Utilities EOS Utility
"foobar2000" = foobar2000
"Full Pack" = Full Pack Codecs
"Google Updater" = Outil de mise à jour Google
"HijackThis" = HijackThis 2.0.2
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"InCD!UninstallKey" = InCD
"InstallShield_{523BD5B6-E904-493C-B902-1BC9B7D44DF4}" = Centre d'imagerie Lexmark
"KLiteCodecPack_is1" = K-Lite Codec Pack 4.2.4 (Full) BETA
"Language pack for Ad-Aware SE" = Language pack for Ad-Aware SE
"Lexmark Z700-P700 Series" = Lexmark Z700-P700 Series
"Lexmark Z700-P700 Series Photo Card Reader V3.00" = Lexmark Z700-P700 Series Photo Card Reader
"MediaInfo" = MediaInfo 0.7.5.5
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 2.0 Language Pack - FRA" = Module de prise en charge linguistique de Microsoft .NET Framework 2.0 - FRA
"Microsoft .NET Framework 3.0 French Language Pack" = Module de prise en charge linguistique du français de Microsoft .NET Framework 3.0
"MovieEditTask" = Canon MovieEdit Task for ZoomBrowser EX
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"Nero - Burning Rom!UninstallKey" = Nero OEM
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA Drivers" = NVIDIA Drivers
"PhotoStitch" = Canon Utilities PhotoStitch
"Picasa2" = Picasa 2
"QuicktimeAlt_is1" = QuickTime Alternative 2.7.0
"RAW Image Task" = Canon RAW Image Task for ZoomBrowser EX
"RealAlt_is1" = Real Alternative 1.9.0
"RemoteCaptureTask" = Canon RemoteCapture Task for ZoomBrowser EX
"ShockwaveFlash" = Adobe Flash Player 9 ActiveX
"Solitude for Windows" = Solitude for Windows
"Stellarium_is1" = Stellarium 0.8.2
"WIC" = Windows Imaging Component
"Winamp" = Winamp
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Lecteur Windows Media 11
"Windows XP Service" = Windows XP Service Pack 3
"WinLibre_is1" = WinLibre
"WinRAR archiver" = Archiveur WinRAR
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"XPSEPSCLP" = XML Paper Specification Shared Components Language Pack 1.0
"Xvid_is1" = Xvid 1.1.3 final uninstall
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX

========== Last 10 Event Log Errors ==========

[ Antivirus Events ]
Error - 18/10/07 20:15:35 | Computer Name = MORTIER | Source = avast! | ID = 33554522
Description = Scan of "Z:\" area failed with 00000003 error (function avfilesScanReal
failed).

Error - 30/12/07 13:17:44 | Computer Name = MORTIER | Source = avast! | ID = 33554522
Description = Scan of "E:\" area failed with 00000015 error (function avfilesScanReal
failed).

Error - 01/02/08 15:40:35 | Computer Name = MORTIER | Source = avast! | ID = 33554522
Description = Scan of "Y:\" area failed with 00000003 error (function avfilesScanReal
failed).

Error - 01/02/08 15:40:35 | Computer Name = MORTIER | Source = avast! | ID = 33554522
Description = Scan of "Z:\" area failed with 00000003 error (function avfilesScanReal
failed).

Error - 07/04/08 01:17:47 | Computer Name = MORTIER | Source = avast! | ID = 33554522
Description = Internal error has occurred in module aswar scan function failed!,
function C0000005.

Error - 12/12/08 15:06:46 | Computer Name = MORTIER | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\WINDOWS\SoftwareDistribution\Download\075927282ce89a5c78a9e45d2662ba68\BIT1C.tmp
failed, 00000026.

Error - 12/12/08 15:36:47 | Computer Name = MORTIER | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\WINDOWS\SoftwareDistribution\Download\075927282ce89a5c78a9e45d2662ba68\BIT1C.tmp
failed, 00000026.

Error - 12/12/08 16:06:47 | Computer Name = MORTIER | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\WINDOWS\SoftwareDistribution\Download\075927282ce89a5c78a9e45d2662ba68\BIT1C.tmp
failed, 00000026.

Error - 12/12/08 16:36:47 | Computer Name = MORTIER | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\WINDOWS\SoftwareDistribution\Download\075927282ce89a5c78a9e45d2662ba68\BIT1C.tmp
failed, 00000026.

[ Application Events ]
Error - 07/01/09 16:20:27 | Computer Name = MORTIER | Source = Application Error | ID = 1000
Description = Application défaillante emule.exe, version 0.49.1.27, module défaillant
emule.exe, version 0.49.1.27, adresse de défaillance 0x0020523d.

Error - 10/01/09 07:31:47 | Computer Name = MORTIER | Source = Application Hang | ID = 1002
Description = Application bloquée WINWORD.EXE, version 10.0.2627.0, module bloqué
hungapp, version 0.0.0.0, adresse de blocage 0x00000000.

Error - 12/01/09 15:17:49 | Computer Name = MORTIER | Source = Application Error | ID = 1000
Description = Application défaillante sanagaplayer.exe, version 1.0.0.1, module
défaillant sanaga~1.ocx, version 1.0.0.1, adresse de défaillance 0x00001df3.

Error - 15/01/09 03:46:58 | Computer Name = MORTIER | Source = Application Hang | ID = 1002
Description = Application bloquée iexplore.exe, version 7.0.6000.16762, module bloqué
hungapp, version 0.0.0.0, adresse de blocage 0x00000000.

Error - 15/01/09 04:15:36 | Computer Name = MORTIER | Source = Application Hang | ID = 1002
Description = Application bloquée iexplore.exe, version 7.0.6000.16762, module bloqué
hungapp, version 0.0.0.0, adresse de blocage 0x00000000.

Error - 20/01/09 04:54:24 | Computer Name = MORTIER | Source = Application Hang | ID = 1002
Description = Application bloquée iexplore.exe, version 7.0.6000.16762, module bloqué
hungapp, version 0.0.0.0, adresse de blocage 0x00000000.

Error - 24/01/09 09:28:27 | Computer Name = MORTIER | Source = Application Hang | ID = 1002
Description = Application bloquée iexplore.exe, version 7.0.6000.16762, module bloqué
hungapp, version 0.0.0.0, adresse de blocage 0x00000000.

Error - 24/01/09 09:28:42 | Computer Name = MORTIER | Source = Application Hang | ID = 1002
Description = Application bloquée winamp.exe, version 5.5.4.2165, module bloqué
hungapp, version 0.0.0.0, adresse de blocage 0x00000000.

Error - 24/01/09 17:14:03 | Computer Name = MORTIER | Source = Application Hang | ID = 1002
Description = Application bloquée iexplore.exe, version 7.0.6000.16762, module bloqué
hungapp, version 0.0.0.0, adresse de blocage 0x00000000.

Error - 24/01/09 20:09:50 | Computer Name = MORTIER | Source = Application Hang | ID = 1002
Description = Application bloquée WINWORD.EXE, version 10.0.2627.0, module bloqué
hungapp, version 0.0.0.0, adresse de blocage 0x00000000.

[ System Events ]
Error - 22/01/09 11:05:17 | Computer Name = MORTIER | Source = Service Control Manager | ID = 7000
Description = Le service Planificateur LiveUpdate automatique n'a pas pu démarrer
en raison de l'erreur : %%3

Error - 22/01/09 12:59:02 | Computer Name = MORTIER | Source = Service Control Manager | ID = 7000
Description = Le service Service Norton AntiVirus Auto-Protect n'a pas pu démarrer
en raison de l'erreur : %%3

Error - 22/01/09 12:59:02 | Computer Name = MORTIER | Source = Service Control Manager | ID = 7000
Description = Le service Planificateur LiveUpdate automatique n'a pas pu démarrer
en raison de l'erreur : %%3

Error - 23/01/09 06:32:37 | Computer Name = MORTIER | Source = Service Control Manager | ID = 7000
Description = Le service Service Norton AntiVirus Auto-Protect n'a pas pu démarrer
en raison de l'erreur : %%3

Error - 23/01/09 06:32:37 | Computer Name = MORTIER | Source = Service Control Manager | ID = 7000
Description = Le service Planificateur LiveUpdate automatique n'a pas pu démarrer
en raison de l'erreur : %%3

Error - 23/01/09 08:31:01 | Computer Name = MORTIER | Source = Service Control Manager | ID = 7000
Description = Le service Service Norton AntiVirus Auto-Protect n'a pas pu démarrer
en raison de l'erreur : %%3

Error - 23/01/09 08:31:01 | Computer Name = MORTIER | Source = Service Control Manager | ID = 7000
Description = Le service Planificateur LiveUpdate automatique n'a pas pu démarrer
en raison de l'erreur : %%3

Error - 23/01/09 11:25:45 | Computer Name = MORTIER | Source = SideBySide | ID = 16842784
Description = L'assemblage dépendant Microsoft.VC80.MFCLOC ne peut pas être trouvé.
La dernière erreur était L'assemblage référencé n'est pas installé sur votre système.


Error - 23/01/09 11:25:45 | Computer Name = MORTIER | Source = SideBySide | ID = 16842811
Description = Resolve Partial Assembly a échoué pour Microsoft.VC80.MFCLOC. Message
d'erreur de référence : L'assemblage référencé n'est pas installé sur votre système.
.

Error - 23/01/09 11:25:45 | Computer Name = MORTIER | Source = SideBySide | ID = 16842811
Description = Generate Activation Context a échoué pour C:\Program Files\DivX\DivX
Converter\Microsoft.VC80.MFC\MFC80U.DLL. Message d'erreur de référence : Opération
réussie. .


<End>
Morty
mortier
 
Messages: 27
Inscription: 14 Juil 2007, 10:02
Localisation: 84700-Sorgues

Messagede mortier » 25 Jan 2009, 02:05

OTListIt Extras logfile created on: 25/01/09 01:47:50 - Run 7
OTListIt2 by OldTimer - Version 1.0.3.0 Folder = C:\Documents and Settings\Armand\Bureau
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yy

1023,48 Mb Total Physical Memory | 697,28 Mb Available Physical Memory | 68,13% Memory free
3,90 Gb Paging File | 3,62 Gb Available in Paging File | 92,79% Paging File free
Paging file location(s): C:\pagefile.sys 3072 4096;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 189,91 Gb Total Space | 75,74 Gb Free Space | 39,88% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
Drive H: | 983,72 Mb Total Space | 585,98 Mb Free Space | 59,57% Space Free | Partition Type: FAT
I: Drive not present or media not loaded

Computer Name: MORTIER
Current User Name: Armand
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Output = Standard
File Age = 30 Days
Company Name Whitelist: On

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 1
"FirewallDisableNotify" = 1
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
File not found -- C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:MSN Messenger 7.5
[2008/04/13 19:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
[2003/03/26 15:16:04 | 00,174,592 | ---- | M] (Lexmark International, Inc.) -- C:\WINDOWS\system32\LEXPPS.EXE:*:Enabled:LEXPPS.EXE
[2008/10/15 08:06:26 | 00,633,632 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\IEXPLORE.EXE:*:Enabled:Internet Explorer
[2008/04/14 03:34:13 | 01,695,232 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger
File not found -- C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:MSN Messenger 7.5
File not found -- C:\Program Files\K-Lite Codec Pack\Media Player Classic\mplayerc.exe:*:Enabled:Media Player Classic
[2008/04/13 19:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
[2007/11/15 20:33:43 | 05,537,792 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Games\Age of Empires\Empires.exe:*:Enabled:Age of Empires
[2006/10/18 17:33:19 | 06,737,965 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Games\Age of Empires II\EMPIRES2.EXE:*:Disabled:Age of Empires II
[2001/06/15 22:37:34 | 06,877,229 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Games\Age of Empires II\age2_x1\age2_x1.exe:*:Disabled:Age of Empires II Expansion
[2008/08/01 18:41:24 | 05,480,448 | ---- | M] (http://www.emule-project.net) -- C:\Program Files\eMule\emule.exe:*:Enabled:eMule
File not found -- C:\Program Files\BitComet\BitComet.exe:*:Disabled:BitComet - a BitTorrent Client
[2008/02/20 09:30:50 | 00,147,456 | ---- | M] (IPortent) -- C:\Program Files\Zapu\Zapu\wDivi.exe:*:Disabled:Zapu Control
File not found -- C:\Program Files\Winamp Remote\bin\Orb.exe:*:Enabled:Orb
File not found -- C:\Program Files\Winamp Remote\bin\OrbTray.exe:*:Enabled:OrbTray
File not found -- C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe:*:Enabled:Orb Stream Client
File not found -- C:\Documents and Settings\Armand\Local Settings\Temp\WZSE0.TMP\SymNRT.exe:*:Enabled:Norton Removal Tool

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{121634B0-2F4B-11D3-ADA3-00C04F52DD52}" = Windows Installer Clean Up
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = Multimedia Launcher
"{26A24AE4-039D-4CA4-87B4-2F83216010FF}" = Java(TM) 6 Update 11
"{2BA00471-0328-3743-93BD-FA813353A783}" = Microsoft .NET Framework 3.0 Service Pack 1
"{315ACD04-BCEB-478B-9B1D-5431D0E6CB11}" = ASUS Enhanced Display Driver
"{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java(TM) SE Runtime Environment 6 Update 1
"{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java(TM) 6 Update 2
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java(TM) 6 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java(TM) 6 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{350C940c-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3A0221AD-D30B-4320-8F9B-1D0F0E6C6843}" = Kit de Connexion Alice ADSL
"{3A2AF807-9F9F-43C9-A24A-17B617238B74}" = OpenOffice.org Installer 1.0
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{523BD5B6-E904-493C-B902-1BC9B7D44DF4}" = Lexmark Photo Center
"{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}" = Windows Genuine Advantage v1.3.0254.0
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{6901DD22-527A-41EF-9059-E81FEDE9E494}" = Windows Presentation Foundation Language Pack (FRA)
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{9011040C-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional
"{9030040C-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Media Content
"{97034E1C-B178-4B5E-A1C4-203E225CC6FF}" = SanagaPlayer
"{9A394342-4A68-4EBA-85A6-55B559F4E700}" = Microsoft .NET Framework 1.1 French Language Pack
"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
"{AC76BA86-7AD7-1036-7B44-A90000000001}" = Adobe Reader 9 - Français
"{AC76BA86-7AD7-5464-3428-800000000003}" = Spelling Dictionaries Support For Adobe Reader 8
"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B168C59D-5FCF-4EEC-B464-BFA7A8266150}" = Windows Communication Foundation Language Pack - FRA
"{B508B3F1-A24A-32C0-B310-85786919EF28}" = Microsoft .NET Framework 2.0 Service Pack 1
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = PowerProducer
"{B84C141C-9A13-44BE-9A69-301D7B11D836}" = Windows Workflow Foundation FR Language Pack
"{B97CF5C3-0487-11D8-A36E-0050BAE317E1}" = DVD Solution
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{E3C080B0-23F5-49AF-89F8-8E8DBC89E659}" = Microsoft .NET Framework 3.0 French Language Pack
"{F196AC50-7C95-42E1-9947-BDAB18BF3C8C}" = Microsoft .NET Framework 2.0 Language Pack - FRA
"{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio
"7-Zip" = 7-Zip 3.13
"Ad-Aware SE Personal" = Ad-Aware SE Personal
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player
"Age of Empires" = Microsoft Age of Empires
"Age of Empires 2.0" = Microsoft Age of Empires II
"Age of Empires II: The Conquerors Expansion 1.0" = Microsoft Age of Empires II : The Conquerors Expansion
"AliceSAV" = Alice Auto-diagnostic
"Atlas mondial Encarta 2.0" = Atlas Mondial Microsoft Encarta
"avast!" = avast! Antivirus
"CAL" = Canon Camera Access Library
"CameraWindowDVC5" = Canon Camera Window DC_DV 5 for ZoomBrowser EX
"CameraWindowDVC6" = Canon Camera Window DC_DV 6 for ZoomBrowser EX
"CameraWindowMC" = Canon Camera Window MC 6 for ZoomBrowser EX
"Canon G.726 WMP-Decoder" = Canon G.726 WMP-Decoder
"CANON iMAGE GATEWAY Task" = CANON iMAGE GATEWAY Task for ZoomBrowser EX
"Canon Internet Library for ZoomBrowser EX" = Canon Internet Library for ZoomBrowser EX
"CCleaner" = CCleaner (remove only)
"CD-reef version S118 (édition 1999.4)" = CD-reef version S118 (édition 1999.4)
"CSCLIB" = Canon Camera Support Core Library
"Dicobat version 1.1" = Dicobat version 1.1
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"eMule" = eMule
"EOS Utility" = Canon Utilities EOS Utility
"foobar2000" = foobar2000
"Full Pack" = Full Pack Codecs
"Google Updater" = Outil de mise à jour Google
"HijackThis" = HijackThis 2.0.2
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"InCD!UninstallKey" = InCD
"InstallShield_{523BD5B6-E904-493C-B902-1BC9B7D44DF4}" = Centre d'imagerie Lexmark
"KLiteCodecPack_is1" = K-Lite Codec Pack 4.2.4 (Full) BETA
"Language pack for Ad-Aware SE" = Language pack for Ad-Aware SE
"Lexmark Z700-P700 Series" = Lexmark Z700-P700 Series
"Lexmark Z700-P700 Series Photo Card Reader V3.00" = Lexmark Z700-P700 Series Photo Card Reader
"MediaInfo" = MediaInfo 0.7.5.5
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 2.0 Language Pack - FRA" = Module de prise en charge linguistique de Microsoft .NET Framework 2.0 - FRA
"Microsoft .NET Framework 3.0 French Language Pack" = Module de prise en charge linguistique du français de Microsoft .NET Framework 3.0
"MovieEditTask" = Canon MovieEdit Task for ZoomBrowser EX
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"Nero - Burning Rom!UninstallKey" = Nero OEM
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA Drivers" = NVIDIA Drivers
"PhotoStitch" = Canon Utilities PhotoStitch
"Picasa2" = Picasa 2
"QuicktimeAlt_is1" = QuickTime Alternative 2.7.0
"RAW Image Task" = Canon RAW Image Task for ZoomBrowser EX
"RealAlt_is1" = Real Alternative 1.9.0
"RemoteCaptureTask" = Canon RemoteCapture Task for ZoomBrowser EX
"ShockwaveFlash" = Adobe Flash Player 9 ActiveX
"Solitude for Windows" = Solitude for Windows
"Stellarium_is1" = Stellarium 0.8.2
"WIC" = Windows Imaging Component
"Winamp" = Winamp
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Lecteur Windows Media 11
"Windows XP Service" = Windows XP Service Pack 3
"WinLibre_is1" = WinLibre
"WinRAR archiver" = Archiveur WinRAR
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"XPSEPSCLP" = XML Paper Specification Shared Components Language Pack 1.0
"Xvid_is1" = Xvid 1.1.3 final uninstall
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX

========== Last 10 Event Log Errors ==========

[ Antivirus Events ]
Error - 18/10/07 20:15:35 | Computer Name = MORTIER | Source = avast! | ID = 33554522
Description = Scan of "Z:\" area failed with 00000003 error (function avfilesScanReal
failed).

Error - 30/12/07 13:17:44 | Computer Name = MORTIER | Source = avast! | ID = 33554522
Description = Scan of "E:\" area failed with 00000015 error (function avfilesScanReal
failed).

Error - 01/02/08 15:40:35 | Computer Name = MORTIER | Source = avast! | ID = 33554522
Description = Scan of "Y:\" area failed with 00000003 error (function avfilesScanReal
failed).

Error - 01/02/08 15:40:35 | Computer Name = MORTIER | Source = avast! | ID = 33554522
Description = Scan of "Z:\" area failed with 00000003 error (function avfilesScanReal
failed).

Error - 07/04/08 01:17:47 | Computer Name = MORTIER | Source = avast! | ID = 33554522
Description = Internal error has occurred in module aswar scan function failed!,
function C0000005.

Error - 12/12/08 15:06:46 | Computer Name = MORTIER | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\WINDOWS\SoftwareDistribution\Download\075927282ce89a5c78a9e45d2662ba68\BIT1C.tmp
failed, 00000026.

Error - 12/12/08 15:36:47 | Computer Name = MORTIER | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\WINDOWS\SoftwareDistribution\Download\075927282ce89a5c78a9e45d2662ba68\BIT1C.tmp
failed, 00000026.

Error - 12/12/08 16:06:47 | Computer Name = MORTIER | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\WINDOWS\SoftwareDistribution\Download\075927282ce89a5c78a9e45d2662ba68\BIT1C.tmp
failed, 00000026.

Error - 12/12/08 16:36:47 | Computer Name = MORTIER | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\WINDOWS\SoftwareDistribution\Download\075927282ce89a5c78a9e45d2662ba68\BIT1C.tmp
failed, 00000026.

[ Application Events ]
Error - 07/01/09 16:20:27 | Computer Name = MORTIER | Source = Application Error | ID = 1000
Description = Application défaillante emule.exe, version 0.49.1.27, module défaillant
emule.exe, version 0.49.1.27, adresse de défaillance 0x0020523d.

Error - 10/01/09 07:31:47 | Computer Name = MORTIER | Source = Application Hang | ID = 1002
Description = Application bloquée WINWORD.EXE, version 10.0.2627.0, module bloqué
hungapp, version 0.0.0.0, adresse de blocage 0x00000000.

Error - 12/01/09 15:17:49 | Computer Name = MORTIER | Source = Application Error | ID = 1000
Description = Application défaillante sanagaplayer.exe, version 1.0.0.1, module
défaillant sanaga~1.ocx, version 1.0.0.1, adresse de défaillance 0x00001df3.

Error - 15/01/09 03:46:58 | Computer Name = MORTIER | Source = Application Hang | ID = 1002
Description = Application bloquée iexplore.exe, version 7.0.6000.16762, module bloqué
hungapp, version 0.0.0.0, adresse de blocage 0x00000000.

Error - 15/01/09 04:15:36 | Computer Name = MORTIER | Source = Application Hang | ID = 1002
Description = Application bloquée iexplore.exe, version 7.0.6000.16762, module bloqué
hungapp, version 0.0.0.0, adresse de blocage 0x00000000.

Error - 20/01/09 04:54:24 | Computer Name = MORTIER | Source = Application Hang | ID = 1002
Description = Application bloquée iexplore.exe, version 7.0.6000.16762, module bloqué
hungapp, version 0.0.0.0, adresse de blocage 0x00000000.

Error - 24/01/09 09:28:27 | Computer Name = MORTIER | Source = Application Hang | ID = 1002
Description = Application bloquée iexplore.exe, version 7.0.6000.16762, module bloqué
hungapp, version 0.0.0.0, adresse de blocage 0x00000000.

Error - 24/01/09 09:28:42 | Computer Name = MORTIER | Source = Application Hang | ID = 1002
Description = Application bloquée winamp.exe, version 5.5.4.2165, module bloqué
hungapp, version 0.0.0.0, adresse de blocage 0x00000000.

Error - 24/01/09 17:14:03 | Computer Name = MORTIER | Source = Application Hang | ID = 1002
Description = Application bloquée iexplore.exe, version 7.0.6000.16762, module bloqué
hungapp, version 0.0.0.0, adresse de blocage 0x00000000.

Error - 24/01/09 20:09:50 | Computer Name = MORTIER | Source = Application Hang | ID = 1002
Description = Application bloquée WINWORD.EXE, version 10.0.2627.0, module bloqué
hungapp, version 0.0.0.0, adresse de blocage 0x00000000.

[ System Events ]
Error - 22/01/09 11:05:17 | Computer Name = MORTIER | Source = Service Control Manager | ID = 7000
Description = Le service Planificateur LiveUpdate automatique n'a pas pu démarrer
en raison de l'erreur : %%3

Error - 22/01/09 12:59:02 | Computer Name = MORTIER | Source = Service Control Manager | ID = 7000
Description = Le service Service Norton AntiVirus Auto-Protect n'a pas pu démarrer
en raison de l'erreur : %%3

Error - 22/01/09 12:59:02 | Computer Name = MORTIER | Source = Service Control Manager | ID = 7000
Description = Le service Planificateur LiveUpdate automatique n'a pas pu démarrer
en raison de l'erreur : %%3

Error - 23/01/09 06:32:37 | Computer Name = MORTIER | Source = Service Control Manager | ID = 7000
Description = Le service Service Norton AntiVirus Auto-Protect n'a pas pu démarrer
en raison de l'erreur : %%3

Error - 23/01/09 06:32:37 | Computer Name = MORTIER | Source = Service Control Manager | ID = 7000
Description = Le service Planificateur LiveUpdate automatique n'a pas pu démarrer
en raison de l'erreur : %%3

Error - 23/01/09 08:31:01 | Computer Name = MORTIER | Source = Service Control Manager | ID = 7000
Description = Le service Service Norton AntiVirus Auto-Protect n'a pas pu démarrer
en raison de l'erreur : %%3

Error - 23/01/09 08:31:01 | Computer Name = MORTIER | Source = Service Control Manager | ID = 7000
Description = Le service Planificateur LiveUpdate automatique n'a pas pu démarrer
en raison de l'erreur : %%3

Error - 23/01/09 11:25:45 | Computer Name = MORTIER | Source = SideBySide | ID = 16842784
Description = L'assemblage dépendant Microsoft.VC80.MFCLOC ne peut pas être trouvé.
La dernière erreur était L'assemblage référencé n'est pas installé sur votre système.

Bonjour c'est encore moi j'ai oublié ce rapport: OTMoveIt3

Error - 23/01/09 11:25:45 | Computer Name = MORTIER | Source = SideBySide | ID = 16842811
Description = Resolve Partial Assembly a échoué pour Microsoft.VC80.MFCLOC. Message
d'erreur de référence : L'assemblage référencé n'est pas installé sur votre système.
.

Error - 23/01/09 11:25:45 | Computer Name = MORTIER | Source = SideBySide | ID = 16842811
Description = Generate Activation Context a échoué pour C:\Program Files\DivX\DivX
Converter\Microsoft.VC80.MFC\MFC80U.DLL. Message d'erreur de référence : Opération
réussie. .


<End>
Morty
mortier
 
Messages: 27
Inscription: 14 Juil 2007, 10:02
Localisation: 84700-Sorgues

Messagede nickW » 26 Jan 2009, 01:14

Bonsoir,

Les dossiers/fichiers s'affichent en bleu car ils sont "compressés".

Vérification:
Faire un clic droit sur le dossier/fichier, choisir Propriétés, puis cliquer sur le bouton Avancé.
La case située devant "Compresser le contenu pour minimiser l'espace disque nécessaire" devrait être cochée.


Tu n'as pas envoyé le rapport de OTMoveIt3!


Si le PC ne présente plus de symptômes d'infection, voici quelques conseils supplémentaires (sécurisation & optimisation) à appliquer:


ImageUn conseil important:
Il faut créer un nouveau point de restauration système.
Après nettoyage du PC, il faut vider les fichiers stockés dans les dossiers de la Restauration système, puis créer un nouveau point de restauration qui sera utilisable en cas de problème.
Méthode:
Désactiver la restauration système, réactiver la restauration système, puis créer un nouveau point de restauration.
Explications détaillées:
http://assiste.com.free.fr/p/comment/co ... ation.html


ImageUn conseil:
Avast! n'est plus un bon antivirus (en tout cas dans sa version gratuite)!
Le logiciel antivirus Avira Antivir Personal est actuellement bien plus "réactif" vis à vis des nouveaux nuisibles que avast!
Une version française est disponible.
Voir:
http://assiste.com.free.fr/p/logitheque/antivir.html
http://www.free-av.com/en/products/1/av ... virus.html
Téléchargement: http://www.free-av.com/en/download/download_servers.php
Lire aussi cet article de Malekal_morte
Présentation sur libellules.ch : http://www.libellules.ch/tuto_antivir.php


ImageUn conseil important:
Il faut installer un vrai pare-feu.
Voir ICI et ICI.
Penser à désactiver complètement celui de Windows XP (y compris dans les services).


ImageUn conseil important:
Désinstaller toutes les versions obsolètes de Java de Sun dont les failles sont utilisées par les "malveillants".

JavaRa (de Fred de Vries et Paul McLain)
Télécharger JavaRa depuis cette page: http://raproducts.org/
(Dans l'article JavaRa, cliquer sur Download Windows Binary (.zip file)).
Enregistrer le fichier JavaRa.zip sur le Bureau.
Créer un nouveau dossier nommé JavaRa et y décompresser la totalité de l'archive (clic droit, puis Extraire tout).
Ouvrir le dossier JavaRa puis faire un double clic sur JavaRa.exe pour lancer l'outil.

Sous "Select the language of your choice below" choisir (via la liste déroulante) Français et cliquer sur le bouton Select.

Cliquer sur le bouton Effacer les anciennes versions et valider ce choix en cliquant sur Oui ("Êtes-vous sûr de vouloir poursuivre?").

Cliquer deux fois sur OK.
Un rapport va s'afficher dans le Bloc-notes. Fermer le Bloc-notes.
Fermer JavaRa.


ImageUn conseil important:
Proscrire l'utilisation de P2P illicite!
eMule est l'antithèse de la sécurité (© Jim Rakoto).


ImageUn conseil:
Image Il est préférable de supprimer OTListIt2 (fichier téléchargé OTListIt2.exe et fichiers résultats OTListIt.txt et Extras.txt situés sur le Bureau).
Image Il est préférable de supprimer Flash_Disinfector (fichier téléchargé Flash_Disinfector.exe).
Image Il est préférable de supprimer OTMoveIt3 (fichier téléchargé OTMoveIt3.exe situé sur le Bureau et fichier de travail OTMI-$.txt).
Note: Le dossier Lecteur\_OTMoveIt contient des sauvegardes. Après avoir vérifié que tous les logiciels du PC fonctionnent correctement, il sera possible de supprimer ce dossier.
Image Il est préférable de supprimer JavaRa (fichier téléchargé JavaRa.zip, dossier JavaRa et fichier résultat SystemDrive\JavaRa.log)
Image Vider les quarantaines de l'antivirus et de l'anti-spyware.



Voilì, voilò, voilà.

Salut,

PS:
Si tu considères que ce sujet est clos, peux-tu mettre [OK] devant le titre du premier message. Voir ICI.
Merci.
nickW - Image
30/07/2012: Plus de désinfection de PC jusqu'à nouvel ordre.
Pas de demande d'analyse de log en MP (Message Privé)
Mes configs
Avatar de l’utilisateur
nickW
Modérateur
 
Messages: 21698
Inscription: 20 Mai 2004, 17:41
Localisation: Dordogne/Île de France

Messagede mortier » 26 Jan 2009, 16:29

Bonjour et Merci encore
Pour les fichiers en bleu c'est la solution, bien, dans ma parano de virus j'imaginais le pire...

Toutes mes excuses j'étais confus dans les logs j'envoie donc celui de OTMoveIt3: 01252009_013919

Error: Unable to interpret <rien> in the current context!
========== PROCESSES ==========
Process explorer.exe killed successfully.
========== REGISTRY ==========
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4fce9886-c4f6-11db-b244-0013d36520eb}\\ deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{5CBE2611-C31B-401F-89BC-4CBB25E853D7} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5CBE2611-C31B-401F-89BC-4CBB25E853D7}\ not found.
========== COMMANDS ==========
Explorer started successfully
User's Temp folder emptied.
User's Temporary Internet Files folder emptied.
User's Internet Explorer cache folder emptied.
Local Service Temp folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
Local Service Temporary Internet Files folder emptied.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_4a0.dat scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_fc.dat scheduled to be deleted on reboot.
Windows Temp folder emptied.
Java cache emptied.
FireFox cache emptied.
Temp folders emptied.

OTMoveIt3 by OldTimer - Version 1.0.8.0 log created on 01252009_013919

Files moved on Reboot...
File move failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be moved on reboot.
File C:\WINDOWS\temp\Perflib_Perfdata_4a0.dat not found!
File C:\WINDOWS\temp\Perflib_Perfdata_fc.dat not found!
Morty
mortier
 
Messages: 27
Inscription: 14 Juil 2007, 10:02
Localisation: 84700-Sorgues

Messagede nickW » 26 Jan 2009, 16:35

Bonjour,

RAS dans ce dernier log ..... pas de virus à encre bleue. :D

Salut,
nickW - Image
30/07/2012: Plus de désinfection de PC jusqu'à nouvel ordre.
Pas de demande d'analyse de log en MP (Message Privé)
Mes configs
Avatar de l’utilisateur
nickW
Modérateur
 
Messages: 21698
Inscription: 20 Mai 2004, 17:41
Localisation: Dordogne/Île de France

Messagede mortier » 26 Jan 2009, 21:18

Bonsoir,

Merci encore pour la rapidité d'intervention
j'ai suivi les préconisations
Installé Avira Antivir Personal
créer un nouveau point de restauration système
installé le pare feu outpost
JavaRa mis à jour et nettoyé
les programmes ont l'air de fonctionner

Apparemment le Pc est "propre" mais la connexion internet est toujours lente dois me rapprocher du FAI et et clôturer le sujet (OK) ou essayer une autre manip ?
si tu pense que c'est bon je m'en remets à toi

cordialement Merci
Morty
mortier
 
Messages: 27
Inscription: 14 Juil 2007, 10:02
Localisation: 84700-Sorgues

Messagede nickW » 27 Jan 2009, 00:22

Bonsoir,

Peux-tu envoyer deux nouveaux logx de OTListIt2?
(Voir mon message du Ven 23/01/2009 à 02h07 pour la procédure).


A suivre,
nickW - Image
30/07/2012: Plus de désinfection de PC jusqu'à nouvel ordre.
Pas de demande d'analyse de log en MP (Message Privé)
Mes configs
Avatar de l’utilisateur
nickW
Modérateur
 
Messages: 21698
Inscription: 20 Mai 2004, 17:41
Localisation: Dordogne/Île de France

Messagede mortier » 27 Jan 2009, 18:39

Bonjour et Merci de la patience

OTListIt logfile created on: 27/01/09 18:33:45 - Run 8
OTListIt2 by OldTimer - Version 1.0.4.1 Folder = C:\Documents and Settings\Armand\Bureau
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yy

1023,48 Mb Total Physical Memory | 649,98 Mb Available Physical Memory | 63,51% Memory free
3,90 Gb Paging File | 3,56 Gb Available in Paging File | 91,25% Paging File free
Paging file location(s): C:\pagefile.sys 3072 4096;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 189,91 Gb Total Space | 80,76 Gb Free Space | 42,52% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: MORTIER
Current User Name: Armand
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Output = Standard
File Age = 30 Days
Company Name Whitelist: On

========== Processes (SafeList) ==========

[2005/06/10 17:19:38 | 00,869,888 | ---- | M] (Nero AG) -- C:\Program Files\Ahead\InCD\InCDsrv.exe
[2003/03/26 15:17:14 | 00,303,104 | ---- | M] (Lexmark International, Inc.) -- C:\WINDOWS\system32\LEXBCES.EXE
[2003/03/26 15:16:04 | 00,174,592 | ---- | M] (Lexmark International, Inc.) -- C:\WINDOWS\system32\LEXPPS.EXE
[2008/10/15 13:31:25 | 00,068,865 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
[2005/06/10 15:20:06 | 01,397,760 | ---- | M] (Nero AG) -- C:\Program Files\Ahead\InCD\InCD.exe
[2003/03/26 10:11:44 | 00,282,624 | ---- | M] ( ) -- C:\Program Files\Lexmark\Photo Card Reader\lxblksk.exe
[2005/09/14 17:15:40 | 00,080,384 | ---- | M] (TechCity Solutions France) -- C:\Program Files\TechCity Solutions\AliceSAV\AliceAgent.exe
[2003/12/08 16:35:14 | 00,032,768 | ---- | M] (Cyberlink Corp.) -- C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
[2008/08/04 00:02:20 | 00,036,352 | ---- | M] () -- C:\Program Files\Winamp\winampa.exe
[2008/06/12 13:28:40 | 00,266,497 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
[2009/01/26 20:29:31 | 00,136,600 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
[2008/10/15 13:29:28 | 00,151,297 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
[2004/07/20 14:15:20 | 00,090,112 | ---- | M] (ASUSTeK COMPUTER INC.) -- C:\WINDOWS\ATKKBService.exe
[2008/10/03 17:48:26 | 00,168,432 | ---- | M] (Google) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
[2009/01/26 20:29:31 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
[2005/02/24 00:32:00 | 00,127,043 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe
[2006/03/30 08:15:44 | 00,096,341 | ---- | M] (Canon Inc.) -- C:\Program Files\Canon\CAL\CALMAIN.exe
[2008/10/15 08:06:26 | 00,633,632 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe
[2009/01/27 18:33:05 | 00,419,328 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Armand\Bureau\OTListIt2.exe

========== (O23) Win32 Services (SafeList) ==========

[2008/04/14 03:33:18 | 00,100,352 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\6to4svc.dll -- (6to4 [Auto | Running])
[2008/12/25 18:41:38 | 01,267,016 | ---- | M] (Agnitum Ltd.) -- C:\Program Files\Agnitum\Outpost Firewall Pro\acs.exe -- (acssrv [Auto | Running])
File not found -- -- (Acsvcvcvnpq.50 [On_Demand | Stopped])
[2008/10/15 13:31:25 | 00,068,865 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe -- (AntiVirScheduler [Auto | Running])
[2008/10/15 13:29:28 | 00,151,297 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe -- (AntiVirService [Auto | Running])
[2007/10/24 00:47:22 | 00,033,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
[2004/07/20 14:15:20 | 00,090,112 | ---- | M] (ASUSTeK COMPUTER INC.) -- C:\WINDOWS\ATKKBService.exe -- (ATKKeyboardService [Auto | Running])
[2006/03/30 08:15:44 | 00,096,341 | ---- | M] (Canon Inc.) -- C:\Program Files\Canon\CAL\CALMAIN.exe -- (CCALib8 [Auto | Running])
[2007/10/24 00:47:40 | 00,070,144 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
[2007/10/09 12:58:12 | 00,036,864 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Stopped])
[2008/10/03 17:48:26 | 00,168,432 | ---- | M] (Google) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc [Auto | Running])
[2008/04/14 03:33:38 | 00,038,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\pchealth\helpctr\binaries\pchsvc.dll -- (helpsvc [Auto | Running])
[2007/10/11 09:55:10 | 00,864,256 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc [Unknown | Stopped])
[2005/06/10 17:19:38 | 00,869,888 | ---- | M] (Nero AG) -- C:\Program Files\Ahead\InCD\InCDsrv.exe -- (InCDsrv [Auto | Running])
[2009/01/26 20:29:31 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService [Auto | Running])
[2003/03/26 15:17:14 | 00,303,104 | ---- | M] (Lexmark International, Inc.) -- C:\WINDOWS\system32\LEXBCES.EXE -- (LexBceS [Auto | Running])
[2007/10/11 09:55:14 | 00,122,880 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled | Stopped])
[2005/02/24 00:32:00 | 00,127,043 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe -- (NVSvc [Auto | Running])
File not found -- -- (Planificateur LiveUpdate automatique [Disabled | Stopped])
[2006/11/03 09:59:14 | 00,918,016 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc [On_Demand | Stopped])
[2006/09/28 18:56:14 | 00,055,808 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\WudfSvc.dll -- (WudfSvc [On_Demand | Stopped])

========== Driver Services (SafeList) ==========

[2008/06/20 09:45:22 | 00,030,864 | ---- | M] (Agnitum Ltd.) -- C:\WINDOWS\system32\drivers\afw.sys -- (afw [On_Demand | Running])
[2008/12/17 11:07:54 | 00,257,176 | ---- | M] (Agnitum Ltd.) -- C:\WINDOWS\system32\drivers\afwcore.sys -- (afwcore [On_Demand | Running])
[2005/04/19 03:40:52 | 02,317,504 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM [On_Demand | Running])
[2005/03/09 07:53:00 | 00,036,352 | R--- | M] (Advanced Micro Devices) -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8 [System | Stopped])
[1999/09/10 11:06:00 | 00,025,244 | ---- | M] (Adaptec) -- C:\WINDOWS\system32\drivers\Aspi32.sys -- (Aspi32 [Auto | Running])
[2004/07/20 14:19:16 | 00,020,096 | ---- | M] (ASUSTeK COMPUTER INC.) -- C:\WINDOWS\system32\drivers\atkkbnt.sys -- (asuskbnt [System | Running])
[2008/12/24 17:25:36 | 00,034,080 | ---- | M] (Agnitum Ltd.) -- C:\WINDOWS\system32\Filt\ASWFilt.dll -- (ASWFilt [On_Demand | Stopped])
[2007/02/27 14:24:55 | 00,011,840 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgio.sys -- (avgio [System | Running])
[2008/05/20 15:29:43 | 00,052,032 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgntflt.sys -- (avgntflt [On_Demand | Running])
[2008/10/30 10:21:03 | 00,075,072 | ---- | M] (Avira GmbH) -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb [System | Running])
[2001/08/17 22:04:48 | 00,171,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\camdrv30.sys -- (Camdrv30 [On_Demand | Stopped])
[2004/12/14 16:55:22 | 00,009,472 | R--- | M] (ASUSTeK Computer Inc.) -- C:\WINDOWS\system32\drivers\EIO.sys -- (EIO [Auto | Running])
[2005/06/10 17:12:12 | 00,099,584 | ---- | M] (Nero AG) -- C:\WINDOWS\system32\drivers\InCDfs.sys -- (InCDfs [Disabled | Running])
[2005/06/10 17:11:50 | 00,029,696 | ---- | M] (Nero AG) -- C:\WINDOWS\system32\drivers\InCDpass.sys -- (InCDPass [System | Running])
[2005/06/10 15:11:44 | 00,028,160 | ---- | M] (Nero AG) -- C:\WINDOWS\system32\drivers\InCDrm.sys -- (incdrm [System | Running])
[2008/04/13 19:53:09 | 00,040,320 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\nmnt.sys -- (nm [On_Demand | Stopped])
[2005/02/24 00:32:00 | 03,454,144 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv [On_Demand | Running])
[2004/12/07 09:15:54 | 00,087,936 | R--- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\drivers\nvatabus.sys -- (nvatabus [Boot | Running])
[2004/11/24 10:42:46 | 00,033,408 | R--- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD [On_Demand | Running])
[2004/11/24 10:42:48 | 00,012,928 | R--- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus [On_Demand | Running])
[2008/04/13 19:56:06 | 00,088,320 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\nwlnkipx.sys -- (NwlnkIpx [Auto | Running])
[2004/08/05 13:00:00 | 00,063,232 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\nwlnknb.sys -- (NwlnkNb [Auto | Running])
[2004/08/05 13:00:00 | 00,055,936 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\nwlnkspx.sys -- (NwlnkSpx [Auto | Running])
[2003/12/05 10:46:36 | 00,010,368 | ---- | M] (Padus, Inc.) -- C:\WINDOWS\system32\drivers\pfc.sys -- (pfc [On_Demand | Running])
[2004/08/05 13:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink [On_Demand | Running])
[2007/03/08 00:51:00 | 00,043,528 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\pxhelp20.sys -- (PxHelp20 [Boot | Running])
[2008/12/24 17:24:46 | 00,703,904 | ---- | M] (Agnitum Ltd.) -- C:\WINDOWS\system32\drivers\SandBox.sys -- (SandBox [System | Running])
[2007/11/13 11:25:54 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv [On_Demand | Stopped])
[2007/11/08 18:03:26 | 00,021,248 | ---- | M] (AVIRA GmbH) -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv [System | Running])
[2008/06/20 12:08:27 | 00,225,856 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\tcpip6.sys -- (Tcpip6 [System | Running])
[2008/04/13 19:56:01 | 00,012,288 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\tunmp.sys -- (tunmp [On_Demand | Running])
[2008/04/13 19:56:49 | 00,012,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\usb8023.sys -- (USB_RNDIS_51 [On_Demand | Running])

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://fr.yahoo.com
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL =
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions =
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.aliceadsl.fr
HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.aliceadsl.fr
URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key does not exist or could not be opened. File not found
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



HKU\S-1-5-21-790525478-527237240-1801674531-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
HKU\S-1-5-21-790525478-527237240-1801674531-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions =
HKU\S-1-5-21-790525478-527237240-1801674531-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
HKU\S-1-5-21-790525478-527237240-1801674531-1004\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
HKU\S-1-5-21-790525478-527237240-1801674531-1004\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
HKU\S-1-5-21-790525478-527237240-1801674531-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.aliceadsl.fr
HKU\S-1-5-21-790525478-527237240-1801674531-1004\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.aliceadsl.fr
URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key does not exist or could not be opened. File not found
HKU\S-1-5-21-790525478-527237240-1801674531-1004\S-1-5-21-790525478-527237240-1801674531-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

O1 HOSTS File: (50834 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 0.0.0.0 123spywar.com
O1 - Hosts: 0.0.0.0 www.123spywar.com
O1 - Hosts: 0.0.0.0 1clickspyclean.com
O1 - Hosts: 0.0.0.0 www.1clickspyclean.com
O1 - Hosts: 0.0.0.0 1clicksuite.net
O1 - Hosts: 0.0.0.0 www.1clicksuite.net
O1 - Hosts: 0.0.0.0 1spyware-removal.com
O1 - Hosts: 0.0.0.0 www.1spyware-removal.com
O1 - Hosts: 0.0.0.0 1spywarekiller.com
O1 - Hosts: 0.0.0.0 www.1spywarekiller.com
O1 - Hosts: 0.0.0.0 1stantivirus.com
O1 - Hosts: 0.0.0.0 www.1stantivirus.com
O1 - Hosts: 0.0.0.0 1stspywar.com
O1 - Hosts: 0.0.0.0 www.1stspywar.com
O1 - Hosts: 0.0.0.0 2-antispyware.com
O1 - Hosts: 0.0.0.0 www.2-antispyware.com
O1 - Hosts: 0.0.0.0 3bsoftware.com
O1 - Hosts: 0.0.0.0 www.3bsoftware.com
O1 - Hosts: 0.0.0.0 actualresearch.com
O1 - Hosts: 0.0.0.0 www.actualresearch.com
O1 - Hosts: 0.0.0.0 abletostop.com
O1 - Hosts: 0.0.0.0 www.abletostop.com
O1 - Hosts: 0.0.0.0 aboutblankremover.com
O1 - Hosts: 0.0.0.0 www.aboutblankremover.com
O1 - Hosts: 1735 more lines...
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll (Google Inc.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKCU\..\Toolbar: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - Reg Error: Key does not exist or could not be opened. File not found
O3 - HKCU\..\Toolbar: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key does not exist or could not be opened. File not found
O3 - HKU\.DEFAULT\..\Toolbar: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - Reg Error: Key does not exist or could not be opened. File not found
O3 - HKU\S-1-5-18\..\Toolbar: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - Reg Error: Key does not exist or could not be opened. File not found
O3 - HKU\S-1-5-21-790525478-527237240-1801674531-1004\..\Toolbar: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - Reg Error: Key does not exist or could not be opened. File not found
O3 - HKU\S-1-5-21-790525478-527237240-1801674531-1004\..\Toolbar: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key does not exist or could not be opened. File not found
O4 - HKLM..\Run: [AliceSAV] C:\Program Files\TechCity Solutions\AliceSAV\AliceAgent.exe (TechCity Solutions France)
O4 - HKLM..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min (Avira GmbH)
O4 - HKLM..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe (Nero AG)
O4 - HKLM..\Run: [LXBLKsk] C:\PROGRA~1\Lexmark\PHOTOC~1\LXBLKsk.exe ( )
O4 - HKLM..\Run: [MemoryCardManager] C:\Program Files\Lexmark\Lexmark Photo Center\MemoryCardManager.exe -startup ()
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] nwiz.exe /install (NVIDIA Corporation)
O4 - HKLM..\Run: [OutpostFeedBack] "C:\Program Files\Agnitum\Outpost Firewall Pro\feedback.exe" /dump:os_startup (Agnitum Ltd.)
O4 - HKLM..\Run: [OutpostMonitor] C:\PROGRA~1\Agnitum\OUTPOS~1\op_mon.exe /tray /noservice (Agnitum Ltd.)
O4 - HKLM..\Run: [RemoteControl] "C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe" (Cyberlink Corp.)
O4 - HKLM..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe" ()
O4 - HKCU..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe" (Ahead Software AG)
O4 - HKCU..\Run: [PowerBar] File not found
O4 - HKU\S-1-5-21-790525478-527237240-1801674531-1004..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe" (Ahead Software AG)
O4 - HKU\S-1-5-21-790525478-527237240-1801674531-1004..\Run: [PowerBar] File not found
O4 - Startup: C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 36
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = FF FF FF FF [binary data]

O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-790525478-527237240-1801674531-1004\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-790525478-527237240-1801674531-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 36
O7 - HKU\S-1-5-21-790525478-527237240-1801674531-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = FF FF FF FF [binary data]

O7 - HKU\S-1-5-21-790525478-527237240-1801674531-1004_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra 'Tools' menuitem : Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\npjpi160_11.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Réglage rapide de Outpost Firewall Pro - {44627E97-789B-40d4-B5C2-58BD171129A1} - C:\Program Files\Agnitum\Outpost Firewall Pro\ie_bar.dll (Agnitum Ltd.)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O15 - HKLM\..Trusted Sites: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shoc ... tor/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {41564D57-9980-0010-8000-00AA00389B71} http://download.microsoft.com/download/ ... mvadvd.cab (Reg Error: Key does not exist or could not be opened.)
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} http://www.ca.com/fr/securityadvisor/vi ... ebscan.cab (WScanCtl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/fl ... rashim.cab (Reg Error: Key does not exist or could not be opened.)
O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/pub/sh ... wflash.cab (Shockwave Flash Object)
O18 - Protocol\Handler: - cdo - C:\Program Files\Fichiers communs\Microsoft Shared\Web Folders\PKMCDO.DLL (Microsoft Corporation)
O18 - Protocol\Handler: - ipp - No CLSID value found
O18 - Protocol\Handler: - ipp\0x00000001 - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler: - msdaipp - No CLSID value found
O18 - Protocol\Handler: - msdaipp\0x00000001 - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler: - msdaipp\oledb - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler: - mso-offdap - C:\Program Files\Fichiers communs\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O20 - See sections below for AppInitDlls and Winlogon settings

========== AppInit_DLLs ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_Dlls" = c:\progra~1\agnitum\outpos~1\wl_hook.dll
>[2008/12/25 18:41:52 | 00,719,688 | ---- | M] (Agnitum Ltd.) -- c:\Program Files\Agnitum\Outpost Firewall Pro\wl_hook.dll

========== Safeboot Options ==========

"AlternateShell" = cmd.exe

========== CDRom AutoRun Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom]
"AutoRun" = 0

========== Autorun Files on Drives ==========

AUTOEXEC.BAT []
[2005/11/02 00:23:28 | 00,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT -- [ NTFS ]

autorun.inf []
[2007/07/22 14:28:29 00,000,000 | ---D | M] -- C:\autorun.inf -- [ NTFS ]

========== Files/Folders - Created Within 30 Days ==========

[4 C:\WINDOWS\System32\*.tmp files]
[2009/01/27 18:33:04 | 00,419,328 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Armand\Bureau\OTListIt2.exe
[2009/01/26 19:34:00 | 00,703,904 | ---- | C] (Agnitum Ltd.) -- C:\WINDOWS\System32\drivers\SandBox.sys
[2009/01/26 19:33:47 | 00,257,176 | ---- | C] (Agnitum Ltd.) -- C:\WINDOWS\System32\drivers\afwcore.sys
[2009/01/26 19:33:33 | 00,000,049 | ---- | C] () -- C:\WINDOWS\transp.gif
[2009/01/26 19:33:32 | 00,030,864 | ---- | C] (Agnitum Ltd.) -- C:\WINDOWS\System32\drivers\afw.sys
[2009/01/26 19:33:26 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\Filt
[2009/01/26 19:33:26 | 00,000,000 | ---D | C] -- C:\Program Files\Agnitum
[2009/01/26 19:32:29 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Agnitum
[2009/01/26 17:23:53 | 00,001,851 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\AntiVir PE Classic.lnk
[2009/01/26 17:23:49 | 00,045,376 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntdd.sys
[2009/01/26 17:23:49 | 00,022,336 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntmgr.sys
[2009/01/26 17:23:49 | 00,021,248 | ---- | C] (AVIRA GmbH) -- C:\WINDOWS\System32\drivers\ssmdrv.sys
[2009/01/26 17:23:47 | 00,075,072 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys
[2009/01/26 17:23:46 | 00,000,000 | ---D | C] -- C:\Program Files\Avira
[2009/01/26 17:23:46 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Avira
[2009/01/25 01:39:19 | 00,000,000 | ---D | C] -- C:\_OTMoveIt
[2009/01/25 01:20:47 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NortonInstaller
[2009/01/23 16:24:59 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Armand\Bureau\Virus
[2009/01/21 20:58:11 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Armand\Bureau\Martin Scorsese Presents The Blues_7 CD Box (2003)
[2009/01/21 18:16:29 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2009/01/21 12:26:50 | 00,040,782 | ---- | C] () -- C:\Documents and Settings\Armand\Mes documents\FC09-005TER.pdf
[2009/01/15 19:52:31 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Armand\Bureau\BALBINO MEDELLIN
[2009/01/12 21:18:49 | 00,077,824 | ---- | C] () -- C:\WINDOWS\System32\xvid.ax
[2009/01/12 21:18:49 | 00,000,000 | ---D | C] -- C:\Program Files\Xvid
[2009/01/12 21:06:14 | 00,278,528 | ---- | C] (Real Networks, Inc) -- C:\WINDOWS\System32\pncrt.dll
[2009/01/12 21:06:13 | 00,000,000 | ---D | C] -- C:\Program Files\Real Alternative
[2009/01/12 21:06:13 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Armand\Local Settings\Application Data\Real
[2009/01/12 21:06:13 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Armand\Application Data\Real
[2009/01/12 21:06:13 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Real
[2009/01/12 21:04:26 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Apple Computer
[2009/01/12 21:04:19 | 00,000,000 | ---D | C] -- C:\Program Files\QuickTime Alternative
[2009/01/12 20:53:38 | 00,164,352 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2009/01/12 20:53:37 | 00,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini
[2009/01/12 20:53:35 | 00,287,744 | ---- | C] (Kristal StudioDFileDescription) -- C:\WINDOWS\System32\divxa32.acm
[2009/01/12 20:53:35 | 00,232,448 | ---- | C] (Fraunhofer Institut Integrierte Schaltungen IIS) -- C:\WINDOWS\System32\mp3fhg.acm
[2009/01/12 20:53:35 | 00,118,784 | ---- | C] (fccHandler) -- C:\WINDOWS\System32\ac3acm.acm
[2009/01/12 20:53:35 | 00,000,414 | ---- | C] () -- C:\WINDOWS\System32\lame_acm.xml
[2009/01/12 20:53:34 | 02,041,363 | ---- | C] () -- C:\WINDOWS\System32\x264vfw.dll
[2009/01/12 20:53:34 | 00,630,784 | ---- | C] (On2.com) -- C:\WINDOWS\System32\vp7vfw.dll
[2009/01/12 20:53:34 | 00,438,272 | ---- | C] (On2.com) -- C:\WINDOWS\System32\vp6vfw.dll
[2009/01/12 20:53:34 | 00,039,936 | ---- | C] (Disappearing Inc.) -- C:\WINDOWS\System32\huffyuv.dll
[2009/01/12 20:53:33 | 00,765,952 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2009/01/12 20:53:33 | 00,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2009/01/12 20:53:31 | 00,007,680 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2009/01/12 20:53:31 | 00,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2009/01/12 20:53:30 | 00,000,000 | ---D | C] -- C:\Program Files\K-Lite Codec Pack
[2009/01/12 20:32:28 | 00,000,000 | ---D | C] -- C:\Program Files\Full Pack Codecs
[2009/01/12 20:29:53 | 00,352,461 | ---- | C] () -- C:\install_FullPackCodecs_FR.exe
[2009/01/09 15:57:57 | 01,161,216 | ---- | C] () -- C:\Documents and Settings\Armand\Bureau\Guide_accès_ressources_DI.DOC
[2009/01/07 20:50:00 | 00,000,000 | ---D | C] -- C:\Program Files\Sun
[2009/01/07 20:49:53 | 00,000,000 | ---D | C] -- C:\Program Files\Stellarium
[2009/01/07 18:41:02 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Armand\Application Data\EoRezo
[2009/01/05 18:04:37 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Armand\Bureau\Bonardi
[2009/01/04 10:39:37 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Armand\Application Data\DivX
[2009/01/04 10:38:42 | 00,000,795 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\DivX Player.lnk
[2009/01/04 10:38:28 | 00,000,806 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\DivX Converter.lnk
[2009/01/04 10:38:13 | 00,001,480 | ---- | C] () -- C:\Documents and Settings\Armand\Bureau\DivX Movies.lnk
[2009/01/04 10:38:13 | 00,000,000 | ---D | C] -- C:\Program Files\DivX

========== Files - Modified Within 30 Days ==========

[4 C:\WINDOWS\System32\*.tmp files]
[4 C:\WINDOWS\*.tmp files]
[2009/01/27 18:33:05 | 00,419,328 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Armand\Bureau\OTListIt2.exe
[2009/01/27 17:18:57 | 00,002,422 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/01/27 17:18:39 | 00,000,022 | ---- | M] () -- C:\WINDOWS\FLASHKSK.INI
[2009/01/27 17:18:33 | 00,003,230 | ---- | M] () -- C:\WINDOWS\LXBLCAH.ini
[2009/01/27 17:18:29 | 00,023,773 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2009/01/27 17:18:10 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/01/27 17:18:07 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/01/26 19:59:21 | 00,031,904 | ---- | M] () -- C:\Documents and Settings\Armand\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2009/01/26 17:32:39 | 00,003,072 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2009/01/26 17:23:53 | 00,001,851 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\AntiVir PE Classic.lnk
[2009/01/26 16:17:03 | 00,012,800 | ---- | M] () -- C:\Documents and Settings\Armand\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/01/25 09:52:38 | 00,149,992 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/01/25 01:14:49 | 00,000,480 | ---- | M] () -- C:\WINDOWS\lexstat.ini
[2009/01/24 02:01:36 | 01,578,210 | -H-- | M] () -- C:\Documents and Settings\Armand\Local Settings\Application Data\IconCache.db
[2009/01/23 23:40:30 | 00,001,548 | ---- | M] () -- C:\Documents and Settings\Armand\Bureau\CCleaner.lnk
[2009/01/22 20:27:28 | 00,031,904 | ---- | M] () -- C:\Documents and Settings\Armand\Application Data\GDIPFONTCACHEV1.DAT
[2009/01/21 12:26:53 | 00,040,782 | ---- | M] () -- C:\Documents and Settings\Armand\Mes documents\FC09-005TER.pdf
[2009/01/19 22:00:46 | 01,123,208 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/01/19 22:00:46 | 00,510,736 | ---- | M] () -- C:\WINDOWS\System32\perfh00C.dat
[2009/01/19 22:00:46 | 00,441,624 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/01/19 22:00:46 | 00,084,818 | ---- | M] () -- C:\WINDOWS\System32\perfc00C.dat
[2009/01/19 22:00:46 | 00,071,308 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/01/16 18:18:17 | 00,045,384 | -H-- | M] () -- C:\Documents and Settings\Armand\Mes documents\ZbThumbnail.info
[2009/01/12 21:16:39 | 00,000,795 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\DivX Player.lnk
[2009/01/12 21:16:24 | 00,000,806 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\DivX Converter.lnk
[2009/01/12 21:15:56 | 00,001,480 | ---- | M] () -- C:\Documents and Settings\Armand\Bureau\DivX Movies.lnk
[2009/01/12 21:10:38 | 00,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2009/01/12 20:31:38 | 00,352,461 | ---- | M] () -- C:\install_FullPackCodecs_FR.exe
[2009/01/12 20:19:34 | 00,000,190 | ---- | M] () -- C:\WINDOWS\QTW.INI
[2009/01/10 02:35:28 | 20,853,704 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe
[2009/01/09 16:05:27 | 01,161,216 | ---- | M] () -- C:\Documents and Settings\Armand\Bureau\Guide_accès_ressources_DI.DOC

========== Alternate Data Streams ==========

@Alternate Data Stream - 88 bytes -> %UserProfile%\Mes documents\ZbThumbnail.info:SummaryInformation
@Alternate Data Stream - 104 bytes -> %AllUsersProfile%\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 0 bytes -> %UserProfile%\Mes documents\ZbThumbnail.info:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
@Alternate Data Stream - 0 bytes -> %UserProfile%\Mes documents\Thumbs.db:encryptable
@Alternate Data Stream - 0 bytes -> %UserProfile%\Bureau\Thumbs.db:encryptable
@Alternate Data Stream - 0 bytes -> %SystemRoot%\Thumbs.db:encryptable
@Alternate Data Stream - 0 bytes -> %SystemDrive%\install_FullPackCodecs_FR.exe:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
<End>
Morty
mortier
 
Messages: 27
Inscription: 14 Juil 2007, 10:02
Localisation: 84700-Sorgues

PrécédenteSuivante

Retourner vers Sécurité (Contamination - Décontamination)

Qui est en ligne

Utilisateurs parcourant ce forum: Aucun utilisateur enregistré et 11 invités