Bonjour

Sécurité et insécurité. Virus, Trojans, Spywares, Failles etc. …

Modérateur: Modérateurs et Modératrices

Règles du forum
Assiste.com a suspendu l'assistance à la décontamination après presque 15 ans sur l'ancien forum puis celui-ci. Voir :

Procédure de décontamination 1 - Anti-malware
Décontamination anti-malwares

Procédure de décontamination 2 - Anti-malware et antivirus (La Manip)
La Manip - Procédure standard de décontamination

Entretien périodique d'un PC sous Windows
Entretien périodique d'un PC sous Windows

Protection des navigateurs, de la navigation et de la vie privée
Protéger le navigateur, la navigation et la vie privée

Bonjour

Messagede Tichaton » 08 Fév 2009, 11:45

Bonjour...

Comme j'ai un soucis avec mon ordinateur et sensiblement un virus sur windows live je suis allée faire un tour sur mémo clic pour y laisser un scann Hijackthis. Des personnes m'ont répondu pour m'aider à réparer mais une des personnes m'a conseillé de vous laisser une copie du scann en vous demandant d'y jeter un oeil et de me dire ce que je devais faire car mon ordinateur semble beaucoup plus infecté que prévu...
Le voici:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:35:44, on 08/02/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb12.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\D-Tools\daemon.exe
C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe
C:\Program Files\Wireless 802.11g Monitor\WLService.exe
C:\Program Files\Wireless 802.11g Monitor\WLanCfgG.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe
C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe
C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrUI.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\Fichiers communs\Teleca Shared\CapabilityManager.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Documents and Settings\Dédé\Application Data\Microsoft\Live Search\Notification-LiveSearch.exe
C:\Documents and Settings\Dédé\Application Data\Microsoft\Live Search\Mise-a-jour-LiveSearch.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\WD\WD Anywhere Backup\MemeoBackup.exe
C:\Program Files\Fichiers communs\Teleca Shared\Generic.exe
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Dédé\Bureau\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://fr.rd.yahoo.com/customize/ie/def ... .yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://fr.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://fr.rd.yahoo.com/customize/ie/def ... .yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://fr.rd.yahoo.com/customize/ie/def ... .yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://fr.rd.yahoo.com/customize/ie/def ... .yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Multi Media Toolbar - {b5146c40-189a-4311-bda9-fbae3e023187} - C:\Program Files\Multi_Media\tbMult.dll
O3 - Toolbar: Multi Media Toolbar - {b5146c40-189a-4311-bda9-fbae3e023187} - C:\Program Files\Multi_Media\tbMult.dll
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb12.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [H2O] C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe
O4 - HKLM\..\Run: [ElbyCheckElbyCDFL] "C:\Program Files\Elaborate Bytes\CloneCD\ElbyCheck.exe" /L ElbyCDFL
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [WD Drive Manager] C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrUI.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\GestMaj.exe EspaceWanadoo.exe
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [Livecom] "C:\PROGRA~1\Livecom\APPLIC~1\CommunicationAgent\CommunicationAgent.exe" -ICom_StartNoSplashScreen
O4 - HKCU\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /Minimized
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [messengerskinner] C:\Program Files\MessengerSkinner\MessengerSkinner.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [cdoosoft] C:\WINDOWS\system32\olhrwef.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\RunOnce: [SpybotDeletingD9560] cmd /c del "C:\Program Files\Free Offers from Freeze.com\dolphinico.ico"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Outil de notification Live Search.lnk = ?
O4 - Global Startup: Démarrage rapide du logiciel HP Image Zone.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: WD Anywhere Backup Launcher.lnk = ?
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Créer un favori mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe (file missing)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: xfire_lsp_9028.dll
O10 - Unknown file in Winsock LSP: xfire_lsp_9028.dll
O10 - Unknown file in Winsock LSP: xfire_lsp_9028.dll
O10 - Unknown file in Winsock LSP: xfire_lsp_9028.dll
O10 - Unknown file in Winsock LSP: xfire_lsp_9028.dll
O10 - Unknown file in Winsock LSP: xfire_lsp_9028.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: R54G Wireless Service - Unknown owner - C:\Program Files\Wireless 802.11g Monitor\WLService.exe
O23 - Service: WD Drive Manager Service (WDBtnMgrSvc.exe) - WDC - C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe
O24 - Desktop Component 0: (no name) - file:///C:/DOCUME~1/DDD570~1/LOCALS~1/Temp/msohtml1/01/clip_image001.jpg

--
End of file - 10739 bytes

J'espère que quelqu'un pourra m'aider...
Tichaton
Tichaton
 
Messages: 18
Inscription: 08 Fév 2009, 11:40

Messagede nickW » 08 Fév 2009, 19:39

Bonsoir,

Ton PC est en effet multi-infecté!

Remarque préliminaire:
Pour pouvoir utiliser les sauvegardes créées par HijackThis, il faut que le programme HijackThis soit installé dans un dossier non système, non temporaire, et qui lui est réservé.
Je te conseille donc
*- de créer un dossier (par exemple: C:\HJT)
*- d'y déplacer le fichier HijackThis.exe
Si tu le laisses tel qu'il est actuellement, sur le Bureau, pas de sauvegardes aisément exploitables (donc plus aucune possibilité de faire "marche arrière").


Premières manips: création de rapports (logs) ciblés et détaillés:


Note: Ces manips doivent être effectuées en ayant ouvert une session avec les "droits Administrateur" (ne pas utiliser le profil utilisateur nommé "Administrateur" visible en mode sans échec).
Sous Windows XP, pour vérifier si un compte a les droits "Administrateur":
Démarrer---->Paramètres---->Panneau de configuration---->Comptes d'utilisateurs
A côté de l'icône représentant certains comptes (hormis celui nommé "Administrateur"), il est indiqué "Administrateur de l'ordinateur"
C'est l'un de ces comptes qu'il faudra utiliser.



Étape 1: Pas de processus de contrôle en temps réel
Désactiver TeaTimer de Spybot-S&D.
Dans la SysBarre (zone située juste à gauche de l'horloge) faire un clic droit sur l'icône du Résident de Spybot-S&D et choisir "Quitter Résident de Spybot-S&D".
Lancer Spybot-S&D, Mode avancé, Outils, Résident, décocher la case située devant TeaTimer. Fermer Spybot-S&D.
Faire redémarrer le PC.
Note:
Il ne faut pas réactiver TeaTimer avant la fin du nettoyage du PC (je te dirai quand et comment le faire).


Étape 2: OTListIt2 (de OldTimer), téléchargement
Télécharger OTListIt2.exe depuis http://oldtimer.geekstogo.com/OTListIt2.exe
Enregistrer ce fichier sur le Bureau.


Étape 3: Toolbar-S&D (de la Team IDN), téléchargement
Télécharger Toolbar-S&D via un clic droit sur le lien: http://eric.71.mespages.googlepages.com/ToolBarSD.exe
Enregistrer le fichier sur le Bureau.


Étape 4: Malwarebytes' Anti-Malware, installation
Télécharger Malwarebytes' Anti-Malware depuis l'un des liens ci-dessous:
http://www.besttechie.net/tools/mbam-setup.exe
http://www.malwarebytes.org/mbam/program/mbam-setup.exe

Enregistrer ce fichier sur le Bureau.
Faire un double clic sur mbam-setup.exe pour lancer l'installation (Accepter le contrat de licence, puis valider les options par défaut).
Sur le dernier écran de la procédure d'installation, cocher la case située devant "Mettre à jour Malwarebytes' Anti-Malware", puis cliquer sur le bouton "Terminer".


Étape 5: Désactivation des programmes de sécurité résidents
Désactiver le module résident de l'antivirus.
Image Avira Antivir: clic droit sur l'icône dans la SysBarre (à coté de l'horloge), décocher "Activer Antivir Guard/AntiVir Guard enable"


Étape 6: Navilog1 (de IL-MAFIOSO), Option 1
Note préliminaire importante
Navilog1 est détecté par certains antivirus comme étant un RiskTool (outil à risque).
Ceci est exact puisque certains de ses composants, s'ils étaient mis entre de mauvaises mains, pourraient effectuer des actions dangereuses.
Dans le cas de Navilog1, il faut les laisser s'exécuter.


Télécharger Navilog1 par un clic droit sur le lien ci-dessous:
http://pagesperso-orange.fr/il.mafioso/ ... vilog1.exe
Enregistrer le fichier sur le Bureau.
Fermer toutes les applications actives (comme traitement de texte, navigateur).
Faire un double clic sur Navilog1.exe pour lancer l'installation.
Une fois l'installation terminée, l'outil s'exécutera automatiquement.
(Si ce n'est pas le cas, faire un double clic sur le raccourci Navilog1 présent sur le Bureau).

Suivre les indications affichées.
Sur le menu principal, choisir l'option 1 et valider.
(ne pas choisir les options 2,3 ou 4 sans mon avis/accord)

Attendre jusqu'au message :
*** Analyse Termine le ..... ***
Appuyer sur une touche comme demandé, le Bloc-notes va s'ouvrir.
Note: Dans le Bloc-notes, vérifier dans le menu Format (en haut) que l'option "Retour automatique à la ligne" n'est pas cochée.
Enregistrer ce fichier sous le nom navi1.txt
Copier l'intégralité du contenu de la fenêtre du Bloc-notes en réponse.
Fermer le Bloc-notes.
Le rapport est en outre sauvegardé à la racine du disque (fixnavi.txt)


Étape 7: Toolbar-S&D (de la Team IDN), option 1: Recherche
Faire un double clic sur ToolBarSD.exe situé sur le Bureau pour lancer l'exécution de l'outil.

Choisir la langue en tapant F puis en appuyant sur Entrée.
Lire l'avertissement, puis cliquer sur OK.

Après l'affichage du menu, taper 1 puis faire Entrée pour rechercher les fichiers responsables de l'infection.
Lorsque la recherche est terminée, une fenêtre du Bloc-notes s'ouvre et affiche le rapport (alias log).

Fermer le Bloc-notes, ce qui termine l'exécution de l'outil.

Note:
Si le Bureau ne réapparaît pas, ouvrir le Gestionnaire des tâches en utilisant simultanément les touches CTRL+ALT+SUPP.
Cliquer en haut sur le Menu Fichier et choisir Nouvelle tâche (Exécuter...).
Dans la nouvelle fenêtre Créer une nouvelle tâche qui s'est ouverte, dans la zone Ouvrir, taper exactement explorer puis cliquer sur le bouton OK. Le Bureau va réapparaître.


Étape 8: Malwarebytes' Anti-Malware, recherche
Fermer toutes les fenêtres de programme ouvertes.
Lancer Malwarebytes' Anti-Malware via le Menu Démarrer.
Dans l'onglet Paramètres, vérifier que toutes les cases sont cochées sauf "Créer une option dans le menu contextuel pour analyser des fichiers (clic droit)".
Dans l'onglet Mise à jour, cliquer sur le bouton Recherche de mise à jour et installer toutes les mises à jour trouvées.
Dans l'onglet Recherche, cocher le bouton radio situé devant "Exécuter un examen rapide" puis cliquer sur le bouton Rechercher.
Attendre sans rien faire d'autre la fin de la recherche; dans la fenêtre annonçant la fin de l'analyse, cliquer sur OK; puis cliquer sur le bouton "Afficher les résultats".

Cliquer sur le bouton "Enregistrer le rapport", valider la sauvegarde, puis cliquer sur le bouton "Quitter"


Étape 9: Réactivation des programmes de sécurité résidents
Important: Réactiver le module résident de l'antivirus.


Étape 10: OTListIt2 (de OldTimer)
Fermer toutes les fenêtres de programme ouvertes.

Faire un double clic sur OTListIt2.exe pour lancer l'outil.

L'écran principal de OTListIt2 s'affiche:
Image

Si ce n'est déjà fait, dans le paragraphe Extra Registry, cocher le bouton-radio Use SafeList

Cocher (en haut) la case située devant Scan All Users: Image

Puis cliquer sur le bouton Run Scan: Image

Laisser l'outil travailler sans l'interrompre.
Lorsque l'outil a terminé, il y a ouverture d'une fenêtre du Bloc-notes contenant un rapport (log).
Fermer le Bloc-notes.
Le second rapport est visible dans la Barre des tâches. Le fermer également.
Fermer la fenêtre de OTListIt2.


Étape 11: Résultats
Envoyer en réponse:
*- le rapport de Navilog1, Option 1 (contenu du fichier navi1.txt)
*- le rapport de ToolBar S&D (contenu du fichier SystemDrive\TB.txt)
[SystemDrive représente la partition sur laquelle est installé le système, généralement C:]
*- le log de Malwarebytes' Anti-Malware (contenu du fichier mbam-log-*-**-**** (**-**-**).txt situé dans le dossier SystemDrive\Documents and Settings\<tonprofil>\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs / *-**-**** (**-**-**) représente la date [mois-jour-année] et l'heure [hh-mn-ss])
[SystemDrive représente la partition sur laquelle est installé le système, généralement C:]

Envoyer ensuite en réponse dans deux messages distincts (à cause de la longueur des logs):
*- les deux rapports de OTListIt2 (contenu des fichiers OTListIt.txt et Extras.txt situés sur le Bureau).
Les rapports envoyés sur le forum doivent se terminer par une ligne contenant <End>. Si ce n'est pas le cas, ils sont incomplets, et doivent alors être découpés en plusieurs messages.

Note importante: Pour l'envoi de ta(tes) réponse(s), il ne faut pas créer un nouveau sujet, mais cliquer sur le bouton "Répondre"
Image pour continuer dans ce fil de discussion.


A suivre,
nickW - Image
30/07/2012: Plus de désinfection de PC jusqu'à nouvel ordre.
Pas de demande d'analyse de log en MP (Message Privé)
Mes configs
Avatar de l’utilisateur
nickW
Modérateur
 
Messages: 21698
Inscription: 20 Mai 2004, 17:41
Localisation: Dordogne/Île de France

Merci...

Messagede Tichaton » 08 Fév 2009, 20:01

Merci beaucoup d'avoir pris le temps de regarder...
Là, je vais essayer ce soir ou demain de faire les manips mais je ne suis pas une pro de l'informatique alors je te tiendrai au courant :-)
A bientôt!
Tichaton
 
Messages: 18
Inscription: 08 Fév 2009, 11:40

Messagede Tichaton » 08 Fév 2009, 22:08

Search Navipromo version 3.7.2 commencé le 08/02/2009 à 22:05:32,73

!!! Attention,ce rapport peut indiquer des fichiers/programmes légitimes!!!
!!! Postez ce rapport sur le forum pour le faire analyser !!!
!!! Ne lancez pas la partie désinfection sans l'avis d'un spéblurpte !!!

Outil exécuté depuis C:\Program Files\navilog1

Mise à jour le 07.02.2009 à 10h00 par IL-MAFIOSO

Microsoft Windows XP Édition familiale ( v5.1.2600 ) Service Pack 3
X86-based PC ( Uniprocessor Free : AMD Athlon(tm) 64 Processor 3200+ )
BIOS : BIOS Date: 05/04/05 11:33:55 Ver: 08.00.09
USER : Dédé ( Administrator )
BOOT : Normal boot

Antivirus : Avira AntiVir PersonalEdition 7.0.0.2
(Not Activated)


C:\ (Local Disk) - NTFS - Total:152 Go (Free:2 Go)
D:\ (CD or DVD)
E:\ (CD or DVD)
F:\ (CD or DVD)


Recherche executé en mode normal

*** Recherche Programmes installés ***


*** Recherche dossiers dans "C:\WINDOWS" ***
Tichaton
 
Messages: 18
Inscription: 08 Fév 2009, 11:40

Messagede Tichaton » 08 Fév 2009, 22:27

Search Navipromo version 3.7.2 commencé le 08/02/2009 à 22:05:32,73

!!! Attention,ce rapport peut indiquer des fichiers/programmes légitimes!!!
!!! Postez ce rapport sur le forum pour le faire analyser !!!
!!! Ne lancez pas la partie désinfection sans l'avis d'un spéblurpte !!!

Outil exécuté depuis C:\Program Files\navilog1

Mise à jour le 07.02.2009 à 10h00 par IL-MAFIOSO

Microsoft Windows XP Édition familiale ( v5.1.2600 ) Service Pack 3
X86-based PC ( Uniprocessor Free : AMD Athlon(tm) 64 Processor 3200+ )
BIOS : BIOS Date: 05/04/05 11:33:55 Ver: 08.00.09
USER : Dédé ( Administrator )
BOOT : Normal boot

Antivirus : Avira AntiVir PersonalEdition 7.0.0.2
(Not Activated)


C:\ (Local Disk) - NTFS - Total:152 Go (Free:2 Go)
D:\ (CD or DVD)
E:\ (CD or DVD)
F:\ (CD or DVD)


Recherche executé en mode normal

*** Recherche Programmes installés ***


*** Recherche dossiers dans "C:\WINDOWS" ***
Tichaton
 
Messages: 18
Inscription: 08 Fév 2009, 11:40

Messagede Tichaton » 08 Fév 2009, 22:28

OTListIt logfile created on: 08/02/2009 22:21:26 - Run
OTListIt2 by OldTimer - Version 1.0.4.1 Folder = C:\Documents and Settings\Dédé\Bureau
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy

1023,30 Mb Total Physical Memory | 560,47 Mb Available Physical Memory | 54,77% Memory free
2,40 Gb Paging File | 2,02 Gb Available in Paging File | 84,23% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 152,66 Gb Total Space | 2,37 Gb Free Space | 1,55% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: CELISSE-EB9D4AC
Current User Name: Dédé
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Output = Standard
File Age = 30 Days
Company Name Whitelist: On

========== Processes (SafeList) ==========

[2006/03/23 16:06:38 | 00,880,128 | ---- | M] (Nero AG) -- C:\Program Files\Ahead\InCD\InCDsrv.exe
[2007/09/11 09:40:32 | 00,214,056 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
[2003/10/31 18:42:40 | 00,032,768 | ---- | M] (Cyberlink Corp.) -- C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
[2007/08/28 13:16:22 | 00,063,016 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
[2004/06/18 09:31:02 | 00,067,584 | R--- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\SOUNDMAN.EXE
[2005/03/08 05:42:09 | 00,176,128 | ---- | M] (HP) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb12.exe
[2006/03/23 16:06:50 | 01,398,272 | ---- | M] (Nero AG) -- C:\Program Files\Ahead\InCD\InCD.exe
[2008/02/22 04:25:21 | 00,144,784 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
[2007/05/08 16:24:20 | 00,054,840 | ---- | M] (Hewlett-Packard) -- C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
[2004/08/22 16:05:02 | 00,081,920 | ---- | M] (DAEMON'S HOME) -- C:\Program Files\D-Tools\daemon.exe
[2005/10/23 00:00:00 | 00,385,024 | ---- | M] (Team H2O) -- C:\Program Files\Syncrosoft\POS\H2O\cledx.exe
[2004/03/29 16:08:16 | 00,049,152 | ---- | M] () -- C:\Program Files\Wireless 802.11g Monitor\WLService.exe
[2004/09/02 17:09:56 | 00,794,624 | ---- | M] () -- C:\Program Files\Wireless 802.11g Monitor\WLanCfgG.exe
[2008/05/16 17:12:44 | 00,102,400 | ---- | M] (WDC) -- C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe
[2005/06/23 19:33:00 | 00,057,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe
[2008/05/16 17:12:08 | 00,430,080 | ---- | M] (WDC) -- C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrUI.exe
[2007/08/31 12:25:18 | 00,249,896 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
[2005/08/09 19:14:54 | 00,155,648 | R--- | M] (Sony Ericsson Mobile Communications AB) -- C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
[2006/06/21 01:20:50 | 01,211,176 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft ActiveSync\wcescomm.exe
[2005/06/08 17:45:04 | 00,278,528 | ---- | M] (Teleca Software Solutions AB) -- C:\Program Files\Fichiers communs\Teleca Shared\CapabilityManager.exe
[2005/05/11 22:23:26 | 00,282,624 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
[2006/06/21 01:20:20 | 00,187,176 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft ActiveSync\rapimgr.exe
[2008/12/02 21:50:04 | 00,143,360 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\Dédé\Application Data\Microsoft\Live Search\Notification-LiveSearch.exe
[2008/12/02 21:50:05 | 00,125,440 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\Dédé\Application Data\Microsoft\Live Search\Mise-a-jour-LiveSearch.exe
[2008/04/14 03:34:29 | 00,013,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wscntfy.exe
[2005/05/11 23:40:38 | 00,204,800 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe
[2005/05/11 23:33:52 | 00,479,232 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
[2005/08/10 08:54:34 | 00,385,024 | R--- | M] (Teleca Software Solutions) -- C:\Program Files\Fichiers communs\Teleca Shared\Generic.exe
[2005/07/07 22:45:10 | 00,860,160 | R--- | M] (Sony Ericsson Mobile Communications AB) -- C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
[2008/02/07 09:55:12 | 01,180,896 | ---- | M] (Memeo Inc.) -- C:\Program Files\WD\WD Anywhere Backup\MemeoBackup.exe
[2009/02/08 21:55:48 | 00,419,328 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Dédé\Bureau\OTListIt2.exe

========== (O23) Win32 Services (SafeList) ==========

[2007/08/28 13:16:22 | 00,063,016 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe -- (AntiVirScheduler [Auto | Running])
[2007/09/11 09:40:32 | 00,214,056 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe -- (AntiVirService [Auto | Running])
[2007/10/24 01:47:22 | 00,033,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
[2007/10/24 01:47:40 | 00,070,144 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
[2007/10/09 12:58:12 | 00,036,864 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Stopped])
[2008/04/14 03:33:38 | 00,038,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\pchealth\helpctr\binaries\pchsvc.dll -- (helpsvc [Auto | Running])
[2007/10/11 09:55:10 | 00,864,256 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc [Unknown | Stopped])
[2006/03/23 16:06:38 | 00,880,128 | ---- | M] (Nero AG) -- C:\Program Files\Ahead\InCD\InCDsrv.exe -- (InCDsrv [Auto | Running])
[2007/10/11 09:55:14 | 00,122,880 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled | Stopped])
[2003/07/28 19:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
[2007/08/09 08:27:52 | 00,073,728 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12 [Auto | Stopped])
[2004/03/29 16:08:16 | 00,049,152 | ---- | M] () -- C:\Program Files\Wireless 802.11g Monitor\WLService.exe -- (R54G Wireless Service [Auto | Running])
[2008/05/16 17:12:44 | 00,102,400 | ---- | M] (WDC) -- C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe -- (WDBtnMgrSvc.exe [Auto | Running])
[2006/11/03 09:59:14 | 00,918,016 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc [On_Demand | Stopped])
[2006/09/28 18:56:14 | 00,055,808 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\WudfSvc.dll -- (WudfSvc [Auto | Running])

========== Driver Services (SafeList) ==========

[2004/04/30 08:37:02 | 00,160,640 | ---- | M] ( ) -- C:\WINDOWS\system32\drivers\a347bus.sys -- (a347bus [Boot | Running])
[2004/04/30 08:33:00 | 00,005,248 | ---- | M] ( ) -- C:\WINDOWS\system32\drivers\a347scsi.sys -- (a347scsi [Boot | Running])
[2004/02/24 04:08:52 | 00,400,384 | R--- | M] (Sensaura) -- C:\WINDOWS\system32\drivers\ALCXSENS.SYS -- (ALCXSENS [On_Demand | Running])
[2004/06/21 09:53:20 | 00,626,204 | R--- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM [On_Demand | Running])
[2003/11/28 18:34:40 | 00,011,264 | ---- | M] (Pinnacle Systems GmbH) -- C:\WINDOWS\system32\drivers\asapiW2k.sys -- (ASAPIW2K [On_Demand | Running])
[2008/04/13 19:40:30 | 00,096,512 | ---- | M] () -- C:\WINDOWS\system32\drivers\atapi.sys -- (atapi [Boot | Running])
[2004/08/04 01:38:44 | 00,701,440 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag [On_Demand | Running])
[2007/02/27 15:25:10 | 00,011,840 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgio.sys -- (avgio [System | Running])
[2007/09/17 11:25:03 | 00,048,448 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgntflt.sys -- (avgntflt [On_Demand | Running])
[2007/09/07 12:05:19 | 00,062,016 | ---- | M] (AVIRA GmbH) -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb [System | Running])
[2001/08/17 22:04:48 | 00,171,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\camdrv30.sys -- (Camdrv30 [On_Demand | Stopped])
[2005/05/09 19:08:40 | 00,033,792 | ---- | M] (Team H2O) -- C:\WINDOWS\system32\drivers\cledx.sys -- (CLEDX [On_Demand | Running])
[2004/08/22 15:31:10 | 00,155,136 | ---- | M] ( ) -- C:\WINDOWS\system32\drivers\d347bus.sys -- (d347bus [Boot | Running])
[2004/08/22 15:31:48 | 00,005,248 | ---- | M] ( ) -- C:\WINDOWS\system32\drivers\d347prt.sys -- (d347prt [Boot | Running])
[2001/12/12 20:31:24 | 00,004,608 | ---- | M] (Elaborate Bytes) -- C:\WINDOWS\system32\drivers\ElbyCDFL.sys -- (ElbyCDFL [On_Demand | Running])
[2002/01/02 14:09:14 | 00,013,268 | ---- | M] (Elaborate Bytes) -- C:\WINDOWS\system32\drivers\ElbyCDIO.sys -- (ElbyCDIO [Auto | Running])
[2005/03/08 05:43:25 | 00,051,120 | R--- | M] (HP) -- C:\WINDOWS\system32\drivers\HPZid412.sys -- (HPZid412 [On_Demand | Stopped])
[2005/03/08 05:43:26 | 00,016,496 | R--- | M] (HP) -- C:\WINDOWS\system32\drivers\HPZipr12.sys -- (HPZipr12 [On_Demand | Stopped])
[2005/03/08 05:43:27 | 00,021,744 | R--- | M] (HP) -- C:\WINDOWS\system32\drivers\HPZius12.sys -- (HPZius12 [On_Demand | Stopped])
[2006/03/23 16:15:58 | 00,102,016 | ---- | M] (Nero AG) -- C:\WINDOWS\system32\drivers\InCDfs.sys -- (InCDfs [Disabled | Running])
[2006/03/23 16:15:56 | 00,029,440 | ---- | M] (Nero AG) -- C:\WINDOWS\system32\drivers\InCDpass.sys -- (InCDPass [System | Running])
[2006/03/23 16:15:56 | 00,033,536 | ---- | M] (Nero AG) -- C:\WINDOWS\system32\drivers\InCDrm.sys -- (incdrm [System | Running])
[2008/04/14 03:05:15 | 00,014,720 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\kbdhid.sys -- (kbdhid [System | Stopped])
[2008/12/03 19:31:46 | 00,015,781 | ---- | M] (Meetinghouse Data Communications) -- C:\WINDOWS\system32\drivers\mdc8021x.sys -- (MDC8021X [Auto | Running])
[2001/08/17 23:00:04 | 00,002,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\msmpu401.sys -- (ms_mpu401 [On_Demand | Running])
[2004/07/28 08:15:36 | 00,033,024 | R--- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD [On_Demand | Running])
[2004/07/28 08:15:38 | 00,012,928 | R--- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus [On_Demand | Running])
[2003/08/04 15:22:44 | 00,016,128 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) -- C:\WINDOWS\system32\PCANDIS5.SYS -- (PCANDIS5 [On_Demand | Stopped])
[2005/06/09 13:15:56 | 00,017,359 | ---- | M] (PCTEL Inc.) -- C:\WINDOWS\system32\PCTINDIS5.sys -- (PCTINDIS5 [On_Demand | Stopped])
[2004/07/22 15:28:40 | 00,057,088 | R--- | M] (TerraTec Electronic GmbH) -- C:\WINDOWS\system32\drivers\Protec.sys -- (Protec [On_Demand | Running])
[2004/08/05 13:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink [On_Demand | Running])
[2005/01/26 01:03:00 | 00,020,576 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\pxhelp20.sys -- (PxHelp20 [Boot | Running])
[2004/05/07 13:47:10 | 00,079,616 | ---- | M] (Ralink Technology Inc.) -- C:\WINDOWS\system32\drivers\rt2571.sys -- (rt2571 [On_Demand | Running])
[2007/11/13 11:25:54 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv [Auto | Running])
[2005/08/10 13:44:04 | 00,050,688 | ---- | M] (Protection Technology) -- C:\WINDOWS\system32\drivers\sfdrv01.sys -- (sfdrv01 [Boot | Running])
[2005/05/16 14:20:39 | 00,006,656 | ---- | M] (Protection Technology) -- C:\WINDOWS\system32\drivers\sfhlp02.sys -- (sfhlp02 [Boot | Running])
[2005/08/10 15:06:28 | 00,019,968 | ---- | M] (Protection Technology) -- C:\WINDOWS\system32\drivers\sfsync02.sys -- (sfsync02 [Boot | Running])
[2005/11/03 15:40:07 | 00,063,488 | ---- | M] (Protection Technology) -- C:\WINDOWS\system32\drivers\sfvfs02.sys -- (sfvfs02 [Boot | Running])
[2001/08/17 20:56:16 | 00,007,552 | ---- | M] (Sony Corporation) -- C:\WINDOWS\system32\drivers\SONYPVU1.SYS -- (SONYPVU1 [On_Demand | Stopped])
[2005/07/13 11:08:20 | 00,033,890 | ---- | M] (Service & Quality Technology.) -- C:\WINDOWS\system32\drivers\Capt905c.sys -- (SQTECH905C [On_Demand | Stopped])
[2007/03/01 10:34:36 | 00,028,352 | ---- | M] (Avira GmbH) -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv [System | Running])
[2008/04/13 19:45:12 | 00,060,032 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\usbaudio.sys -- (usbaudio [On_Demand | Stopped])
[2008/04/13 19:56:49 | 00,012,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\usb8023x.sys -- (usb_rndisx [On_Demand | Stopped])
[2005/08/01 14:46:40 | 00,060,928 | R--- | M] (MCCI) -- C:\WINDOWS\system32\drivers\w550bus.sys -- (w550bus [On_Demand | Stopped])
[2005/08/01 14:46:42 | 00,008,336 | R--- | M] (MCCI) -- C:\WINDOWS\system32\drivers\w550mdfl.sys -- (w550mdfl [On_Demand | Stopped])
[2005/08/01 14:46:44 | 00,096,672 | R--- | M] (MCCI) -- C:\WINDOWS\system32\drivers\w550mdm.sys -- (w550mdm [On_Demand | Stopped])
[2005/08/01 14:46:28 | 00,088,080 | R--- | M] (MCCI) -- C:\WINDOWS\system32\drivers\w550mgmt.sys -- (w550mgmt [On_Demand | Stopped])
[2005/08/01 14:46:46 | 00,085,952 | R--- | M] (MCCI) -- C:\WINDOWS\system32\drivers\w550obex.sys -- (w550obex [On_Demand | Stopped])
[2004/08/05 13:00:00 | 00,012,032 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\ws2ifsl.sys -- (WS2IFSL [System | Running])
[2006/12/13 07:34:06 | 00,031,400 | ---- | M] (Exent Technologies Ltd.) -- C:\Program Files\Metaboli Player\X4HSX32.sys -- (X4HSX32 [Auto | Running])
[2003/09/25 21:15:32 | 00,015,872 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) -- C:\WINDOWS\system32\GTNDIS5.sys -- (GTNDIS5 [On_Demand | Running])

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://fr.yahoo.com
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://fr.rd.yahoo.com/customize/ie/def ... .yahoo.com
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL =
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://fr.rd.yahoo.com/customize/ie/def ... .yahoo.com
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://fr.yahoo.com
HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://fr.rd.yahoo.com/customize/ie/def ... .yahoo.com
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = @ieframe.dll,-12512
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,AutoSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/saautosearch.aspx
HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



HKU\S-1-5-21-746137067-1972579041-839522115-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
HKU\S-1-5-21-746137067-1972579041-839522115-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://fr.rd.yahoo.com/customize/ie/def ... .yahoo.com
HKU\S-1-5-21-746137067-1972579041-839522115-1004\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = @ieframe.dll,-12512
HKU\S-1-5-21-746137067-1972579041-839522115-1004\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
HKU\S-1-5-21-746137067-1972579041-839522115-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
HKU\S-1-5-21-746137067-1972579041-839522115-1004\SOFTWARE\Microsoft\Internet Explorer\Search,AutoSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/saautosearch.aspx
HKU\S-1-5-21-746137067-1972579041-839522115-1004\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
HKU\S-1-5-21-746137067-1972579041-839522115-1004\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
HKU\S-1-5-21-746137067-1972579041-839522115-1004\S-1-5-21-746137067-1972579041-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

O1 HOSTS File: (790 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Aide pour le lien d'Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Programme d'aide de l'Assistant de connexion Windows Live) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Multi Media Toolbar) - {b5146c40-189a-4311-bda9-fbae3e023187} - C:\Program Files\Multi_Media\tbMult.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Multi Media Toolbar) - {b5146c40-189a-4311-bda9-fbae3e023187} - C:\Program Files\Multi_Media\tbMult.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - Reg Error: Key does not exist or could not be opened. File not found
O3 - HKCU\..\Toolbar: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - Reg Error: Key does not exist or could not be opened. File not found
O3 - HKCU\..\Toolbar: (no name) - {B5146C40-189A-4311-BDA9-FBAE3E023187} - C:\Program Files\Multi_Media\tbMult.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key does not exist or could not be opened. File not found
O3 - HKU\S-1-5-21-746137067-1972579041-839522115-1004\..\Toolbar: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - Reg Error: Key does not exist or could not be opened. File not found
O3 - HKU\S-1-5-21-746137067-1972579041-839522115-1004\..\Toolbar: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - Reg Error: Key does not exist or could not be opened. File not found
O3 - HKU\S-1-5-21-746137067-1972579041-839522115-1004\..\Toolbar: (no name) - {B5146C40-189A-4311-BDA9-FBAE3E023187} - C:\Program Files\Multi_Media\tbMult.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-746137067-1972579041-839522115-1004\..\Toolbar: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key does not exist or could not be opened. File not found
O4 - HKLM..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe" (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min (Avira GmbH)
O4 - HKLM..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033 (DAEMON'S HOME)
O4 - HKLM..\Run: [ElbyCheckElbyCDFL] "C:\Program Files\Elaborate Bytes\CloneCD\ElbyCheck.exe" /L ElbyCDFL (Elaborate Bytes)
O4 - HKLM..\Run: [H2O] C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe (Team H2O)
O4 - HKLM..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe (Hewlett-Packard)
O4 - HKLM..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb12.exe (HP)
O4 - HKLM..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe (Nero AG)
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" (Cyberlink Corp.)
O4 - HKLM..\Run: [SoundMan] SOUNDMAN.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [WD Drive Manager] C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrUI.exe (WDC)
O4 - HKCU..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe" (Microsoft Corporation)
O4 - HKCU..\Run: [Livecom] "C:\PROGRA~1\Livecom\APPLIC~1\CommunicationAgent\CommunicationAgent.exe" -ICom_StartNoSplashScreen ()
O4 - HKCU..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (Microsoft Corporation)
O4 - HKCU..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe" (Ahead Software AG)
O4 - HKCU..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /Minimized (Sony Ericsson Mobile Communications AB)
O4 - HKCU..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\GestMaj.exe EspaceWanadoo.exe File not found
O4 - HKCU..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet (Yahoo! Inc.)
O4 - HKU\S-1-5-21-746137067-1972579041-839522115-1004..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe" (Microsoft Corporation)
O4 - HKU\S-1-5-21-746137067-1972579041-839522115-1004..\Run: [Livecom] "C:\PROGRA~1\Livecom\APPLIC~1\CommunicationAgent\CommunicationAgent.exe" -ICom_StartNoSplashScreen ()
O4 - HKU\S-1-5-21-746137067-1972579041-839522115-1004..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (Microsoft Corporation)
O4 - HKU\S-1-5-21-746137067-1972579041-839522115-1004..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe" (Ahead Software AG)
O4 - HKU\S-1-5-21-746137067-1972579041-839522115-1004..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /Minimized (Sony Ericsson Mobile Communications AB)
O4 - HKU\S-1-5-21-746137067-1972579041-839522115-1004..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\GestMaj.exe EspaceWanadoo.exe File not found
O4 - HKU\S-1-5-21-746137067-1972579041-839522115-1004..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet (Yahoo! Inc.)
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent (Malwarebytes Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Démarrage rapide du logiciel HP Image Zone.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe (Hewlett-Packard Co.)
O4 - Startup: C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
O4 - Startup: C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\WD Anywhere Backup Launcher.lnk = C:\WINDOWS\Installer\{649C4B1A-6A76-499A-9AEC-0C9530FA7D2C}\NewShortcut4_3A95A0BFA90C41A28DFACEDE7630C4FB.exe ()
O4 - Startup: C:\Documents and Settings\Dédé\Menu Démarrer\Programmes\Démarrage\Outil de notification Live Search.lnk = C:\Documents and Settings\Dédé\Application Data\Microsoft\Live Search\Notification-LiveSearch.exe (Microsoft Corporation)
Tichaton
 
Messages: 18
Inscription: 08 Fév 2009, 11:40

Messagede Tichaton » 08 Fév 2009, 22:29

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-746137067-1972579041-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra 'Tools' menuitem : Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\npjpi160_05.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Créer un favori mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe File not found
O9 - Extra 'Tools' menuitem : Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe File not found
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O15 - HKLM\..Trusted Sites: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {00000055-9980-0010-8000-00AA00389B71} http://codecs.microsoft.com/codecs/i386/fhg.CAB (Reg Error: Key does not exist or could not be opened.)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/ ... ontrol.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0014-0000-0003-ABCDEFFEDCBA} http://java.sun.com/products/plugin/aut ... 03-win.cab (Java Plug-in 1.4.0_03)
O16 - DPF: {CAFEEFAC-0015-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinsta ... s-i586.cab (Java Plug-in 1.5.0_03)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinsta ... s-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinsta ... s-i586.cab (Java Plug-in 1.5.0_09)
O16 - DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinsta ... s-i586.cab (Java Plug-in 1.5.0_10)
O16 - DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinsta ... s-i586.cab (Java Plug-in 1.5.0_11)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_01)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_02)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/s ... wflash.cab (Shockwave Flash Object)
O18 - Protocol\Handler: - ipp - No CLSID value found
O18 - Protocol\Handler: - ipp\0x00000001 - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler: - livecall - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll (Microsoft Corporation)
O18 - Protocol\Handler: - msdaipp - No CLSID value found
O18 - Protocol\Handler: - msdaipp\0x00000001 - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler: - msdaipp\oledb - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler: - ms-itss - C:\Program Files\Fichiers communs\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler: - msnim - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll (Microsoft Corporation)
O18 - Protocol\Handler: - mso-offdap - C:\Program Files\Fichiers communs\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler: - mso-offdap11 - C:\Program Files\Fichiers communs\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Filter: - text/xml - C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - See sections below for AppInitDlls and Winlogon settings

========== Safeboot Options ==========

"AlternateShell" = cmd.exe

========== CDRom AutoRun Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom]
"AutoRun" = 1

========== Autorun Files on Drives ==========

AUTOEXEC.BAT []
[2005/10/05 10:35:57 | 00,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT -- [ NTFS ]

autorun.inf [[AutoRun] | ;q217Akjdk9l3sKaroliwwpaa45JsDmKwaDD2JJl2S90jFd3 | open=m0vnonh.bat | ;Lji1HajonSwKwD | shell\open\Command=m0vnonh.bat | ]
[2009/02/08 11:37:25 | 00,000,128 | RHS- | M] () -- C:\autorun.inf -- [ NTFS ]

autorun.MSNFix [[AutoRun] | ;q217Akjdk9l3sKaroliwwpaa45JsDmKwaDD2JJl2S90jFd3 | open=m0vnonh.bat | ;Lji1HajonSwKwD | shell\open\Command=m0vnonh.bat | ]
File not found -- C:\autorun.MSN -- [ NTFS ]


========== MountPoints2 ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0476cb87-79a8-11dd-9a4f-0011d8e8b558}\Shell\AutoRun\command]
"" = G:\8.bat -- File not found


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0476cb87-79a8-11dd-9a4f-0011d8e8b558}\Shell\open\Command]
"" = G:\8.bat -- File not found


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c94c21b1-d37f-11dd-9abf-000e8e080121}\Shell\AutoRun\command]
"" = G:\m0vnonh.bat -- File not found


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c94c21b1-d37f-11dd-9abf-000e8e080121}\Shell\open\Command]
"" = G:\m0vnonh.bat -- File not found


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e58ae2f9-feec-11dc-99b2-0060b30ee877}\Shell\AutoRun\command]
"" = tmf3w3g0.com


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e58ae2f9-feec-11dc-99b2-0060b30ee877}\Shell\explore\Command]
"" = tmf3w3g0.com


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e58ae2f9-feec-11dc-99b2-0060b30ee877}\Shell\open\Command]
"" = tmf3w3g0.com

========== Files/Folders - Created Within 30 Days ==========

[1 C:\Documents and Settings\Dédé\Bureau\*.tmp files]
[2009/02/08 22:09:18 | 00,000,000 | ---D | C] -- C:\ToolBar SD
[2009/02/08 22:04:48 | 00,000,634 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\Navilog1.lnk
[2009/02/08 22:04:48 | 00,000,000 | ---D | C] -- C:\Program Files\Navilog1
[2009/02/08 22:03:56 | 00,576,970 | ---- | C] (IL-MAFIOSO ) -- C:\Documents and Settings\Dédé\Bureau\Navilog1.exe
[2009/02/08 21:58:40 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Dédé\Application Data\Malwarebytes
[2009/02/08 21:58:39 | 00,000,700 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\Malwarebytes' Anti-Malware.lnk
[2009/02/08 21:58:38 | 00,015,504 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/02/08 21:58:36 | 00,038,496 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/02/08 21:58:34 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/02/08 21:58:34 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009/02/08 21:57:24 | 02,737,800 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Dédé\Bureau\mbam-setup.exe
[2009/02/08 21:56:37 | 00,343,017 | ---- | C] () -- C:\Documents and Settings\Dédé\Bureau\ToolbarSD.exe
[2009/02/08 21:55:47 | 00,419,328 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Dédé\Bureau\OTListIt2.exe
[2009/02/08 21:43:48 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Dédé\Bureau\HJT
[2009/02/08 21:24:11 | 00,000,000 | ---D | C] -- C:\HijackThis
[2009/02/08 20:59:52 | 00,024,064 | ---- | C] () -- C:\Documents and Settings\Dédé\Bureau\Mama eh.doc
[2009/02/08 20:56:00 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Dédé\Bureau\Enregistrement 2 février
[2009/02/08 20:34:37 | 00,080,689 | ---- | C] () -- C:\Documents and Settings\Dédé\Bureau\mamaeh_acc_lak.pdf
[2009/02/08 11:37:46 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Dédé\Bureau\backups
[2009/02/07 01:37:58 | 01,161,544 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\Dédé\Bureau\wlsetup-custom.exe
[2009/02/07 00:50:34 | 00,000,854 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2009/02/07 00:29:00 | 00,000,937 | ---- | C] () -- C:\Documents and Settings\Dédé\Bureau\Spybot - Search & Destroy.lnk
[2009/02/07 00:28:54 | 00,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2009/02/07 00:28:54 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2009/02/07 00:27:55 | 00,040,768 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntdd.sys
[2009/02/07 00:27:55 | 00,028,352 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\ssmdrv.sys
[2009/02/07 00:27:55 | 00,021,312 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntmgr.sys
[2009/02/07 00:27:52 | 00,062,016 | ---- | C] (AVIRA GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys
[2009/02/07 00:27:52 | 00,000,000 | ---D | C] -- C:\Program Files\Avira
[2009/02/07 00:27:52 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Avira
[2009/02/07 00:23:14 | 00,000,128 | RHS- | C] () -- C:\autorun.inf
[2009/02/07 00:22:44 | 00,095,744 | ---- | C] () -- C:\WINDOWS\System32\nmdfgds0.dll
[2009/02/07 00:10:31 | 00,000,610 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\MSNFix.lnk
[2009/02/07 00:10:29 | 00,000,000 | ---D | C] -- C:\Program Files\MSNFix
[2009/02/07 00:10:11 | 01,118,726 | ---- | C] (Changelog.fr ) -- C:\Documents and Settings\Dédé\Bureau\MSNFix.exe
[2009/02/06 17:02:26 | 00,048,640 | ---- | C] () -- C:\Documents and Settings\Dédé\Bureau\Pub pour le stage.doc
[2009/02/06 15:50:58 | 00,029,184 | ---- | C] () -- C:\Documents and Settings\Dédé\Bureau\promo stage.doc
[2009/02/06 15:49:21 | 00,095,744 | RHS- | C] () -- C:\WINDOWS\System32\nmdfgds1.dll
[2009/02/06 15:49:06 | 00,108,562 | RHS- | C] () -- C:\m0vnonh.bat
[2009/02/06 15:49:06 | 00,000,128 | ---- | C] () -- C:\autorun.MSNFix
[2009/02/06 15:48:40 | 00,107,874 | RHS- | C] () -- C:\WINDOWS\System32\olhrwef.exe
[2009/02/02 22:07:28 | 00,027,648 | ---- | C] () -- C:\Documents and Settings\Dédé\Bureau\liste de materiel lys.doc
[2009/02/01 20:55:45 | 00,000,162 | -H-- | C] () -- C:\Documents and Settings\Dédé\Bureau\~$xte théâtre musical.doc
[2009/02/01 14:41:55 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Dédé\Bureau\Mémoire pro
[2009/01/31 10:46:03 | 00,005,505 | ---- | C] () -- C:\Documents and Settings\Dédé\Bureau\reve.jpg
[2009/01/26 23:21:45 | 00,019,968 | ---- | C] () -- C:\Documents and Settings\Dédé\Bureau\texte théâtre musical.doc
[2009/01/26 21:28:52 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Dédé\Bureau\Enregistrement 3
[2009/01/25 21:57:35 | 73,287,8848 | ---- | C] () -- C:\Documents and Settings\Dédé\Bureau\Asterix Le Gaulois.avi
[2009/01/25 21:56:07 | 67,209,4208 | ---- | C] () -- C:\Documents and Settings\Dédé\Bureau\Les 12 travaux d'Astérix.avi
[2009/01/25 21:54:42 | 73,350,9632 | ---- | C] () -- C:\Documents and Settings\Dédé\Bureau\Astérix et Cléopatre.avi
[2009/01/25 21:53:31 | 73,403,5968 | ---- | C] () -- C:\Documents and Settings\Dédé\Bureau\Asterix Chez Les Bretons.avi
[2009/01/25 21:19:54 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Dédé\Bureau\Enregistrement 2
[2009/01/25 21:19:45 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Dédé\Bureau\enregistrement 1
[2009/01/25 18:22:47 | 00,037,376 | ---- | C] () -- C:\Documents and Settings\Dédé\Bureau\PLAN BIS.doc
[2009/01/24 21:54:08 | 00,069,632 | ---- | C] () -- C:\Documents and Settings\Dédé\Bureau\Cahier_des_charges_projet.doc
[2009/01/24 21:52:39 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Dédé\Bureau\ICTUS 2009
[2009/01/22 20:42:54 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Dédé\Bureau\Dossier dernière année CFMI
[2009/01/18 18:45:01 | 00,025,600 | ---- | C] () -- C:\Documents and Settings\Dédé\Bureau\présentation perso.doc
[2009/01/14 21:43:57 | 00,000,162 | -H-- | C] () -- C:\Documents and Settings\Dédé\Bureau\~$2bis.doc
[2009/01/14 20:12:26 | 00,031,232 | ---- | C] () -- C:\Documents and Settings\Dédé\Bureau\Cahier des charges projet(2)
[2009/01/14 20:11:45 | 00,031,232 | ---- | C] () -- C:\Documents and Settings\Dédé\Bureau\Cahier des charges projet
[2009/01/12 18:35:08 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Dédé\Bureau\Annexes
[2009/01/12 18:11:07 | 00,152,109 | ---- | C] () -- C:\Documents and Settings\Dédé\Bureau\carte autoroute.jpg
[2009/01/11 23:14:54 | 00,861,246 | ---- | C] () -- C:\Documents and Settings\Dédé\Bureau\crescendo.bmp
[2009/01/11 20:37:12 | 00,144,328 | ---- | C] () -- C:\Documents and Settings\Dédé\Bureau\carte2.jpg
[2009/01/11 19:30:02 | 00,137,490 | ---- | C] () -- C:\Documents and Settings\Dédé\Bureau\carte.jpg
[2009/01/11 15:44:02 | 00,136,677 | ---- | C] () -- C:\Documents and Settings\Dédé\Bureau\Google earth lys lez lannoy.jpg

========== Files - Modified Within 30 Days ==========

[13 C:\WINDOWS\System32\*.tmp files]
[4 C:\WINDOWS\*.tmp files]
[1 C:\Documents and Settings\Dédé\Bureau\*.tmp files]
[2009/02/08 22:04:48 | 00,000,634 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\Navilog1.lnk
[2009/02/08 22:03:57 | 00,576,970 | ---- | M] (IL-MAFIOSO ) -- C:\Documents and Settings\Dédé\Bureau\Navilog1.exe
[2009/02/08 21:58:39 | 00,000,700 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\Malwarebytes' Anti-Malware.lnk
[2009/02/08 21:57:48 | 02,737,800 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Dédé\Bureau\mbam-setup.exe
[2009/02/08 21:56:39 | 00,343,017 | ---- | M] () -- C:\Documents and Settings\Dédé\Bureau\ToolbarSD.exe
[2009/02/08 21:55:48 | 00,419,328 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Dédé\Bureau\OTListIt2.exe
[2009/02/08 21:51:39 | 00,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/02/08 21:50:58 | 00,002,371 | ---- | M] () -- C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\WD Anywhere Backup Launcher.lnk
[2009/02/08 21:50:37 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/02/08 21:50:32 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/02/08 21:40:02 | 00,427,520 | -HS- | M] () -- C:\Documents and Settings\Dédé\Bureau\Thumbs.db
[2009/02/08 21:40:01 | 00,192,000 | ---- | M] () -- C:\Documents and Settings\Dédé\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/02/08 21:24:46 | 00,095,744 | RHS- | M] () -- C:\WINDOWS\System32\nmdfgds1.dll
[2009/02/08 21:24:45 | 00,107,874 | RHS- | M] () -- C:\WINDOWS\System32\olhrwef.exe
[2009/02/08 21:24:03 | 00,095,744 | ---- | M] () -- C:\WINDOWS\System32\nmdfgds0.dll
[2009/02/08 20:59:52 | 00,024,064 | ---- | M] () -- C:\Documents and Settings\Dédé\Bureau\Mama eh.doc
[2009/02/08 20:34:37 | 00,080,689 | ---- | M] () -- C:\Documents and Settings\Dédé\Bureau\mamaeh_acc_lak.pdf
[2009/02/08 11:37:25 | 00,000,128 | RHS- | M] () -- C:\autorun.inf
[2009/02/07 01:41:32 | 00,003,072 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2009/02/07 01:38:00 | 01,161,544 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\Dédé\Bureau\wlsetup-custom.exe
[2009/02/07 01:30:47 | 00,108,562 | RHS- | M] () -- C:\m0vnonh.bat
[2009/02/07 00:50:36 | 00,000,854 | ---- | M] () -- C:\WINDOWS\wininit.ini
[2009/02/07 00:29:00 | 00,000,937 | ---- | M] () -- C:\Documents and Settings\Dédé\Bureau\Spybot - Search & Destroy.lnk
[2009/02/07 00:18:33 | 00,000,128 | ---- | M] () -- C:\autorun.MSNFix
[2009/02/07 00:10:31 | 00,000,610 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\MSNFix.lnk
[2009/02/07 00:10:12 | 01,118,726 | ---- | M] (Changelog.fr ) -- C:\Documents and Settings\Dédé\Bureau\MSNFix.exe
[2009/02/06 17:20:27 | 00,048,640 | ---- | M] () -- C:\Documents and Settings\Dédé\Bureau\Pub pour le stage.doc
[2009/02/04 22:27:26 | 00,029,184 | ---- | M] () -- C:\Documents and Settings\Dédé\Bureau\promo stage.doc
[2009/02/02 22:09:40 | 00,027,648 | ---- | M] () -- C:\Documents and Settings\Dédé\Bureau\liste de materiel lys.doc
[2009/02/01 20:57:16 | 00,019,968 | ---- | M] () -- C:\Documents and Settings\Dédé\Bureau\texte théâtre musical.doc
[2009/02/01 20:55:45 | 00,000,162 | -H-- | M] () -- C:\Documents and Settings\Dédé\Bureau\~$xte théâtre musical.doc
[2009/02/01 13:56:32 | 00,037,376 | ---- | M] () -- C:\Documents and Settings\Dédé\Bureau\Stage Lys - Programme.doc
[2009/01/31 10:46:04 | 00,005,505 | ---- | M] () -- C:\Documents and Settings\Dédé\Bureau\reve.jpg
[2009/01/25 18:22:47 | 00,037,376 | ---- | M] () -- C:\Documents and Settings\Dédé\Bureau\PLAN BIS.doc
[2009/01/25 15:35:14 | 00,000,202 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2009/01/22 18:28:33 | 00,113,060 | ---- | M] () -- C:\WINDOWS\hpoins07.dat
[2009/01/22 18:28:05 | 00,000,825 | ---- | M] () -- C:\WINDOWS\win.ini
[2009/01/18 18:45:01 | 00,025,600 | ---- | M] () -- C:\Documents and Settings\Dédé\Bureau\présentation perso.doc
[2009/01/18 14:44:05 | 00,000,151 | ---- | M] () -- C:\WINDOWS\PhotoSnapViewer.INI
[2009/01/14 21:43:57 | 00,000,162 | -H-- | M] () -- C:\Documents and Settings\Dédé\Bureau\~$2bis.doc
[2009/01/14 20:12:26 | 00,031,232 | ---- | M] () -- C:\Documents and Settings\Dédé\Bureau\Cahier des charges projet(2)
[2009/01/14 20:11:45 | 00,031,232 | ---- | M] () -- C:\Documents and Settings\Dédé\Bureau\Cahier des charges projet
[2009/01/14 19:56:51 | 00,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009/01/14 16:11:32 | 00,038,496 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/01/14 16:11:28 | 00,015,504 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/01/14 12:45:34 | 00,069,632 | ---- | M] () -- C:\Documents and Settings\Dédé\Bureau\Cahier_des_charges_projet.doc
[2009/01/12 18:11:07 | 00,152,109 | ---- | M] () -- C:\Documents and Settings\Dédé\Bureau\carte autoroute.jpg
[2009/01/11 23:14:54 | 00,861,246 | ---- | M] () -- C:\Documents and Settings\Dédé\Bureau\crescendo.bmp
[2009/01/11 20:37:12 | 00,144,328 | ---- | M] () -- C:\Documents and Settings\Dédé\Bureau\carte2.jpg
[2009/01/11 19:30:02 | 00,137,490 | ---- | M] () -- C:\Documents and Settings\Dédé\Bureau\carte.jpg
[2009/01/11 15:44:02 | 00,136,677 | ---- | M] () -- C:\Documents and Settings\Dédé\Bureau\Google earth lys lez lannoy.jpg
[2009/01/10 02:35:28 | 20,853,704 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe

========== Alternate Data Streams ==========

@Alternate Data Stream - 0 bytes -> %UserProfile%\Mes documents\Thumbs.db:encryptable
@Alternate Data Stream - 0 bytes -> %UserProfile%\Bureau\Thumbs.db:encryptable
@Alternate Data Stream - 0 bytes -> %SystemRoot%\Thumbs.db:encryptable
<End>
Tichaton
 
Messages: 18
Inscription: 08 Fév 2009, 11:40

Messagede Tichaton » 08 Fév 2009, 22:31

OTListIt Extras logfile created on: 08/02/2009 22:21:26 - Run
OTListIt2 by OldTimer - Version 1.0.4.1 Folder = C:\Documents and Settings\Dédé\Bureau
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy

1023,30 Mb Total Physical Memory | 560,47 Mb Available Physical Memory | 54,77% Memory free
2,40 Gb Paging File | 2,02 Gb Available in Paging File | 84,23% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 152,66 Gb Total Space | 2,37 Gb Free Space | 1,55% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: CELISSE-EB9D4AC
Current User Name: Dédé
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Output = Standard
File Age = 30 Days
Company Name Whitelist: On

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- Reg Error: Key does not exist or could not be opened. File not found
========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[2006/01/30 16:27:20 | 07,237,632 | ---- | M] (France Telecom) -- C:\PROGRA~1\Livecom\APPLIC~1\Exe\Livecom.exe:*:Enabled:Livecom
File not found -- C:\PROGRA~1\Livecom\APPLIC~1\Exe\..\EconfV4\ftplayer.exe:*:Enabled:Livecom Media
[2008/04/13 19:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
[2006/06/21 01:20:20 | 00,187,176 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
[2006/06/21 01:20:50 | 01,211,176 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
[2006/06/21 01:20:52 | 01,993,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
[2008/12/02 21:44:52 | 00,582,992 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call
[2008/12/02 22:41:56 | 03,882,312 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
File not found -- C:\Program Files\Yahoo!\Messenger\YPager.exe:*:Enabled:Yahoo! Messenger
[2007/03/27 14:22:58 | 00,091,640 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server
[2006/01/30 16:27:20 | 07,237,632 | ---- | M] (France Telecom) -- C:\PROGRA~1\Livecom\APPLIC~1\Exe\Livecom.exe:*:Enabled:Livecom
File not found -- C:\PROGRA~1\Livecom\APPLIC~1\Exe\..\EconfV4\ftplayer.exe:*:Enabled:Livecom Media
[2005/12/29 16:27:56 | 00,761,935 | ---- | M] (France Telecom) -- C:\Program Files\Livecom\Application\eConfv4\livecomp.exe:*:Enabled:Livecom Player
[2008/08/01 18:41:24 | 05,480,448 | ---- | M] (http://www.emule-project.net) -- C:\Program Files\eMule\emule.exe:*:Enabled:eMule
File not found -- C:\Program Files\Soulseek-Test\slsk.exe:*:Enabled:SoulSeek
File not found -- C:\StubInstaller.exe:*:Enabled:LimeWire swarmed installer
File not found -- C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire
[2005/05/11 23:40:38 | 00,204,800 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe
[2005/05/24 01:17:46 | 00,225,280 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe
[2005/05/24 01:18:00 | 00,040,960 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe
[2005/05/24 01:13:32 | 00,081,920 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe
[2005/05/12 09:06:08 | 00,200,704 | ---- | M] () -- C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe
[2005/05/12 06:28:02 | 01,081,344 | ---- | M] (Hewlett-Packard) -- C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe
[2005/05/24 01:42:00 | 00,172,032 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe
[2005/05/12 07:34:58 | 00,151,635 | ---- | M] (Hewlett-Packard) -- C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe
[2005/05/24 01:18:52 | 00,458,752 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe
[2005/03/15 14:12:10 | 00,417,792 | ---- | M] () -- C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe
[2005/05/24 01:34:36 | 00,057,344 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe
[2004/09/02 03:35:48 | 00,029,696 | ---- | M] () -- C:\Program Files\Xfire\ua_lsp_inst.exe:*:Enabled:ua_lsp_inst
File not found -- C:\Program Files\EA GAMES\Medal of Honor Batailles du Pacifique(tm)\mohpa.exe:*:Enabled:Medal of Honor Pacific Assault(tm)
[2006/01/26 20:11:58 | 06,171,136 | R--- | M] () -- C:\Program Files\TrackMania Nations ESWC\TmNationsESWC.exe:*:Enabled:TmNationsESWC
[2008/04/14 03:34:01 | 00,083,456 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\dpvsetup.exe:*:Disabled:Microsoft DirectPlay Voice Test
[2008/04/14 03:34:20 | 00,033,792 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\rundll32.exe:*:Enabled:Exécuter une DLL en tant qu'application
[2008/04/13 19:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
[2007/01/08 07:52:39 | 05,607,424 | ---- | M] (Stephane) -- C:\Program Files\Personal Media Manager\PMMedia.exe:*:Enabled:PMMedia
[2008/04/14 03:34:16 | 00,421,888 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ntvdm.exe:*:Enabled:NTVDM.EXE
File not found -- C:\Documents and Settings\Dédé\Bureau\USB.exe:*:Enabled:USB
File not found -- C:\Documents and Settings\Dédé\Bureau\Tom\iso par usb\USB.exe:*:Enabled:USB
[2007/03/27 14:22:56 | 04,670,968 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Disabled:Yahoo! Messenger
File not found -- X:\Program Files\TrackMania Sunrise\TmSunrise.exe:*:Enabled:TmSunrise.exe
[2006/06/21 01:20:20 | 00,187,176 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
[2006/06/21 01:20:50 | 01,211,176 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
[2006/06/21 01:20:52 | 01,993,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
[2008/12/02 21:44:52 | 00,582,992 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call
[2008/12/02 22:41:56 | 03,882,312 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01020202-823E-46CD-A70E-BEE818F97169}" = Encyclopédie Standard Microsoft Encarta 2002
"{01523985-2098-43AF-9C97-12B07BE02A9B}" = Windows Live Call
"{03B1B42B-F6DE-41d9-8CFF-DC44E895C7A7}" = PhotoGallery
"{059C042E-796A-4ACC-A81A-ECC2010BB78C}" = Windows Live Messenger
"{0611BD4E-4FE4-4a62-B0C0-18A4CC463428}" = CP_Package_Variety1
"{09984AEC-6B9F-4ca7-B78D-CB44D4771DA3}" = Destinations
"{0AB76F69-E761-4CFA-B9B0-A1906B4E9E4B}" = WD Diagnostics
"{0B33B738-AD79-4E32-90C5-E67BFB10BBFF}" = AiO_Scan
"{172975EB-9465-4861-95B5-C7BB6D3DE62A}" = DocumentViewer
"{1C139D7D-9FEA-468d-A9C8-2A6E3BDE564A}" = CP_Package_Variety3
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Outil de téléchargement Windows Live
"{21DB3D90-D816-4092-A260-CA3F6B55A6DD}" = Sonic_PrimoSDK
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{23A7B376-BBEC-4e76-BBD7-0F155E70D74B}" = CP_Panorama1Config
"{2B7BDADB-EC8C-4C54-B5DD-CE45A016D3A7}" = Player Metaboli
"{2BA00471-0328-3743-93BD-FA813353A783}" = Microsoft .NET Framework 3.0 Service Pack 1
"{2CADCEAB-D5DA-44D6-B5FC-7DEE87AB3C0C}" = Unload
"{30C19FF2-7FBA-4d09-B9DE-1659977F64F6}" = TrayApp
"{3248F0A8-6813-11D6-A77B-00B0D0150030}" = J2SE Runtime Environment 5.0 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6
"{3248F0A8-6813-11D6-A77B-00B0D0150090}" = J2SE Runtime Environment 5.0 Update 9
"{3248F0A8-6813-11D6-A77B-00B0D0150100}" = J2SE Runtime Environment 5.0 Update 10
"{3248F0A8-6813-11D6-A77B-00B0D0150110}" = J2SE Runtime Environment 5.0 Update 11
"{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java(TM) SE Runtime Environment 6 Update 1
"{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java(TM) 6 Update 2
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java(TM) 6 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java(TM) 6 Update 5
"{32BDCCB8-9DC8-496d-9DB1-F77510775BDB}" = InstantShareDevices
"{350C940c-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{36E47DA1-10E1-45d9-8B19-14D19607CDCF}" = CP_CalendarTemplates1
"{36FDBE6E-6684-462B-AE98-9A39A1B200CC}" = HP Product Assistant
"{3980C794-D40D-4E43-A59D-2D24F1380A25}" = Sony Ericsson Communication Center
"{39868E24-EF10-41E4-92F9-920D26E5D4D7}" = UMD RIPPER V1.0
"{3CCB732A-E472-4CF9-B1EE-F18365341FE0}" = Installation Windows Live
"{3DE5E7D4-7B88-403C-A3FD-2017A8240C5B}" = Google Earth
"{3DED3A72-61A8-4B87-98A5-EF0BC8038AA0}" = DAEMON Tools
"{4AE3A0CB-87B0-4F51-BECD-3D1F8DFDD62F}" = SAGEM F@st 800-840
"{4BDFD2CE-6329-42E4-9801-9B3D1F10D79B}" = Adobe® Photoshop® Album Edition Découverte 3.0
"{53EE9E42-CECB-4C92-BF76-9CA65DAF8F1C}" = FullDPAppQFolder
"{5421155F-B033-49DB-9B33-8F80F233D4D5}" = GdiplusUpgrade
"{54A2CFDE-DC70-46E0-92AC-DC88F6303D39}" = Guitar Pro 4
"{54DEF122-41FD-469B-AD4A-9AA0AE4DF592}" = 1600_Help
"{54E3707F-808E-4fd4-95C9-15D1AB077E5D}" = NewCopy
"{56EE8B17-8274-418d-89AC-C057C5DB251E}" = RandMap
"{56F8AFC3-FA98-4ff1-9673-8A026CBF85BE}" = WebReg
"{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}" = Microsoft Office Live Add-in 1.3
"{5A01C58E-B0EC-49b9-AD71-7C0468688087}" = CP_Package_Basic1
"{5B79CFD1-6845-4158-9D7D-6BE89DF2C135}" = HP PSC & OfficeJet 5.3.B
"{5F26311C-B135-4F7F-B11E-8E650F83651E}" = DeviceFunctionQFolder
"{649C4B1A-6A76-499A-9AEC-0C9530FA7D2C}" = WD Anywhere Backup
"{65248369-7CB9-43A9-82C8-C438AE04DED4}" = 1500
"{66BA8C26-AFE4-4408-807B-43E76B57EF53}" = SkinsHP1
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{68D1D94B-F191-487A-A51A-ED9B194AEF73}" = 1600Trb
"{6BB6627C-694F-4FDC-A3E5-C7F4BED4C724}" = DocProc
"{73E94429-C8A2-46B5-A203-E30C62D5379D}" = Wireless 802.11g USB Adapter
"{7850A6D2-CBEA-4728-9877-F1BEDEA9F619}" = AiOSoftware
"{7C03270C-4FAB-4F5C-B10D-52FEDA190790}" = DocumentViewerQFolder
"{7C9B95B7-B598-4398-B30F-7F6827192E6C}" = ProductContext
"{7E27304E-BAA2-4d90-A34E-76641FAFABB4}" = CP_AtenaShokunin1Config
"{81E06318-EEB9-4D55-8CD5-7AC9148D5E66}" = 1500_Help
"{83d96ed0-98aa-4515-8ddc-816f3efdd104}" = MyDSC2
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A7E941F-2BB4-47D0-B732-8AE5F3513B68}" = ASAPI
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{9011040C-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-040C-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{923A7F5A-1E8C-4FBE-8DF6-85940A60A79F}" = Readme
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95120000-0120-040C-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{9A394342-4A68-4EBA-85A6-55B559F4E700}" = Microsoft .NET Framework 1.1 French Language Pack
"{A195B13E-A5E3-4BAF-A995-7F70F445CD06}" = ScannerCopy
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A5BB5365-EFB4-44c3-A7E2-EB59B7EFD23D}" = CueTour
Tichaton
 
Messages: 18
Inscription: 08 Fév 2009, 11:40

Messagede Tichaton » 08 Fév 2009, 22:31

"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC1E4C93-C1E7-11D6-9D10-00010240CE95}" = Java 2 Runtime Environment, SE v1.4.0_03
"{AC76BA86-7AD7-1036-7B44-A81300000003}" = Adobe Reader 8.1.3 - Français
"{ACBD0110-F243-11D4-BCEE-00104B1CB360}" = Plug-in ma messagerie vocale Orange
"{B208806F-A231-4FA0-AB3F-5C1B8979223E}" = Microsoft ActiveSync 4.0
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B4D279F1-4309-49cc-A4B5-3A0D2E59C7B5}" = PanoStandAlone
"{B508B3F1-A24A-32C0-B310-85786919EF28}" = Microsoft .NET Framework 2.0 Service Pack 1
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B824B5C9-849F-4b9e-9EA7-6FD8CD8116DA}" = CP_Package_Variety2
"{B996AE66-10DB-4ac5-B151-E8B4BFBC42FC}" = BufferChm
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{C506A18C-1469-4678-B094-F4EC9DAE6DB7}" = Scan
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CBA30674-A242-4531-82B5-586B31F90E04}" = 1500Trb
"{CE24344F-DFD8-40C8-8FD8-C9740B5F25AC}" = Fax
"{D050D7362D214723AD585B541FFB6C11}" = DivX Content Uploader
"{D3DDBF02-DB55-41F1-AC87-7C0EE4037E74}" = 1600
"{D6E592B3-67DA-4BBB-9783-E1838FB253A2}" = Assistant de connexion Windows Live
"{E3F90083-80D4-4b5a-87C7-E97E12F5516D}" = HPProductAssistant
"{E934E2A2-BE3B-4C1A-A3D9-753FFB2B38B4}" = WD Drive Manager (x86)
"{E9F81423-211E-46B6-9AE0-38568BC5CF6F}" =
"{EA103B64-C0E4-4C0E-A506-751590E1653D}" = SolutionCenter
"{EE28E1DC-A319-4DFE-B8ED-BEE329D377A4}" = Sony Ericsson PC Suite 1.10.36
"{F4C2E5F5-2970-45f4-ABD3-C180C4D961C4}" = Status
"{F69E83CF-B440-43F8-89E6-6EA80712109B}" = Windows Live Communications Platform
"{FE57DE70-95DE-4B64-9266-84DA811053DB}" = HP Update
"{FEF82C79-A738-4EE2-9600-39895B21506F}" = PHASE 22 & 28 ControlPanel
"{FF68F12A-C03A-4C44-8514-2F3DEA803B08}" = FloorPlan 3D v8
"Adobe Acrobat 4.0" = Adobe Acrobat 4.0
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player
"AntiVir PersonalEdition Classic" = Avira AntiVir PersonalEdition Classic
"AviSynth" = AviSynth 2.5
"CloneCD" = CloneCD
"CSO-DAX Compressor V0.37" = CSO-DAX Compressor V0.37
"DVD Shrink_is1" = DVD Shrink 3.2
"eMule" = eMule
"enable Encore" = enable Encore 4.0
"exent_424454" = Agatha Christie
"exent_427354" = Trackmania SunrisEx
"exent_463654" = Entraîneur Cérébral
"FL Studio 5" = FL Studio 5
"Gimp pour Windows" = Gimp pour Windows 2.2.10
"HijackThis" = HijackThis 2.0.2
"hp deskjet 840c series" = hp deskjet 840c series (Supprimer uniquement)
"hp deskjet 840c series_Driver" = hp deskjet 840c series
"HP Document Viewer" = HP Document Viewer 5.3
"HP Imaging Device Functions" = HP Imaging Device Functions 5.3
"HP Photo & Imaging" = HP Image Zone 5.3
"HP Solution Center & Imaging Support Tools" = HP Solution Center & Imaging Support Tools 5.3
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"IISCN VcdromX" = IISCN VcdromX
"InCD!UninstallKey" = InCD
"InstallShield_{649C4B1A-6A76-499A-9AEC-0C9530FA7D2C}" = WD Anywhere Backup
"KLiteCodecPack_is1" = K-Lite Mega Codec Pack 1.52
"LifeGlobe Goldfish Aquarium_is1" = LifeGlobe Goldfish Aquarium
"Livecom" = Orange Link
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Micromega Software Comptes" = Micromega Software System Comptes
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Mozilla Firefox (3.0.6)" = Mozilla Firefox (3.0.6)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MSNFix 1.749_is1" = MSNFix 1.749
"MSNINST" = MSN
"Multi Media Toolbar" = Multi Media Toolbar
"Navilog1_is1" = Navilog1 3.7.2
"NeroMultiInstaller!UninstallKey" = Nero Suite
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA Drivers" = NVIDIA Drivers
"OOBOX iTuner" = OOBOX iTuner 2.0
"PBP Unpacker_is1" = PBP Unpacker v0.93
"Personal Media Manager 2.86" = Personal Media Manager 2.86
"Plug-in Le service Photo Livecom" = Plug-in Le service Photo Livecom
"QuickPar" = QuickPar 0.9
"RoomVerb M2 2.0" = SpinAudio RoomVerb M2 2.0 Demo
"SereneScreen Marine Aquarium 2_is1" = SereneScreen Marine Aquarium 2
"Shockwave" = Shockwave
"ShockwaveFlash" = Adobe Flash Player 9 ActiveX
"SLD Codec Pack" = SLD Codec Pack
"Steinberg Cubase LE" = Steinberg Cubase LE
"Steinberg Cubase SX 1.01" = Steinberg Cubase SX 1.01
"Steinberg Cubase SX v3.1.1.944" = Steinberg Cubase SX v3.1.1.944
"Super DVD Ripper v1.90" = Super DVD Ripper v1.90
"SyncroSoft Emu" = SyncroSoft Emu (Remove only)
"Syncrosoft's License Control" = Le Centre de Contrôle de Licences de Syncrosoft
"TmNations_is1" = TrackMania Nations ESWC 0.1.7.5
"VLC media player" = VideoLAN VLC media player 0.8.4a
"VMidi" = vanBasco's Karaoke Player
"Wanadoo Messager" = Wanadoo Messager
"WaveLabLite" = WaveLab Lite
"WebPopupKiller_is1" = WebPopupKiller 1.0
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Lecteur Windows Media 11
"Windows XP Service" = Windows XP Service Pack 3
"WinLiveSuite_Wave3" = Installation Windows Live
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Xfire" = Xfire (remove only)
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"XviD4PSP" = XviD4PSP by Winnydows
"Yahoo! Messenger" = Yahoo! Messenger

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Live Search" = Notification Live Search

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-746137067-1972579041-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Live Search" = Notification Live Search

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 06/02/2009 20:58:53 | Computer Name = CELISSE-EB9D4AC | Source = Application Error | ID = 1000
Description = Application défaillante wlcomm.exe, version 14.0.8050.1202, module
défaillant nmdfgds0.dll, version 0.0.0.0, adresse de défaillance 0x0001d67d.

Error - 06/02/2009 20:59:24 | Computer Name = CELISSE-EB9D4AC | Source = Application Error | ID = 1000
Description = Application défaillante wlcomm.exe, version 14.0.8050.1202, module
défaillant nmdfgds0.dll, version 0.0.0.0, adresse de défaillance 0x0001d67d.

Error - 06/02/2009 21:00:07 | Computer Name = CELISSE-EB9D4AC | Source = Application Error | ID = 1000
Description = Application défaillante wlcomm.exe, version 14.0.8050.1202, module
défaillant nmdfgds0.dll, version 0.0.0.0, adresse de défaillance 0x0001d67d.

Error - 06/02/2009 21:00:22 | Computer Name = CELISSE-EB9D4AC | Source = Application Error | ID = 1000
Description = Application défaillante wlcomm.exe, version 14.0.8050.1202, module
défaillant nmdfgds0.dll, version 0.0.0.0, adresse de défaillance 0x0001d67d.

Error - 06/02/2009 21:00:34 | Computer Name = CELISSE-EB9D4AC | Source = Application Error | ID = 1001
Description = Détecteur d'erreurs 1132414360.

Error - 06/02/2009 21:02:19 | Computer Name = CELISSE-EB9D4AC | Source = Application Error | ID = 1000
Description = Application défaillante wlcomm.exe, version 14.0.8050.1202, module
défaillant nmdfgds0.dll, version 0.0.0.0, adresse de défaillance 0x0001d67d.

Error - 08/02/2009 06:31:57 | Computer Name = CELISSE-EB9D4AC | Source = Application Error | ID = 1000
Description = Application défaillante wlcomm.exe, version 14.0.8050.1202, module
défaillant nmdfgds0.dll, version 0.0.0.0, adresse de défaillance 0x0001d67d.

Error - 08/02/2009 06:32:38 | Computer Name = CELISSE-EB9D4AC | Source = Application Error | ID = 1000
Description = Application défaillante wlcomm.exe, version 14.0.8050.1202, module
défaillant nmdfgds0.dll, version 0.0.0.0, adresse de défaillance 0x0001d67d.

Error - 08/02/2009 06:47:02 | Computer Name = CELISSE-EB9D4AC | Source = Application Error | ID = 1000
Description = Application défaillante wlcomm.exe, version 14.0.8050.1202, module
défaillant nmdfgds0.dll, version 0.0.0.0, adresse de défaillance 0x0001d67d.

Error - 08/02/2009 17:05:39 | Computer Name = CELISSE-EB9D4AC | Source = Application Error | ID = 1000
Description = Application défaillante gnc.exe, version 0.0.0.0, module défaillant
gnc.exe, version 0.0.0.0, adresse de défaillance 0x00000154.

[ System Events ]
Error - 08/02/2009 16:35:12 | Computer Name = CELISSE-EB9D4AC | Source = Service Control Manager | ID = 7023
Description = Le service Gestion d'applications s'est arrêté avec l'erreur : %%126

Error - 08/02/2009 16:35:12 | Computer Name = CELISSE-EB9D4AC | Source = Service Control Manager | ID = 7023
Description = Le service Gestion d'applications s'est arrêté avec l'erreur : %%126

Error - 08/02/2009 16:35:12 | Computer Name = CELISSE-EB9D4AC | Source = Service Control Manager | ID = 7023
Description = Le service Gestion d'applications s'est arrêté avec l'erreur : %%126

Error - 08/02/2009 16:50:47 | Computer Name = CELISSE-EB9D4AC | Source = SideBySide | ID = 16842784
Description = L'assemblage dépendant Microsoft.VC80.MFCLOC ne peut pas être trouvé.
La dernière erreur était L'assemblage référencé n'est pas installé sur votre système.


Error - 08/02/2009 16:50:47 | Computer Name = CELISSE-EB9D4AC | Source = SideBySide | ID = 16842811
Description = Resolve Partial Assembly a échoué pour Microsoft.VC80.MFCLOC. Message
d'erreur de référence : L'assemblage référencé n'est pas installé sur votre système.
.

Error - 08/02/2009 16:50:47 | Computer Name = CELISSE-EB9D4AC | Source = SideBySide | ID = 16842811
Description = Generate Activation Context a échoué pour C:\Program Files\Western
Digital\WD Drive Manager\MFC80U.DLL. Message d'erreur de référence : Opération réussie.
.

Error - 08/02/2009 16:50:47 | Computer Name = CELISSE-EB9D4AC | Source = SideBySide | ID = 16842784
Description = L'assemblage dépendant Microsoft.VC80.MFCLOC ne peut pas être trouvé.
La dernière erreur était L'assemblage référencé n'est pas installé sur votre système.


Error - 08/02/2009 16:50:47 | Computer Name = CELISSE-EB9D4AC | Source = SideBySide | ID = 16842811
Description = Resolve Partial Assembly a échoué pour Microsoft.VC80.MFCLOC. Message
d'erreur de référence : L'assemblage référencé n'est pas installé sur votre système.
.

Error - 08/02/2009 16:50:47 | Computer Name = CELISSE-EB9D4AC | Source = SideBySide | ID = 16842811
Description = Generate Activation Context a échoué pour C:\Program Files\Western
Digital\WD Drive Manager\MFC80U.DLL. Message d'erreur de référence : Opération réussie.
.

Error - 08/02/2009 16:51:06 | Computer Name = CELISSE-EB9D4AC | Source = Service Control Manager | ID = 7000
Description = Le service General Purpose USB Driver (e4ldr.sys) n'a pas pu démarrer
en raison de l'erreur : %%2


<End>
Tichaton
 
Messages: 18
Inscription: 08 Fév 2009, 11:40

Messagede Tichaton » 08 Fév 2009, 22:33

Bon je crois que j'ai fait ce que tu m'as demandé... J'espère que ce ne sera pas trop grave docteur!
Tichaton
 
Messages: 18
Inscription: 08 Fév 2009, 11:40

Suivante

Retourner vers Sécurité (Contamination - Décontamination)

Qui est en ligne

Utilisateurs parcourant ce forum: Aucun utilisateur enregistré et 24 invités