[OK] Problème : "Allez au travail! Arretez de surfer&qu

Sécurité et insécurité. Virus, Trojans, Spywares, Failles etc. …

Modérateur: Modérateurs et Modératrices

Règles du forum
Assiste.com a suspendu l'assistance à la décontamination après presque 15 ans sur l'ancien forum puis celui-ci. Voir :

Procédure de décontamination 1 - Anti-malware
Décontamination anti-malwares

Procédure de décontamination 2 - Anti-malware et antivirus (La Manip)
La Manip - Procédure standard de décontamination

Entretien périodique d'un PC sous Windows
Entretien périodique d'un PC sous Windows

Protection des navigateurs, de la navigation et de la vie privée
Protéger le navigateur, la navigation et la vie privée

[OK] Problème : "Allez au travail! Arretez de surfer&qu

Messagede John, la reine des pommes » 20 Fév 2009, 07:38

OTListIt logfile created on: 20/02/2009 07:17:28 - Run 4
OTListIt2 by OldTimer - Version 2.0.0.18 Folder = C:\Users\no name\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy

2,00 Gb Total Physical Memory | 1,88 Gb Available Physical Memory | 93,85% Memory free
4,00 Gb Paging File | 4,00 Gb Available in Paging File | 100,00% Paging File free
Paging file location(s): ?:\pagefile.sys;

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 223,71 Gb Total Space | 149,56 Gb Free Space | 66,86% Space Free | Partition Type: NTFS
Drive D: | 9,17 Gb Total Space | 1,19 Gb Free Space | 12,95% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: no name
Current User Name: no name
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Output = Standard
File Age = 30 Days
Company Name Whitelist: On

========== Processes (SafeList) ==========

PRC - [2008/05/14 03:09:00 | 00,118,784 | ---- | M] (NVIDIA Corporation) -- C:\Windows\system32\nvvsvc.exe
PRC - [2008/06/27 19:43:24 | 00,221,273 | ---- | M] (IDT, Inc.) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_a7e996cd\STacSV.exe
PRC - [2008/08/07 13:37:24 | 00,024,880 | ---- | M] (Hewlett-Packard Corporation) -- C:\Windows\system32\Hpservice.exe
PRC - [2008/11/26 18:12:08 | 00,018,752 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
PRC - [2008/11/26 18:18:46 | 00,155,160 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe
PRC - [2008/02/12 21:05:54 | 00,073,728 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_030ac640\aestsrv.exe
PRC - [2008/10/01 12:06:14 | 00,116,040 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2008/02/26 13:13:22 | 00,073,728 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe
PRC - [2008/04/23 23:51:58 | 00,292,232 | ---- | M] () -- C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
PRC - [2008/04/23 23:52:06 | 00,112,008 | ---- | M] () -- C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe
PRC - [2008/03/26 14:26:56 | 00,341,328 | ---- | M] () -- C:\Windows\SMINST\BLService.exe
PRC - [2007/01/09 10:25:00 | 00,272,024 | ---- | M] () -- C:\Program Files\CyberLink\Shared Files\RichVideo.exe
PRC - [2009/01/26 15:31:10 | 01,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2008/10/29 07:29:41 | 02,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\Explorer.EXE
PRC - [2008/03/28 01:05:00 | 01,045,800 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
PRC - [2008/01/21 03:23:32 | 01,008,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
PRC - [2007/05/08 15:24:20 | 00,054,840 | ---- | M] (Hewlett-Packard) -- C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
PRC - [2007/11/20 06:44:58 | 00,488,752 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
PRC - [2008/11/26 18:18:51 | 00,081,000 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashDisp.exe
PRC - [2008/06/27 19:42:08 | 00,442,467 | ---- | M] (IDT, Inc.) -- C:\Program Files\IDT\WDM\sttray.exe
PRC - [2009/02/18 04:59:27 | 00,148,888 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
PRC - [2008/04/23 23:51:14 | 00,468,264 | ---- | M] (CyberLink Corp.) -- C:\Program Files\HP\QuickPlay\QPService.exe
PRC - [2008/03/14 07:45:10 | 00,202,032 | ---- | M] ( Hewlett-Packard Development Company, L.P.) -- C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
PRC - [2007/11/01 17:42:38 | 00,554,288 | ---- | M] ( Hewlett-Packard Development Company, L.P.) -- C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
PRC - [2008/01/21 03:25:11 | 00,125,952 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\ehtray.exe
PRC - [2009/01/26 15:31:16 | 02,144,088 | RHS- | M] (Safer Networking Limited) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2008/01/21 03:25:11 | 00,037,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehmsas.exe
PRC - [2008/11/26 18:18:32 | 00,254,040 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
PRC - [2008/11/26 18:16:23 | 00,352,920 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
PRC - [2008/01/25 17:05:30 | 00,148,832 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
PRC - [2008/01/21 03:24:28 | 00,245,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\wbem\wmiprvse.exe
PRC - [2008/03/28 01:06:00 | 00,095,528 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
PRC - [2007/09/26 05:34:40 | 00,316,720 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE
PRC - [2008/04/11 08:04:54 | 00,685,360 | ---- | M] () -- C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
PRC - [2008/06/16 08:02:28 | 00,094,208 | ---- | M] (Hewlett-Packard) -- c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
PRC - [2009/02/19 05:49:47 | 00,494,592 | ---- | M] (OldTimer Tools) -- C:\Users\no name\Desktop\OTListIt2.exe

========== Win32 Services (SafeList) ==========

SRV - [2008/02/12 21:05:54 | 00,073,728 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_030ac640\aestsrv.exe -- (AESTFilters [Auto | Running])
SRV - [2008/10/01 12:06:14 | 00,116,040 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device [Auto | Running])
SRV - [2008/11/26 18:12:08 | 00,018,752 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe -- (aswUpdSv [Auto | Running])
SRV - [2008/11/26 18:18:46 | 00,155,160 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe -- (avast! Antivirus [Auto | Running])
SRV - [2008/11/26 18:18:32 | 00,254,040 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe -- (avast! Mail Scanner [On_Demand | Running])
SRV - [2008/11/26 18:16:23 | 00,352,920 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe -- (avast! Web Scanner [On_Demand | Running])
SRV - [2008/07/27 19:03:13 | 00,069,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
SRV - [2008/01/21 03:25:09 | 00,292,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehRecvr.exe -- (ehRecvr [Disabled | Stopped])
SRV - [2006/11/02 13:35:29 | 00,131,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehsched.exe -- (ehSched [Disabled | Stopped])
SRV - [2006/11/02 13:35:29 | 00,013,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehstart.dll -- (ehstart [Disabled | Stopped])
SRV - [2008/02/03 11:00:00 | 00,129,992 | ---- | M] (EasyBits Sofware AS) -- C:\Windows\System32\ezsvc7.dll -- (ezSharedSvc [Auto | Running])
SRV - [2008/06/20 02:14:44 | 00,046,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Stopped])
SRV - [2007/07/24 00:33:06 | 00,181,800 | ---- | M] (WildTangent, Inc.) -- C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe -- (GameConsoleService [On_Demand | Stopped])
SRV - [2008/06/16 08:02:28 | 00,094,208 | ---- | M] (Hewlett-Packard) -- c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe -- (HP Health Check Service [Auto | Running])
SRV - [2008/01/25 17:05:30 | 00,148,832 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe -- (hpqwmiex [On_Demand | Running])
SRV - [2008/08/07 13:37:24 | 00,024,880 | ---- | M] (Hewlett-Packard Corporation) -- C:\Windows\system32\Hpservice.exe -- (hpsrv [Auto | Running])
SRV - [2004/10/22 02:24:18 | 00,073,728 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped])
SRV - [2008/06/20 02:14:31 | 00,881,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc [Unknown | Stopped])
SRV - [2008/10/01 18:57:00 | 00,536,872 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service [Disabled | Stopped])
SRV - [2008/02/26 13:13:22 | 00,073,728 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe -- (LightScribeService [Auto | Running])
SRV - [2008/06/20 02:14:31 | 00,132,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled | Stopped])
SRV - [2008/05/14 03:09:00 | 00,118,784 | ---- | M] (NVIDIA Corporation) -- C:\Windows\system32\nvvsvc.exe -- (nvsvc [Auto | Running])
SRV - [2007/08/24 02:19:12 | 00,443,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv [On_Demand | Stopped])
SRV - [2006/10/26 13:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
SRV - [2008/04/23 23:51:58 | 00,292,232 | ---- | M] () -- C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe -- (QPCapSvc [Auto | Running])
SRV - [2008/04/23 23:52:06 | 00,112,008 | ---- | M] () -- C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe -- (QPSched [Auto | Running])
SRV - [2008/03/26 14:26:56 | 00,341,328 | ---- | M] () -- C:\Windows\SMINST\BLService.exe -- (Recovery Service for Windows [Auto | Running])
SRV - [2007/01/09 10:25:00 | 00,272,024 | ---- | M] () -- C:\Program Files\CyberLink\Shared Files\RichVideo.exe -- (RichVideo [Auto | Running])
SRV - [2009/01/26 15:31:10 | 01,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService [Auto | Running])
SRV - [2008/06/27 19:43:24 | 00,221,273 | ---- | M] (IDT, Inc.) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_a7e996cd\STacSV.exe -- (STacSV [Auto | Running])
SRV - [2008/01/21 03:23:32 | 00,272,952 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend [Auto | Running])
SRV - [2008/01/21 03:25:33 | 00,896,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc [On_Demand | Stopped])

========== Driver Services (SafeList) ==========

DRV - [2008/08/07 13:31:52 | 00,034,608 | ---- | M] (Hewlett-Packard Corporation) -- C:\Windows\system32\DRIVERS\Accelerometer.sys -- (Accelerometer [On_Demand | Running])
DRV - [2008/01/21 03:23:21 | 00,422,968 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx [Boot | Running])
DRV - [2008/01/21 03:23:25 | 00,300,600 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci [Boot | Running])
DRV - [2008/01/21 03:23:26 | 00,101,432 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m [Boot | Running])
DRV - [2008/01/21 03:23:27 | 00,149,560 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320 [Boot | Running])
DRV - [2006/11/02 10:50:11 | 00,071,272 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx [Boot | Running])
DRV - [2008/01/21 03:23:00 | 00,017,464 | ---- | M] (Acer Laboratories Inc.) -- C:\Windows\system32\drivers\aliide.sys -- (aliide [Boot | Running])
DRV - [2008/01/21 03:23:23 | 00,079,416 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\arc.sys -- (arc [Boot | Running])
DRV - [2008/01/21 03:23:24 | 00,079,928 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas [Boot | Running])
DRV - [2008/11/26 18:17:25 | 00,020,560 | ---- | M] (ALWIL Software) -- C:\Windows\system32\DRIVERS\aswFsBlk.sys -- (aswFsBlk [Auto | Running])
DRV - [2008/11/26 18:17:15 | 00,051,792 | ---- | M] (ALWIL Software) -- C:\Windows\system32\DRIVERS\aswMonFlt.sys -- (aswMonFlt [Auto | Running])
DRV - [2008/11/26 18:16:29 | 00,023,152 | ---- | M] (ALWIL Software) -- C:\Windows\System32\drivers\aswRdr.sys -- (aswRdr [System | Running])
DRV - [2008/11/26 18:17:36 | 00,111,184 | ---- | M] (ALWIL Software) -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP [System | Running])
DRV - [2008/11/26 18:16:38 | 00,050,864 | ---- | M] (ALWIL Software) -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi [System | Running])
DRV - [2006/11/02 08:30:53 | 00,464,384 | ---- | M] (Broadcom Corporation) -- C:\Windows\system32\DRIVERS\bcmwl6.sys -- (BCM43XV [On_Demand | Stopped])
DRV - [2006/11/02 09:24:45 | 00,013,568 | ---- | M] (Brother Industries, Ltd.) -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo [On_Demand | Stopped])
DRV - [2006/11/02 09:24:46 | 00,005,248 | ---- | M] (Brother Industries, Ltd.) -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp [On_Demand | Stopped])
DRV - [2006/11/02 09:25:24 | 00,071,808 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\system32\drivers\brserid.sys -- (Brserid [On_Demand | Stopped])
DRV - [2006/11/02 09:24:44 | 00,062,336 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm [On_Demand | Stopped])
DRV - [2006/11/02 09:24:44 | 00,012,160 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm [On_Demand | Stopped])
DRV - [2006/11/02 09:24:47 | 00,011,904 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer [On_Demand | Stopped])
DRV - [2008/01/21 03:23:00 | 00,019,000 | ---- | M] (CMD Technology, Inc.) -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide [Boot | Running])
DRV - [2008/01/21 03:23:24 | 00,118,784 | ---- | M] (Intel Corporation) -- C:\Windows\system32\DRIVERS\E1G60I32.sys -- (E1G60 [On_Demand | Stopped])
DRV - [2008/01/21 03:23:22 | 00,342,584 | ---- | M] (Emulex) -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor [Boot | Running])
DRV - [2008/01/24 14:23:12 | 00,052,736 | ---- | M] (ENE TECHNOLOGY INC.) -- C:\Windows\system32\DRIVERS\enecir.sys -- (enecir [On_Demand | Running])
DRV - [2008/04/17 12:12:54 | 00,015,464 | ---- | M] (GEAR Software Inc.) -- C:\Windows\system32\DRIVERS\GEARAspiWDM.sys -- (GEARAspiWDM [On_Demand | Running])
DRV - [2006/10/23 11:42:30 | 00,031,899 | ---- | M] (Compuware Corporation) -- C:\Windows\system32\drivers\hid8101.SYS -- (hid8101 [On_Demand | Stopped])
DRV - [2008/01/21 03:23:26 | 00,040,504 | ---- | M] (Hewlett-Packard Company) -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs [Boot | Running])
DRV - [2008/08/07 13:42:12 | 00,025,392 | ---- | M] (Hewlett-Packard Corporation) -- C:\Windows\system32\DRIVERS\hpdskflt.sys -- (hpdskflt [Boot | Running])
DRV - [2007/06/18 16:12:04 | 00,016,768 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Windows\system32\DRIVERS\HpqKbFiltr.sys -- (HpqKbFiltr [On_Demand | Stopped])
DRV - [2007/07/11 09:30:22 | 00,007,168 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Windows\system32\DRIVERS\HpqRemHid.sys -- (HpqRemHid [On_Demand | Stopped])
DRV - [2008/01/21 03:23:22 | 00,200,704 | ---- | M] (Conexant Systems, Inc.) -- C:\Windows\system32\DRIVERS\VSTAZL3.SYS -- (HSFHWAZL [On_Demand | Stopped])
DRV - [2008/01/21 03:23:22 | 00,987,648 | ---- | M] (Conexant Systems, Inc.) -- C:\Windows\system32\DRIVERS\VSTDPV3.SYS -- (HSF_DPV [On_Demand | Stopped])
DRV - [2008/01/21 03:23:23 | 00,235,064 | ---- | M] (Intel Corporation) -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV [Boot | Running])
DRV - [2006/11/02 10:50:17 | 00,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp [Boot | Running])
DRV - [2006/11/02 10:50:07 | 00,035,944 | ---- | M] (Integrated Technology Express, Inc.) -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi [Boot | Running])
DRV - [2006/11/02 10:50:09 | 00,035,944 | ---- | M] (Integrated Technology Express, Inc.) -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid [Boot | Running])
DRV - [2008/04/11 18:55:04 | 00,084,240 | ---- | M] (JMicron Technology Corp.) -- C:\Windows\system32\DRIVERS\jmcr.sys -- (JMCR [On_Demand | Running])
DRV - [2008/01/21 03:23:23 | 00,096,312 | ---- | M] (LSI Logic) -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC [Boot | Running])
DRV - [2008/01/21 03:23:25 | 00,089,656 | ---- | M] (LSI Logic) -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS [Boot | Running])
DRV - [2008/01/21 03:23:23 | 00,096,312 | ---- | M] (LSI Logic) -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI [Boot | Running])
DRV - [2008/01/21 03:23:27 | 00,031,288 | ---- | M] (LSI Corporation) -- C:\Windows\system32\drivers\megasas.sys -- (megasas [Boot | Running])
DRV - [2008/01/21 03:23:27 | 00,386,616 | ---- | M] (LSI Corporation, Inc.) -- C:\Windows\system32\drivers\megasr.sys -- (MegaSR [Boot | Running])
DRV - [2006/11/02 10:49:59 | 00,033,384 | ---- | M] (LSI Logic Corporation) -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x [Boot | Running])
DRV - [2008/11/17 15:40:22 | 03,668,480 | ---- | M] (Intel Corporation) -- C:\Windows\system32\DRIVERS\NETw5v32.sys -- (NETw5v32 [On_Demand | Running])
DRV - [2006/11/02 10:50:19 | 00,045,160 | ---- | M] (IBM Corporation) -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960 [Boot | Running])
DRV - [2006/11/02 08:36:50 | 00,020,608 | ---- | M] (N-trig Innovative Technologies) -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi [On_Demand | Stopped])
DRV - [2006/11/02 08:30:56 | 00,429,056 | ---- | M] (NVIDIA Corporation) -- C:\Windows\system32\DRIVERS\nvm60x32.sys -- (NVENETFD [On_Demand | Stopped])
DRV - [2008/05/14 03:09:00 | 00,043,552 | ---- | M] (NVIDIA Corporation) -- C:\Windows\system32\drivers\nvhda32v.sys -- (NVHDA [On_Demand | Running])
DRV - [2008/05/14 03:09:00 | 07,443,872 | ---- | M] (NVIDIA Corporation) -- C:\Windows\system32\DRIVERS\nvlddmkm.sys -- (nvlddmkm [On_Demand | Running])
DRV - [2008/01/21 03:23:21 | 00,102,968 | ---- | M] (NVIDIA Corporation) -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid [Boot | Running])
DRV - [2008/01/21 03:23:21 | 00,045,112 | ---- | M] (NVIDIA Corporation) -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor [Boot | Running])
DRV - [2008/01/21 03:23:24 | 01,122,360 | ---- | M] (QLogic Corporation) -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300 [Boot | Running])
DRV - [2006/11/02 10:50:35 | 00,106,088 | ---- | M] (QLogic Corporation) -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx [Boot | Running])
DRV - [2008/04/15 11:05:08 | 00,118,784 | ---- | M] (Realtek Corporation ) -- C:\Windows\system32\DRIVERS\Rtlh86.sys -- (RTL8169 [On_Demand | Running])
DRV - [2006/11/02 07:37:21 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\Windows\System32\drivers\secdrv.sys -- (secdrv [Auto | Running])
DRV - [2008/01/21 03:23:26 | 00,074,808 | ---- | M] (Silicon Integrated Systems) -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4 [Boot | Running])
DRV - [2008/11/06 19:16:47 | 00,717,296 | ---- | M] () -- C:\Windows\System32\Drivers\sptd.sys -- (sptd [Boot | Running])
DRV - [2008/06/27 19:44:18 | 00,380,928 | ---- | M] (IDT, Inc.) -- C:\Windows\system32\DRIVERS\stwrt.sys -- (STHDA [On_Demand | Running])
DRV - [2006/11/02 10:50:05 | 00,035,944 | ---- | M] (LSI Logic) -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx [Boot | Running])
DRV - [2006/11/02 10:49:56 | 00,031,848 | ---- | M] (LSI Logic) -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi [Boot | Running])
DRV - [2006/11/02 10:50:03 | 00,034,920 | ---- | M] (LSI Logic) -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3 [Boot | Running])
DRV - [2008/03/28 01:06:00 | 00,199,472 | ---- | M] (Synaptics, Inc.) -- C:\Windows\system32\DRIVERS\SynTP.sys -- (SynTP [On_Demand | Running])
DRV - [2008/01/21 03:23:20 | 00,238,648 | ---- | M] (ULi Electronics Inc.) -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci [Boot | Running])
DRV - [2006/11/02 10:50:35 | 00,098,408 | ---- | M] (Promise Technology, Inc.) -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata [Boot | Running])
DRV - [2008/01/21 03:23:23 | 00,115,816 | ---- | M] (Promise Technology, Inc.) -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2 [Boot | Running])
DRV - [2007/07/11 10:40:18 | 00,012,416 | ---- | M] (LG Electronics Inc.) -- C:\Windows\system32\DRIVERS\lgusbbus.sys -- (usbbus [On_Demand | Stopped])
DRV - [2007/07/11 15:51:48 | 00,019,840 | ---- | M] (LG Electronics Inc.) -- C:\Windows\system32\DRIVERS\lgusbdiag.sys -- (UsbDiag [On_Demand | Stopped])
DRV - [2007/07/11 10:45:00 | 00,021,632 | ---- | M] (LG Electronics Inc.) -- C:\Windows\system32\DRIVERS\lgusbmodem.sys -- (USBModem [On_Demand | Stopped])
DRV - [2008/01/21 03:23:00 | 00,020,024 | ---- | M] (VIA Technologies, Inc.) -- C:\Windows\system32\drivers\viaide.sys -- (viaide [Boot | Running])
DRV - [2008/01/21 03:23:23 | 00,130,616 | ---- | M] (VIA Technologies Inc.,Ltd) -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid [Boot | Running])
DRV - [2008/01/21 03:23:23 | 00,654,336 | ---- | M] (Conexant Systems, Inc.) -- C:\Windows\system32\DRIVERS\VSTCNXT3.SYS -- (winachsf [On_Demand | Stopped])
DRV - [2008/04/23 23:50:26 | 00,039,408 | ---- | M] (Cyberlink Corp.) -- C:\Program Files\HP\QuickPlay\000.fcl -- ({22D78859-9CE9-4B77-BF18-AC83E81A9263} [Auto | Running])

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE= ... on&pf=cnnb
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = Reg Error: Invalid data type.
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE= ... on&pf=cnnb

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE= ... on&pf=cnnb
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = Reg Error: Invalid data type.
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE= ... on&pf=cnnb
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = Reg Error: Invalid data type.
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-2320549619-1885473631-1023167558-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE= ... on&pf=cnnb
IE - HKU\S-1-5-21-2320549619-1885473631-1023167558-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKU\S-1-5-21-2320549619-1885473631-1023167558-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = Reg Error: Invalid data type.
IE - HKU\S-1-5-21-2320549619-1885473631-1023167558-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKU\S-1-5-21-2320549619-1885473631-1023167558-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE= ... on&pf=cnnb
IE - HKU\S-1-5-21-2320549619-1885473631-1023167558-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = Reg Error: Invalid data type.
IE - HKU\S-1-5-21-2320549619-1885473631-1023167558-1000\S-1-5-21-2320549619-1885473631-1023167558-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

O1 HOSTS File: (292080 bytes) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 10058 more lines...
O2 - BHO: (Aide pour le lien d'Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe (ALWIL Software)
O4 - HKLM..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)
O4 - HKLM..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe (Hewlett-Packard)
O4 - HKLM..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" (Apple Inc.)
O4 - HKLM..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit (NVIDIA Corporation)
O4 - HKLM..\Run: [OnScreenDisplay] C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe ( Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [QlbCtrl.exe] C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start ( Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe" (CyberLink Corp.)
O4 - HKLM..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime (Apple Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe (IDT, Inc.)
O4 - HKLM..\Run: [UCam_Menu] "C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\YouCam" update "Software\CyberLink\YouCam\2.0" (CyberLink Corp.)
O4 - HKLM..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide (Microsoft Corporation)
O4 - HKCU..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe (Microsoft Corporation)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
O4 - HKU\S-1-5-19..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (Microsoft Corporation)
O4 - HKU\S-1-5-21-2320549619-1885473631-1023167558-1000..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-2320549619-1885473631-1023167558-1000..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra Button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [@%SystemRoot%\system32\nlasvc.dll,-1000] - C:\Windows\system32\NLAapi.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [@%SystemRoot%\system32\napinsp.dll,-1000] - C:\Windows\system32\napinsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [@%SystemRoot%\system32\pnrpnsp.dll,-1000] - C:\Windows\system32\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [@%SystemRoot%\system32\pnrpnsp.dll,-1001] - C:\Windows\system32\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [Espace de noms Bluetooth] - C:\Windows\system32\wshbth.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O15 - HKLM\..Trusted Domains: 48 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains: 48 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Ranges: Range1 ([http] in Local intranet)
O15 - HKU\.DEFAULT\..Trusted Domains: 48 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\.DEFAULT\..Trusted Ranges: Range1 ([http] in Local intranet)
O15 - HKU\S-1-5-18\..Trusted Domains: 48 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-18\..Trusted Ranges: Range1 ([http] in Local intranet)
O15 - HKU\S-1-5-21-2320549619-1885473631-1023167558-1000\..Trusted Domains: 48 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-21-2320549619-1885473631-1023167558-1000\..Trusted Ranges: Range1 ([http] in Local intranet)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_12)
O16 - DPF: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_12)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_12)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/06/09 23:27:26 | 00,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{0ec6138a-a4e3-11dd-8134-001eec7ba6db}\Shell\AutoRun\command - "" = wscript.exe antinul.vbe
O33 - MountPoints2\{0ec6138a-a4e3-11dd-8134-001eec7ba6db}\Shell\open\Command - "" = wscript.exe antinul.vbe
O33 - MountPoints2\{7ebd74d8-ac2f-11dd-a603-001eec7ba6db}\Shell - "" = AutoRun
O33 - MountPoints2\{7ebd74d8-ac2f-11dd-a603-001eec7ba6db}\Shell\AutoRun\command - "" = G:\DB.exe -- File not found

========== Files/Folders - Created Within 30 Days ==========

[1 C:\Windows\*.tmp files]
[2009/02/19 16:11:12 | 00,000,000 | -HSD | C] -- C:\Config.Msi
[2009/02/19 07:33:11 | 00,000,772 | ---- | C] () -- C:\Users\no name\Desktop\Booster.exe - Raccourci.lnk
[2009/02/19 05:49:33 | 00,494,592 | ---- | C] (OldTimer Tools) -- C:\Users\no name\Desktop\OTListIt2.exe
[2009/02/19 05:45:45 | 00,000,000 | ---D | C] -- C:\Users\no name\Desktop\assiste.com
[2009/02/18 04:59:20 | 00,000,000 | ---D | C] -- C:\Program Files\Java
[2009/02/17 07:15:23 | 00,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2009/02/17 07:15:23 | 00,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2009/02/16 02:05:09 | 00,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2009/02/15 08:43:03 | 00,000,000 | ---D | C] -- C:\Users\no name\Documents\tuto vista
[2009/02/15 04:56:43 | 00,000,000 | ---D | C] -- C:\ProgramData\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
[2009/02/15 04:56:43 | 00,000,000 | ---D | C] -- C:\Program Files\iTunes
[2009/02/15 04:55:43 | 00,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2009/02/15 04:55:25 | 00,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
[2009/02/14 19:35:56 | 00,000,000 | ---D | C] -- C:\Users\no name\Documents\save registre 14.02.09
[2009/02/14 18:54:44 | 03,580,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.dll
[2009/02/14 18:54:43 | 06,069,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieframe.dll
[2009/02/14 18:54:41 | 01,166,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\urlmon.dll
[2009/02/14 18:54:40 | 00,827,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wininet.dll
[2009/02/14 18:54:40 | 00,458,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2009/02/14 18:54:39 | 00,671,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2009/02/14 18:54:39 | 00,270,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iertutil.dll
[2009/02/14 18:54:39 | 00,028,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2009/02/14 18:54:38 | 01,383,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2009/02/14 18:54:20 | 00,428,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\EncDec.dll
[2009/02/14 18:54:20 | 00,217,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\psisrndr.ax
[2009/02/14 18:54:18 | 00,293,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\psisdecd.dll
[2009/02/14 18:54:18 | 00,177,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mpg2splt.ax
[2009/02/14 18:54:18 | 00,080,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSNP.ax
[2009/02/13 18:58:02 | 00,000,000 | ---D | C] -- C:\Program Files\Lights
[2009/02/12 02:44:39 | 03,063,561 | ---- | C] (Macromedia, Inc.) -- C:\Users\Public\Documents\MobileTV.exe
[2009/02/12 02:44:38 | 02,989,660 | ---- | C] (Macromedia, Inc.) -- C:\Users\Public\Documents\DVD.exe
[2009/02/12 02:44:38 | 02,864,396 | ---- | C] (Macromedia, Inc.) -- C:\Users\Public\Documents\MPV.exe
[2009/02/12 02:44:38 | 02,331,174 | ---- | C] (Macromedia, Inc.) -- C:\Users\Public\Documents\Karaoke.exe
[2009/02/12 02:44:38 | 02,231,606 | ---- | C] (Macromedia, Inc.) -- C:\Users\Public\Documents\Games.exe
[2009/02/11 21:12:26 | 00,000,000 | ---D | C] -- C:\ProgramData\HP
[2009/02/11 21:03:56 | 00,000,000 | ---D | C] -- C:\Users\no name\AppData\Local\QuickPlay(189)
[2009/02/09 17:38:46 | 00,000,000 | ---D | C] -- C:\Users\no name\Desktop\film
[2009/02/05 15:05:14 | 00,000,000 | ---D | C] -- C:\Windows\D45EC2594A194656B588C2C360DD18EA.TMP
[2009/02/04 20:32:54 | 00,000,751 | ---- | C] () -- C:\Users\no name\Desktop\TroubleWitches.exe - Raccourci.lnk
[2009/02/04 16:16:55 | 00,000,000 | ---D | C] -- C:\Users\no name\AppData\Local\Seven Zip
[2009/01/31 16:38:22 | 00,000,000 | ---D | C] -- C:\divx
[2009/01/31 16:10:59 | 00,001,080 | ---- | C] () -- C:\Users\Public\Desktop\DivX Player.lnk
[2009/01/31 16:10:54 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\PX Storage Engine
[2009/01/31 16:10:53 | 00,001,388 | ---- | C] () -- C:\Users\no name\Desktop\DivX Movies.lnk
[2009/01/31 16:10:53 | 00,001,091 | ---- | C] () -- C:\Users\Public\Desktop\DivX Converter.lnk
[2009/01/30 11:56:29 | 00,000,000 | ---D | C] -- C:\Users\no name\Documents\fichiers du tuto le Muv
[2009/01/30 02:42:47 | 00,000,000 | ---D | C] -- C:\Users\no name\Documents\tout les fichiers du tutocyl installation
[2009/01/29 23:28:43 | 00,000,000 | ---D | C] -- C:\Users\no name\Documents\viewty
[2009/01/28 17:25:37 | 00,000,000 | ---D | C] -- C:\Program Files\LG Electronics
[2009/01/28 17:24:01 | 00,000,000 | ---D | C] -- C:\Program Files\LG PC Suite 2
[2009/01/28 04:01:09 | 00,000,000 | ---D | C] -- C:\Users\no name\AppData\Local\VMC
[2009/01/28 03:14:52 | 00,002,445 | ---- | C] () -- C:\Users\no name\Desktop\CYLManager.lnk
[2009/01/28 03:14:49 | 00,000,000 | ---D | C] -- C:\Program Files\VMC
[2009/01/28 02:44:46 | 00,097,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\infocardapi.dll
[2009/01/28 02:44:45 | 00,105,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationCFFRasterizerNative_v0300.dll
[2009/01/28 02:44:43 | 00,622,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\icardagt.exe
[2009/01/28 02:44:43 | 00,043,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationHostProxy.dll
[2009/01/28 02:44:43 | 00,037,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\infocardcpl.cpl
[2009/01/28 02:44:43 | 00,011,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\icardres.dll
[2009/01/28 02:44:39 | 00,781,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationNative_v0300.dll
[2009/01/28 02:44:25 | 00,326,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationHost.exe
[2009/01/28 02:39:02 | 00,096,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dfshim.dll
[2009/01/28 02:38:50 | 00,282,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mscoree.dll
[2009/01/28 02:38:50 | 00,041,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netfxperf.dll
[2009/01/28 02:38:32 | 00,158,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mscorier.dll
[2009/01/28 02:38:25 | 00,083,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mscories.dll
[2009/01/27 12:19:09 | 00,000,000 | ---D | C] -- C:\lgupload
[2009/01/27 12:09:54 | 00,000,000 | ---D | C] -- C:\Users\no name\AppData\Roaming\LG Electronics
[2009/01/27 10:14:33 | 00,000,333 | ---- | C] () -- C:\Users\no name\Documents\Setting.ini

========== Files - Modified Within 30 Days ==========

[1 C:\Windows\*.tmp files]
[2009/02/20 06:25:28 | 00,057,339 | ---- | M] () -- C:\ProgramData\nvModes.001
[2009/02/20 05:45:46 | 00,057,339 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2009/02/20 05:45:30 | 00,000,249 | ---- | M] () -- C:\Users\Public\Documents\hpqp.ini
[2009/02/20 05:45:02 | 00,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2009/02/20 05:45:02 | 00,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2009/02/20 05:44:57 | 00,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2009/02/20 05:44:51 | 00,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2009/02/20 05:42:53 | 04,097,412 | -H-- | M] () -- C:\Users\no name\AppData\Local\IconCache.db
[2009/02/20 04:11:37 | 00,002,445 | ---- | M] () -- C:\Users\no name\Desktop\CYLManager.lnk
[2009/02/20 02:10:02 | 01,470,810 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2009/02/20 02:10:02 | 00,669,566 | ---- | M] () -- C:\Windows\System32\perfh00C.dat
[2009/02/20 02:10:02 | 00,587,178 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2009/02/20 02:10:02 | 00,123,556 | ---- | M] () -- C:\Windows\System32\perfc00C.dat
[2009/02/20 02:10:02 | 00,101,250 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2009/02/19 18:06:02 | 00,000,333 | ---- | M] () -- C:\Users\no name\Documents\Setting.ini
[2009/02/19 13:10:46 | 00,032,256 | ---- | M] () -- C:\Users\no name\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/02/19 10:39:14 | 00,008,390 | ---- | M] () -- C:\Windows\System32\hpasset.xml
[2009/02/19 10:26:10 | 00,008,390 | ---- | M] () -- C:\Windows\System32\hpasset.xml.bkp
[2009/02/19 07:33:11 | 00,000,772 | ---- | M] () -- C:\Users\no name\Desktop\Booster.exe - Raccourci.lnk
[2009/02/19 05:49:47 | 00,494,592 | ---- | M] (OldTimer Tools) -- C:\Users\no name\Desktop\OTListIt2.exe
[2009/02/18 16:09:03 | 00,318,152 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2009/02/18 15:54:35 | 00,079,048 | ---- | M] () -- C:\Users\no name\AppData\Local\GDIPFONTCACHEV1.DAT
[2009/02/17 13:27:54 | 00,292,080 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2009/02/17 12:19:27 | 00,000,680 | ---- | M] () -- C:\Users\no name\AppData\Local\d3d9caps.dat
[2009/02/16 09:15:43 | 00,006,160 | ---- | M] () -- C:\Users\no name\Documents\Mon thème favori.theme
[2009/02/14 20:31:22 | 00,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2009/02/12 05:56:17 | 21,244,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mrt.exe
[2009/02/12 02:50:11 | 02,331,174 | ---- | M] (Macromedia, Inc.) -- C:\Users\Public\Documents\Karaoke.exe
[2009/02/12 02:47:58 | 02,864,396 | ---- | M] (Macromedia, Inc.) -- C:\Users\Public\Documents\MPV.exe
[2009/02/12 02:47:37 | 02,231,606 | ---- | M] (Macromedia, Inc.) -- C:\Users\Public\Documents\Games.exe
[2009/02/12 02:44:39 | 03,063,561 | ---- | M] (Macromedia, Inc.) -- C:\Users\Public\Documents\MobileTV.exe
[2009/02/12 02:44:39 | 02,989,660 | ---- | M] (Macromedia, Inc.) -- C:\Users\Public\Documents\DVD.exe
[2009/02/05 00:41:24 | 00,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2009/02/04 20:32:54 | 00,000,751 | ---- | M] () -- C:\Users\no name\Desktop\TroubleWitches.exe - Raccourci.lnk
[2009/02/04 17:46:54 | 00,002,461 | ---- | M] () -- C:\Users\no name\Desktop\あけぶれ.lnk
** - C:\Users\no name\Desktop\????.lnk
[2009/01/31 16:11:00 | 00,001,388 | ---- | M] () -- C:\Users\no name\Desktop\DivX Movies.lnk
[2009/01/31 16:10:59 | 00,001,080 | ---- | M] () -- C:\Users\Public\Desktop\DivX Player.lnk
[2009/01/31 16:10:53 | 00,001,091 | ---- | M] () -- C:\Users\Public\Desktop\DivX Converter.lnk
[2009/01/30 21:53:34 | 00,002,491 | ---- | M] () -- C:\Users\no name\Desktop\あけぶれコンフィグ.lnk
** - C:\Users\no name\Desktop\?????????.lnk
<End>

P.S : OTListit2 ne m'a donner qu'un rapport,pas le Extras.txt, et je vous remercie pour le temps que vous nous consacrez pour résoudre nos problèmes...!!
John, la reine des pommes
 
Messages: 16
Inscription: 18 Fév 2009, 13:29

Messagede nickW » 20 Fév 2009, 23:28

Bonsoir,

P.S : OTListit2 ne m'a donner qu'un rapport,pas le Extras.txt

Normal et prévisible car tu n'as doublement pas respecté les consignes! :wink: :twisted:

Primo, il était demandé de lancer OTListIt2 une seule fois. Or tu l'as exécuté 4 fois:
OTListIt logfile created on: 20/02/2009 07:17:28 - Run 4

Secundo, il y avait une petite phrase dont tu n'as pas tenu compte:
"Si ce n'est déjà fait, dans le paragraphe Extra Registry, cocher le bouton-radio Use SafeList"



Cette infection s'est installée via une clé USB parce que tu n'as pas désactivé le lancement automatique ("Autorun") à l'insertion de ces clés.
Je te propose de le désactiver (pour tous les lecteurs).


Nettoyage:

Étape 1: Pas de processus de surveillance en temps réel
Désactiver TeaTimer de Spybot-S&D.
Dans la SysBarre (zone située juste à gauche de l'horloge) faire un clic droit sur l'icône du Résident de Spybot-S&D et choisir "Quitter Résident de Spybot-S&D".
Lancer Spybot-S&D, Mode avancé, Outils, Résident, décocher la case située devant TeaTimer. Fermer Spybot-S&D.
Faire redémarrer le PC.
Note:
Il ne faut pas réactiver TeaTimer avant la fin du nettoyage du PC (je te dirai quand et comment le faire).


Étape 2: OTMoveIt3 (de OldTimer)
Télécharger OTMoveIt3 via un clic droit sur le lien ci-dessous:
http://oldtimer.geekstogo.com/OTMoveIt3.exe
Enregistrer le fichier sur le Bureau.

Ouvrir une fenêtre du Bloc-notes, via Démarrer---->Tous les programmes---->Accessoires---->Exécuter, taper notepad puis cliquer sur OK
Sélectionner toutes les lignes de la zone blanche située sous "Code:" ci-dessous, puis appuyer simultanément sur les touches Ctrl et C

Code: Tout sélectionner
rien
:Processes
explorer.exe

:Reg
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=dword:000000ff
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]
"NoDriveTypeAutoRun"=dword:000000ff
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0ec6138a-a4e3-11dd-8134-001eec7ba6db}]

:Files
C:\WINDOWS\system32\antinul.vbe

:Commands
[start explorer]
[emptytemp]



Retourner dans la fenêtre du Bloc-notes, faire un clic droit dans la fenêtre et choisir Coller
Vérifier dans le menu Format (en haut) que "Retour automatique à ligne" n'est pas actif (pas coché).
Enregistrer le fichier sous le nom OTMI-1.txt
Fermer le Bloc-notes.
Note: Les lignes de la zone Code ci-dessus ont été créées exclusivement pour CET utilisateur: John, la reine des pommes.
si vous n'êtes pas CET utilisateur, il ne faut pas les utiliser: elles pourraient endommager votre système.



Étape 3: Pas de processus de contrôle en temps réel
Désactiver le module résident de l'antivirus et celui de l'antispyware.
Image avast!: clic droit sur l'icône dans la SysBarre (à coté de l'horloge), puis "Arrêter la protection résidente"
Image Windows Defender: Démarrer---->Tous les programmes---->Windows Defender; cliquer sur "Outils", puis sur "Options"; Sous "Options de protection en temps réel", désactiver la case à cocher "Utiliser la protection en temps réel (recommandé)", puis cliquer sur "Enregistrer"


Étape 4: OTMoveIt3 (de OldTimer)
Faire un clic droit sur OTMoveIt3.exe puis choisir "Exécuter en tant qu'Administrateur" pour lancer l'outil.
Ouvrir le fichier OTMI-1.txt dans le Bloc-notes.
Dans le Bloc-notes, cliquer sur le menu Edition (en haut) et choisir Sélectionner tout.
Dans le Bloc-notes, cliquer sur le menu Edition (en haut) et choisir Copier.

Retourner dans la fenêtre de OTMoveIt3, faire un clic droit dans la fenêtre située sur la gauche nommée "Paste Instructions for Items to be Moved" Image et choisir Coller.

Cliquer sur le bouton MoveIt!: Image
Attendre la fin du travail de l'outil puis fermer OTMoveIt3.
Note: Un redémarrage est parfois nécessaire. S'il est demandé, cliquer sur Oui/Yes


Étape 5: Processus de contrôle en temps réel
Important: Réactiver le module résident de l'antivirus et celui de l'antispyware.


Étape 6: OTListIt2 (de OldTimer)
Fermer toutes les fenêtres de programme ouvertes.

Faire un clic droit sur OTListIt2.exe puis choisir "Exécuter en tant qu'Administrateur" pour lancer l'outil.

L'écran principal de OTListIt2 s'affiche:
Image

Cocher (en haut) la case située devant Scan All Users: Image

Puis cliquer sur le bouton Run Scan: Image

Laisser l'outil travailler sans l'interrompre.
Lorsque l'outil a terminé, il y a ouverture d'une fenêtre du Bloc-notes contenant un rapport (log).
Fermer le Bloc-notes.
Fermer la fenêtre de OTListIt2.


Étape 7: Résultats
Envoyer en réponse:
*- le rapport de OTMoveIt3 (contenu du fichier Lecteur\_OTMoveIt\MovedFiles\********_******.log - les *** sont des chiffres représentant la date [moisjourannée] et l'heure)
[Lecteur représente la partition depuis laquelle OTMoveIt3 a été lancé, généralement C:]

Envoyer ensuite en réponse dans un message distinct (à cause de la longueur du log):
*- le rapport principal de OTListIt2 (contenu du fichier OTListIt.txt situé sur le Bureau).
Le rapport envoyé sur le forum doit se terminer par une ligne contenant <End>. Si ce n'est pas le cas, il est incomplet, et doit alors être découpé en plusieurs messages.

Note importante: Pour l'envoi de ta(tes) réponse(s), il ne faut pas créer un nouveau sujet, mais cliquer sur le bouton "Répondre"
Image pour continuer dans ce fil de discussion.

A suivre,
nickW - Image
30/07/2012: Plus de désinfection de PC jusqu'à nouvel ordre.
Pas de demande d'analyse de log en MP (Message Privé)
Mes configs
Avatar de l’utilisateur
nickW
Modérateur
 
Messages: 21698
Inscription: 20 Mai 2004, 17:41
Localisation: Dordogne/Île de France

Rapport de OTMoveit3 suivi du rapport d'OTListIT

Messagede John, la reine des pommes » 23 Fév 2009, 18:32

Bonjour, désolé pour la réponse tardive mais j'attendais un mail d'HP suite à mon soucis avec les touches tactiles, je leur ai parlé d' Allez au travail! Arretez de surfer!, ils m'ont répondu que ce n'etais pas compris dans la garantie de mon ordinateur mais que je pouvais faire une restauration du système, chose que je n'ai pas faite..;de plus il me fallais une imprimante pour les étapes au cas où!

Voici le rapport OTMoveit3 :

Error: Unable to interpret <rien> in the current context!
========== PROCESSES ==========
Process explorer.exe killed successfully.
========== REGISTRY ==========
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\"NoDriveTypeAutoRun"|dword:000000ff /E : value set successfully!
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\"NoDriveTypeAutoRun"|dword:000000ff /E : value set successfully!
Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0ec6138a-a4e3-11dd-8134-001eec7ba6db}\\ deleted successfully.
========== FILES ==========
File/Folder C:\WINDOWS\system32\antinul.vbe not found.
========== COMMANDS ==========
Explorer started successfully
File delete failed. C:\Users\ERIC-Y~1\AppData\Local\Temp\History\History.IE5\index.dat scheduled to be deleted on reboot.
File delete failed. C:\Users\ERIC-Y~1\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\index.dat scheduled to be deleted on reboot.
File delete failed. C:\Users\ERIC-Y~1\AppData\Local\Temp\Cookies\index.dat scheduled to be deleted on reboot.
File delete failed. C:\Users\ERIC-Y~1\AppData\Local\Temp\ehmsas.txt scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Temporary Internet Files folder emptied.
User's Internet Explorer cache folder emptied.
Local Service Temp folder emptied.
Local Service Temporary Internet Files folder emptied.
Windows Temp folder emptied.
FireFox cache emptied.
Temp folders emptied.

OTMoveIt3 by OldTimer - Version 1.0.8.0 log created on 02232009_180057

Files moved on Reboot...
C:\Users\ERIC-Y~1\AppData\Local\Temp\History\History.IE5\index.dat moved successfully.
C:\Users\ERIC-Y~1\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\index.dat moved successfully.
C:\Users\ERIC-Y~1\AppData\Local\Temp\Cookies\index.dat moved successfully.
C:\Users\ERIC-Y~1\AppData\Local\Temp\ehmsas.txt moved successfully.



Suivi du rapport OTListIT :

OTListIt logfile created on: 23/02/2009 18:10:47 - Run 5
OTListIt2 by OldTimer - Version 2.0.0.18 Folder = C:\Users\ERIC-YANN\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy

2,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 100,00% Memory free
4,00 Gb Paging File | 4,00 Gb Available in Paging File | 100,00% Paging File free
Paging file location(s): ?:\pagefile.sys;

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 223,71 Gb Total Space | 145,23 Gb Free Space | 64,92% Space Free | Partition Type: NTFS
Drive D: | 9,17 Gb Total Space | 1,09 Gb Free Space | 11,90% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: JOHN-JOHN
Current User Name: ERIC-YANN
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Output = Standard
File Age = 30 Days
Company Name Whitelist: On

========== Processes (SafeList) ==========

PRC - [2008/05/14 03:09:00 | 00,118,784 | ---- | M] (NVIDIA Corporation) -- C:\Windows\system32\nvvsvc.exe
PRC - [2008/06/27 19:43:24 | 00,221,273 | ---- | M] (IDT, Inc.) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_a7e996cd\STacSV.exe
PRC - [2008/08/07 13:37:24 | 00,024,880 | ---- | M] (Hewlett-Packard Corporation) -- C:\Windows\system32\Hpservice.exe
PRC - [2008/11/26 18:12:08 | 00,018,752 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
PRC - [2008/11/26 18:18:46 | 00,155,160 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe
PRC - [2008/02/12 21:05:54 | 00,073,728 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_030ac640\aestsrv.exe
PRC - [2008/10/01 12:06:14 | 00,116,040 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2008/02/26 13:13:22 | 00,073,728 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe
PRC - [2008/04/23 23:51:58 | 00,292,232 | ---- | M] () -- C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
PRC - [2008/04/23 23:52:06 | 00,112,008 | ---- | M] () -- C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe
PRC - [2008/03/26 14:26:56 | 00,341,328 | ---- | M] () -- C:\Windows\SMINST\BLService.exe
PRC - [2007/01/09 10:25:00 | 00,272,024 | ---- | M] () -- C:\Program Files\CyberLink\Shared Files\RichVideo.exe
PRC - [2009/01/26 15:31:10 | 01,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2008/10/29 07:29:41 | 02,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\Explorer.EXE
PRC - [2008/11/26 18:18:32 | 00,254,040 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
PRC - [2008/11/26 18:16:23 | 00,352,920 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
PRC - [2008/01/21 03:24:28 | 00,245,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\wbem\wmiprvse.exe
PRC - [2008/03/28 01:05:00 | 01,045,800 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
PRC - [2008/01/21 03:23:32 | 01,008,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
PRC - [2007/05/08 15:24:20 | 00,054,840 | ---- | M] (Hewlett-Packard) -- C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
PRC - [2007/11/20 06:44:58 | 00,488,752 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
PRC - [2008/11/26 18:18:51 | 00,081,000 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashDisp.exe
PRC - [2008/06/27 19:42:08 | 00,442,467 | ---- | M] (IDT, Inc.) -- C:\Program Files\IDT\WDM\sttray.exe
PRC - [2009/02/18 04:59:27 | 00,148,888 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
PRC - [2007/11/01 17:42:38 | 00,554,288 | ---- | M] ( Hewlett-Packard Development Company, L.P.) -- C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
PRC - [2008/01/21 03:25:11 | 00,125,952 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\ehtray.exe
PRC - [2008/01/25 17:05:30 | 00,148,832 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
PRC - [2008/01/21 03:25:11 | 00,037,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehmsas.exe
PRC - [2007/09/26 05:34:40 | 00,316,720 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE
PRC - [2008/04/11 08:04:54 | 00,685,360 | ---- | M] () -- C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
PRC - [2008/03/28 01:06:00 | 00,095,528 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
PRC - [2008/06/16 08:02:28 | 00,094,208 | ---- | M] (Hewlett-Packard) -- c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
PRC - [2009/02/19 05:49:47 | 00,494,592 | ---- | M] (OldTimer Tools) -- C:\Users\ERIC-YANN\Desktop\OTListIt2.exe

========== Win32 Services (SafeList) ==========

SRV - [2008/02/12 21:05:54 | 00,073,728 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_030ac640\aestsrv.exe -- (AESTFilters [Auto | Running])
SRV - [2008/10/01 12:06:14 | 00,116,040 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device [Auto | Running])
SRV - [2008/11/26 18:12:08 | 00,018,752 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe -- (aswUpdSv [Auto | Running])
SRV - [2008/11/26 18:18:46 | 00,155,160 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe -- (avast! Antivirus [Auto | Running])
SRV - [2008/11/26 18:18:32 | 00,254,040 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe -- (avast! Mail Scanner [On_Demand | Running])
SRV - [2008/11/26 18:16:23 | 00,352,920 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe -- (avast! Web Scanner [On_Demand | Running])
SRV - [2008/07/27 19:03:13 | 00,069,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
SRV - [2008/01/21 03:25:09 | 00,292,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehRecvr.exe -- (ehRecvr [Disabled | Stopped])
SRV - [2006/11/02 13:35:29 | 00,131,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehsched.exe -- (ehSched [Disabled | Stopped])
SRV - [2006/11/02 13:35:29 | 00,013,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehstart.dll -- (ehstart [Disabled | Stopped])
SRV - [2008/02/03 11:00:00 | 00,129,992 | ---- | M] (EasyBits Sofware AS) -- C:\Windows\System32\ezsvc7.dll -- (ezSharedSvc [Auto | Running])
SRV - [2008/06/20 02:14:44 | 00,046,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Stopped])
SRV - [2007/07/24 00:33:06 | 00,181,800 | ---- | M] (WildTangent, Inc.) -- C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe -- (GameConsoleService [On_Demand | Stopped])
SRV - [2008/06/16 08:02:28 | 00,094,208 | ---- | M] (Hewlett-Packard) -- c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe -- (HP Health Check Service [Auto | Running])
SRV - [2008/01/25 17:05:30 | 00,148,832 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe -- (hpqwmiex [On_Demand | Running])
SRV - [2008/08/07 13:37:24 | 00,024,880 | ---- | M] (Hewlett-Packard Corporation) -- C:\Windows\system32\Hpservice.exe -- (hpsrv [Auto | Running])
SRV - [2004/10/22 02:24:18 | 00,073,728 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped])
SRV - [2008/06/20 02:14:31 | 00,881,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc [Unknown | Stopped])
SRV - [2008/10/01 18:57:00 | 00,536,872 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service [Disabled | Stopped])
SRV - [2008/02/26 13:13:22 | 00,073,728 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe -- (LightScribeService [Auto | Running])
SRV - [2008/06/20 02:14:31 | 00,132,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled | Stopped])
SRV - [2008/05/14 03:09:00 | 00,118,784 | ---- | M] (NVIDIA Corporation) -- C:\Windows\system32\nvvsvc.exe -- (nvsvc [Auto | Running])
SRV - [2007/08/24 02:19:12 | 00,443,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv [On_Demand | Stopped])
SRV - [2006/10/26 13:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
SRV - [2008/04/23 23:51:58 | 00,292,232 | ---- | M] () -- C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe -- (QPCapSvc [Auto | Running])
SRV - [2008/04/23 23:52:06 | 00,112,008 | ---- | M] () -- C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe -- (QPSched [Auto | Running])
SRV - [2008/03/26 14:26:56 | 00,341,328 | ---- | M] () -- C:\Windows\SMINST\BLService.exe -- (Recovery Service for Windows [Auto | Running])
SRV - [2007/01/09 10:25:00 | 00,272,024 | ---- | M] () -- C:\Program Files\CyberLink\Shared Files\RichVideo.exe -- (RichVideo [Auto | Running])
SRV - [2009/01/26 15:31:10 | 01,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService [Auto | Running])
SRV - [2008/06/27 19:43:24 | 00,221,273 | ---- | M] (IDT, Inc.) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_a7e996cd\STacSV.exe -- (STacSV [Auto | Running])
SRV - [2008/01/21 03:23:32 | 00,272,952 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend [Auto | Running])
SRV - [2008/01/21 03:25:33 | 00,896,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc [On_Demand | Stopped])

========== Driver Services (SafeList) ==========

DRV - [2008/08/07 13:31:52 | 00,034,608 | ---- | M] (Hewlett-Packard Corporation) -- C:\Windows\system32\DRIVERS\Accelerometer.sys -- (Accelerometer [On_Demand | Running])
DRV - [2008/01/21 03:23:21 | 00,422,968 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx [Boot | Running])
DRV - [2008/01/21 03:23:25 | 00,300,600 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci [Boot | Running])
DRV - [2008/01/21 03:23:26 | 00,101,432 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m [Boot | Running])
DRV - [2008/01/21 03:23:27 | 00,149,560 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320 [Boot | Running])
DRV - [2006/11/02 10:50:11 | 00,071,272 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx [Boot | Running])
DRV - [2008/01/21 03:23:00 | 00,017,464 | ---- | M] (Acer Laboratories Inc.) -- C:\Windows\system32\drivers\aliide.sys -- (aliide [Boot | Running])
DRV - [2008/01/21 03:23:23 | 00,079,416 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\arc.sys -- (arc [Boot | Running])
DRV - [2008/01/21 03:23:24 | 00,079,928 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas [Boot | Running])
DRV - [2008/11/26 18:17:25 | 00,020,560 | ---- | M] (ALWIL Software) -- C:\Windows\system32\DRIVERS\aswFsBlk.sys -- (aswFsBlk [Auto | Running])
DRV - [2008/11/26 18:17:15 | 00,051,792 | ---- | M] (ALWIL Software) -- C:\Windows\system32\DRIVERS\aswMonFlt.sys -- (aswMonFlt [Auto | Running])
DRV - [2008/11/26 18:16:29 | 00,023,152 | ---- | M] (ALWIL Software) -- C:\Windows\System32\drivers\aswRdr.sys -- (aswRdr [System | Running])
DRV - [2008/11/26 18:17:36 | 00,111,184 | ---- | M] (ALWIL Software) -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP [System | Running])
DRV - [2008/11/26 18:16:38 | 00,050,864 | ---- | M] (ALWIL Software) -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi [System | Running])
DRV - [2006/11/02 08:30:53 | 00,464,384 | ---- | M] (Broadcom Corporation) -- C:\Windows\system32\DRIVERS\bcmwl6.sys -- (BCM43XV [On_Demand | Stopped])
DRV - [2006/11/02 09:24:45 | 00,013,568 | ---- | M] (Brother Industries, Ltd.) -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo [On_Demand | Stopped])
DRV - [2006/11/02 09:24:46 | 00,005,248 | ---- | M] (Brother Industries, Ltd.) -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp [On_Demand | Stopped])
DRV - [2006/11/02 09:25:24 | 00,071,808 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\system32\drivers\brserid.sys -- (Brserid [On_Demand | Stopped])
DRV - [2006/11/02 09:24:44 | 00,062,336 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm [On_Demand | Stopped])
DRV - [2006/11/02 09:24:44 | 00,012,160 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm [On_Demand | Stopped])
DRV - [2006/11/02 09:24:47 | 00,011,904 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer [On_Demand | Stopped])
DRV - [2008/01/21 03:23:00 | 00,019,000 | ---- | M] (CMD Technology, Inc.) -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide [Boot | Running])
DRV - [2008/01/21 03:23:24 | 00,118,784 | ---- | M] (Intel Corporation) -- C:\Windows\system32\DRIVERS\E1G60I32.sys -- (E1G60 [On_Demand | Stopped])
DRV - [2008/01/21 03:23:22 | 00,342,584 | ---- | M] (Emulex) -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor [Boot | Running])
DRV - [2008/01/24 14:23:12 | 00,052,736 | ---- | M] (ENE TECHNOLOGY INC.) -- C:\Windows\system32\DRIVERS\enecir.sys -- (enecir [On_Demand | Running])
DRV - [2008/04/17 12:12:54 | 00,015,464 | ---- | M] (GEAR Software Inc.) -- C:\Windows\system32\DRIVERS\GEARAspiWDM.sys -- (GEARAspiWDM [On_Demand | Running])
DRV - [2006/10/23 11:42:30 | 00,031,899 | ---- | M] (Compuware Corporation) -- C:\Windows\system32\drivers\hid8101.SYS -- (hid8101 [On_Demand | Stopped])
DRV - [2008/01/21 03:23:26 | 00,040,504 | ---- | M] (Hewlett-Packard Company) -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs [Boot | Running])
DRV - [2008/08/07 13:42:12 | 00,025,392 | ---- | M] (Hewlett-Packard Corporation) -- C:\Windows\system32\DRIVERS\hpdskflt.sys -- (hpdskflt [Boot | Running])
DRV - [2007/06/18 16:12:04 | 00,016,768 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Windows\system32\DRIVERS\HpqKbFiltr.sys -- (HpqKbFiltr [On_Demand | Stopped])
DRV - [2007/07/11 09:30:22 | 00,007,168 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Windows\system32\DRIVERS\HpqRemHid.sys -- (HpqRemHid [On_Demand | Stopped])
DRV - [2008/01/21 03:23:22 | 00,200,704 | ---- | M] (Conexant Systems, Inc.) -- C:\Windows\system32\DRIVERS\VSTAZL3.SYS -- (HSFHWAZL [On_Demand | Stopped])
DRV - [2008/01/21 03:23:22 | 00,987,648 | ---- | M] (Conexant Systems, Inc.) -- C:\Windows\system32\DRIVERS\VSTDPV3.SYS -- (HSF_DPV [On_Demand | Stopped])
DRV - [2008/01/21 03:23:23 | 00,235,064 | ---- | M] (Intel Corporation) -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV [Boot | Running])
DRV - [2006/11/02 10:50:17 | 00,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp [Boot | Running])
DRV - [2006/11/02 10:50:07 | 00,035,944 | ---- | M] (Integrated Technology Express, Inc.) -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi [Boot | Running])
DRV - [2006/11/02 10:50:09 | 00,035,944 | ---- | M] (Integrated Technology Express, Inc.) -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid [Boot | Running])
DRV - [2008/04/11 18:55:04 | 00,084,240 | ---- | M] (JMicron Technology Corp.) -- C:\Windows\system32\DRIVERS\jmcr.sys -- (JMCR [On_Demand | Running])
DRV - [2008/01/21 03:23:23 | 00,096,312 | ---- | M] (LSI Logic) -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC [Boot | Running])
DRV - [2008/01/21 03:23:25 | 00,089,656 | ---- | M] (LSI Logic) -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS [Boot | Running])
DRV - [2008/01/21 03:23:23 | 00,096,312 | ---- | M] (LSI Logic) -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI [Boot | Running])
DRV - [2008/01/21 03:23:27 | 00,031,288 | ---- | M] (LSI Corporation) -- C:\Windows\system32\drivers\megasas.sys -- (megasas [Boot | Running])
DRV - [2008/01/21 03:23:27 | 00,386,616 | ---- | M] (LSI Corporation, Inc.) -- C:\Windows\system32\drivers\megasr.sys -- (MegaSR [Boot | Running])
DRV - [2006/11/02 10:49:59 | 00,033,384 | ---- | M] (LSI Logic Corporation) -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x [Boot | Running])
DRV - [2008/11/17 15:40:22 | 03,668,480 | ---- | M] (Intel Corporation) -- C:\Windows\system32\DRIVERS\NETw5v32.sys -- (NETw5v32 [On_Demand | Running])
DRV - [2006/11/02 10:50:19 | 00,045,160 | ---- | M] (IBM Corporation) -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960 [Boot | Running])
DRV - [2006/11/02 08:36:50 | 00,020,608 | ---- | M] (N-trig Innovative Technologies) -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi [On_Demand | Stopped])
DRV - [2006/11/02 08:30:56 | 00,429,056 | ---- | M] (NVIDIA Corporation) -- C:\Windows\system32\DRIVERS\nvm60x32.sys -- (NVENETFD [On_Demand | Stopped])
DRV - [2008/05/14 03:09:00 | 00,043,552 | ---- | M] (NVIDIA Corporation) -- C:\Windows\system32\drivers\nvhda32v.sys -- (NVHDA [On_Demand | Running])
DRV - [2008/05/14 03:09:00 | 07,443,872 | ---- | M] (NVIDIA Corporation) -- C:\Windows\system32\DRIVERS\nvlddmkm.sys -- (nvlddmkm [On_Demand | Running])
DRV - [2008/01/21 03:23:21 | 00,102,968 | ---- | M] (NVIDIA Corporation) -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid [Boot | Running])
DRV - [2008/01/21 03:23:21 | 00,045,112 | ---- | M] (NVIDIA Corporation) -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor [Boot | Running])
DRV - [2008/01/21 03:23:24 | 01,122,360 | ---- | M] (QLogic Corporation) -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300 [Boot | Running])
DRV - [2006/11/02 10:50:35 | 00,106,088 | ---- | M] (QLogic Corporation) -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx [Boot | Running])
DRV - [2008/04/15 11:05:08 | 00,118,784 | ---- | M] (Realtek Corporation ) -- C:\Windows\system32\DRIVERS\Rtlh86.sys -- (RTL8169 [On_Demand | Running])
DRV - [2006/11/02 07:37:21 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\Windows\System32\drivers\secdrv.sys -- (secdrv [Auto | Running])
DRV - [2008/01/21 03:23:26 | 00,074,808 | ---- | M] (Silicon Integrated Systems) -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4 [Boot | Running])
DRV - [2008/11/06 19:16:47 | 00,717,296 | ---- | M] () -- C:\Windows\System32\Drivers\sptd.sys -- (sptd [Boot | Running])
DRV - [2008/06/27 19:44:18 | 00,380,928 | ---- | M] (IDT, Inc.) -- C:\Windows\system32\DRIVERS\stwrt.sys -- (STHDA [On_Demand | Running])
DRV - [2006/11/02 10:50:05 | 00,035,944 | ---- | M] (LSI Logic) -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx [Boot | Running])
DRV - [2006/11/02 10:49:56 | 00,031,848 | ---- | M] (LSI Logic) -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi [Boot | Running])
DRV - [2006/11/02 10:50:03 | 00,034,920 | ---- | M] (LSI Logic) -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3 [Boot | Running])
DRV - [2008/03/28 01:06:00 | 00,199,472 | ---- | M] (Synaptics, Inc.) -- C:\Windows\system32\DRIVERS\SynTP.sys -- (SynTP [On_Demand | Running])
DRV - [2008/01/21 03:23:20 | 00,238,648 | ---- | M] (ULi Electronics Inc.) -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci [Boot | Running])
DRV - [2006/11/02 10:50:35 | 00,098,408 | ---- | M] (Promise Technology, Inc.) -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata [Boot | Running])
DRV - [2008/01/21 03:23:23 | 00,115,816 | ---- | M] (Promise Technology, Inc.) -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2 [Boot | Running])
DRV - [2007/07/11 10:40:18 | 00,012,416 | ---- | M] (LG Electronics Inc.) -- C:\Windows\system32\DRIVERS\lgusbbus.sys -- (usbbus [On_Demand | Stopped])
DRV - [2007/07/11 15:51:48 | 00,019,840 | ---- | M] (LG Electronics Inc.) -- C:\Windows\system32\DRIVERS\lgusbdiag.sys -- (UsbDiag [On_Demand | Stopped])
DRV - [2007/07/11 10:45:00 | 00,021,632 | ---- | M] (LG Electronics Inc.) -- C:\Windows\system32\DRIVERS\lgusbmodem.sys -- (USBModem [On_Demand | Stopped])
DRV - [2008/01/21 03:23:00 | 00,020,024 | ---- | M] (VIA Technologies, Inc.) -- C:\Windows\system32\drivers\viaide.sys -- (viaide [Boot | Running])
DRV - [2008/01/21 03:23:23 | 00,130,616 | ---- | M] (VIA Technologies Inc.,Ltd) -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid [Boot | Running])
DRV - [2008/01/21 03:23:23 | 00,654,336 | ---- | M] (Conexant Systems, Inc.) -- C:\Windows\system32\DRIVERS\VSTCNXT3.SYS -- (winachsf [On_Demand | Stopped])
DRV - [2008/04/23 23:50:26 | 00,039,408 | ---- | M] (Cyberlink Corp.) -- C:\Program Files\HP\QuickPlay\000.fcl -- ({22D78859-9CE9-4B77-BF18-AC83E81A9263} [Auto | Running])

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE= ... on&pf=cnnb
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = Reg Error: Invalid data type.
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE= ... on&pf=cnnb

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE= ... on&pf=cnnb
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = Reg Error: Invalid data type.
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE= ... on&pf=cnnb
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = Reg Error: Invalid data type.
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-2320549619-1885473631-1023167558-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE= ... on&pf=cnnb
IE - HKU\S-1-5-21-2320549619-1885473631-1023167558-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKU\S-1-5-21-2320549619-1885473631-1023167558-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = Reg Error: Invalid data type.
IE - HKU\S-1-5-21-2320549619-1885473631-1023167558-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKU\S-1-5-21-2320549619-1885473631-1023167558-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE= ... on&pf=cnnb
IE - HKU\S-1-5-21-2320549619-1885473631-1023167558-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = Reg Error: Invalid data type.
IE - HKU\S-1-5-21-2320549619-1885473631-1023167558-1000\S-1-5-21-2320549619-1885473631-1023167558-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

O1 HOSTS File: (292080 bytes) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 10058 more lines...
O2 - BHO: (Aide pour le lien d'Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe (ALWIL Software)
O4 - HKLM..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)
O4 - HKLM..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe (Hewlett-Packard)
O4 - HKLM..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" (Apple Inc.)
O4 - HKLM..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit (NVIDIA Corporation)
O4 - HKLM..\Run: [OnScreenDisplay] C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe ( Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime (Apple Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe (IDT, Inc.)
O4 - HKLM..\Run: [UCam_Menu] "C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\YouCam" update "Software\CyberLink\YouCam\2.0" (CyberLink Corp.)
O4 - HKLM..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide (Microsoft Corporation)
O4 - HKCU..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (Microsoft Corporation)
O4 - HKU\S-1-5-21-2320549619-1885473631-1023167558-1000..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O7 - HKU\S-1-5-21-2320549619-1885473631-1023167558-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra Button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [@%SystemRoot%\system32\nlasvc.dll,-1000] - C:\Windows\system32\NLAapi.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [@%SystemRoot%\system32\napinsp.dll,-1000] - C:\Windows\system32\napinsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [@%SystemRoot%\system32\pnrpnsp.dll,-1000] - C:\Windows\system32\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [@%SystemRoot%\system32\pnrpnsp.dll,-1001] - C:\Windows\system32\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [Espace de noms Bluetooth] - C:\Windows\system32\wshbth.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O15 - HKLM\..Trusted Domains: 48 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains: 48 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Ranges: Range1 ([http] in Local intranet)
O15 - HKU\.DEFAULT\..Trusted Domains: 48 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\.DEFAULT\..Trusted Ranges: Range1 ([http] in Local intranet)
O15 - HKU\S-1-5-18\..Trusted Domains: 48 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-18\..Trusted Ranges: Range1 ([http] in Local intranet)
O15 - HKU\S-1-5-21-2320549619-1885473631-1023167558-1000\..Trusted Domains: 48 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-21-2320549619-1885473631-1023167558-1000\..Trusted Ranges: Range1 ([http] in Local intranet)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_12)
O16 - DPF: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_12)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_12)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/06/09 23:27:26 | 00,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{7ebd74d8-ac2f-11dd-a603-001eec7ba6db}\Shell - "" = AutoRun
O33 - MountPoints2\{7ebd74d8-ac2f-11dd-a603-001eec7ba6db}\Shell\AutoRun\command - "" = G:\DB.exe -- File not found

========== Files/Folders - Created Within 30 Days ==========

[1 C:\Windows\*.tmp files]
[2009/02/23 18:00:57 | 00,000,000 | ---D | C] -- C:\_OTMoveIt
[2009/02/23 17:49:20 | 00,348,160 | ---- | C] (OldTimer Tools) -- C:\Users\ERIC-YANN\Desktop\OTMoveIt3.exe
[2009/02/23 17:14:41 | 00,000,000 | ---D | C] -- C:\Users\ERIC-YANN\Documents\sqirlz pr Muv du viewty
[2009/02/22 20:01:36 | 00,134,208 | ---- | C] () -- C:\Users\ERIC-YANN\Desktop\crique_coca_cola.rar
[2009/02/21 12:28:28 | 00,160,723 | ---- | C] () -- C:\Windows\Sqirlz Water Reflections Uninstaller.exe
[2009/02/21 12:28:28 | 00,000,000 | ---D | C] -- C:\Program Files\Sqirlz Water Reflections
[2009/02/21 05:28:14 | 09,999,142 | ---- | C] () -- C:\Users\ERIC-YANN\Desktop\backdoorandshoot.photosguyane.rar
[2009/02/21 03:49:40 | 00,000,000 | ---D | C] -- C:\Users\ERIC-YANN\Documents\wintemp
[2009/02/20 22:09:26 | 00,000,000 | ---D | C] -- C:\Program Files\NFO viewer
[2009/02/19 16:11:12 | 00,000,000 | -HSD | C] -- C:\Config.Msi
[2009/02/19 07:33:11 | 00,000,772 | ---- | C] () -- C:\Users\ERIC-YANN\Desktop\Booster.exe - Raccourci.lnk
[2009/02/19 05:49:33 | 00,494,592 | ---- | C] (OldTimer Tools) -- C:\Users\ERIC-YANN\Desktop\OTListIt2.exe
[2009/02/19 05:45:45 | 00,000,000 | ---D | C] -- C:\Users\ERIC-YANN\Desktop\assiste.com
[2009/02/18 04:59:20 | 00,000,000 | ---D | C] -- C:\Program Files\Java
[2009/02/17 07:15:23 | 00,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2009/02/17 07:15:23 | 00,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2009/02/16 02:05:09 | 00,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2009/02/15 08:43:03 | 00,000,000 | ---D | C] -- C:\Users\ERIC-YANN\Documents\tuto vista
[2009/02/15 04:56:43 | 00,000,000 | ---D | C] -- C:\ProgramData\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
[2009/02/15 04:56:43 | 00,000,000 | ---D | C] -- C:\Program Files\iTunes
[2009/02/15 04:55:43 | 00,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2009/02/15 04:55:25 | 00,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
[2009/02/14 19:35:56 | 00,000,000 | ---D | C] -- C:\Users\ERIC-YANN\Documents\save registre 14.02.09
[2009/02/14 18:54:44 | 03,580,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.dll
[2009/02/14 18:54:43 | 06,069,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieframe.dll
[2009/02/14 18:54:41 | 01,166,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\urlmon.dll
[2009/02/14 18:54:40 | 00,827,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wininet.dll
[2009/02/14 18:54:40 | 00,458,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2009/02/14 18:54:39 | 00,671,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2009/02/14 18:54:39 | 00,270,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iertutil.dll
[2009/02/14 18:54:39 | 00,028,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2009/02/14 18:54:38 | 01,383,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2009/02/14 18:54:20 | 00,428,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\EncDec.dll
[2009/02/14 18:54:20 | 00,217,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\psisrndr.ax
[2009/02/14 18:54:18 | 00,293,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\psisdecd.dll
[2009/02/14 18:54:18 | 00,177,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mpg2splt.ax
[2009/02/14 18:54:18 | 00,080,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSNP.ax
[2009/02/13 18:58:02 | 00,000,000 | ---D | C] -- C:\Program Files\Lights
[2009/02/12 02:44:39 | 03,063,561 | ---- | C] (Macromedia, Inc.) -- C:\Users\Public\Documents\MobileTV.exe
[2009/02/12 02:44:38 | 02,989,660 | ---- | C] (Macromedia, Inc.) -- C:\Users\Public\Documents\DVD.exe
[2009/02/12 02:44:38 | 02,864,396 | ---- | C] (Macromedia, Inc.) -- C:\Users\Public\Documents\MPV.exe
[2009/02/12 02:44:38 | 02,331,174 | ---- | C] (Macromedia, Inc.) -- C:\Users\Public\Documents\Karaoke.exe
[2009/02/12 02:44:38 | 02,231,606 | ---- | C] (Macromedia, Inc.) -- C:\Users\Public\Documents\Games.exe
[2009/02/11 21:12:26 | 00,000,000 | ---D | C] -- C:\ProgramData\HP
[2009/02/11 21:03:56 | 00,000,000 | ---D | C] -- C:\Users\ERIC-YANN\AppData\Local\QuickPlay(189)
[2009/02/09 17:38:46 | 00,000,000 | ---D | C] -- C:\Users\ERIC-YANN\Desktop\film
[2009/02/05 15:05:14 | 00,000,000 | ---D | C] -- C:\Windows\D45EC2594A194656B588C2C360DD18EA.TMP
[2009/02/04 20:32:54 | 00,000,751 | ---- | C] () -- C:\Users\ERIC-YANN\Desktop\TroubleWitches.exe - Raccourci.lnk
[2009/02/04 16:16:55 | 00,000,000 | ---D | C] -- C:\Users\ERIC-YANN\AppData\Local\Seven Zip
[2009/01/31 16:38:22 | 00,000,000 | ---D | C] -- C:\divx
[2009/01/31 16:10:59 | 00,001,080 | ---- | C] () -- C:\Users\Public\Desktop\DivX Player.lnk
[2009/01/31 16:10:54 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\PX Storage Engine
[2009/01/31 16:10:53 | 00,001,388 | ---- | C] () -- C:\Users\ERIC-YANN\Desktop\DivX Movies.lnk
[2009/01/31 16:10:53 | 00,001,091 | ---- | C] () -- C:\Users\Public\Desktop\DivX Converter.lnk
[2009/01/30 11:56:29 | 00,000,000 | ---D | C] -- C:\Users\ERIC-YANN\Documents\fichiers du tuto le Muv
[2009/01/30 02:42:47 | 00,000,000 | ---D | C] -- C:\Users\ERIC-YANN\Documents\tout les fichiers du tutocyl installation
[2009/01/29 23:28:43 | 00,000,000 | ---D | C] -- C:\Users\ERIC-YANN\Documents\viewty
[2009/01/28 17:25:37 | 00,000,000 | ---D | C] -- C:\Program Files\LG Electronics
[2009/01/28 17:24:01 | 00,000,000 | ---D | C] -- C:\Program Files\LG PC Suite 2
[2009/01/28 04:01:09 | 00,000,000 | ---D | C] -- C:\Users\ERIC-YANN\AppData\Local\VMC
[2009/01/28 03:14:52 | 00,002,445 | ---- | C] () -- C:\Users\ERIC-YANN\Desktop\CYLManager.lnk
[2009/01/28 03:14:49 | 00,000,000 | ---D | C] -- C:\Program Files\VMC
[2009/01/28 02:44:46 | 00,097,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\infocardapi.dll
[2009/01/28 02:44:45 | 00,105,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationCFFRasterizerNative_v0300.dll
[2009/01/28 02:44:43 | 00,622,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\icardagt.exe
[2009/01/28 02:44:43 | 00,043,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationHostProxy.dll
[2009/01/28 02:44:43 | 00,037,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\infocardcpl.cpl
[2009/01/28 02:44:43 | 00,011,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\icardres.dll
[2009/01/28 02:44:39 | 00,781,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationNative_v0300.dll
[2009/01/28 02:44:25 | 00,326,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationHost.exe
[2009/01/28 02:39:02 | 00,096,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dfshim.dll
[2009/01/28 02:38:50 | 00,282,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mscoree.dll
[2009/01/28 02:38:50 | 00,041,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netfxperf.dll
[2009/01/28 02:38:32 | 00,158,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mscorier.dll
[2009/01/28 02:38:25 | 00,083,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mscories.dll
[2009/01/27 12:19:09 | 00,000,000 | ---D | C] -- C:\lgupload
[2009/01/27 12:09:54 | 00,000,000 | ---D | C] -- C:\Users\ERIC-YANN\AppData\Roaming\LG Electronics
[2009/01/27 10:14:33 | 00,000,316 | ---- | C] () -- C:\Users\ERIC-YANN\Documents\Setting.ini

========== Files - Modified Within 30 Days ==========

[1 C:\Windows\*.tmp files]
[2009/02/23 18:05:36 | 00,057,339 | ---- | M] () -- C:\ProgramData\nvModes.001
[2009/02/23 18:05:35 | 00,079,048 | ---- | M] () -- C:\Users\ERIC-YANN\AppData\Local\GDIPFONTCACHEV1.DAT
[2009/02/23 18:04:09 | 00,057,339 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2009/02/23 18:04:02 | 00,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2009/02/23 18:04:02 | 00,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2009/02/23 18:03:55 | 00,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2009/02/23 18:03:50 | 00,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2009/02/23 18:02:00 | 04,076,556 | -H-- | M] () -- C:\Users\ERIC-YANN\AppData\Local\IconCache.db
[2009/02/23 17:49:32 | 00,348,160 | ---- | M] (OldTimer Tools) -- C:\Users\ERIC-YANN\Desktop\OTMoveIt3.exe
[2009/02/23 17:44:19 | 00,006,188 | ---- | M] () -- C:\Users\ERIC-YANN\Documents\Mon thème favori.theme
[2009/02/22 20:01:37 | 00,134,208 | ---- | M] () -- C:\Users\ERIC-YANN\Desktop\crique_coca_cola.rar
[2009/02/22 08:39:37 | 00,000,249 | ---- | M] () -- C:\Users\Public\Documents\hpqp.ini
[2009/02/21 12:28:28 | 00,160,723 | ---- | M] () -- C:\Windows\Sqirlz Water Reflections Uninstaller.exe
[2009/02/21 09:28:26 | 00,318,184 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2009/02/21 05:37:36 | 09,999,142 | ---- | M] () -- C:\Users\ERIC-YANN\Desktop\backdoorandshoot.photosguyane.rar
[2009/02/21 00:00:48 | 00,000,316 | ---- | M] () -- C:\Users\ERIC-YANN\Documents\Setting.ini
[2009/02/20 22:52:55 | 00,002,445 | ---- | M] () -- C:\Users\ERIC-YANN\Desktop\CYLManager.lnk
[2009/02/20 02:10:02 | 01,470,810 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2009/02/20 02:10:02 | 00,669,566 | ---- | M] () -- C:\Windows\System32\perfh00C.dat
[2009/02/20 02:10:02 | 00,587,178 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2009/02/20 02:10:02 | 00,123,556 | ---- | M] () -- C:\Windows\System32\perfc00C.dat
[2009/02/20 02:10:02 | 00,101,250 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2009/02/19 13:10:46 | 00,032,256 | ---- | M] () -- C:\Users\ERIC-YANN\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/02/19 10:39:14 | 00,008,390 | ---- | M] () -- C:\Windows\System32\hpasset.xml
[2009/02/19 10:26:10 | 00,008,390 | ---- | M] () -- C:\Windows\System32\hpasset.xml.bkp
[2009/02/19 07:33:11 | 00,000,772 | ---- | M] () -- C:\Users\ERIC-YANN\Desktop\Booster.exe - Raccourci.lnk
[2009/02/19 05:49:47 | 00,494,592 | ---- | M] (OldTimer Tools) -- C:\Users\ERIC-YANN\Desktop\OTListIt2.exe
[2009/02/17 13:27:54 | 00,292,080 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2009/02/17 12:19:27 | 00,000,680 | ---- | M] () -- C:\Users\ERIC-YANN\AppData\Local\d3d9caps.dat
[2009/02/14 20:31:22 | 00,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2009/02/12 05:56:17 | 21,244,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mrt.exe
[2009/02/12 02:50:11 | 02,331,174 | ---- | M] (Macromedia, Inc.) -- C:\Users\Public\Documents\Karaoke.exe
[2009/02/12 02:47:58 | 02,864,396 | ---- | M] (Macromedia, Inc.) -- C:\Users\Public\Documents\MPV.exe
[2009/02/12 02:47:37 | 02,231,606 | ---- | M] (Macromedia, Inc.) -- C:\Users\Public\Documents\Games.exe
[2009/02/12 02:44:39 | 03,063,561 | ---- | M] (Macromedia, Inc.) -- C:\Users\Public\Documents\MobileTV.exe
[2009/02/12 02:44:39 | 02,989,660 | ---- | M] (Macromedia, Inc.) -- C:\Users\Public\Documents\DVD.exe
[2009/02/05 00:41:24 | 00,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2009/02/04 20:32:54 | 00,000,751 | ---- | M] () -- C:\Users\ERIC-YANN\Desktop\TroubleWitches.exe - Raccourci.lnk
[2009/02/04 17:46:54 | 00,002,461 | ---- | M] () -- C:\Users\ERIC-YANN\Desktop\あけぶれ.lnk
** - C:\Users\ERIC-YANN\Desktop\????.lnk
[2009/01/31 16:11:00 | 00,001,388 | ---- | M] () -- C:\Users\ERIC-YANN\Desktop\DivX Movies.lnk
[2009/01/31 16:10:59 | 00,001,080 | ---- | M] () -- C:\Users\Public\Desktop\DivX Player.lnk
[2009/01/31 16:10:53 | 00,001,091 | ---- | M] () -- C:\Users\Public\Desktop\DivX Converter.lnk
[2009/01/30 21:53:34 | 00,002,491 | ---- | M] () -- C:\Users\ERIC-YANN\Desktop\あけぶれコンフィグ.lnk
** - C:\Users\ERIC-YANN\Desktop\?????????.lnk
<End>


OTListIt logfile created on: 23/02/2009 18:10:47 - Run 5
OTListIt2 by OldTimer - Version 2.0.0.18 Folder = C:\Users\ERIC-YANN\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy

2,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 100,00% Memory free
4,00 Gb Paging File | 4,00 Gb Available in Paging File | 100,00% Paging File free
Paging file location(s): ?:\pagefile.sys;

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 223,71 Gb Total Space | 145,23 Gb Free Space | 64,92% Space Free | Partition Type: NTFS
Drive D: | 9,17 Gb Total Space | 1,09 Gb Free Space | 11,90% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: JOHN-JOHN
Current User Name: ERIC-YANN
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Output = Standard
File Age = 30 Days
Company Name Whitelist: On

========== Processes (SafeList) ==========

PRC - [2008/05/14 03:09:00 | 00,118,784 | ---- | M] (NVIDIA Corporation) -- C:\Windows\system32\nvvsvc.exe
PRC - [2008/06/27 19:43:24 | 00,221,273 | ---- | M] (IDT, Inc.) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_a7e996cd\STacSV.exe
PRC - [2008/08/07 13:37:24 | 00,024,880 | ---- | M] (Hewlett-Packard Corporation) -- C:\Windows\system32\Hpservice.exe
PRC - [2008/11/26 18:12:08 | 00,018,752 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
PRC - [2008/11/26 18:18:46 | 00,155,160 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe
PRC - [2008/02/12 21:05:54 | 00,073,728 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_030ac640\aestsrv.exe
PRC - [2008/10/01 12:06:14 | 00,116,040 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2008/02/26 13:13:22 | 00,073,728 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe
PRC - [2008/04/23 23:51:58 | 00,292,232 | ---- | M] () -- C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
PRC - [2008/04/23 23:52:06 | 00,112,008 | ---- | M] () -- C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe
PRC - [2008/03/26 14:26:56 | 00,341,328 | ---- | M] () -- C:\Windows\SMINST\BLService.exe
PRC - [2007/01/09 10:25:00 | 00,272,024 | ---- | M] () -- C:\Program Files\CyberLink\Shared Files\RichVideo.exe
PRC - [2009/01/26 15:31:10 | 01,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2008/10/29 07:29:41 | 02,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\Explorer.EXE
PRC - [2008/11/26 18:18:32 | 00,254,040 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
PRC - [2008/11/26 18:16:23 | 00,352,920 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
PRC - [2008/01/21 03:24:28 | 00,245,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\wbem\wmiprvse.exe
PRC - [2008/03/28 01:05:00 | 01,045,800 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
PRC - [2008/01/21 03:23:32 | 01,008,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
PRC - [2007/05/08 15:24:20 | 00,054,840 | ---- | M] (Hewlett-Packard) -- C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
PRC - [2007/11/20 06:44:58 | 00,488,752 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
PRC - [2008/11/26 18:18:51 | 00,081,000 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashDisp.exe
PRC - [2008/06/27 19:42:08 | 00,442,467 | ---- | M] (IDT, Inc.) -- C:\Program Files\IDT\WDM\sttray.exe
PRC - [2009/02/18 04:59:27 | 00,148,888 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
PRC - [2007/11/01 17:42:38 | 00,554,288 | ---- | M] ( Hewlett-Packard Development Company, L.P.) -- C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
PRC - [2008/01/21 03:25:11 | 00,125,952 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\ehtray.exe
PRC - [2008/01/25 17:05:30 | 00,148,832 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
PRC - [2008/01/21 03:25:11 | 00,037,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehmsas.exe
PRC - [2007/09/26 05:34:40 | 00,316,720 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE
PRC - [2008/04/11 08:04:54 | 00,685,360 | ---- | M] () -- C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
PRC - [2008/03/28 01:06:00 | 00,095,528 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
PRC - [2008/06/16 08:02:28 | 00,094,208 | ---- | M] (Hewlett-Packard) -- c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
PRC - [2009/02/19 05:49:47 | 00,494,592 | ---- | M] (OldTimer Tools) -- C:\Users\ERIC-YANN\Desktop\OTListIt2.exe

========== Win32 Services (SafeList) ==========

SRV - [2008/02/12 21:05:54 | 00,073,728 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_030ac640\aestsrv.exe -- (AESTFilters [Auto | Running])
SRV - [2008/10/01 12:06:14 | 00,116,040 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device [Auto | Running])
SRV - [2008/11/26 18:12:08 | 00,018,752 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe -- (aswUpdSv [Auto | Running])
SRV - [2008/11/26 18:18:46 | 00,155,160 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe -- (avast! Antivirus [Auto | Running])
SRV - [2008/11/26 18:18:32 | 00,254,040 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe -- (avast! Mail Scanner [On_Demand | Running])
SRV - [2008/11/26 18:16:23 | 00,352,920 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe -- (avast! Web Scanner [On_Demand | Running])
SRV - [2008/07/27 19:03:13 | 00,069,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
SRV - [2008/01/21 03:25:09 | 00,292,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehRecvr.exe -- (ehRecvr [Disabled | Stopped])
SRV - [2006/11/02 13:35:29 | 00,131,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehsched.exe -- (ehSched [Disabled | Stopped])
SRV - [2006/11/02 13:35:29 | 00,013,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehstart.dll -- (ehstart [Disabled | Stopped])
SRV - [2008/02/03 11:00:00 | 00,129,992 | ---- | M] (EasyBits Sofware AS) -- C:\Windows\System32\ezsvc7.dll -- (ezSharedSvc [Auto | Running])
SRV - [2008/06/20 02:14:44 | 00,046,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Stopped])
SRV - [2007/07/24 00:33:06 | 00,181,800 | ---- | M] (WildTangent, Inc.) -- C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe -- (GameConsoleService [On_Demand | Stopped])
SRV - [2008/06/16 08:02:28 | 00,094,208 | ---- | M] (Hewlett-Packard) -- c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe -- (HP Health Check Service [Auto | Running])
SRV - [2008/01/25 17:05:30 | 00,148,832 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe -- (hpqwmiex [On_Demand | Running])
SRV - [2008/08/07 13:37:24 | 00,024,880 | ---- | M] (Hewlett-Packard Corporation) -- C:\Windows\system32\Hpservice.exe -- (hpsrv [Auto | Running])
SRV - [2004/10/22 02:24:18 | 00,073,728 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped])
SRV - [2008/06/20 02:14:31 | 00,881,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc [Unknown | Stopped])
SRV - [2008/10/01 18:57:00 | 00,536,872 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service [Disabled | Stopped])
SRV - [2008/02/26 13:13:22 | 00,073,728 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe -- (LightScribeService [Auto | Running])
SRV - [2008/06/20 02:14:31 | 00,132,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled | Stopped])
SRV - [2008/05/14 03:09:00 | 00,118,784 | ---- | M] (NVIDIA Corporation) -- C:\Windows\system32\nvvsvc.exe -- (nvsvc [Auto | Running])
SRV - [2007/08/24 02:19:12 | 00,443,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv [On_Demand | Stopped])
SRV - [2006/10/26 13:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
SRV - [2008/04/23 23:51:58 | 00,292,232 | ---- | M] () -- C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe -- (QPCapSvc [Auto | Running])
SRV - [2008/04/23 23:52:06 | 00,112,008 | ---- | M] () -- C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe -- (QPSched [Auto | Running])
SRV - [2008/03/26 14:26:56 | 00,341,328 | ---- | M] () -- C:\Windows\SMINST\BLService.exe -- (Recovery Service for Windows [Auto | Running])
SRV - [2007/01/09 10:25:00 | 00,272,024 | ---- | M] () -- C:\Program Files\CyberLink\Shared Files\RichVideo.exe -- (RichVideo [Auto | Running])
SRV - [2009/01/26 15:31:10 | 01,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService [Auto | Running])
SRV - [2008/06/27 19:43:24 | 00,221,273 | ---- | M] (IDT, Inc.) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_a7e996cd\STacSV.exe -- (STacSV [Auto | Running])
SRV - [2008/01/21 03:23:32 | 00,272,952 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend [Auto | Running])
SRV - [2008/01/21 03:25:33 | 00,896,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc [On_Demand | Stopped])

========== Driver Services (SafeList) ==========

DRV - [2008/08/07 13:31:52 | 00,034,608 | ---- | M] (Hewlett-Packard Corporation) -- C:\Windows\system32\DRIVERS\Accelerometer.sys -- (Accelerometer [On_Demand | Running])
DRV - [2008/01/21 03:23:21 | 00,422,968 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx [Boot | Running])
DRV - [2008/01/21 03:23:25 | 00,300,600 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci [Boot | Running])
DRV - [2008/01/21 03:23:26 | 00,101,432 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m [Boot | Running])
DRV - [2008/01/21 03:23:27 | 00,149,560 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320 [Boot | Running])
DRV - [2006/11/02 10:50:11 | 00,071,272 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx [Boot | Running])
DRV - [2008/01/21 03:23:00 | 00,017,464 | ---- | M] (Acer Laboratories Inc.) -- C:\Windows\system32\drivers\aliide.sys -- (aliide [Boot | Running])
DRV - [2008/01/21 03:23:23 | 00,079,416 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\arc.sys -- (arc [Boot | Running])
DRV - [2008/01/21 03:23:24 | 00,079,928 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas [Boot | Running])
DRV - [2008/11/26 18:17:25 | 00,020,560 | ---- | M] (ALWIL Software) -- C:\Windows\system32\DRIVERS\aswFsBlk.sys -- (aswFsBlk [Auto | Running])
DRV - [2008/11/26 18:17:15 | 00,051,792 | ---- | M] (ALWIL Software) -- C:\Windows\system32\DRIVERS\aswMonFlt.sys -- (aswMonFlt [Auto | Running])
DRV - [2008/11/26 18:16:29 | 00,023,152 | ---- | M] (ALWIL Software) -- C:\Windows\System32\drivers\aswRdr.sys -- (aswRdr [System | Running])
DRV - [2008/11/26 18:17:36 | 00,111,184 | ---- | M] (ALWIL Software) -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP [System | Running])
DRV - [2008/11/26 18:16:38 | 00,050,864 | ---- | M] (ALWIL Software) -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi [System | Running])
DRV - [2006/11/02 08:30:53 | 00,464,384 | ---- | M] (Broadcom Corporation) -- C:\Windows\system32\DRIVERS\bcmwl6.sys -- (BCM43XV [On_Demand | Stopped])
DRV - [2006/11/02 09:24:45 | 00,013,568 | ---- | M] (Brother Industries, Ltd.) -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo [On_Demand | Stopped])
DRV - [2006/11/02 09:24:46 | 00,005,248 | ---- | M] (Brother Industries, Ltd.) -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp [On_Demand | Stopped])
DRV - [2006/11/02 09:25:24 | 00,071,808 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\system32\drivers\brserid.sys -- (Brserid [On_Demand | Stopped])
DRV - [2006/11/02 09:24:44 | 00,062,336 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm [On_Demand | Stopped])
DRV - [2006/11/02 09:24:44 | 00,012,160 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\system32\dr
John, la reine des pommes
 
Messages: 16
Inscription: 18 Fév 2009, 13:29

suite

Messagede John, la reine des pommes » 23 Fév 2009, 18:42

DRV - [2006/11/02 09:24:47 | 00,011,904 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer [On_Demand | Stopped])
DRV - [2008/01/21 03:23:00 | 00,019,000 | ---- | M] (CMD Technology, Inc.) -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide [Boot | Running])
DRV - [2008/01/21 03:23:24 | 00,118,784 | ---- | M] (Intel Corporation) -- C:\Windows\system32\DRIVERS\E1G60I32.sys -- (E1G60 [On_Demand | Stopped])
DRV - [2008/01/21 03:23:22 | 00,342,584 | ---- | M] (Emulex) -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor [Boot | Running])
DRV - [2008/01/24 14:23:12 | 00,052,736 | ---- | M] (ENE TECHNOLOGY INC.) -- C:\Windows\system32\DRIVERS\enecir.sys -- (enecir [On_Demand | Running])
DRV - [2008/04/17 12:12:54 | 00,015,464 | ---- | M] (GEAR Software Inc.) -- C:\Windows\system32\DRIVERS\GEARAspiWDM.sys -- (GEARAspiWDM [On_Demand | Running])
DRV - [2006/10/23 11:42:30 | 00,031,899 | ---- | M] (Compuware Corporation) -- C:\Windows\system32\drivers\hid8101.SYS -- (hid8101 [On_Demand | Stopped])
DRV - [2008/01/21 03:23:26 | 00,040,504 | ---- | M] (Hewlett-Packard Company) -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs [Boot | Running])
DRV - [2008/08/07 13:42:12 | 00,025,392 | ---- | M] (Hewlett-Packard Corporation) -- C:\Windows\system32\DRIVERS\hpdskflt.sys -- (hpdskflt [Boot | Running])
DRV - [2007/06/18 16:12:04 | 00,016,768 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Windows\system32\DRIVERS\HpqKbFiltr.sys -- (HpqKbFiltr [On_Demand | Stopped])
DRV - [2007/07/11 09:30:22 | 00,007,168 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Windows\system32\DRIVERS\HpqRemHid.sys -- (HpqRemHid [On_Demand | Stopped])
DRV - [2008/01/21 03:23:22 | 00,200,704 | ---- | M] (Conexant Systems, Inc.) -- C:\Windows\system32\DRIVERS\VSTAZL3.SYS -- (HSFHWAZL [On_Demand | Stopped])
DRV - [2008/01/21 03:23:22 | 00,987,648 | ---- | M] (Conexant Systems, Inc.) -- C:\Windows\system32\DRIVERS\VSTDPV3.SYS -- (HSF_DPV [On_Demand | Stopped])
DRV - [2008/01/21 03:23:23 | 00,235,064 | ---- | M] (Intel Corporation) -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV [Boot | Running])
DRV - [2006/11/02 10:50:17 | 00,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp [Boot | Running])
DRV - [2006/11/02 10:50:07 | 00,035,944 | ---- | M] (Integrated Technology Express, Inc.) -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi [Boot | Running])
DRV - [2006/11/02 10:50:09 | 00,035,944 | ---- | M] (Integrated Technology Express, Inc.) -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid [Boot | Running])
DRV - [2008/04/11 18:55:04 | 00,084,240 | ---- | M] (JMicron Technology Corp.) -- C:\Windows\system32\DRIVERS\jmcr.sys -- (JMCR [On_Demand | Running])
DRV - [2008/01/21 03:23:23 | 00,096,312 | ---- | M] (LSI Logic) -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC [Boot | Running])
DRV - [2008/01/21 03:23:25 | 00,089,656 | ---- | M] (LSI Logic) -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS [Boot | Running])
DRV - [2008/01/21 03:23:23 | 00,096,312 | ---- | M] (LSI Logic) -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI [Boot | Running])
DRV - [2008/01/21 03:23:27 | 00,031,288 | ---- | M] (LSI Corporation) -- C:\Windows\system32\drivers\megasas.sys -- (megasas [Boot | Running])
DRV - [2008/01/21 03:23:27 | 00,386,616 | ---- | M] (LSI Corporation, Inc.) -- C:\Windows\system32\drivers\megasr.sys -- (MegaSR [Boot | Running])
DRV - [2006/11/02 10:49:59 | 00,033,384 | ---- | M] (LSI Logic Corporation) -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x [Boot | Running])
DRV - [2008/11/17 15:40:22 | 03,668,480 | ---- | M] (Intel Corporation) -- C:\Windows\system32\DRIVERS\NETw5v32.sys -- (NETw5v32 [On_Demand | Running])
DRV - [2006/11/02 10:50:19 | 00,045,160 | ---- | M] (IBM Corporation) -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960 [Boot | Running])
DRV - [2006/11/02 08:36:50 | 00,020,608 | ---- | M] (N-trig Innovative Technologies) -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi [On_Demand | Stopped])
DRV - [2006/11/02 08:30:56 | 00,429,056 | ---- | M] (NVIDIA Corporation) -- C:\Windows\system32\DRIVERS\nvm60x32.sys -- (NVENETFD [On_Demand | Stopped])
DRV - [2008/05/14 03:09:00 | 00,043,552 | ---- | M] (NVIDIA Corporation) -- C:\Windows\system32\drivers\nvhda32v.sys -- (NVHDA [On_Demand | Running])
DRV - [2008/05/14 03:09:00 | 07,443,872 | ---- | M] (NVIDIA Corporation) -- C:\Windows\system32\DRIVERS\nvlddmkm.sys -- (nvlddmkm [On_Demand | Running])
DRV - [2008/01/21 03:23:21 | 00,102,968 | ---- | M] (NVIDIA Corporation) -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid [Boot | Running])
DRV - [2008/01/21 03:23:21 | 00,045,112 | ---- | M] (NVIDIA Corporation) -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor [Boot | Running])
DRV - [2008/01/21 03:23:24 | 01,122,360 | ---- | M] (QLogic Corporation) -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300 [Boot | Running])
DRV - [2006/11/02 10:50:35 | 00,106,088 | ---- | M] (QLogic Corporation) -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx [Boot | Running])
DRV - [2008/04/15 11:05:08 | 00,118,784 | ---- | M] (Realtek Corporation ) -- C:\Windows\system32\DRIVERS\Rtlh86.sys -- (RTL8169 [On_Demand | Running])
DRV - [2006/11/02 07:37:21 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\Windows\System32\drivers\secdrv.sys -- (secdrv [Auto | Running])
DRV - [2008/01/21 03:23:26 | 00,074,808 | ---- | M] (Silicon Integrated Systems) -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4 [Boot | Running])
DRV - [2008/11/06 19:16:47 | 00,717,296 | ---- | M] () -- C:\Windows\System32\Drivers\sptd.sys -- (sptd [Boot | Running])
DRV - [2008/06/27 19:44:18 | 00,380,928 | ---- | M] (IDT, Inc.) -- C:\Windows\system32\DRIVERS\stwrt.sys -- (STHDA [On_Demand | Running])
DRV - [2006/11/02 10:50:05 | 00,035,944 | ---- | M] (LSI Logic) -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx [Boot | Running])
DRV - [2006/11/02 10:49:56 | 00,031,848 | ---- | M] (LSI Logic) -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi [Boot | Running])
DRV - [2006/11/02 10:50:03 | 00,034,920 | ---- | M] (LSI Logic) -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3 [Boot | Running])
DRV - [2008/03/28 01:06:00 | 00,199,472 | ---- | M] (Synaptics, Inc.) -- C:\Windows\system32\DRIVERS\SynTP.sys -- (SynTP [On_Demand | Running])
DRV - [2008/01/21 03:23:20 | 00,238,648 | ---- | M] (ULi Electronics Inc.) -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci [Boot | Running])
DRV - [2006/11/02 10:50:35 | 00,098,408 | ---- | M] (Promise Technology, Inc.) -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata [Boot | Running])
DRV - [2008/01/21 03:23:23 | 00,115,816 | ---- | M] (Promise Technology, Inc.) -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2 [Boot | Running])
DRV - [2007/07/11 10:40:18 | 00,012,416 | ---- | M] (LG Electronics Inc.) -- C:\Windows\system32\DRIVERS\lgusbbus.sys -- (usbbus [On_Demand | Stopped])
DRV - [2007/07/11 15:51:48 | 00,019,840 | ---- | M] (LG Electronics Inc.) -- C:\Windows\system32\DRIVERS\lgusbdiag.sys -- (UsbDiag [On_Demand | Stopped])
DRV - [2007/07/11 10:45:00 | 00,021,632 | ---- | M] (LG Electronics Inc.) -- C:\Windows\system32\DRIVERS\lgusbmodem.sys -- (USBModem [On_Demand | Stopped])
DRV - [2008/01/21 03:23:00 | 00,020,024 | ---- | M] (VIA Technologies, Inc.) -- C:\Windows\system32\drivers\viaide.sys -- (viaide [Boot | Running])
DRV - [2008/01/21 03:23:23 | 00,130,616 | ---- | M] (VIA Technologies Inc.,Ltd) -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid [Boot | Running])
DRV - [2008/01/21 03:23:23 | 00,654,336 | ---- | M] (Conexant Systems, Inc.) -- C:\Windows\system32\DRIVERS\VSTCNXT3.SYS -- (winachsf [On_Demand | Stopped])
DRV - [2008/04/23 23:50:26 | 00,039,408 | ---- | M] (Cyberlink Corp.) -- C:\Program Files\HP\QuickPlay\000.fcl -- ({22D78859-9CE9-4B77-BF18-AC83E81A9263} [Auto | Running])

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE= ... on&pf=cnnb
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = Reg Error: Invalid data type.
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE= ... on&pf=cnnb

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE= ... on&pf=cnnb
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = Reg Error: Invalid data type.
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE= ... on&pf=cnnb
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = Reg Error: Invalid data type.
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-2320549619-1885473631-1023167558-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE= ... on&pf=cnnb
IE - HKU\S-1-5-21-2320549619-1885473631-1023167558-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKU\S-1-5-21-2320549619-1885473631-1023167558-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = Reg Error: Invalid data type.
IE - HKU\S-1-5-21-2320549619-1885473631-1023167558-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKU\S-1-5-21-2320549619-1885473631-1023167558-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE= ... on&pf=cnnb
IE - HKU\S-1-5-21-2320549619-1885473631-1023167558-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = Reg Error: Invalid data type.
IE - HKU\S-1-5-21-2320549619-1885473631-1023167558-1000\S-1-5-21-2320549619-1885473631-1023167558-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

O1 HOSTS File: (292080 bytes) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 10058 more lines...
O2 - BHO: (Aide pour le lien d'Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe (ALWIL Software)
O4 - HKLM..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)
O4 - HKLM..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe (Hewlett-Packard)
O4 - HKLM..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" (Apple Inc.)
O4 - HKLM..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit (NVIDIA Corporation)
O4 - HKLM..\Run: [OnScreenDisplay] C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe ( Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime (Apple Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe (IDT, Inc.)
O4 - HKLM..\Run: [UCam_Menu] "C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\YouCam" update "Software\CyberLink\YouCam\2.0" (CyberLink Corp.)
O4 - HKLM..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide (Microsoft Corporation)
O4 - HKCU..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (Microsoft Corporation)
O4 - HKU\S-1-5-21-2320549619-1885473631-1023167558-1000..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O7 - HKU\S-1-5-21-2320549619-1885473631-1023167558-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra Button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [@%SystemRoot%\system32\nlasvc.dll,-1000] - C:\Windows\system32\NLAapi.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [@%SystemRoot%\system32\napinsp.dll,-1000] - C:\Windows\system32\napinsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [@%SystemRoot%\system32\pnrpnsp.dll,-1000] - C:\Windows\system32\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [@%SystemRoot%\system32\pnrpnsp.dll,-1001] - C:\Windows\system32\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [Espace de noms Bluetooth] - C:\Windows\system32\wshbth.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O15 - HKLM\..Trusted Domains: 48 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains: 48 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Ranges: Range1 ([http] in Local intranet)
O15 - HKU\.DEFAULT\..Trusted Domains: 48 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\.DEFAULT\..Trusted Ranges: Range1 ([http] in Local intranet)
O15 - HKU\S-1-5-18\..Trusted Domains: 48 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-18\..Trusted Ranges: Range1 ([http] in Local intranet)
O15 - HKU\S-1-5-21-2320549619-1885473631-1023167558-1000\..Trusted Domains: 48 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-21-2320549619-1885473631-1023167558-1000\..Trusted Ranges: Range1 ([http] in Local intranet)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_12)
O16 - DPF: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_12)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_12)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/06/09 23:27:26 | 00,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{7ebd74d8-ac2f-11dd-a603-001eec7ba6db}\Shell - "" = AutoRun
O33 - MountPoints2\{7ebd74d8-ac2f-11dd-a603-001eec7ba6db}\Shell\AutoRun\command - "" = G:\DB.exe -- File not found

========== Files/Folders - Created Within 30 Days ==========

[1 C:\Windows\*.tmp files]
[2009/02/23 18:00:57 | 00,000,000 | ---D | C] -- C:\_OTMoveIt
[2009/02/23 17:49:20 | 00,348,160 | ---- | C] (OldTimer Tools) -- C:\Users\ERIC-YANN\Desktop\OTMoveIt3.exe
[2009/02/23 17:14:41 | 00,000,000 | ---D | C] -- C:\Users\ERIC-YANN\Documents\sqirlz pr Muv du viewty
[2009/02/22 20:01:36 | 00,134,208 | ---- | C] () -- C:\Users\ERIC-YANN\Desktop\crique_coca_cola.rar
[2009/02/21 12:28:28 | 00,160,723 | ---- | C] () -- C:\Windows\Sqirlz Water Reflections Uninstaller.exe
[2009/02/21 12:28:28 | 00,000,000 | ---D | C] -- C:\Program Files\Sqirlz Water Reflections
[2009/02/21 05:28:14 | 09,999,142 | ---- | C] () -- C:\Users\ERIC-YANN\Desktop\backdoorandshoot.photosguyane.rar
[2009/02/21 03:49:40 | 00,000,000 | ---D | C] -- C:\Users\ERIC-YANN\Documents\wintemp
[2009/02/20 22:09:26 | 00,000,000 | ---D | C] -- C:\Program Files\NFO viewer
[2009/02/19 16:11:12 | 00,000,000 | -HSD | C] -- C:\Config.Msi
[2009/02/19 07:33:11 | 00,000,772 | ---- | C] () -- C:\Users\ERIC-YANN\Desktop\Booster.exe - Raccourci.lnk
[2009/02/19 05:49:33 | 00,494,592 | ---- | C] (OldTimer Tools) -- C:\Users\ERIC-YANN\Desktop\OTListIt2.exe
[2009/02/19 05:45:45 | 00,000,000 | ---D | C] -- C:\Users\ERIC-YANN\Desktop\assiste.com
[2009/02/18 04:59:20 | 00,000,000 | ---D | C] -- C:\Program Files\Java
[2009/02/17 07:15:23 | 00,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2009/02/17 07:15:23 | 00,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2009/02/16 02:05:09 | 00,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2009/02/15 08:43:03 | 00,000,000 | ---D | C] -- C:\Users\ERIC-YANN\Documents\tuto vista
[2009/02/15 04:56:43 | 00,000,000 | ---D | C] -- C:\ProgramData\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
[2009/02/15 04:56:43 | 00,000,000 | ---D | C] -- C:\Program Files\iTunes
[2009/02/15 04:55:43 | 00,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2009/02/15 04:55:25 | 00,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
[2009/02/14 19:35:56 | 00,000,000 | ---D | C] -- C:\Users\ERIC-YANN\Documents\save registre 14.02.09
[2009/02/14 18:54:44 | 03,580,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.dll
[2009/02/14 18:54:43 | 06,069,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieframe.dll
[2009/02/14 18:54:41 | 01,166,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\urlmon.dll
[2009/02/14 18:54:40 | 00,827,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wininet.dll
[2009/02/14 18:54:40 | 00,458,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2009/02/14 18:54:39 | 00,671,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2009/02/14 18:54:39 | 00,270,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iertutil.dll
[2009/02/14 18:54:39 | 00,028,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2009/02/14 18:54:38 | 01,383,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2009/02/14 18:54:20 | 00,428,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\EncDec.dll
[2009/02/14 18:54:20 | 00,217,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\psisrndr.ax
[2009/02/14 18:54:18 | 00,293,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\psisdecd.dll
[2009/02/14 18:54:18 | 00,177,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mpg2splt.ax
[2009/02/14 18:54:18 | 00,080,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSNP.ax
[2009/02/13 18:58:02 | 00,000,000 | ---D | C] -- C:\Program Files\Lights
[2009/02/12 02:44:39 | 03,063,561 | ---- | C] (Macromedia, Inc.) -- C:\Users\Public\Documents\MobileTV.exe
[2009/02/12 02:44:38 | 02,989,660 | ---- | C] (Macromedia, Inc.) -- C:\Users\Public\Documents\DVD.exe
[2009/02/12 02:44:38 | 02,864,396 | ---- | C] (Macromedia, Inc.) -- C:\Users\Public\Documents\MPV.exe
[2009/02/12 02:44:38 | 02,331,174 | ---- | C] (Macromedia, Inc.) -- C:\Users\Public\Documents\Karaoke.exe
[2009/02/12 02:44:38 | 02,231,606 | ---- | C] (Macromedia, Inc.) -- C:\Users\Public\Documents\Games.exe
[2009/02/11 21:12:26 | 00,000,000 | ---D | C] -- C:\ProgramData\HP
[2009/02/11 21:03:56 | 00,000,000 | ---D | C] -- C:\Users\ERIC-YANN\AppData\Local\QuickPlay(189)
[2009/02/09 17:38:46 | 00,000,000 | ---D | C] -- C:\Users\ERIC-YANN\Desktop\film
[2009/02/05 15:05:14 | 00,000,000 | ---D | C] -- C:\Windows\D45EC2594A194656B588C2C360DD18EA.TMP
[2009/02/04 20:32:54 | 00,000,751 | ---- | C] () -- C:\Users\ERIC-YANN\Desktop\TroubleWitches.exe - Raccourci.lnk
[2009/02/04 16:16:55 | 00,000,000 | ---D | C] -- C:\Users\ERIC-YANN\AppData\Local\Seven Zip
[2009/01/31 16:38:22 | 00,000,000 | ---D | C] -- C:\divx
[2009/01/31 16:10:59 | 00,001,080 | ---- | C] () -- C:\Users\Public\Desktop\DivX Player.lnk
[2009/01/31 16:10:54 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\PX Storage Engine
[2009/01/31 16:10:53 | 00,001,388 | ---- | C] () -- C:\Users\ERIC-YANN\Desktop\DivX Movies.lnk
[2009/01/31 16:10:53 | 00,001,091 | ---- | C] () -- C:\Users\Public\Desktop\DivX Converter.lnk
[2009/01/30 11:56:29 | 00,000,000 | ---D | C] -- C:\Users\ERIC-YANN\Documents\fichiers du tuto le Muv
[2009/01/30 02:42:47 | 00,000,000 | ---D | C] -- C:\Users\ERIC-YANN\Documents\tout les fichiers du tutocyl installation
[2009/01/29 23:28:43 | 00,000,000 | ---D | C] -- C:\Users\ERIC-YANN\Documents\viewty
[2009/01/28 17:25:37 | 00,000,000 | ---D | C] -- C:\Program Files\LG Electronics
[2009/01/28 17:24:01 | 00,000,000 | ---D | C] -- C:\Program Files\LG PC Suite 2
[2009/01/28 04:01:09 | 00,000,000 | ---D | C] -- C:\Users\ERIC-YANN\AppData\Local\VMC
[2009/01/28 03:14:52 | 00,002,445 | ---- | C] () -- C:\Users\ERIC-YANN\Desktop\CYLManager.lnk
[2009/01/28 03:14:49 | 00,000,000 | ---D | C] -- C:\Program Files\VMC
[2009/01/28 02:44:46 | 00,097,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\infocardapi.dll
[2009/01/28 02:44:45 | 00,105,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationCFFRasterizerNative_v0300.dll
[2009/01/28 02:44:43 | 00,622,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\icardagt.exe
[2009/01/28 02:44:43 | 00,043,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationHostProxy.dll
[2009/01/28 02:44:43 | 00,037,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\infocardcpl.cpl
[2009/01/28 02:44:43 | 00,011,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\icardres.dll
[2009/01/28 02:44:39 | 00,781,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationNative_v0300.dll
[2009/01/28 02:44:25 | 00,326,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationHost.exe
[2009/01/28 02:39:02 | 00,096,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dfshim.dll
[2009/01/28 02:38:50 | 00,282,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mscoree.dll
[2009/01/28 02:38:50 | 00,041,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netfxperf.dll
[2009/01/28 02:38:32 | 00,158,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mscorier.dll
[2009/01/28 02:38:25 | 00,083,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mscories.dll
[2009/01/27 12:19:09 | 00,000,000 | ---D | C] -- C:\lgupload
[2009/01/27 12:09:54 | 00,000,000 | ---D | C] -- C:\Users\ERIC-YANN\AppData\Roaming\LG Electronics
[2009/01/27 10:14:33 | 00,000,316 | ---- | C] () -- C:\Users\ERIC-YANN\Documents\Setting.ini

========== Files - Modified Within 30 Days ==========

[1 C:\Windows\*.tmp files]
[2009/02/23 18:05:36 | 00,057,339 | ---- | M] () -- C:\ProgramData\nvModes.001
[2009/02/23 18:05:35 | 00,079,048 | ---- | M] () -- C:\Users\ERIC-YANN\AppData\Local\GDIPFONTCACHEV1.DAT
[2009/02/23 18:04:09 | 00,057,339 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2009/02/23 18:04:02 | 00,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2009/02/23 18:04:02 | 00,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2009/02/23 18:03:55 | 00,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2009/02/23 18:03:50 | 00,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2009/02/23 18:02:00 | 04,076,556 | -H-- | M] () -- C:\Users\ERIC-YANN\AppData\Local\IconCache.db
[2009/02/23 17:49:32 | 00,348,160 | ---- | M] (OldTimer Tools) -- C:\Users\ERIC-YANN\Desktop\OTMoveIt3.exe
[2009/02/23 17:44:19 | 00,006,188 | ---- | M] () -- C:\Users\ERIC-YANN\Documents\Mon thème favori.theme
[2009/02/22 20:01:37 | 00,134,208 | ---- | M] () -- C:\Users\ERIC-YANN\Desktop\crique_coca_cola.rar
[2009/02/22 08:39:37 | 00,000,249 | ---- | M] () -- C:\Users\Public\Documents\hpqp.ini
[2009/02/21 12:28:28 | 00,160,723 | ---- | M] () -- C:\Windows\Sqirlz Water Reflections Uninstaller.exe
[2009/02/21 09:28:26 | 00,318,184 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2009/02/21 05:37:36 | 09,999,142 | ---- | M] () -- C:\Users\ERIC-YANN\Desktop\backdoorandshoot.photosguyane.rar
[2009/02/21 00:00:48 | 00,000,316 | ---- | M] () -- C:\Users\ERIC-YANN\Documents\Setting.ini
[2009/02/20 22:52:55 | 00,002,445 | ---- | M] () -- C:\Users\ERIC-YANN\Desktop\CYLManager.lnk
[2009/02/20 02:10:02 | 01,470,810 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2009/02/20 02:10:02 | 00,669,566 | ---- | M] () -- C:\Windows\System32\perfh00C.dat
[2009/02/20 02:10:02 | 00,587,178 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2009/02/20 02:10:02 | 00,123,556 | ---- | M] () -- C:\Windows\System32\perfc00C.dat
[2009/02/20 02:10:02 | 00,101,250 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2009/02/19 13:10:46 | 00,032,256 | ---- | M] () -- C:\Users\ERIC-YANN\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/02/19 10:39:14 | 00,008,390 | ---- | M] () -- C:\Windows\System32\hpasset.xml
[2009/02/19 10:26:10 | 00,008,390 | ---- | M] () -- C:\Windows\System32\hpasset.xml.bkp
[2009/02/19 07:33:11 | 00,000,772 | ---- | M] () -- C:\Users\ERIC-YANN\Desktop\Booster.exe - Raccourci.lnk
[2009/02/19 05:49:47 | 00,494,592 | ---- | M] (OldTimer Tools) -- C:\Users\ERIC-YANN\Desktop\OTListIt2.exe
[2009/02/17 13:27:54 | 00,292,080 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2009/02/17 12:19:27 | 00,000,680 | ---- | M] () -- C:\Users\ERIC-YANN\AppData\Local\d3d9caps.dat
[2009/02/14 20:31:22 | 00,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2009/02/12 05:56:17 | 21,244,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mrt.exe
[2009/02/12 02:50:11 | 02,331,174 | ---- | M] (Macromedia, Inc.) -- C:\Users\Public\Documents\Karaoke.exe
[2009/02/12 02:47:58 | 02,864,396 | ---- | M] (Macromedia, Inc.) -- C:\Users\Public\Documents\MPV.exe
[2009/02/12 02:47:37 | 02,231,606 | ---- | M] (Macromedia, Inc.) -- C:\Users\Public\Documents\Games.exe
[2009/02/12 02:44:39 | 03,063,561 | ---- | M] (Macromedia, Inc.) -- C:\Users\Public\Documents\MobileTV.exe
[2009/02/12 02:44:39 | 02,989,660 | ---- | M] (Macromedia, Inc.) -- C:\Users\Public\Documents\DVD.exe
[2009/02/05 00:41:24 | 00,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2009/02/04 20:32:54 | 00,000,751 | ---- | M] () -- C:\Users\ERIC-YANN\Desktop\TroubleWitches.exe - Raccourci.lnk
[2009/02/04 17:46:54 | 00,002,461 | ---- | M] () -- C:\Users\ERIC-YANN\Desktop\あけぶれ.lnk
** - C:\Users\ERIC-YANN\Desktop\????.lnk
[2009/01/31 16:11:00 | 00,001,388 | ---- | M] () -- C:\Users\ERIC-YANN\Desktop\DivX Movies.lnk
[2009/01/31 16:10:59 | 00,001,080 | ---- | M] () -- C:\Users\Public\Desktop\DivX Player.lnk
[2009/01/31 16:10:53 | 00,001,091 | ---- | M] () -- C:\Users\Public\Desktop\DivX Converter.lnk
[2009/01/30 21:53:34 | 00,002,491 | ---- | M] () -- C:\Users\ERIC-YANN\Desktop\あけぶれコンフィグ.lnk
** - C:\Users\ERIC-YANN\Desktop\?????????.lnk
<End>


Voila en espèrant que je n'ai pas fais d'erreurs cette fois ci, j'attends de vos nouvelles.
John, la reine des pommes
 
Messages: 16
Inscription: 18 Fév 2009, 13:29

Messagede nickW » 24 Fév 2009, 01:34

Bonsoir,

Comment se comporte le PC?


A suivre,
nickW - Image
30/07/2012: Plus de désinfection de PC jusqu'à nouvel ordre.
Pas de demande d'analyse de log en MP (Message Privé)
Mes configs
Avatar de l’utilisateur
nickW
Modérateur
 
Messages: 21698
Inscription: 20 Mai 2004, 17:41
Localisation: Dordogne/Île de France

En réponse.

Messagede John, la reine des pommes » 24 Fév 2009, 06:42

Bonjour, apparement l'ordinateur va bien je n'ai rien remarqué de bizarre pour l'instant. J'ai ouvert une page d' internet explorer en mode hors connection (j'veux pas prendre de risque), il me dit : "Internet Explorer ne peut afficher cette page web - Au travail..." donc j'ai effectuer une recherche sur le registre de cette phrase "Allez au travail...", elle apparait toujours dans le registre à cette endroit : HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main, il y a un fichier nommé : ab Window Title Type : REG_SZ données : Au travail !Arrêtez de surfer!".

Mon icone windows defender à toujours un point d'exlamation, le systeme de sécurité me dit qu'il est erroné et toujours pas possible de le mettre à jour, à moins qu'il le soit déja, il n'y a peut être pas de rapport avec le problème "Allez au travail..."???

Voilà tout ce que je sais ou que j'ai pu voir, dans l'attente de vos nouvelles, je vous souhaite une bonne journée!

P.S : Vous avez sûrement remarquer dans les rapports des fichiers nommés backdoorandshoot... ce n'est pas en rapport au virus, c'est juste mon nom d'utilisateur sur un site de tunning de mon téléphone, et en rapport au basket, mouvement en attaque, "passer dans le dos de la défense, réception, tir..." je tiens à préciser pour qu'il n'y ai pas de confusion!
John, la reine des pommes
 
Messages: 16
Inscription: 18 Fév 2009, 13:29

Messagede nickW » 25 Fév 2009, 00:07

Bonsoir,

Encore un petit nettoyage:

Étape 1: OTMoveIt3 (de OldTimer)
Ouvrir une fenêtre du Bloc-notes, via Démarrer---->Tous les programmes---->Accessoires---->Exécuter, taper notepad puis cliquer sur OK
Sélectionner toutes les lignes de la zone blanche située sous "Code:" ci-dessous, puis appuyer simultanément sur les touches Ctrl et C

Code: Tout sélectionner
rien
:Processes
explorer.exe

:Reg
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Window Title"=-

:Commands
[start explorer]
[emptytemp]



Retourner dans la fenêtre du Bloc-notes, faire un clic droit dans la fenêtre et choisir Coller
Vérifier dans le menu Format (en haut) que "Retour automatique à ligne" n'est pas actif (pas coché).
Enregistrer le fichier sous le nom OTMI-2.txt
Fermer le Bloc-notes.
Note: Les lignes de la zone Code ci-dessus ont été créées exclusivement pour CET utilisateur: John, la reine des pommes.
si vous n'êtes pas CET utilisateur, il ne faut pas les utiliser: elles pourraient endommager votre système.



Étape 2: Pas de processus de contrôle en temps réel
Désactiver le module résident de l'antivirus et celui de l'antispyware.
Image avast!: clic droit sur l'icône dans la SysBarre (à coté de l'horloge), puis "Arrêter la protection résidente"
Image Windows Defender: Démarrer---->Tous les programmes---->Windows Defender; cliquer sur "Outils", puis sur "Options"; Sous "Options de protection en temps réel", désactiver la case à cocher "Utiliser la protection en temps réel (recommandé)", puis cliquer sur "Enregistrer"


Étape 3: OTMoveIt3 (de OldTimer)
Faire un clic droit sur OTMoveIt3.exe puis choisir "Exécuter en tant qu'Administrateur" pour lancer l'outil.
Ouvrir le fichier OTMI-2.txt dans le Bloc-notes.
Dans le Bloc-notes, cliquer sur le menu Edition (en haut) et choisir Sélectionner tout.
Dans le Bloc-notes, cliquer sur le menu Edition (en haut) et choisir Copier.

Retourner dans la fenêtre de OTMoveIt3, faire un clic droit dans la fenêtre située sur la gauche nommée "Paste Instructions for Items to be Moved" Image et choisir Coller.

Cliquer sur le bouton MoveIt!: Image
Attendre la fin du travail de l'outil puis fermer OTMoveIt3.
Note: Un redémarrage est parfois nécessaire. S'il est demandé, cliquer sur Oui/Yes


Étape 4: Processus de contrôle en temps réel
Important: Réactiver le module résident de l'antivirus et celui de l'antispyware.


Étape 5: Résultats
Envoyer en réponse:
*- le rapport de OTMoveIt3 (contenu du fichier Lecteur\_OTMoveIt\MovedFiles\********_******.log - les *** sont des chiffres représentant la date [moisjourannée] et l'heure)
[Lecteur représente la partition depuis laquelle OTMoveIt3 a été lancé, généralement C:]



Quant à Windows Defender, je ne l'utilise pas, mais j'ai trouvé ceci:

Comment faire pour résoudre les problèmes de mise à jour des définitions pour Windows Defender
http://support.microsoft.com/kb/918355/


Comment télécharger manuellement les dernières mises à jour des définitions pour Windows Defender
http://support.microsoft.com/kb/923159/

A suivre,
nickW - Image
30/07/2012: Plus de désinfection de PC jusqu'à nouvel ordre.
Pas de demande d'analyse de log en MP (Message Privé)
Mes configs
Avatar de l’utilisateur
nickW
Modérateur
 
Messages: 21698
Inscription: 20 Mai 2004, 17:41
Localisation: Dordogne/Île de France

rapport d'OTMoveIt3 du nouveau nettoyage

Messagede John, la reine des pommes » 25 Fév 2009, 14:05

bonjour, voici le rapport que vous m'avez demandé :

Error: Unable to interpret <rien> in the current context!
========== PROCESSES ==========
Process explorer.exe killed successfully.
========== REGISTRY ==========
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Window Title deleted successfully.
========== COMMANDS ==========
Explorer started successfully
File delete failed. C:\Users\ERIC-Y~1\AppData\Local\Temp\ehmsas.txt scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Temporary Internet Files folder emptied.
User's Internet Explorer cache folder emptied.
Local Service Temp folder emptied.
Local Service Temporary Internet Files folder emptied.
Windows Temp folder emptied.
FireFox cache emptied.
Temp folders emptied.

OTMoveIt3 by OldTimer - Version 1.0.8.0 log created on 02252009_133340

Files moved on Reboot...
C:\Users\ERIC-Y~1\AppData\Local\Temp\ehmsas.txt moved successfully.


Cela n'apparait plus dans le registre, c'est nickel chrome, et quand j'ouvre une page avec internet explorer, il n'y a plus ce mauvais gag, merci beaucoup!!... A savoir que j'ai supprimer aussi toutes les sauvegardes de registre que j'avais ainsi que les point de restauration.

Dans l'attente de vos nouvelles, je tiens encore à vous remercier et vous souhaite une bonne soirée.

P.S : En ce qui concerne les liens que vous m'avez proposez hier à propos de windows defender, je les avais vu mais j'attends de voir qu'il y ai de nouvelles définitions pour voir si windows update et defender fonctionnent...
John, la reine des pommes
 
Messages: 16
Inscription: 18 Fév 2009, 13:29

Re: rapport d'OTMoveIt3 du nouveau nettoyage

Messagede John, la reine des pommes » 25 Fév 2009, 18:10

[quote="John, la reine des pommes"]bonjour, voici le rapport que vous m'avez demandé :

Error: Unable to interpret <rien> in the current context!
========== PROCESSES ==========
Process explorer.exe killed successfully.
========== REGISTRY ==========
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Window Title deleted successfully.
========== COMMANDS ==========
Explorer started successfully
File delete failed. C:\Users\ERIC-Y~1\AppData\Local\Temp\ehmsas.txt scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Temporary Internet Files folder emptied.
User's Internet Explorer cache folder emptied.
Local Service Temp folder emptied.
Local Service Temporary Internet Files folder emptied.
Windows Temp folder emptied.
FireFox cache emptied.
Temp folders emptied.

OTMoveIt3 by OldTimer - Version 1.0.8.0 log created on 02252009_133340

Files moved on Reboot...
C:\Users\ERIC-Y~1\AppData\Local\Temp\ehmsas.txt moved successfully.


Cela n'apparait plus dans le registre, c'est nickel chrome, et quand j'ouvre une page avec internet explorer, il n'y a plus ce mauvais gag, merci beaucoup!!... A savoir que j'ai supprimer aussi toutes les sauvegardes de registre que j'avais ainsi que les point de restauration.

Dans l'attente de vos nouvelles, je tiens encore à vous remercier et vous souhaite une bonne soirée.

P.S : En ce qui concerne les liens que vous m'avez proposez hier à propos de windows defender, je les avais vu mais j'attends de voir qu'il y ai de nouvelles définitions pour voir si windows update et defender fonctionnent...à ce propos j'ai oublier de vous dire que lorsque j'ai fais diverses mises à jour vers le 14 février il y en avais une qui date d'avril 2008 (Mise à jour de sécurité pour les bits d'arrêt ActiveX pour Windows Vista KB948881), je trouve ça bizarre pour une mise à jour, la plupart jusqu'à présent étaient récentes...
John, la reine des pommes
 
Messages: 16
Inscription: 18 Fév 2009, 13:29

Messagede nickW » 26 Fév 2009, 01:29

Bonsoir,

Si le PC ne présente plus de symptômes d'infection, voici quelques conseils supplémentaires (sécurisation & optimisation) à appliquer:

ImageUn conseil important:
Il faut créer un nouveau point de restauration système.
Après nettoyage du PC, il faut créer un nouveau point de restauration qui sera utilisable en cas de problème.
Voir ce tutoriel - paragraphe "Créer un point de restauration". Merci à libellules.ch


ImageUn conseil:
Avast! n'est plus un bon antivirus (en tout cas dans sa version gratuite)!
Le logiciel antivirus Avira Antivir Personal est actuellement bien plus "réactif" vis à vis des nouveaux nuisibles que avast!
Une version française est disponible.
Voir:
http://assiste.com.free.fr/p/logitheque/antivir.html
http://www.free-av.com/fr/products/1/av ... virus.html
Téléchargement: http://www.free-av.com/en/download/download_servers.php
Lire aussi cet article et cet autre article de Malekal_morte
Présentation sur libellules.ch : http://www.libellules.ch/tuto_antivir.php


ImageUn conseil:
Penser aux mises à jour.
Adobe Reader 9: http://www.adobe.com/fr/products/reader/
Note:
Il existe un autre programme pour lire des fichiers PDF, bien moins gourmand en ressources, et gratuit:
Foxit Reader: http://www.foxitsoftware.com/pdf/rd_intro.php
Note: Refuser l'installation de la barre d'outils Foxit Toolbar (= Ask Toolbar)
Note: une importante faille de sécurité a été découverte récemment dans Adobe Reader versions 8.1.2 et antérieures.


ImageUn conseil:
Il est possible d'alléger la procédure de démarrage et de libérer quelques ressources système.
Certains programmes sont considérés comme "inutiles au démarrage": ils sont lancés systématiquement à chaque démarrage du système (même si l'on ne s'en sert pas), ils restent actifs et utilisent des ressources du système.
Il est indispensable de consulter la liste des startups (programmes lancés au démarrage) d'après Pacman (Paul Collins) pour prendre sa décision (les garder au démarrage ou non). Voir ICI.
Version téléchargeable (clic droit sur le lien): http://assiste.com.free.fr/ftp/Startups-vf.chm
Image Note: Le site n'est pas à jour, il faut utiliser la version téléchargeable.
Sont dans ce cas:

Adobe Reader Speed Launcher
HP Software Update--->mise à jour automatique: mieux vaut la faire soi-même
QuickTime Task
SunJavaUpdateSched--->mise à jour automatique: mieux vaut la faire soi-même

Il est possible d'utiliser Spybot-S&D (dans Outils---->Démarrage système) pour décocher les lignes correspondant aux programmes dont tu veux supprimer le lancement automatique à chaque démarrage du système (sauf indications particulières dans la liste de Pacman).
Si tu as ensuite des regrets, il te suffira de recocher ces lignes.


ImageUn conseil:
Image Il est préférable de supprimer OTListIt2 (fichier téléchargé OTListIt2.exe et fichiers résultats OTListIt.txt et Extras.txt situés sur le Bureau).
Image Il est préférable de supprimer OTMoveIt3 (fichier téléchargé OTMoveIt3.exe situé sur le Bureau et fichier(s) de travail OTMI-*.txt).
Note: Le dossier Lecteur\_OTMoveIt contient des sauvegardes. Après avoir vérifié que tous les logiciels du PC fonctionnent correctement, il sera possible de supprimer ce dossier.
Image Vider les quarantaines de l'antivirus et de l'anti-spyware.


ImageUn conseil:
Réactiver TeaTimer de Spybot-S&D selon la méthode ci-dessous:
Note: [SystemDrive représente la partition sur laquelle est installé le système, généralement C:]
  • Supprimer tous les clichés du Registre créés par TeaTimer de Spybot-S&D
    Aller avec l'Explorateur Windows jusqu'au dossier:
    SystemDrive\ProgramData\Spybot - Search & Destroy\Snapshots2
    Mettre dans une archive (fichier .zip) tous les fichiers qui s'y trouvent pour les sauvegarder, puis supprimer tous ces fichiers (ne conserver que l'archive de sauvegarde).
  • Re-lancer TeaTimer de Spybot-S&D.
    Aller avec l'Explorateur Windows jusqu'au dossier d'installation de Spybot-S&D, par défaut SystemDrive\Program Files\Spybot - Search & Destroy.
    Faire un double clic sur TeaTimer.exe pour le lancer.
  • Arrêter TeaTimer de Spybot-S&D de façon à enregistrer de nouveaux clichés du Registre.
    Dans la barre système (à coté de l'horloge), faire un clic droit sur l'icône de Résident de Spybot-SD puis choisir Quitter Résident de Spybot-S&D.
    Lors de cette procédure d'arrêt, il y a sauvegarde des clichés du Registre créés par TeaTimer de Spybot-S&D.
  • Re-lancer TeaTimer de Spybot-S&D.
    Aller avec l'Explorateur Windows jusqu'au dossier d'installation de Spybot-S&D, par défaut SystemDrive\Program Files\Spybot - Search & Destroy.
    Faire un double clic sur TeaTimer.exe pour le lancer.
  • Réactiver le lancement automatique de TeaTimer.
    Lancer Spybot-S&D, Mode avancé, Outils, Résident, cocher la case située devant TeaTimer. Fermer Spybot-S&D.




Voilì, voilò, voilà.

Salut,

PS:
Si tu considères que ce sujet est clos, peux-tu mettre [OK] devant le titre du premier message. Voir ICI.
Merci.
nickW - Image
30/07/2012: Plus de désinfection de PC jusqu'à nouvel ordre.
Pas de demande d'analyse de log en MP (Message Privé)
Mes configs
Avatar de l’utilisateur
nickW
Modérateur
 
Messages: 21698
Inscription: 20 Mai 2004, 17:41
Localisation: Dordogne/Île de France

Suivante

Retourner vers Sécurité (Contamination - Décontamination)

Qui est en ligne

Utilisateurs parcourant ce forum: Aucun utilisateur enregistré et 31 invités