[OK] problème récurrent, Log Hijack, MERCI!

Sécurité et insécurité. Virus, Trojans, Spywares, Failles etc. …

Modérateur: Modérateurs et Modératrices

Règles du forum
Assiste.com a suspendu l'assistance à la décontamination après presque 15 ans sur l'ancien forum puis celui-ci. Voir :

Procédure de décontamination 1 - Anti-malware
Décontamination anti-malwares

Procédure de décontamination 2 - Anti-malware et antivirus (La Manip)
La Manip - Procédure standard de décontamination

Entretien périodique d'un PC sous Windows
Entretien périodique d'un PC sous Windows

Protection des navigateurs, de la navigation et de la vie privée
Protéger le navigateur, la navigation et la vie privée

[OK] problème récurrent, Log Hijack, MERCI!

Messagede ms3deb » 10 Juin 2009, 21:01

Bonsoir,

De retour sur le forum car un pc fait des caprices!
Plantage récurrent, ouvertures intempestives de pages net, blocage des désinstallations et installation programme...

Voici le 1er log: MERCI d'avance!
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:55:04, on 10/06/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\acs.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\TODDSrv.exe
C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\ltmoh\Ltmoh.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
C:\WINDOWS\system32\ZoomingHook.exe
C:\WINDOWS\system32\TPSMain.exe
C:\Program Files\TOSHIBA\Utilitaire de zoom TOSHIBA\SmoothView.exe
C:\Program Files\TOSHIBA\Tvs\TvsTray.exe
C:\Program Files\TOSHIBA\TOSHIBA Direct Disc Writer\ddwmon.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\VM_STI.EXE
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\documents and settings\romain deloffre\local settings\application data\iycus.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Philips\Philips SPC210NC Webcam\TrayMin210.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Internet Explorer\Iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Alwil Software\Avast4\setup\avast.setup
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: 0 - {BD22FA02-FFEB-45C4-2694-93DE2F8DC48F} - (no file)
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [TPNF] C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
O4 - HKLM\..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
O4 - HKLM\..\Run: [CeEKEY] C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
O4 - HKLM\..\Run: [HWSetup] C:\Program Files\TOSHIBA\TOSHIBA Applet\HWSetup.exe hwSetUP
O4 - HKLM\..\Run: [SVPWUTIL] C:\Program Files\Toshiba\Windows Utilities\SVPWUTIL.exe SVPwUTIL
O4 - HKLM\..\Run: [Zooming] ZoomingHook.exe
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\Utilitaire de zoom TOSHIBA\SmoothView.exe
O4 - HKLM\..\Run: [Tvs] C:\Program Files\TOSHIBA\Tvs\TvsTray.exe
O4 - HKLM\..\Run: [DDWMon] C:\Program Files\TOSHIBA\TOSHIBA Direct Disc Writer\\ddwmon.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [BigDogPath] C:\WINDOWS\VM_STI.EXE Philips SPC210NC Webcam
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Fichiers communs\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - HKCU\..\Run: [iycus] "c:\documents and settings\romain deloffre\local settings\application data\iycus.exe" iycus
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: TrayMin210.exe.lnk = ?
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDow ... eqlab2.cab
O23 - Service: Service de configuration Atheros (ACS) - Unknown owner - C:\WINDOWS\system32\acs.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Fichiers communs\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Fichiers communs\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Fichiers communs\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\WINDOWS\system32\TODDSrv.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
O24 - Desktop Component 0: (no name) - C:\Program Files\MSN Gaming Zone\profsybywuus.html

--
End of file - 9185 bytes
Avatar de l’utilisateur
ms3deb
 
Messages: 77
Inscription: 30 Avr 2007, 21:09

Messagede nickW » 11 Juin 2009, 00:52

Bonsoir,

Il me semble t'avoir déjà écrit qu'avast! (en version gratuite) n'était pas un bon antivirus.

Il faut le remplacer par Avira AntiVir Personal, gratuit, en français, et bien plus performant.

http://www.free-av.com/fr/produits/index.html
Téléchargement: http://www.free-av.com/en/download/download_servers.php
Présentation sur libellules.ch : http://www.libellules.ch/tuto_antivir.php


Création de trois autres rapports:


Note: Ces manips doivent être effectuées en ayant ouvert une session avec les "droits Administrateur" (ne pas utiliser le profil utilisateur nommé "Administrateur" visible en mode sans échec).
Sous Windows XP, pour vérifier si un compte a les droits "Administrateur":
Démarrer---->Paramètres---->Panneau de configuration---->Comptes d'utilisateurs
A côté de l'icône représentant certains comptes (hormis celui nommé "Administrateur"), il est indiqué "Administrateur de l'ordinateur"
C'est l'un de ces comptes qu'il faudra utiliser.



Étape 1: OTL (de OldTimer), téléchargement
Télécharger OTL.exe depuis http://oldtimer.geekstogo.com/OTL.exe
Enregistrer ce fichier sur le Bureau.


Étape 2: Navilog1 (de IL-MAFIOSO), Option 1
Note préliminaire importante
Navilog1 est détecté par certains antivirus comme étant un RiskTool (outil à risque).
Ceci est exact puisque certains de ses composants, s'ils étaient mis entre de mauvaises mains, pourraient effectuer des actions dangereuses.
Dans le cas de Navilog1, il faut les laisser s'exécuter, et, si nécessaire, désactiver temporairement les programmes de protection en temps réel (lors du téléchargement et de l'exécution de l'outil).
Par exemple, il est indispensable d'arrêter la protection en temps réel d'Avira Antivir.


Télécharger Navilog1 par un clic droit sur le lien ci-dessous:
http://pagesperso-orange.fr/il.mafioso/ ... vilog1.exe
Enregistrer le fichier sur le Bureau.
Fermer toutes les applications actives (comme traitement de texte, navigateur).
Faire un double clic sur Navilog1.exe pour lancer l'installation.
Une fois l'installation terminée, l'outil s'exécutera automatiquement.
(Si ce n'est pas le cas, faire un double clic sur le raccourci Navilog1 présent sur le Bureau).

Suivre les indications affichées.
Sur le menu principal, choisir l'option 1 et valider.
(ne pas choisir les options 2,3 ou 4 sans mon avis/accord)

Attendre jusqu'au message :
*** Analyse Termine le ..... ***
Appuyer sur une touche comme demandé, le Bloc-notes va s'ouvrir.
Note: Dans le Bloc-notes, vérifier dans le menu Format (en haut) que l'option "Retour automatique à la ligne" n'est pas cochée.
Enregistrer ce fichier sous le nom navi1.txt
Fermer le Bloc-notes.
Le rapport est en outre sauvegardé à la racine du disque (fixnavi.txt)


Étape 3: OTL (de OldTimer), analyse
Fermer toutes les fenêtres de programme ouvertes.

Faire un double clic sur OTL.exe pour lancer l'outil.

L'écran principal de OTL s'affiche:
Image

Si ce n'est déjà fait, dans le paragraphe Extra Registry, cocher le bouton-radio Use SafeList:
Image

Cocher (en haut) la case située devant Scan All Users:
Image

Puis cliquer sur le bouton Run Scan:
Image

Laisser l'outil travailler sans l'interrompre.
Lorsque l'outil a terminé, il y a ouverture d'une fenêtre du Bloc-notes contenant un rapport (log).
Fermer le Bloc-notes.
Le second rapport est visible dans la Barre des tâches. Le fermer également.
Fermer la fenêtre de OTL.


Étape 4: Résultats
Envoyer en réponse:
*- le rapport de Navilog1, Option 1 (contenu du fichier navi1.txt)

Envoyer ensuite en réponse dans deux messages distincts (à cause de la longueur des logs):
*- les deux rapports de OTL (contenu des fichiers OTL.Txt et Extras.Txt situés sur le Bureau).
Les rapports envoyés sur le forum doivent se terminer par une ligne contenant <End>. Si ce n'est pas le cas, ils sont incomplets, et doivent alors être découpés en plusieurs messages.

Note importante: Pour l'envoi de ta(tes) réponse(s), il ne faut pas créer un nouveau sujet, mais cliquer sur le bouton "Répondre"
Image pour continuer dans ce fil de discussion.

A suivre,
nickW - Image
30/07/2012: Plus de désinfection de PC jusqu'à nouvel ordre.
Pas de demande d'analyse de log en MP (Message Privé)
Mes configs
Avatar de l’utilisateur
nickW
Modérateur
 
Messages: 21698
Inscription: 20 Mai 2004, 17:41
Localisation: Dordogne/Île de France

Rapp Navilog!

Messagede ms3deb » 11 Juin 2009, 20:41

Bonsoir,
Effectivement j'ai suivi ton collègue pour Avira mais là en l'occurence je suis tombé sur un réfractaire (pas pour longtemps-)).
Dans tous les cas merci d'avance pour on aide,
@+

Search Navipromo version 3.7.7 commencé le 11/06/2009 à 21:15:27,25

!!! Attention,ce rapport peut indiquer des fichiers/programmes légitimes!!!
!!! Postez ce rapport sur le forum pour le faire analyser !!!
!!! Ne lancez pas la partie désinfection sans l'avis d'un spéblurpte !!!

Outil exécuté depuis C:\Program Files\navilog1

Mise à jour le 12.05.2009 à 18h00 par IL-MAFIOSO

Microsoft Windows XP Professionnel ( v5.1.2600 ) Service Pack 3
X86-based PC ( Uniprocessor Free : Intel(R) Celeron(R) M CPU 430 @ 1.73GHz )
BIOS : Ver 1.00PARTTBL
USER : ROMAIN DELOFFRE ( Administrator )
BOOT : Normal boot

Antivirus : avast! antivirus 4.8.1296 [VPS 090130-0] 4.8.1296 (Activated)


C:\ (Local Disk) - NTFS - Total:74 Go (Free:21 Go)
D:\ (CD or DVD)


Recherche executé en mode normal


*** Recherche dossiers dans "C:\WINDOWS" ***


*** Recherche dossiers dans "C:\Program Files" ***

...\Live-Player trouvé !

*** Recherche dossiers dans "C:\Documents and Settings\All Users\menudm~1\progra~1" ***

...\Live-Player trouvé !
...\WebMediaPlayer trouvé !

*** Recherche dossiers dans "C:\Documents and Settings\All Users\menudm~1" ***


*** Recherche dossiers dans "c:\docume~1\alluse~1\applic~1" ***


*** Recherche dossiers dans "C:\Documents and Settings\ROMAIN DELOFFRE\applic~1" ***

...\Live-Player trouvé !

*** Recherche dossiers dans "C:\DOCUME~1\ADMINI~1\applic~1" ***


*** Recherche dossiers dans "C:\Documents and Settings\ROMAIN DELOFFRE\locals~1\applic~1" ***


*** Recherche dossiers dans "C:\DOCUME~1\ADMINI~1\locals~1\applic~1" ***


*** Recherche dossiers dans "C:\Documents and Settings\ROMAIN DELOFFRE\menudm~1\progra~1" ***


*** Recherche dossiers dans "C:\DOCUME~1\ADMINI~1\menudm~1\progra~1" ***


*** Recherche avec Catchme-rootkit/stealth malware detector par gmer ***
pour + d'infos : http://www.gmer.net



*** Recherche avec GenericNaviSearch ***
!!! Tous ces résultats peuvent révéler des fichiers légitimes !!!
!!! A vérifier impérativement avant toute suppression manuelle !!!

* Recherche dans "C:\WINDOWS\system32" *

* Recherche dans "C:\Documents and Settings\ROMAIN DELOFFRE\locals~1\applic~1" *

* Recherche dans "C:\DOCUME~1\ADMINI~1\locals~1\applic~1" *



*** Recherche fichiers ***


c:\docume~1\alluse~1\bureau\Live-Player.lnk trouvé !
C:\WINDOWS\prefetch\LIVE-PLAYER.EXE-21A6817A.pf trouvé !

*** Recherche clés spécifiques dans le Registre ***
!! Les clés trouvées ne sont pas forcément infectées !!

HKEY_CURRENT_USER\Software\Lanconfig

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"iycus"="\"c:\\documents and settings\\romain deloffre\\local settings\\application data\\iycus.exe\" iycus"


*** Module de Recherche complémentaire ***
(Recherche fichiers spécifiques)

1)Recherche nouveaux fichiers Instant Access :


2)Recherche Heuristique :

* Dans "C:\WINDOWS\system32" :


* Dans "C:\Documents and Settings\ROMAIN DELOFFRE\locals~1\applic~1" :

iycus.exe trouvé !
iycus.dat trouvé !
iycus_nav.dat trouvé !
iycus_navps.dat trouvé !
skmvpsju.dat trouvé !
skmvpsju_nav.dat trouvé !
skmvpsju_navps.dat trouvé !

* Dans "C:\DOCUME~1\ADMINI~1\locals~1\applic~1" :


3)Recherche Certificats :

Certificat Egroup trouvé !
Certificat Electronic-Group trouvé !
Certificat Montorgueil absent !
Certificat OOO-Favorit trouvé !
Certificat Sunny-Day-Design-Ltd absent !

4)Recherche autres dossiers et fichiers connus :



*** Analyse terminée le 11/06/2009 à 21:29:42,29 ***
Avatar de l’utilisateur
ms3deb
 
Messages: 77
Inscription: 30 Avr 2007, 21:09

Rapport OT list!

Messagede ms3deb » 11 Juin 2009, 20:43

OTL logfile created on: 11/06/2009 21:31:35 - Run 1
OTL by OldTimer - Version 2.1.1.0 Folder = C:\Documents and Settings\ROMAIN DELOFFRE\Bureau
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy

894,04 Mb Total Physical Memory | 391,10 Mb Available Physical Memory | 43,75% Memory free
1,46 Gb Paging File | 0,92 Gb Available in Paging File | 63,26% Paging File free
Paging file location(s): C:\pagefile.sys 672 1344 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74,53 Gb Total Space | 21,56 Gb Free Space | 28,93% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: WROMI
Current User Name: ROMAIN DELOFFRE
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Output = Standard
File Age = 30 Days
Company Name Whitelist: On

========== Processes (SafeList) ==========

PRC - [2006/03/18 02:17:46 | 00,405,504 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\Ati2evxx.exe
PRC - [2006/03/18 02:17:46 | 00,405,504 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\Ati2evxx.exe
PRC - [2008/04/14 04:34:03 | 01,037,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Explorer.EXE
PRC - [2008/11/26 19:12:08 | 00,018,752 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
PRC - [2008/11/26 19:18:46 | 00,155,160 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe
PRC - [2005/09/26 12:22:28 | 00,036,864 | ---- | M] () -- C:\WINDOWS\system32\acs.exe
PRC - [2005/01/18 01:38:38 | 00,040,960 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
PRC - [2006/10/09 17:16:56 | 00,237,568 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\eHome\ehRecvr.exe
PRC - [2005/08/05 15:38:38 | 00,103,424 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\eHome\ehSched.exe
PRC - [2006/05/25 18:30:16 | 00,114,688 | ---- | M] (TOSHIBA Corporation) -- C:\WINDOWS\system32\TODDSrv.exe
PRC - [2001/11/12 13:31:48 | 00,020,480 | ---- | M] (X10) -- C:\Program Files\Common Files\X10\Common\X10nets.exe
PRC - [2005/08/05 13:16:40 | 00,099,328 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\mcrdsvc.exe
PRC - [2008/11/26 19:18:32 | 00,254,040 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
PRC - [2008/11/26 19:16:23 | 00,352,920 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
PRC - [2005/08/05 13:34:32 | 00,064,512 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\ehtray.exe
PRC - [2006/03/17 15:37:00 | 00,344,064 | ---- | M] (ATI Technologies, Inc.) -- C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
PRC - [2006/04/18 00:34:42 | 16,143,872 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\RTHDCPL.EXE
PRC - [2005/12/16 02:41:28 | 00,188,416 | ---- | M] (Agere Systems) -- C:\Program Files\ltmoh\Ltmoh.exe
PRC - [2006/03/18 08:22:26 | 00,089,541 | ---- | M] (Agere Systems) -- C:\WINDOWS\AGRSMMSG.exe
PRC - [2004/03/24 07:40:42 | 00,196,608 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint2K\Apoint.exe
PRC - [2006/04/04 14:57:18 | 00,053,248 | ---- | M] (COMPAL ELECTRONIC INC.) -- C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
PRC - [2005/12/22 13:19:34 | 01,077,329 | ---- | M] (TOSHIBA) -- C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
PRC - [2006/03/16 13:27:26 | 00,634,880 | ---- | M] (COMPAL ELECTRONIC INC.) -- C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
PRC - [2005/06/06 09:58:44 | 00,024,576 | ---- | M] (TOSHIBA) -- C:\WINDOWS\system32\ZoomingHook.exe
PRC - [2005/08/12 11:14:30 | 00,266,240 | ---- | M] (TOSHIBA Corporation) -- C:\WINDOWS\system32\TPSMain.exe
PRC - [2005/05/17 09:24:50 | 00,118,784 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\Utilitaire de zoom TOSHIBA\SmoothView.exe
PRC - [2006/02/02 13:11:38 | 00,073,728 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\Tvs\TvsTray.exe
PRC - [2006/04/28 11:38:12 | 00,262,144 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\TOSHIBA Direct Disc Writer\ddwmon.exe
PRC - [2005/05/11 23:12:54 | 00,049,152 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
PRC - [2008/11/26 19:18:51 | 00,081,000 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashDisp.exe
PRC - [2004/06/09 15:37:02 | 00,040,960 | ---- | M] (BIGDOG) -- C:\WINDOWS\VM_STI.EXE
PRC - [2008/01/11 22:16:38 | 00,039,792 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
PRC - [2005/04/11 16:08:00 | 00,065,536 | ---- | M] (TOSHIBA) -- C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
PRC - [2009/06/02 23:35:56 | 00,299,008 | ---- | M] (biologie) -- C:\documents and settings\romain deloffre\local settings\application data\iycus.exe
PRC - [2005/05/11 23:23:26 | 00,282,624 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
PRC - [2006/05/10 13:24:34 | 00,278,528 | ---- | M] () -- C:\Program Files\Philips\Philips SPC210NC Webcam\TrayMin210.exe
PRC - [2005/08/05 13:34:28 | 00,046,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\eHome\ehmsas.exe
PRC - [2005/08/12 11:14:16 | 00,040,960 | ---- | M] (TOSHIBA Corporation) -- C:\WINDOWS\system32\TPSBattM.exe
PRC - [2003/02/26 20:08:42 | 00,045,056 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint2K\Apntex.exe
PRC - [2005/05/12 00:40:38 | 00,204,800 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
PRC - [2009/02/28 06:54:41 | 00,636,072 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\Iexplore.exe
PRC - [2009/06/11 21:10:59 | 00,501,760 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\ROMAIN DELOFFRE\Bureau\OTL.exe

========== Win32 Services (SafeList) ==========

SRV - [2005/09/26 12:22:28 | 00,036,864 | ---- | M] () -- C:\WINDOWS\system32\acs.exe -- (ACS [Auto | Running])
SRV - [2007/10/24 01:47:22 | 00,033,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
SRV - [2008/11/26 19:12:08 | 00,018,752 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe -- (aswUpdSv [Auto | Running])
SRV - [2006/03/18 02:17:46 | 00,405,504 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\Ati2evxx.exe -- (Ati HotKey Poller [Auto | Running])
SRV - [2008/11/26 19:18:46 | 00,155,160 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe -- (avast! Antivirus [Auto | Running])
SRV - [2008/11/26 19:18:32 | 00,254,040 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe -- (avast! Mail Scanner [On_Demand | Running])
SRV - [2008/11/26 19:16:23 | 00,352,920 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe -- (avast! Web Scanner [On_Demand | Running])
SRV - [2005/01/18 01:38:38 | 00,040,960 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe -- (CFSvcs [Auto | Running])
SRV - [2007/10/24 01:47:40 | 00,070,144 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
SRV - [2006/10/09 17:16:56 | 00,237,568 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\eHome\ehRecvr.exe -- (ehRecvr [Auto | Running])
SRV - [2005/08/05 15:38:38 | 00,103,424 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\eHome\ehSched.exe -- (ehSched [Auto | Running])
SRV - [2008/04/14 04:33:38 | 00,038,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto | Running])
SRV - [2004/10/22 03:24:18 | 00,073,728 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped])
SRV - [2005/08/05 13:16:40 | 00,099,328 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\mcrdsvc.exe -- (McrdSvc [Auto | Running])
SRV - [2004/08/10 07:30:26 | 00,085,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mhn.dll -- (MHN [On_Demand | Stopped])
SRV - [2003/07/28 20:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
SRV - [2007/07/24 05:14:08 | 00,088,560 | ---- | M] (Sonic Solutions) -- C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe -- (Roxio UPnP Renderer 9 [On_Demand | Stopped])
SRV - [2007/07/24 05:14:06 | 00,358,896 | ---- | M] (Sonic Solutions) -- C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe -- (Roxio Upnp Server 9 [Auto | Stopped])
SRV - [2007/08/16 08:56:16 | 00,309,744 | ---- | M] (Sonic Solutions) -- C:\Program Files\Fichiers communs\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe -- (RoxLiveShare9 [Auto | Stopped])
SRV - [2007/08/16 08:56:10 | 01,092,080 | ---- | M] (Sonic Solutions) -- C:\Program Files\Fichiers communs\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe -- (RoxMediaDB9 [On_Demand | Stopped])
SRV - [2007/08/16 08:56:14 | 00,166,384 | ---- | M] (Sonic Solutions) -- C:\Program Files\Fichiers communs\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe -- (RoxWatch9 [Auto | Stopped])
SRV - [2006/05/25 18:30:16 | 00,114,688 | ---- | M] (TOSHIBA Corporation) -- C:\WINDOWS\system32\TODDSrv.exe -- (TODDSrv [Auto | Running])
SRV - [2007/01/19 12:54:14 | 00,097,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\MSN Messenger\usnsvc.exe -- (usnjsvc [On_Demand | Stopped])
SRV - [2006/11/03 10:59:14 | 00,918,016 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\WMPNetwk.exe -- (WMPNetworkSvc [On_Demand | Stopped])
SRV - [2001/11/12 13:31:48 | 00,020,480 | ---- | M] (X10) -- C:\Program Files\Common Files\X10\Common\X10nets.exe -- (x10nets [Auto | Running])

========== Driver Services (SafeList) ==========

DRV - [2008/11/26 19:15:35 | 00,026,944 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4 [System | Running])
DRV - [2006/12/24 21:34:01 | 00,021,035 | ---- | M] (Meetinghouse Data Communications) -- C:\WINDOWS\system32\DRIVERS\AegisP.sys -- (AegisP [Auto | Running])
DRV - [2006/03/18 07:36:42 | 01,155,584 | R--- | M] (Agere Systems) -- C:\WINDOWS\system32\DRIVERS\AGRSM.sys -- (AgereSoftModem [On_Demand | Running])
DRV - [2004/11/16 01:22:08 | 00,101,874 | ---- | M] (Alps Electric Co., Ltd.) -- C:\WINDOWS\system32\DRIVERS\Apfiltr.sys -- (ApfiltrService [On_Demand | Running])
DRV - [2006/04/01 17:46:28 | 00,471,264 | ---- | M] (Atheros Communications, Inc.) -- C:\WINDOWS\system32\DRIVERS\ar5211.sys -- (AR5211 [On_Demand | Running])
DRV - [2008/11/26 19:17:25 | 00,020,560 | ---- | M] (ALWIL Software) -- C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys -- (aswFsBlk [Auto | Running])
DRV - [2008/11/26 19:18:18 | 00,094,032 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2 [Auto | Running])
DRV - [2008/11/26 19:16:29 | 00,023,152 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr [On_Demand | Running])
DRV - [2008/11/26 19:17:36 | 00,111,184 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP [System | Running])
DRV - [2008/11/26 19:16:38 | 00,050,864 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi [System | Running])
DRV - [2006/03/18 02:24:10 | 01,520,640 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\DRIVERS\ati2mtag.sys -- (ati2mtag [On_Demand | Running])
DRV - [2008/04/13 18:36:05 | 00,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) -- C:\WINDOWS\system32\DRIVERS\HDAudBus.sys -- (HDAudBus [On_Demand | Running])
DRV - [2006/04/18 01:31:26 | 04,262,912 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService [On_Demand | Running])
DRV - [2003/09/10 23:36:54 | 00,021,060 | ---- | M] (InterVideo, Inc.) -- C:\WINDOWS\system32\drivers\iviaspi.sys -- (Iviaspi [On_Demand | Running])
DRV - [2003/01/29 23:35:00 | 00,012,032 | ---- | M] (TOSHIBA Corporation.) -- C:\WINDOWS\system32\DRIVERS\netdevio.sys -- (Netdevio [Auto | Running])
DRV - [2003/08/04 14:22:44 | 00,016,128 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) -- C:\WINDOWS\system32\PCANDIS5.SYS -- (PCANDIS5 [On_Demand | Stopped])
DRV - [2003/09/19 01:47:00 | 00,010,368 | ---- | M] (Padus, Inc.) -- C:\WINDOWS\system32\drivers\pfc.sys -- (Pfc [On_Demand | Running])
DRV - [2004/08/10 14:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\system32\DRIVERS\ptilink.sys -- (Ptilink [On_Demand | Running])
DRV - [2007/05/01 03:00:00 | 00,043,528 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20 [Boot | Running])
DRV - [2007/05/31 13:39:50 | 00,022,656 | ---- | M] (Research In Motion Limited) -- C:\WINDOWS\System32\Drivers\RimUsb.sys -- (RimUsb [On_Demand | Stopped])
DRV - [2007/01/18 10:24:58 | 00,026,496 | R--- | M] (Research in Motion Ltd) -- C:\WINDOWS\system32\DRIVERS\RimSerial.sys -- (RimVSerPort [On_Demand | Running])
DRV - [2004/08/10 14:00:00 | 00,005,888 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\Drivers\RootMdm.sys -- (ROOTMODEM [On_Demand | Running])
DRV - [2004/06/28 19:35:24 | 00,069,760 | ---- | M] (Realtek Semiconductor Corporation ) -- C:\WINDOWS\system32\DRIVERS\Rtlnicxp.sys -- (RTL8023xp [On_Demand | Running])
DRV - [2004/08/04 00:31:34 | 00,020,992 | ---- | M] (Realtek Semiconductor Corporation) -- C:\WINDOWS\system32\DRIVERS\RTL8139.SYS -- (rtl8139 [On_Demand | Stopped])
DRV - [2007/11/13 12:25:54 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\system32\DRIVERS\secdrv.sys -- (Secdrv [On_Demand | Stopped])
DRV - [2006/07/24 17:05:00 | 00,005,632 | ---- | M] () -- C:\WINDOWS\System32\drivers\StarOpen.sys -- (StarOpen [System | Running])
DRV - [2006/03/02 18:49:50 | 00,015,360 | ---- | M] (TOSHIBA Corporation.) -- C:\WINDOWS\system32\DRIVERS\tdcmdpst.sys -- (tdcmdpst [On_Demand | Running])
DRV - [2006/04/18 15:12:00 | 00,098,816 | ---- | M] (TOSHIBA Corporation) -- C:\WINDOWS\system32\DRIVERS\tdudf.sys -- (tdudf [Auto | Running])
DRV - [2006/01/05 16:31:20 | 00,011,264 | ---- | M] (TOSHIBA ) -- C:\WINDOWS\System32\Drivers\TPwSav.sys -- (TPwSav [System | Running])
DRV - [2006/04/25 09:01:48 | 00,043,776 | ---- | M] (TOSHIBA Corporation) -- C:\WINDOWS\system32\DRIVERS\Tvs.sys -- (Tvs [On_Demand | Running])
DRV - [2005/11/28 10:45:16 | 00,007,040 | ---- | M] (X10 Wireless Technology, Inc.) -- C:\WINDOWS\System32\Drivers\x10hid.sys -- (X10Hid [On_Demand | Running])
DRV - [2005/02/26 16:25:52 | 00,091,527 | ---- | M] (VM) -- C:\WINDOWS\System32\Drivers\usbVM31b.sys -- (ZSMC301b [On_Demand | Stopped])

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie


IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-3277060119-1734204101-523286688-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKU\S-1-5-21-3277060119-1734204101-523286688-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-3277060119-1734204101-523286688-1005\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKU\S-1-5-21-3277060119-1734204101-523286688-1005\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE - HKU\S-1-5-21-3277060119-1734204101-523286688-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
IE - HKU\S-1-5-21-3277060119-1734204101-523286688-1005\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-3277060119-1734204101-523286688-1005\S-1-5-21-3277060119-1734204101-523286688-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.defaulturl: "http://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q="
FF - prefs.js..browser.startup.homepage: "http://fr.msn.com/"
FF - prefs.js..extensions.enabledItems: {3112ca9c-de6d-4884-a869-9855de68056c}:3.1.20090119W
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.1
FF - prefs.js..keyword.URL: "http://search.live.com/results.aspx?mkt=fr-fr&FORM=MIMWA5&q="

FF - HKLM\software\mozilla\Firefox\Extensions\\{3112ca9c-de6d-4884-a869-9855de68056c}: C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\GOOGLE\TOOLBAR FOR FIREFOX\{3112CA9C-DE6D-4884-A869-9855DE68056C} [2008/11/09 05:15:29 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.1\extensions\\Components: C:\PROGRAM FILES\MOZILLA FIREFOX\COMPONENTS [2008/11/09 05:15:16 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.1\extensions\\Plugins: C:\PROGRAM FILES\MOZILLA FIREFOX\PLUGINS [2008/11/09 05:15:13 | 00,000,000 | ---D | M]

[2009/06/03 19:24:05 | 00,000,000 | ---D | M] -- C:\Documents and Settings\ROMAIN DELOFFRE\Application Data\mozilla\Extensions
[2009/06/03 19:24:05 | 00,000,000 | ---D | M] -- C:\Documents and Settings\ROMAIN DELOFFRE\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/06/03 19:25:21 | 00,000,000 | ---D | M] -- C:\Documents and Settings\ROMAIN DELOFFRE\Application Data\mozilla\Firefox\Profiles\0xf1yc4j.default\extensions
[2009/06/03 19:24:50 | 00,000,000 | ---D | M] -- C:\Documents and Settings\ROMAIN DELOFFRE\Application Data\mozilla\Firefox\Profiles\0xf1yc4j.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2009/06/03 19:24:55 | 00,001,711 | ---- | M] () -- C:\Documents and Settings\ROMAIN DELOFFRE\Application Data\Mozilla\FireFox\Profiles\0xf1yc4j.default\searchplugins\livecom.xml
[2009/06/09 23:01:57 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2008/11/09 05:15:14 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2008/05/03 02:10:28 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\google-gzfb@partners.mozilla.com
[2008/07/03 04:56:53 | 00,023,040 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2008/07/03 04:56:53 | 00,134,144 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2006/09/10 13:35:08 | 00,001,516 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-france.xml
[2006/06/04 20:56:02 | 00,001,055 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-france.xml
[2008/04/16 06:08:20 | 00,001,706 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2006/09/10 13:35:08 | 00,000,748 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\MediaDICO-fr.xml
[2008/03/29 15:59:44 | 00,001,426 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-fr.xml
[2006/09/12 20:49:04 | 00,000,652 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-france.xml

O1 HOSTS File: (790 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Aide pour le lien d'Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - Reg Error: Key error. File not found
O2 - BHO: (no name) - {BD22FA02-FFEB-45C4-2694-93DE2F8DC48F} - Reg Error: Key error. File not found
O3 - HKU\S-1-5-21-3277060119-1734204101-523286688-1005\..\Toolbar\ShellBrowser: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - Reg Error: Key error. File not found
O3 - HKU\S-1-5-21-3277060119-1734204101-523286688-1005\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - Reg Error: Key error. File not found
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AGRSMMSG] AGRSMMSG.exe (Agere Systems)
O4 - HKLM..\Run: [Alcmtr] ALCMTR.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" (ATI Technologies, Inc.)
O4 - HKLM..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe (ALWIL Software)
O4 - HKLM..\Run: [BigDogPath] C:\WINDOWS\VM_STI.EXE Philips SPC210NC Webcam (BIGDOG)
O4 - HKLM..\Run: [CeEKEY] C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe (COMPAL ELECTRONIC INC.)
O4 - HKLM..\Run: [DDWMon] C:\Program Files\TOSHIBA\TOSHIBA Direct Disc Writer\\ddwmon.exe ()
O4 - HKLM..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe (Microsoft Corporation)
O4 - HKLM..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe (Hewlett-Packard Co.)
O4 - HKLM..\Run: [HWSetup] C:\Program Files\TOSHIBA\TOSHIBA Applet\HWSetup.exe hwSetUP (TOSHIBA CO.,LTD.)
O4 - HKLM..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe (Agere Systems)
O4 - HKLM..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe (TOSHIBA)
O4 - HKLM..\Run: [RoxWatchTray] "C:\Program Files\Fichiers communs\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" (Sonic Solutions)
O4 - HKLM..\Run: [RTHDCPL] RTHDCPL.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SmoothView] C:\Program Files\TOSHIBA\Utilitaire de zoom TOSHIBA\SmoothView.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [SVPWUTIL] C:\Program Files\Toshiba\Windows Utilities\SVPWUTIL.exe SVPwUTIL (TOSHIBA)
O4 - HKLM..\Run: [TPNF] C:\Program Files\TOSHIBA\TouchPad\TPTray.exe (COMPAL ELECTRONIC INC.)
O4 - HKLM..\Run: [TPSMain] TPSMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [Tvs] C:\Program Files\TOSHIBA\Tvs\TvsTray.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [Zooming] ZoomingHook.exe (TOSHIBA)
O4 - HKU\S-1-5-21-3277060119-1734204101-523286688-1005..\Run: [iycus] "c:\documents and settings\romain deloffre\local settings\application data\iycus.exe" iycus (biologie)
O4 - HKU\S-1-5-21-3277060119-1734204101-523286688-1005..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe (TOSHIBA)
O4 - Startup: C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
O4 - Startup: C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\TrayMin210.exe.lnk = C:\Program Files\Philips\Philips SPC210NC Webcam\TrayMin210.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-3277060119-1734204101-523286688-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 95 00 00 00 [binary data]
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe File not found
O9 - Extra 'Tools' menuitem : PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe File not found
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} http://www.nvidia.com/content/DriverDow ... eqlab2.cab (System Requirements Lab Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.5.0/jinsta ... s-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/fl ... rashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinsta ... s-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/get/sh ... wflash.cab (Shockwave Flash Object)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Fichiers communs\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Fichiers communs\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Fichiers communs\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Filter: - text/xml - C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\system32\Ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop Components:0 () - C:\Program Files\MSN Gaming Zone\profsybywuus.html
O24 - Desktop Components:1 (Ma page d'accueil) - About:Home
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/25 13:03:23 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{10ff9af4-b078-11db-a820-0016e39af064}\Shell - "" = AutoRun
O33 - MountPoints2\{10ff9af4-b078-11db-a820-0016e39af064}\Shell\AutoRun\command - "" = E:\ReadMe.exe -- File not found
O33 - MountPoints2\{10ff9af5-b078-11db-a820-0016e39af064}\Shell - "" = AutoRun
O33 - MountPoints2\{3d1db790-3c20-11dc-a8c4-0016d48981f6}\Shell - "" = AutoRun
O33 - MountPoints2\{49708916-50f5-11dc-a8e5-0016d48981f6}\Shell - "" = AutoRun
O33 - MountPoints2\{4a0cb110-5ad2-11dc-a8f4-0016d48981f6}\Shell - "" = AutoRun
O33 - MountPoints2\{7f35c00e-a036-11db-a804-0016e39af064}\Shell - "" = AutoRun
O33 - MountPoints2\{7f35c00e-a036-11db-a804-0016e39af064}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -- File not found
O33 - MountPoints2\{7f35c00f-a036-11db-a804-0016e39af064}\Shell\Auto\command - "" = F:\AdobeR.exe -- File not found
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - * [2009/06/11 21:30:49 | 00,000,000 | ---D | M]

========== Files/Folders - Created Within 30 Days ==========

[2009/06/11 21:14:26 | 00,000,630 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\Navilog1.lnk
[2009/06/11 21:14:26 | 00,000,000 | ---D | C] -- C:\Program Files\Navilog1
[2009/06/11 21:11:43 | 00,577,997 | ---- | C] (IL-MAFIOSO ) -- C:\Documents and Settings\ROMAIN DELOFFRE\Bureau\Navilog1.exe
[2009/06/11 21:10:54 | 00,501,760 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\ROMAIN DELOFFRE\Bureau\OTL.exe
[2009/06/10 21:54:31 | 00,001,734 | ---- | C] () -- C:\Documents and Settings\ROMAIN DELOFFRE\Bureau\HijackThis.lnk
[2009/06/10 21:54:31 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2009/06/10 21:54:02 | 00,812,344 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\ROMAIN DELOFFRE\Bureau\hijackthis_hijackthis_2.02_anglais_17891.exe
[2009/06/09 22:56:45 | 00,893,464 | ---- | C] () -- C:\Documents and Settings\ROMAIN DELOFFRE\Bureau\cc_20090609_225637.reg
[2009/06/09 22:23:39 | 03,247,736 | ---- | C] (Piriform Ltd) -- C:\Documents and Settings\ROMAIN DELOFFRE\Bureau\ccsetup220.exe
[2009/06/09 22:21:10 | 03,371,384 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\ROMAIN DELOFFRE\Bureau\mbam-setup.exe
[2009/06/07 17:48:54 | 00,008,001 | ---- | C] () -- C:\Documents and Settings\ROMAIN DELOFFRE\Mes documents\Mon thème favori.theme
[2009/06/07 12:04:47 | 00,000,000 | ---D | C] -- C:\Documents and Settings\ROMAIN DELOFFRE\Application Data\live-player
[2009/06/07 11:51:35 | 00,000,539 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\Live-Player.lnk
[2009/06/07 11:51:34 | 00,000,000 | ---D | C] -- C:\Program Files\Live-Player
[2009/06/06 12:56:50 | 00,110,592 | ---- | C] () -- C:\WINDOWS\System32\net.net
[2009/03/29 23:27:54 | 00,000,221 | ---- | C] () -- C:\WINDOWS\HP_RedboxHprblog_HPSU.ini
[2008/06/23 21:42:03 | 00,000,021 | ---- | C] () -- C:\WINDOWS\kit.ini
[2008/02/08 01:05:24 | 00,000,000 | ---- | C] () -- C:\WINDOWS\CeEKey.INI
[2008/02/07 01:57:00 | 00,000,000 | ---- | C] () -- C:\WINDOWS\TPTray.INI
[2007/12/09 15:23:44 | 00,005,632 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys
[2007/05/09 00:24:33 | 00,000,118 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2006/12/12 18:30:26 | 03,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2006/12/12 18:24:42 | 00,012,288 | ---- | C] () -- C:\WINDOWS\System32\DivXWMPExtType.dll
[2006/09/26 11:40:57 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/09/26 07:28:24 | 00,000,385 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/09/26 07:01:57 | 00,000,000 | ---- | C] () -- C:\WINDOWS\NDSTray.INI
[2006/09/26 07:01:36 | 00,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2006/09/26 07:01:36 | 00,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2006/09/26 07:01:36 | 00,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2006/09/26 07:01:36 | 00,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2006/09/26 07:01:36 | 00,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2006/09/26 07:01:36 | 00,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2006/09/26 06:51:11 | 00,036,736 | ---- | C] () -- C:\WINDOWS\System32\drivers\CSIIDecoder_kern_i386.sys
[2006/09/26 06:51:11 | 00,029,184 | ---- | C] () -- C:\WINDOWS\System32\drivers\TSXT_kern_i386.sys
[2006/09/26 06:33:15 | 00,032,768 | ---- | C] () -- C:\WINDOWS\System32\EBLib.DLL
[2006/09/25 14:42:59 | 00,128,113 | ---- | C] () -- C:\WINDOWS\System32\csellang.ini
[2006/09/25 14:42:59 | 00,045,056 | ---- | C] () -- C:\WINDOWS\System32\csellang.dll
[2006/09/25 14:42:59 | 00,010,177 | ---- | C] () -- C:\WINDOWS\System32\tosmreg.ini
[2006/09/25 14:42:59 | 00,007,671 | ---- | C] () -- C:\WINDOWS\System32\cseltbl.ini
[2006/09/25 14:19:16 | 00,135,168 | ---- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
[2006/09/25 12:41:42 | 00,028,672 | ---- | C] () -- C:\WINDOWS\System32\ToshBIOS.dll
[2006/09/25 12:41:42 | 00,000,083 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2006/09/25 12:41:06 | 00,000,603 | ---- | C] () -- C:\WINDOWS\win.ini
[2006/09/25 12:41:04 | 00,000,231 | ---- | C] () -- C:\WINDOWS\system.ini
[2006/01/05 18:49:34 | 00,036,864 | ---- | C] () -- C:\WINDOWS\System32\HWS_Ctrl.dll
[2006/01/05 17:36:22 | 00,024,576 | ---- | C] () -- C:\WINDOWS\System32\EKECioCtl.dll
[2006/01/04 10:59:52 | 00,028,672 | ---- | C] () -- C:\WINDOWS\System32\TCtrlIO.dll
[2005/12/09 14:36:30 | 00,028,672 | ---- | C] () -- C:\WINDOWS\System32\TPeculiarity.dll
[2005/11/23 13:55:42 | 00,024,576 | ---- | C] () -- C:\WINDOWS\System32\SPCtl.dll
[2005/08/05 15:38:54 | 00,235,008 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2005/04/28 03:38:00 | 00,372,736 | ---- | C] () -- C:\WINDOWS\System32\hpzidi01.dll
[2005/04/28 03:37:49 | 00,077,824 | ---- | C] () -- C:\WINDOWS\System32\hpzids01.dll
[2003/04/01 11:58:02 | 00,005,260 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

========== Files - Modified Within 30 Days ==========

[6 C:\WINDOWS\System32\*.tmp files]
[1 C:\WINDOWS\*.tmp files]
[2009/06/11 21:14:26 | 00,000,630 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\Navilog1.lnk
[2009/06/11 21:11:49 | 00,577,997 | ---- | M] (IL-MAFIOSO ) -- C:\Documents and Settings\ROMAIN DELOFFRE\Bureau\Navilog1.exe
[2009/06/11 21:10:59 | 00,501,760 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\ROMAIN DELOFFRE\Bureau\OTL.exe
[2009/06/11 21:07:01 | 00,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/06/11 21:06:11 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/06/11 21:05:57 | 00,000,062 | -HS- | M] () -- C:\Documents and Settings\ROMAIN DELOFFRE\Local Settings\desktop.ini
[2009/06/11 21:05:54 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/06/11 21:05:49 | 93,753,7536 | -HS- | M] () -- C:\hiberfil.sys
[2009/06/10 21:54:32 | 00,001,734 | ---- | M] () -- C:\Documents and Settings\ROMAIN DELOFFRE\Bureau\HijackThis.lnk
[2009/06/10 21:54:07 | 00,812,344 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\ROMAIN DELOFFRE\Bureau\hijackthis_hijackthis_2.02_anglais_17891.exe
[2009/06/09 22:56:53 | 00,893,464 | ---- | M] () -- C:\Documents and Settings\ROMAIN DELOFFRE\Bureau\cc_20090609_225637.reg
[2009/06/09 22:35:59 | 00,001,548 | ---- | M] () -- C:\Documents and Settings\ROMAIN DELOFFRE\Bureau\CCleaner.lnk
[2009/06/09 22:23:39 | 03,247,736 | ---- | M] (Piriform Ltd) -- C:\Documents and Settings\ROMAIN DELOFFRE\Bureau\ccsetup220.exe
[2009/06/09 22:21:10 | 03,371,384 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\ROMAIN DELOFFRE\Bureau\mbam-setup.exe
[2009/06/07 17:48:55 | 00,008,001 | ---- | M] () -- C:\Documents and Settings\ROMAIN DELOFFRE\Mes documents\Mon thème favori.theme
[2009/06/07 12:04:30 | 00,000,539 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\Live-Player.lnk
[2009/06/06 12:56:50 | 00,110,592 | ---- | M] () -- C:\WINDOWS\System32\net.net
[2009/06/05 14:27:38 | 00,000,575 | ---- | M] () -- C:\Documents and Settings\ROMAIN DELOFFRE\Mes documents\Mes dossiers de partage.lnk
[2009/05/26 21:48:16 | 00,000,268 | -H-- | M] () -- C:\sqmdata13.sqm
[2009/05/26 21:48:16 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt13.sqm
[2009/05/26 21:29:19 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt12.sqm
[2009/05/26 21:29:19 | 00,000,232 | -H-- | M] () -- C:\sqmdata12.sqm
[2009/05/25 22:42:14 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt11.sqm
[2009/05/25 22:42:14 | 00,000,232 | -H-- | M] () -- C:\sqmdata11.sqm
[2009/05/25 11:53:02 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt10.sqm
[2009/05/25 11:53:02 | 00,000,232 | -H-- | M] () -- C:\sqmdata10.sqm
<End>
Avatar de l’utilisateur
ms3deb
 
Messages: 77
Inscription: 30 Avr 2007, 21:09

Rapport OT extras!

Messagede ms3deb » 11 Juin 2009, 20:44

OTL Extras logfile created on: 11/06/2009 21:31:35 - Run 1
OTL by OldTimer - Version 2.1.1.0 Folder = C:\Documents and Settings\ROMAIN DELOFFRE\Bureau
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy

894,04 Mb Total Physical Memory | 391,10 Mb Available Physical Memory | 43,75% Memory free
1,46 Gb Paging File | 0,92 Gb Available in Paging File | 63,26% Paging File free
Paging file location(s): C:\pagefile.sys 672 1344 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74,53 Gb Total Space | 21,56 Gb Free Space | 28,93% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: WROMI
Current User Name: ROMAIN DELOFFRE
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Output = Standard
File Age = 30 Days
Company Name Whitelist: On

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- Reg Error: Key error. File not found
.url [@ = InternetShortcut] -- Reg Error: Key error. File not found

[HKEY_USERS\.DEFAULT\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

[HKEY_USERS\S-1-5-18\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

[HKEY_USERS\S-1-5-21-3277060119-1734204101-523286688-1005\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- Reg Error: Key error. File not found
.url [@ = InternetShortcut] -- Reg Error: Key error. File not found

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[2008/04/13 20:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
[2007/01/19 12:55:02 | 05,674,352 | ---- | M] (Microsoft Corporation) -- C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1
[2007/01/04 16:10:02 | 00,297,752 | ---- | M] (Microsoft Corporation) -- C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
File not found -- C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire
File not found -- C:\Program Files\Sports Interactive\Football Manager 2008\fm.exe:*:Disabled:Football Manager 2008
[2008/04/13 20:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
[2007/01/19 12:55:02 | 05,674,352 | ---- | M] (Microsoft Corporation) -- C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1
[2007/01/04 16:10:02 | 00,297,752 | ---- | M] (Microsoft Corporation) -- C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0456ebd7-5f67-4ab6-852e-63781e3f389c}" = Macromedia Flash Player
"{05832D65-6EDB-4D32-BA78-BCD0E2B91C02}" = Atheros Wireless LAN MiniPCI/PCIe card Driver
"{09984AEC-6B9F-4ca7-B78D-CB44D4771DA3}" = Destinations
"{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = Panneau de contrôle ATI
"{12688FD7-CB92-4A5B-BEE4-5C8E0574434F}" = Utility Common Driver
"{12B3A009-A080-4619-9A2A-C6DB151D8D67}" = Assist TOSHIBA
"{15EE79F4-4ED1-4267-9B0F-351009325D7D}" = HP Software Update
"{17342E3B-0818-4A6F-BFF8-99476605ADD6}" = livebox
"{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}" = Google Earth
"{2FCE4FC5-6930-40E7-A4F1-F862207424EF}" = InterVideo WinDVD Creator 2
"{303379C9-8610-4CCF-AF37-C4BF8998C591}" = Roxio Media Manager
"{30C19FF2-7FBA-4d09-B9DE-1659977F64F6}" = TrayApp
"{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6
"{350C940c-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3819891A-030B-4a4e-98ED-B28A649E48AB}" = HP Deskjet 3900 series
"{38D95956-E92C-4473-904B-CD877EA04410}" = Philips SPC210NC Webcam
"{3A57482F-BEBC-47E4-ADA1-6302403C7E50}" = TOSHIBA Accessibility
"{3EB6332B-AF02-457C-A31C-835458C5B48B}" = Manuels TOSHIBA
"{400830CA-F056-4BBE-80A3-9DF9CA4FB889}" = TOSHIBA Direct Disc Writer
"{42F6BED9-41DD-40F1-85A8-8E0350493626}" = HPDeskjet3900Series
"{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}" = TOSHIBA Supervisor Password
"{5279374D-87FE-4879-9385-F17278EBB9D3}" = TOSHIBA Hardware Setup
"{529DDE6B-4F31-438B-B218-F36266ABD8C0}" = TOSHIBA Disc Creator
"{56F8AFC3-FA98-4ff1-9673-8A026CBF85BE}" = WebReg
"{59FDFDFB-52FE-45B1-8A2A-A00079B07FF0}" = TOSHIBA Power Saver Driver
"{5B622B7A-60FB-4630-B11D-F121D20BCCD6}" = MarketResearch
"{5BCA8D15-BCB6-421E-9654-238B43456A4F}" = TOSHIBA Controls Driver
"{5D96E2B1-D9AC-46E0-9073-425C5F63E338}" = Touch and Launch
"{5F26311C-B135-4F7F-B11E-8E650F83651E}" = DeviceFunctionQFolder
"{64212898-097F-4F3F-AECA-6D34A7EF82DF}" = Utilitaire de zoom TOSHIBA
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{6B1CB38D-E2E4-4a30-933D-EFDEBA76AD9C}" = Microsoft Works
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{71D658CF-4E0D-4DA8-AA67-8C0B6F1C01FE}" = Atheros Client Utility
"{7900D3A6-A9E8-4954-ACCB-AB15867978BF}" = TOSHIBA Hotkey Utility
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{80977342-27E8-4FF7-8B6A-D8D89461DA7F}" = TouchPad On/Off Utility
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8B12BA86-ADAC-4BA6-B441-FFC591087252}" = Son virtuel TOSHIBA
"{9011040C-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{9026040C-6000-11D3-8CFE-0150048383C9}" = Microsoft Office XP Web Components
"{90A4040C-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Web Components
"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD for TOSHIBA
"{94FB906A-CF42-4128-A509-D353026A607E}" = REALTEK Gigabit and Fast Ethernet NIC Driver
"{9941F0AA-B903-4AF4-A055-83A9815CC011}" = Sonic Encoders
"{9A394342-4A68-4EBA-85A6-55B559F4E700}" = Microsoft .NET Framework 1.1 French Language Pack
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = ALPS Touch Pad Driver
"{9FE35071-CAB2-4E79-93E7-BFC6A2DC5C5D}" = Réducteur de bruit lect. CD/DVD
"{A6690C0E-B96E-4F0F-A8EB-D5B332454AC6}" = Commandes TOSHIBA
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-7AD7-1036-7B44-A81200000003}" = Adobe Reader 8.1.2 - Français
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B508B3F1-A24A-32C0-B310-85786919EF28}" = Microsoft .NET Framework 2.0 Service Pack 1
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B996AE66-10DB-4ac5-B151-E8B4BFBC42FC}" = BufferChm
"{BDD83DC9-BEE9-4654-A5DA-CC46C250088D}" = TOSHIBA ConfigFree
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{D793A12F-E362-48BB-B332-1DA5E936B52D}" = BlackBerry Desktop Software 4.3
"{E3F90083-80D4-4b5a-87C7-E97E12F5516D}" = HPProductAssistant
"{EA103B64-C0E4-4C0E-A506-751590E1653D}" = SolutionCenter
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F4C2E5F5-2970-45f4-ABD3-C180C4D961C4}" = Status
"{F6326B60-1B1D-4ABF-BFCD-7B7404F44411}" = Windows Live Messenger
"{FCE19796-1ADF-42DF-81D8-3563867FC2C2}" = TOSHIBA Zooming Hook
"{FE64AE29-0883-4C70-8388-DC026019C900}" = HP Image Zone Express
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"All ATI Software" = ATI - Utilitaire de désinstallation du logiciel
"ATI Display Driver" = ATI Display Driver
"avast!" = avast! Antivirus
"BlackBerry_{D793A12F-E362-48BB-B332-1DA5E936B52D}" = BlackBerry Desktop Software 4.3
"CCleaner" = CCleaner (remove only)
"DivX Content Uploader" = DivX Content Uploader
"HijackThis" = HijackThis 2.0.2
"HP Imaging Device Functions" = HP Imaging Device Functions 5.0
"HP Solution Center & Imaging Support Tools" = HP Solution Center & Imaging Support Tools 5.0
"HPExtendedCapabilities" = HP Extended Capabilities 5.0
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"InstallShield_{3A57482F-BEBC-47E4-ADA1-6302403C7E50}" = TOSHIBA Accessibility
"InstallShield_{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}" = TOSHIBA Mot de passe responsable
"InstallShield_{5279374D-87FE-4879-9385-F17278EBB9D3}" = TOSHIBA Hardware Setup
"InstallShield_{7900D3A6-A9E8-4954-ACCB-AB15867978BF}" = Utilitaire Hotkey TOSHIBA
"InstallShield_{80977342-27E8-4FF7-8B6A-D8D89461DA7F}" = Utilitaire TouchPad ON/OFF
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Mozilla Firefox (3.0.1)" = Mozilla Firefox (3.0.1)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"Navilog1_is1" = Navilog1 3.7.7
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Outil de diagnostic PC" = Outil de diagnostic PC TOSHIBA
"Power Saver" = Gestion d'énergie TOSHIBA
"SystemRequirementsLab" = System Requirements Lab
"TOSHIBA Software Modem" = TOSHIBA Software Modem
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Lecteur Windows Media 11
"Windows XP Service" = Windows XP Service Pack 3
"WinRAR archiver" = Archiveur WinRAR
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"X10Hardware" = X10 Hardware(TM)

========== Last 10 Event Log Errors ==========

[ Antivirus Events ]
Error - 09/06/2009 16:28:04 | Computer Name = WROMI | Source = avast! | ID = 33554522
Description = Error in aswChestS: chestAddFileLoc Error 112.

Error - 09/06/2009 16:28:04 | Computer Name = WROMI | Source = avast! | ID = 33554522
Description = Error in aswChestS: AddSystemFiles Error 112.

Error - 09/06/2009 17:05:18 | Computer Name = WROMI | Source = avast! | ID = 33554522
Description = Error in aswChestS: chestAddFileLoc Error 112.

Error - 09/06/2009 17:05:18 | Computer Name = WROMI | Source = avast! | ID = 33554522
Description = Error in aswChestS: AddSystemFiles Error 112.

Error - 10/06/2009 14:28:07 | Computer Name = WROMI | Source = avast! | ID = 33554522
Description = Error in aswChestS: chestAddFileLoc Error 112.

Error - 10/06/2009 14:28:07 | Computer Name = WROMI | Source = avast! | ID = 33554522
Description = Error in aswChestS: AddSystemFiles Error 112.

Error - 11/06/2009 15:01:02 | Computer Name = WROMI | Source = avast! | ID = 33554522
Description = Error in aswChestS: chestAddFileLoc Error 112.

Error - 11/06/2009 15:01:02 | Computer Name = WROMI | Source = avast! | ID = 33554522
Description = Error in aswChestS: AddSystemFiles Error 112.

Error - 11/06/2009 15:06:11 | Computer Name = WROMI | Source = avast! | ID = 33554522
Description = Error in aswChestS: chestAddFileLoc Error 112.

Error - 11/06/2009 15:06:11 | Computer Name = WROMI | Source = avast! | ID = 33554522
Description = Error in aswChestS: AddSystemFiles Error 112.

[ Application Events ]
Error - 09/06/2009 16:29:18 | Computer Name = WROMI | Source = .NET Runtime | ID = 0
Description =

Error - 09/06/2009 16:30:29 | Computer Name = WROMI | Source = .NET Runtime | ID = 0
Description =

Error - 09/06/2009 17:05:21 | Computer Name = WROMI | Source = .NET Runtime | ID = 0
Description =

Error - 09/06/2009 17:06:03 | Computer Name = WROMI | Source = .NET Runtime | ID = 0
Description =

Error - 10/06/2009 14:28:10 | Computer Name = WROMI | Source = .NET Runtime | ID = 0
Description =

Error - 10/06/2009 14:28:42 | Computer Name = WROMI | Source = .NET Runtime | ID = 0
Description =

Error - 11/06/2009 15:01:05 | Computer Name = WROMI | Source = .NET Runtime | ID = 0
Description =

Error - 11/06/2009 15:01:38 | Computer Name = WROMI | Source = .NET Runtime | ID = 0
Description =

Error - 11/06/2009 15:06:14 | Computer Name = WROMI | Source = .NET Runtime | ID = 0
Description =

Error - 11/06/2009 15:07:01 | Computer Name = WROMI | Source = .NET Runtime | ID = 0
Description =

[ System Events ]
Error - 09/06/2009 16:30:26 | Computer Name = WROMI | Source = Service Control Manager | ID = 7009
Description = Délai (30000 millisecondes) d'attente pour une connexion du service
Roxio Hard Drive Watcher 9.

Error - 09/06/2009 16:30:59 | Computer Name = WROMI | Source = DCOM | ID = 10010
Description = Le serveur {7F6316B4-4D69-4765-B0A3-B2598F2FA80A} ne s'est pas enregistré
sur DCOM avant la fin du temps imparti.

Error - 09/06/2009 17:05:52 | Computer Name = WROMI | Source = DCOM | ID = 10010
Description = Le serveur {7F6316B4-4D69-4765-B0A3-B2598F2FA80A} ne s'est pas enregistré
sur DCOM avant la fin du temps imparti.

Error - 09/06/2009 17:06:33 | Computer Name = WROMI | Source = DCOM | ID = 10010
Description = Le serveur {7F6316B4-4D69-4765-B0A3-B2598F2FA80A} ne s'est pas enregistré
sur DCOM avant la fin du temps imparti.

Error - 10/06/2009 14:28:41 | Computer Name = WROMI | Source = DCOM | ID = 10010
Description = Le serveur {7F6316B4-4D69-4765-B0A3-B2598F2FA80A} ne s'est pas enregistré
sur DCOM avant la fin du temps imparti.

Error - 10/06/2009 14:29:12 | Computer Name = WROMI | Source = DCOM | ID = 10010
Description = Le serveur {7F6316B4-4D69-4765-B0A3-B2598F2FA80A} ne s'est pas enregistré
sur DCOM avant la fin du temps imparti.

Error - 11/06/2009 15:01:36 | Computer Name = WROMI | Source = DCOM | ID = 10010
Description = Le serveur {7F6316B4-4D69-4765-B0A3-B2598F2FA80A} ne s'est pas enregistré
sur DCOM avant la fin du temps imparti.

Error - 11/06/2009 15:02:08 | Computer Name = WROMI | Source = DCOM | ID = 10010
Description = Le serveur {7F6316B4-4D69-4765-B0A3-B2598F2FA80A} ne s'est pas enregistré
sur DCOM avant la fin du temps imparti.

Error - 11/06/2009 15:06:44 | Computer Name = WROMI | Source = DCOM | ID = 10010
Description = Le serveur {7F6316B4-4D69-4765-B0A3-B2598F2FA80A} ne s'est pas enregistré
sur DCOM avant la fin du temps imparti.

Error - 11/06/2009 15:07:32 | Computer Name = WROMI | Source = DCOM | ID = 10010
Description = Le serveur {7F6316B4-4D69-4765-B0A3-B2598F2FA80A} ne s'est pas enregistré
sur DCOM avant la fin du temps imparti.


<End>
Avatar de l’utilisateur
ms3deb
 
Messages: 77
Inscription: 30 Avr 2007, 21:09

Messagede nickW » 12 Juin 2009, 00:38

Bonsoir,

Premiers nettoyages:


Étape 1: OTL (de OldTimer), nettoyage
Ouvrir une fenêtre du Bloc-notes, via Démarrer---->Exécuter, taper notepad puis cliquer sur OK
Sélectionner toutes les lignes de la zone blanche située sous "Code:" ci-dessous, puis appuyer simultanément sur les touches Ctrl et C

Code: Tout sélectionner
rien
:Processes
explorer.exe

:otl
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - Reg Error: Key error. File not found
O2 - BHO: (no name) - {BD22FA02-FFEB-45C4-2694-93DE2F8DC48F} - Reg Error: Key error. File not found
O33 - MountPoints2\{10ff9af4-b078-11db-a820-0016e39af064}\Shell - "" = AutoRun
O33 - MountPoints2\{10ff9af4-b078-11db-a820-0016e39af064}\Shell\AutoRun\command - "" = E:\ReadMe.exe -- File not found
O33 - MountPoints2\{10ff9af5-b078-11db-a820-0016e39af064}\Shell - "" = AutoRun
O33 - MountPoints2\{3d1db790-3c20-11dc-a8c4-0016d48981f6}\Shell - "" = AutoRun
O33 - MountPoints2\{49708916-50f5-11dc-a8e5-0016d48981f6}\Shell - "" = AutoRun
O33 - MountPoints2\{4a0cb110-5ad2-11dc-a8f4-0016d48981f6}\Shell - "" = AutoRun
O33 - MountPoints2\{7f35c00e-a036-11db-a804-0016e39af064}\Shell - "" = AutoRun
O33 - MountPoints2\{7f35c00f-a036-11db-a804-0016e39af064}\Shell\Auto\command - "" = F:\AdobeR.exe -- File not found

:Commands
[start explorer]
[emptytemp]



Retourner dans la fenêtre du Bloc-notes, faire un clic droit dans la fenêtre et choisir Coller
Vérifier dans le menu Format (en haut) que "Retour automatique à ligne" n'est pas actif (pas coché).
Enregistrer le fichier sous le nom OTL-1.txt
Fermer le Bloc-notes.
Note: Les lignes de la zone Code ci-dessus ont été créées exclusivement pour CET utilisateur: ms3deb.
si vous n'êtes pas CET utilisateur, il ne faut pas les utiliser: elles pourraient endommager votre système.



Étape 2: Pas de processus de contrôle en temps réel
Désactiver le module résident de l'antivirus.
Image avast!: clic droit sur l'icône dans la SysBarre (à coté de l'horloge), puis "Arrêter la protection résidente"


Étape 3: Navilog1 (de IL-MAFIOSO), Option 2
Fermer toutes les applications actives (comme traitement de texte, navigateur).
Lancer l'outil par un double clic sur le raccourci Navilog1 présent sur le Bureau.
Suivre les indications, puis sur le Menu principal choisir l'option 2 et valider.
L'outil va annoncer qu'il va effectuer un redémarrage du PC: Enregistrer tous les documents personnels ouverts et fermer toutes les fenêtres affichées (mise à part celle de Navilog1).
Appuyer sur une touche comme demandé.
Si le PC ne redémarre pas automatiquement, lancer manuellement le redémarrage.
Lors du redémarrage, choisir la session habituelle.

Attendre jusqu'au message :
*** Nettoyage Termine le ..... ***
Appuyer sur une touche comme demandé, le Bloc-notes va s'ouvrir.
Note: Dans le Bloc-notes, vérifier dans le menu Format (en haut) que l'option "Retour automatique à la ligne" n'est pas cochée.
Enregistrer ce fichier sous le nom navi2.txt
Fermer le Bloc-notes, ce qui va permettre le réaffichage du Bureau.
Note:
Si le Bureau ne réapparaît pas, ouvrir le Gestionnaire des tâches en utilisant simultanément les touches CTRL+ALT+SUPP.
Cliquer en haut sur le Menu Fichier et choisir Nouvelle tâche (Exécuter...).
Dans la nouvelle fenêtre Créer une nouvelle tâche qui s'est ouverte, dans la zone Ouvrir, taper exactement explorer puis cliquer sur le bouton OK. Le Bureau va réapparaître.

Rechercher des certificats malveillants:
Démarrer---->Paramètres---->Panneau de configuration---->Options Internet
Onglet Contenu
Dans le paragraphe Certificats, cliquer sur le bouton Certificats...
Si dans les onglets "Personnel" et "Éditeurs approuvés" se trouvent
electronic-group ou egroup ou Montorgueil ou VIP ou Sunny Day Design Ltd ou OOO <<Favorit>>
il faut supprimer ces éléments.


Étape 4: OTL (de OldTimer), nettoyage
Faire un double clic sur OTL.exe pour lancer l'outil.
Ouvrir le fichier OTL-1.txt dans le Bloc-notes.
Dans le Bloc-notes, cliquer sur le menu Edition (en haut) et choisir Sélectionner tout.
Dans le Bloc-notes, cliquer sur le menu Edition (en haut) et choisir Copier.

Retourner dans la fenêtre de OTL, faire un clic droit dans la fenêtre située en bas nommée "Custom Scans/Fixes" Image et choisir Coller.

Cliquer sur le bouton Run Fix: Image

Note: Un redémarrage est parfois nécessaire. S'il est demandé, cliquer sur Oui/Yes

Lorsque l'outil a terminé son travail, il y a affichage dans une petite fenêtre du message "Fix Complete! Click OK to open the fix log". Cliquer sur OK puis fermer OTL.


Étape 5: Processus de contrôle en temps réel
Important: Réactiver le module résident de l'antivirus.


Étape 6: OTL (de OldTimer), analyse
Fermer toutes les fenêtres de programme ouvertes.

Faire un double clic sur OTL.exe pour lancer l'outil.

L'écran principal de OTL s'affiche:
Image

Cocher (en haut) la case située devant Scan All Users: Image

Puis cliquer sur le bouton Run Scan: Image

Laisser l'outil travailler sans l'interrompre.
Lorsque l'outil a terminé, il y a ouverture d'une fenêtre du Bloc-notes contenant un rapport (log).
Fermer le Bloc-notes.
Fermer la fenêtre de OTL.


Étape 7: Résultats
Envoyer en réponse:
*- le rapport de Navilog1, Option 2 (contenu du fichier navi2.txt)
*- le rapport de correction de OTL (contenu du fichier SystemDrive\_OTL\MovedFiles\********_******.log - les *** sont des chiffres représentant la date [moisjourannée] et l'heure)
[SystemDrive représente la partition sur laquelle est installé le système, généralement C:]

Envoyer ensuite en réponse dans un message distinct (à cause de la longueur du log):
*- le rapport principal de OTL (contenu du fichier OTL.txt situé sur le Bureau).
Le rapport envoyé sur le forum doit se terminer par une ligne contenant <End>. Si ce n'est pas le cas, il est incomplet, et doit alors être découpé en plusieurs messages.

Note importante: Pour l'envoi de ta(tes) réponse(s), il ne faut pas créer un nouveau sujet, mais cliquer sur le bouton "Répondre"
Image pour continuer dans ce fil de discussion.

A suivre,
nickW - Image
30/07/2012: Plus de désinfection de PC jusqu'à nouvel ordre.
Pas de demande d'analyse de log en MP (Message Privé)
Mes configs
Avatar de l’utilisateur
nickW
Modérateur
 
Messages: 21698
Inscription: 20 Mai 2004, 17:41
Localisation: Dordogne/Île de France

Rapport OT List 2

Messagede ms3deb » 12 Juin 2009, 23:16

Bonsoir,

J'ai eu un ou deux bugs espérons que ça passe:
Merci d'avance, bonne soirée,


OTL logfile created on: 13/06/2009 00:11:51 - Run 2
OTL by OldTimer - Version 2.1.1.0 Folder = C:\Documents and Settings\ROMAIN DELOFFRE\Bureau
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy

894,04 Mb Total Physical Memory | 355,75 Mb Available Physical Memory | 39,79% Memory free
1,46 Gb Paging File | 0,90 Gb Available in Paging File | 61,35% Paging File free
Paging file location(s): C:\pagefile.sys 672 1344 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74,53 Gb Total Space | 21,44 Gb Free Space | 28,76% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: WROMI
Current User Name: ROMAIN DELOFFRE
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Output = Standard
File Age = 30 Days
Company Name Whitelist: On

========== Processes (SafeList) ==========

PRC - [2006/03/18 02:17:46 | 00,405,504 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\Ati2evxx.exe
PRC - [2006/03/18 02:17:46 | 00,405,504 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\Ati2evxx.exe
PRC - [2008/04/14 04:34:03 | 01,037,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Explorer.EXE
PRC - [2009/02/28 06:54:41 | 00,636,072 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\Iexplore.exe
PRC - [2008/11/26 19:12:08 | 00,018,752 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
PRC - [2008/11/26 19:18:46 | 00,155,160 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe
PRC - [2005/09/26 12:22:28 | 00,036,864 | ---- | M] () -- C:\WINDOWS\system32\acs.exe
PRC - [2005/01/18 01:38:38 | 00,040,960 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
PRC - [2006/10/09 17:16:56 | 00,237,568 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\eHome\ehRecvr.exe
PRC - [2005/08/05 15:38:38 | 00,103,424 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\eHome\ehSched.exe
PRC - [2006/05/25 18:30:16 | 00,114,688 | ---- | M] (TOSHIBA Corporation) -- C:\WINDOWS\system32\TODDSrv.exe
PRC - [2001/11/12 13:31:48 | 00,020,480 | ---- | M] (X10) -- C:\Program Files\Common Files\X10\Common\X10nets.exe
PRC - [2005/08/05 13:16:40 | 00,099,328 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\mcrdsvc.exe
PRC - [2008/11/26 19:18:32 | 00,254,040 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
PRC - [2009/02/06 12:10:02 | 00,227,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\wmiprvse.exe
PRC - [2008/11/26 19:16:23 | 00,352,920 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
PRC - [2005/08/05 13:34:32 | 00,064,512 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\ehtray.exe
PRC - [2006/03/17 15:37:00 | 00,344,064 | ---- | M] (ATI Technologies, Inc.) -- C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
PRC - [2006/04/18 00:34:42 | 16,143,872 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\RTHDCPL.EXE
PRC - [2005/12/16 02:41:28 | 00,188,416 | ---- | M] (Agere Systems) -- C:\Program Files\ltmoh\Ltmoh.exe
PRC - [2006/03/18 08:22:26 | 00,089,541 | ---- | M] (Agere Systems) -- C:\WINDOWS\AGRSMMSG.exe
PRC - [2004/03/24 07:40:42 | 00,196,608 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint2K\Apoint.exe
PRC - [2005/08/05 13:34:28 | 00,046,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\eHome\ehmsas.exe
PRC - [2006/04/04 14:57:18 | 00,053,248 | ---- | M] (COMPAL ELECTRONIC INC.) -- C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
PRC - [2005/12/22 13:19:34 | 01,077,329 | ---- | M] (TOSHIBA) -- C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
PRC - [2006/03/16 13:27:26 | 00,634,880 | ---- | M] (COMPAL ELECTRONIC INC.) -- C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
PRC - [2005/06/06 09:58:44 | 00,024,576 | ---- | M] (TOSHIBA) -- C:\WINDOWS\system32\ZoomingHook.exe
PRC - [2005/08/12 11:14:30 | 00,266,240 | ---- | M] (TOSHIBA Corporation) -- C:\WINDOWS\system32\TPSMain.exe
PRC - [2005/05/17 09:24:50 | 00,118,784 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\Utilitaire de zoom TOSHIBA\SmoothView.exe
PRC - [2006/02/02 13:11:38 | 00,073,728 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\Tvs\TvsTray.exe
PRC - [2006/04/28 11:38:12 | 00,262,144 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\TOSHIBA Direct Disc Writer\ddwmon.exe
PRC - [2005/05/11 23:12:54 | 00,049,152 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
PRC - [2008/11/26 19:18:51 | 00,081,000 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashDisp.exe
PRC - [2003/02/26 20:08:42 | 00,045,056 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint2K\Apntex.exe
PRC - [2004/06/09 15:37:02 | 00,040,960 | ---- | M] (BIGDOG) -- C:\WINDOWS\VM_STI.EXE
PRC - [2008/01/11 22:16:38 | 00,039,792 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
PRC - [2005/08/12 11:14:16 | 00,040,960 | ---- | M] (TOSHIBA Corporation) -- C:\WINDOWS\system32\TPSBattM.exe
PRC - [2005/04/11 16:08:00 | 00,065,536 | ---- | M] (TOSHIBA) -- C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
PRC - [2005/05/11 23:23:26 | 00,282,624 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
PRC - [2006/05/10 13:24:34 | 00,278,528 | ---- | M] () -- C:\Program Files\Philips\Philips SPC210NC Webcam\TrayMin210.exe
PRC - [2005/05/12 00:40:38 | 00,204,800 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
PRC - [2009/06/11 21:10:59 | 00,501,760 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\ROMAIN DELOFFRE\Bureau\OTL.exe

========== Win32 Services (SafeList) ==========

SRV - [2005/09/26 12:22:28 | 00,036,864 | ---- | M] () -- C:\WINDOWS\system32\acs.exe -- (ACS [Auto | Running])
SRV - [2007/10/24 01:47:22 | 00,033,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
SRV - [2008/11/26 19:12:08 | 00,018,752 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe -- (aswUpdSv [Auto | Running])
SRV - [2006/03/18 02:17:46 | 00,405,504 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\Ati2evxx.exe -- (Ati HotKey Poller [Auto | Running])
SRV - [2008/11/26 19:18:46 | 00,155,160 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe -- (avast! Antivirus [Auto | Running])
SRV - [2008/11/26 19:18:32 | 00,254,040 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe -- (avast! Mail Scanner [On_Demand | Running])
SRV - [2008/11/26 19:16:23 | 00,352,920 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe -- (avast! Web Scanner [On_Demand | Running])
SRV - [2005/01/18 01:38:38 | 00,040,960 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe -- (CFSvcs [Auto | Running])
SRV - [2007/10/24 01:47:40 | 00,070,144 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
SRV - [2006/10/09 17:16:56 | 00,237,568 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\eHome\ehRecvr.exe -- (ehRecvr [Auto | Running])
SRV - [2005/08/05 15:38:38 | 00,103,424 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\eHome\ehSched.exe -- (ehSched [Auto | Running])
SRV - [2008/04/14 04:33:38 | 00,038,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto | Running])
SRV - [2004/10/22 03:24:18 | 00,073,728 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped])
SRV - [2005/08/05 13:16:40 | 00,099,328 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\mcrdsvc.exe -- (McrdSvc [Auto | Running])
SRV - [2004/08/10 07:30:26 | 00,085,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mhn.dll -- (MHN [On_Demand | Stopped])
SRV - [2003/07/28 20:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
SRV - [2007/07/24 05:14:08 | 00,088,560 | ---- | M] (Sonic Solutions) -- C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe -- (Roxio UPnP Renderer 9 [On_Demand | Stopped])
SRV - [2007/07/24 05:14:06 | 00,358,896 | ---- | M] (Sonic Solutions) -- C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe -- (Roxio Upnp Server 9 [Auto | Stopped])
SRV - [2007/08/16 08:56:16 | 00,309,744 | ---- | M] (Sonic Solutions) -- C:\Program Files\Fichiers communs\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe -- (RoxLiveShare9 [Auto | Stopped])
SRV - [2007/08/16 08:56:10 | 01,092,080 | ---- | M] (Sonic Solutions) -- C:\Program Files\Fichiers communs\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe -- (RoxMediaDB9 [On_Demand | Stopped])
SRV - [2007/08/16 08:56:14 | 00,166,384 | ---- | M] (Sonic Solutions) -- C:\Program Files\Fichiers communs\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe -- (RoxWatch9 [Auto | Stopped])
SRV - [2006/05/25 18:30:16 | 00,114,688 | ---- | M] (TOSHIBA Corporation) -- C:\WINDOWS\system32\TODDSrv.exe -- (TODDSrv [Auto | Running])
SRV - [2007/01/19 12:54:14 | 00,097,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\MSN Messenger\usnsvc.exe -- (usnjsvc [On_Demand | Stopped])
SRV - [2006/11/03 10:59:14 | 00,918,016 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\WMPNetwk.exe -- (WMPNetworkSvc [On_Demand | Stopped])
SRV - [2001/11/12 13:31:48 | 00,020,480 | ---- | M] (X10) -- C:\Program Files\Common Files\X10\Common\X10nets.exe -- (x10nets [Auto | Running])

========== Driver Services (SafeList) ==========

DRV - [2008/11/26 19:15:35 | 00,026,944 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4 [System | Running])
DRV - [2006/12/24 21:34:01 | 00,021,035 | ---- | M] (Meetinghouse Data Communications) -- C:\WINDOWS\system32\DRIVERS\AegisP.sys -- (AegisP [Auto | Running])
DRV - [2006/03/18 07:36:42 | 01,155,584 | R--- | M] (Agere Systems) -- C:\WINDOWS\system32\DRIVERS\AGRSM.sys -- (AgereSoftModem [On_Demand | Running])
DRV - [2004/11/16 01:22:08 | 00,101,874 | ---- | M] (Alps Electric Co., Ltd.) -- C:\WINDOWS\system32\DRIVERS\Apfiltr.sys -- (ApfiltrService [On_Demand | Running])
DRV - [2006/04/01 17:46:28 | 00,471,264 | ---- | M] (Atheros Communications, Inc.) -- C:\WINDOWS\system32\DRIVERS\ar5211.sys -- (AR5211 [On_Demand | Running])
DRV - [2008/11/26 19:17:25 | 00,020,560 | ---- | M] (ALWIL Software) -- C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys -- (aswFsBlk [Auto | Running])
DRV - [2008/11/26 19:18:18 | 00,094,032 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2 [Auto | Running])
DRV - [2008/11/26 19:16:29 | 00,023,152 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr [On_Demand | Running])
DRV - [2008/11/26 19:17:36 | 00,111,184 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP [System | Running])
DRV - [2008/11/26 19:16:38 | 00,050,864 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi [System | Running])
DRV - [2006/03/18 02:24:10 | 01,520,640 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\DRIVERS\ati2mtag.sys -- (ati2mtag [On_Demand | Running])
DRV - [2008/04/13 18:36:05 | 00,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) -- C:\WINDOWS\system32\DRIVERS\HDAudBus.sys -- (HDAudBus [On_Demand | Running])
DRV - [2006/04/18 01:31:26 | 04,262,912 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService [On_Demand | Running])
DRV - [2003/09/10 23:36:54 | 00,021,060 | ---- | M] (InterVideo, Inc.) -- C:\WINDOWS\system32\drivers\iviaspi.sys -- (Iviaspi [On_Demand | Running])
DRV - [2003/01/29 23:35:00 | 00,012,032 | ---- | M] (TOSHIBA Corporation.) -- C:\WINDOWS\system32\DRIVERS\netdevio.sys -- (Netdevio [Auto | Running])
DRV - [2003/08/04 14:22:44 | 00,016,128 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) -- C:\WINDOWS\system32\PCANDIS5.SYS -- (PCANDIS5 [On_Demand | Stopped])
DRV - [2003/09/19 01:47:00 | 00,010,368 | ---- | M] (Padus, Inc.) -- C:\WINDOWS\system32\drivers\pfc.sys -- (Pfc [On_Demand | Running])
DRV - [2004/08/10 14:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\system32\DRIVERS\ptilink.sys -- (Ptilink [On_Demand | Running])
DRV - [2007/05/01 03:00:00 | 00,043,528 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20 [Boot | Running])
DRV - [2007/05/31 13:39:50 | 00,022,656 | ---- | M] (Research In Motion Limited) -- C:\WINDOWS\System32\Drivers\RimUsb.sys -- (RimUsb [On_Demand | Stopped])
DRV - [2007/01/18 10:24:58 | 00,026,496 | R--- | M] (Research in Motion Ltd) -- C:\WINDOWS\system32\DRIVERS\RimSerial.sys -- (RimVSerPort [On_Demand | Running])
DRV - [2004/08/10 14:00:00 | 00,005,888 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\Drivers\RootMdm.sys -- (ROOTMODEM [On_Demand | Running])
DRV - [2004/06/28 19:35:24 | 00,069,760 | ---- | M] (Realtek Semiconductor Corporation ) -- C:\WINDOWS\system32\DRIVERS\Rtlnicxp.sys -- (RTL8023xp [On_Demand | Running])
DRV - [2004/08/04 00:31:34 | 00,020,992 | ---- | M] (Realtek Semiconductor Corporation) -- C:\WINDOWS\system32\DRIVERS\RTL8139.SYS -- (rtl8139 [On_Demand | Stopped])
DRV - [2007/11/13 12:25:54 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\system32\DRIVERS\secdrv.sys -- (Secdrv [On_Demand | Stopped])
DRV - [2006/07/24 17:05:00 | 00,005,632 | ---- | M] () -- C:\WINDOWS\System32\drivers\StarOpen.sys -- (StarOpen [System | Running])
DRV - [2006/03/02 18:49:50 | 00,015,360 | ---- | M] (TOSHIBA Corporation.) -- C:\WINDOWS\system32\DRIVERS\tdcmdpst.sys -- (tdcmdpst [On_Demand | Running])
DRV - [2006/04/18 15:12:00 | 00,098,816 | ---- | M] (TOSHIBA Corporation) -- C:\WINDOWS\system32\DRIVERS\tdudf.sys -- (tdudf [Auto | Running])
DRV - [2006/01/05 16:31:20 | 00,011,264 | ---- | M] (TOSHIBA ) -- C:\WINDOWS\System32\Drivers\TPwSav.sys -- (TPwSav [System | Running])
DRV - [2006/04/25 09:01:48 | 00,043,776 | ---- | M] (TOSHIBA Corporation) -- C:\WINDOWS\system32\DRIVERS\Tvs.sys -- (Tvs [On_Demand | Running])
DRV - [2005/11/28 10:45:16 | 00,007,040 | ---- | M] (X10 Wireless Technology, Inc.) -- C:\WINDOWS\System32\Drivers\x10hid.sys -- (X10Hid [On_Demand | Running])
DRV - [2005/02/26 16:25:52 | 00,091,527 | ---- | M] (VM) -- C:\WINDOWS\System32\Drivers\usbVM31b.sys -- (ZSMC301b [On_Demand | Stopped])

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie


IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-3277060119-1734204101-523286688-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKU\S-1-5-21-3277060119-1734204101-523286688-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-3277060119-1734204101-523286688-1005\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKU\S-1-5-21-3277060119-1734204101-523286688-1005\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE - HKU\S-1-5-21-3277060119-1734204101-523286688-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
IE - HKU\S-1-5-21-3277060119-1734204101-523286688-1005\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-3277060119-1734204101-523286688-1005\S-1-5-21-3277060119-1734204101-523286688-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.defaulturl: "http://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q="
FF - prefs.js..browser.startup.homepage: "http://fr.msn.com/"
FF - prefs.js..extensions.enabledItems: {3112ca9c-de6d-4884-a869-9855de68056c}:3.1.20090119W
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.1
FF - prefs.js..keyword.URL: "http://search.live.com/results.aspx?mkt=fr-fr&FORM=MIMWA5&q="

FF - HKLM\software\mozilla\Firefox\Extensions\\{3112ca9c-de6d-4884-a869-9855de68056c}: C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\GOOGLE\TOOLBAR FOR FIREFOX\{3112CA9C-DE6D-4884-A869-9855DE68056C} [2008/11/09 05:15:29 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.1\extensions\\Components: C:\PROGRAM FILES\MOZILLA FIREFOX\COMPONENTS [2008/11/09 05:15:16 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.1\extensions\\Plugins: C:\PROGRAM FILES\MOZILLA FIREFOX\PLUGINS [2008/11/09 05:15:13 | 00,000,000 | ---D | M]

[2009/06/03 19:24:05 | 00,000,000 | ---D | M] -- C:\Documents and Settings\ROMAIN DELOFFRE\Application Data\mozilla\Extensions
[2009/06/03 19:24:05 | 00,000,000 | ---D | M] -- C:\Documents and Settings\ROMAIN DELOFFRE\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/06/03 19:25:21 | 00,000,000 | ---D | M] -- C:\Documents and Settings\ROMAIN DELOFFRE\Application Data\mozilla\Firefox\Profiles\0xf1yc4j.default\extensions
[2009/06/03 19:24:50 | 00,000,000 | ---D | M] -- C:\Documents and Settings\ROMAIN DELOFFRE\Application Data\mozilla\Firefox\Profiles\0xf1yc4j.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2009/06/03 19:24:55 | 00,001,711 | ---- | M] () -- C:\Documents and Settings\ROMAIN DELOFFRE\Application Data\Mozilla\FireFox\Profiles\0xf1yc4j.default\searchplugins\livecom.xml
[2009/06/09 23:01:57 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2008/11/09 05:15:14 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2008/05/03 02:10:28 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\google-gzfb@partners.mozilla.com
[2008/07/03 04:56:53 | 00,023,040 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2008/07/03 04:56:53 | 00,134,144 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2006/09/10 13:35:08 | 00,001,516 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-france.xml
[2006/06/04 20:56:02 | 00,001,055 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-france.xml
[2008/04/16 06:08:20 | 00,001,706 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2006/09/10 13:35:08 | 00,000,748 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\MediaDICO-fr.xml
[2008/03/29 15:59:44 | 00,001,426 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-fr.xml
[2006/09/12 20:49:04 | 00,000,652 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-france.xml

O1 HOSTS File: (790 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Aide pour le lien d'Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll (Sun Microsystems, Inc.)
O3 - HKU\S-1-5-21-3277060119-1734204101-523286688-1005\..\Toolbar\ShellBrowser: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - Reg Error: Key error. File not found
O3 - HKU\S-1-5-21-3277060119-1734204101-523286688-1005\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - Reg Error: Key error. File not found
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AGRSMMSG] AGRSMMSG.exe (Agere Systems)
O4 - HKLM..\Run: [Alcmtr] ALCMTR.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" (ATI Technologies, Inc.)
O4 - HKLM..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe (ALWIL Software)
O4 - HKLM..\Run: [BigDogPath] C:\WINDOWS\VM_STI.EXE Philips SPC210NC Webcam (BIGDOG)
O4 - HKLM..\Run: [CeEKEY] C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe (COMPAL ELECTRONIC INC.)
O4 - HKLM..\Run: [DDWMon] C:\Program Files\TOSHIBA\TOSHIBA Direct Disc Writer\\ddwmon.exe ()
O4 - HKLM..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe (Microsoft Corporation)
O4 - HKLM..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe (Hewlett-Packard Co.)
O4 - HKLM..\Run: [HWSetup] C:\Program Files\TOSHIBA\TOSHIBA Applet\HWSetup.exe hwSetUP (TOSHIBA CO.,LTD.)
O4 - HKLM..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe (Agere Systems)
O4 - HKLM..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe (TOSHIBA)
O4 - HKLM..\Run: [RoxWatchTray] "C:\Program Files\Fichiers communs\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" (Sonic Solutions)
O4 - HKLM..\Run: [RTHDCPL] RTHDCPL.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SmoothView] C:\Program Files\TOSHIBA\Utilitaire de zoom TOSHIBA\SmoothView.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [SVPWUTIL] C:\Program Files\Toshiba\Windows Utilities\SVPWUTIL.exe SVPwUTIL (TOSHIBA)
O4 - HKLM..\Run: [TPNF] C:\Program Files\TOSHIBA\TouchPad\TPTray.exe (COMPAL ELECTRONIC INC.)
O4 - HKLM..\Run: [TPSMain] TPSMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [Tvs] C:\Program Files\TOSHIBA\Tvs\TvsTray.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [Zooming] ZoomingHook.exe (TOSHIBA)
O4 - HKU\S-1-5-21-3277060119-1734204101-523286688-1005..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe (TOSHIBA)
O4 - Startup: C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
O4 - Startup: C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\TrayMin210.exe.lnk = C:\Program Files\Philips\Philips SPC210NC Webcam\TrayMin210.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-3277060119-1734204101-523286688-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 95 00 00 00 [binary data]
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe File not found
O9 - Extra 'Tools' menuitem : PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe File not found
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} http://www.nvidia.com/content/DriverDow ... eqlab2.cab (System Requirements Lab Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.5.0/jinsta ... s-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/fl ... rashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinsta ... s-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/get/sh ... wflash.cab (Shockwave Flash Object)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Fichiers communs\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Fichiers communs\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Fichiers communs\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Filter: - text/xml - C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\system32\Ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop Components:0 () - C:\Program Files\MSN Gaming Zone\profsybywuus.html
O24 - Desktop Components:1 (Ma page d'accueil) - About:Home
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/25 13:03:23 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - * [2009/06/13 00:02:26 | 00,000,000 | ---D | M]

========== Files/Folders - Created Within 30 Days ==========

[2009/06/13 00:06:46 | 00,000,000 | ---D | C] -- C:\_OTL
[2009/06/11 21:14:26 | 00,000,630 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\Navilog1.lnk
[2009/06/11 21:14:26 | 00,000,000 | ---D | C] -- C:\Program Files\Navilog1
[2009/06/11 21:11:43 | 00,577,997 | ---- | C] (IL-MAFIOSO ) -- C:\Documents and Settings\ROMAIN DELOFFRE\Bureau\Navilog1.exe
[2009/06/11 21:10:54 | 00,501,760 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\ROMAIN DELOFFRE\Bureau\OTL.exe
[2009/06/10 21:54:31 | 00,001,734 | ---- | C] () -- C:\Documents and Settings\ROMAIN DELOFFRE\Bureau\HijackThis.lnk
[2009/06/10 21:54:31 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2009/06/10 21:54:02 | 00,812,344 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\ROMAIN DELOFFRE\Bureau\hijackthis_hijackthis_2.02_anglais_17891.exe
[2009/06/09 22:56:45 | 00,893,464 | ---- | C] () -- C:\Documents and Settings\ROMAIN DELOFFRE\Bureau\cc_20090609_225637.reg
[2009/06/09 22:23:39 | 03,247,736 | ---- | C] (Piriform Ltd) -- C:\Documents and Settings\ROMAIN DELOFFRE\Bureau\ccsetup220.exe
[2009/06/09 22:21:10 | 03,371,384 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\ROMAIN DELOFFRE\Bureau\mbam-setup.exe
[2009/06/07 17:48:54 | 00,008,001 | ---- | C] () -- C:\Documents and Settings\ROMAIN DELOFFRE\Mes documents\Mon thème favori.theme
[2009/06/06 12:56:50 | 00,110,592 | ---- | C] () -- C:\WINDOWS\System32\net.net
[2009/03/29 23:27:54 | 00,000,221 | ---- | C] () -- C:\WINDOWS\HP_RedboxHprblog_HPSU.ini
[2008/06/23 21:42:03 | 00,000,021 | ---- | C] () -- C:\WINDOWS\kit.ini
[2008/02/08 01:05:24 | 00,000,000 | ---- | C] () -- C:\WINDOWS\CeEKey.INI
[2008/02/07 01:57:00 | 00,000,000 | ---- | C] () -- C:\WINDOWS\TPTray.INI
[2007/12/09 15:23:44 | 00,005,632 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys
[2007/05/09 00:24:33 | 00,000,118 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2006/12/12 18:30:26 | 03,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2006/12/12 18:24:42 | 00,012,288 | ---- | C] () -- C:\WINDOWS\System32\DivXWMPExtType.dll
[2006/09/26 11:40:57 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/09/26 07:28:24 | 00,000,385 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/09/26 07:01:57 | 00,000,000 | ---- | C] () -- C:\WINDOWS\NDSTray.INI
[2006/09/26 07:01:36 | 00,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2006/09/26 07:01:36 | 00,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2006/09/26 07:01:36 | 00,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2006/09/26 07:01:36 | 00,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2006/09/26 07:01:36 | 00,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2006/09/26 07:01:36 | 00,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2006/09/26 06:51:11 | 00,036,736 | ---- | C] () -- C:\WINDOWS\System32\drivers\CSIIDecoder_kern_i386.sys
[2006/09/26 06:51:11 | 00,029,184 | ---- | C] () -- C:\WINDOWS\System32\drivers\TSXT_kern_i386.sys
[2006/09/26 06:33:15 | 00,032,768 | ---- | C] () -- C:\WINDOWS\System32\EBLib.DLL
[2006/09/25 14:42:59 | 00,128,113 | ---- | C] () -- C:\WINDOWS\System32\csellang.ini
[2006/09/25 14:42:59 | 00,045,056 | ---- | C] () -- C:\WINDOWS\System32\csellang.dll
[2006/09/25 14:42:59 | 00,010,177 | ---- | C] () -- C:\WINDOWS\System32\tosmreg.ini
[2006/09/25 14:42:59 | 00,007,671 | ---- | C] () -- C:\WINDOWS\System32\cseltbl.ini
[2006/09/25 14:19:16 | 00,135,168 | ---- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
[2006/09/25 12:41:42 | 00,028,672 | ---- | C] () -- C:\WINDOWS\System32\ToshBIOS.dll
[2006/09/25 12:41:42 | 00,000,083 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2006/09/25 12:41:06 | 00,000,603 | ---- | C] () -- C:\WINDOWS\win.ini
[2006/09/25 12:41:04 | 00,000,231 | ---- | C] () -- C:\WINDOWS\system.ini
[2006/01/05 18:49:34 | 00,036,864 | ---- | C] () -- C:\WINDOWS\System32\HWS_Ctrl.dll
[2006/01/05 17:36:22 | 00,024,576 | ---- | C] () -- C:\WINDOWS\System32\EKECioCtl.dll
[2006/01/04 10:59:52 | 00,028,672 | ---- | C] () -- C:\WINDOWS\System32\TCtrlIO.dll
[2005/12/09 14:36:30 | 00,028,672 | ---- | C] () -- C:\WINDOWS\System32\TPeculiarity.dll
[2005/11/23 13:55:42 | 00,024,576 | ---- | C] () -- C:\WINDOWS\System32\SPCtl.dll
[2005/08/05 15:38:54 | 00,235,008 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2005/04/28 03:38:00 | 00,372,736 | ---- | C] () -- C:\WINDOWS\System32\hpzidi01.dll
[2005/04/28 03:37:49 | 00,077,824 | ---- | C] () -- C:\WINDOWS\System32\hpzids01.dll
[2003/04/01 11:58:02 | 00,005,260 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

========== Files - Modified Within 30 Days ==========

[6 C:\WINDOWS\System32\*.tmp files]
[1 C:\WINDOWS\*.tmp files]
[2009/06/13 00:09:02 | 00,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/06/13 00:08:43 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/06/13 00:08:30 | 00,000,062 | -HS- | M] () -- C:\Documents and Settings\ROMAIN DELOFFRE\Local Settings\desktop.ini
[2009/06/13 00:08:26 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/06/13 00:08:22 | 93,753,7536 | -HS- | M] () -- C:\hiberfil.sys
[2009/06/11 21:14:26 | 00,000,630 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\Navilog1.lnk
[2009/06/11 21:11:49 | 00,577,997 | ---- | M] (IL-MAFIOSO ) -- C:\Documents and Settings\ROMAIN DELOFFRE\Bureau\Navilog1.exe
[2009/06/11 21:10:59 | 00,501,760 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\ROMAIN DELOFFRE\Bureau\OTL.exe
[2009/06/10 21:54:32 | 00,001,734 | ---- | M] () -- C:\Documents and Settings\ROMAIN DELOFFRE\Bureau\HijackThis.lnk
[2009/06/10 21:54:07 | 00,812,344 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\ROMAIN DELOFFRE\Bureau\hijackthis_hijackthis_2.02_anglais_17891.exe
[2009/06/09 22:56:53 | 00,893,464 | ---- | M] () -- C:\Documents and Settings\ROMAIN DELOFFRE\Bureau\cc_20090609_225637.reg
[2009/06/09 22:35:59 | 00,001,548 | ---- | M] () -- C:\Documents and Settings\ROMAIN DELOFFRE\Bureau\CCleaner.lnk
[2009/06/09 22:23:39 | 03,247,736 | ---- | M] (Piriform Ltd) -- C:\Documents and Settings\ROMAIN DELOFFRE\Bureau\ccsetup220.exe
[2009/06/09 22:21:10 | 03,371,384 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\ROMAIN DELOFFRE\Bureau\mbam-setup.exe
[2009/06/07 17:48:55 | 00,008,001 | ---- | M] () -- C:\Documents and Settings\ROMAIN DELOFFRE\Mes documents\Mon thème favori.theme
[2009/06/06 12:56:50 | 00,110,592 | ---- | M] () -- C:\WINDOWS\System32\net.net
[2009/06/05 14:27:38 | 00,000,575 | ---- | M] () -- C:\Documents and Settings\ROMAIN DELOFFRE\Mes documents\Mes dossiers de partage.lnk
[2009/05/26 21:48:16 | 00,000,268 | -H-- | M] () -- C:\sqmdata13.sqm
[2009/05/26 21:48:16 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt13.sqm
[2009/05/26 21:29:19 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt12.sqm
[2009/05/26 21:29:19 | 00,000,232 | -H-- | M] () -- C:\sqmdata12.sqm
[2009/05/25 22:42:14 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt11.sqm
[2009/05/25 22:42:14 | 00,000,232 | -H-- | M] () -- C:\sqmdata11.sqm
[2009/05/25 11:53:02 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt10.sqm
[2009/05/25 11:53:02 | 00,000,232 | -H-- | M] () -- C:\sqmdata10.sqm
<End>
Avatar de l’utilisateur
ms3deb
 
Messages: 77
Inscription: 30 Avr 2007, 21:09

Rapport Navi 2!

Messagede ms3deb » 12 Juin 2009, 23:17

Clean Navipromo version 3.7.7 commencé le 12/06/2009 à 23:56:52,57

Outil exécuté depuis C:\Program Files\navilog1

Mise à jour le 12.05.2009 à 18h00 par IL-MAFIOSO

Microsoft Windows XP Professionnel ( v5.1.2600 ) Service Pack 3
X86-based PC ( Uniprocessor Free : Intel(R) Celeron(R) M CPU 430 @ 1.73GHz )
BIOS : Ver 1.00PARTTBL
USER : ROMAIN DELOFFRE ( Administrator )
BOOT : Normal boot

Antivirus : avast! antivirus 4.8.1296 [VPS 090130-0] 4.8.1296 (Not Activated)


C:\ (Local Disk) - NTFS - Total:74 Go (Free:21 Go)
D:\ (CD or DVD)


Mode suppression automatique
avec prise en charge résultats Catchme et GNS


Nettoyage exécuté au redémarrage de l'ordinateur


*** fsbl1.txt non trouvé ***
(Assurez-vous que Catchme n'avait rien trouvé lors de la recherche)


*** Suppression avec sauvegardes résultats GenericNaviSearch ***

* Suppression dans "C:\WINDOWS\System32" *


* Suppression dans "C:\Documents and Settings\ROMAIN DELOFFRE\locals~1\applic~1" *


* Suppression dans "C:\DOCUME~1\ADMINI~1\locals~1\applic~1" *


*** Suppression dossiers dans "C:\WINDOWS" ***


*** Suppression dossiers dans "C:\Program Files" ***


*** Suppression dossiers dans "C:\Documents and Settings\All Users\menudm~1\progra~1" ***


*** Suppression dossiers dans "C:\Documents and Settings\All Users\menudm~1" ***


*** Suppression dossiers dans "c:\docume~1\alluse~1\applic~1" ***


*** Suppression dossiers dans "C:\Documents and Settings\ROMAIN DELOFFRE\applic~1" ***


*** Suppression dossiers dans "C:\DOCUME~1\ADMINI~1\applic~1" ***


*** Suppression dossiers dans "C:\Documents and Settings\ROMAIN DELOFFRE\locals~1\applic~1" ***


*** Suppression dossiers dans "C:\DOCUME~1\ADMINI~1\locals~1\applic~1" ***


*** Suppression dossiers dans "C:\Documents and Settings\ROMAIN DELOFFRE\menudm~1\progra~1" ***


*** Suppression dossiers dans "C:\DOCUME~1\ADMINI~1\menudm~1\progra~1" ***



*** Suppression fichiers ***


*** Suppression fichiers temporaires ***

Nettoyage contenu C:\WINDOWS\Temp effectué !
Nettoyage contenu C:\Documents and Settings\ROMAIN DELOFFRE\locals~1\Temp effectué !

*** Traitement Recherche complémentaire ***
(Recherche fichiers spécifiques)

1)Suppression avec sauvegardes nouveaux fichiers Instant Access :

2)Recherche, création sauvegardes et suppression Heuristique :


* Dans "C:\WINDOWS\system32" *


C:\WINDOWS\prefetch\iycus*.pf trouvé !
Copie C:\WINDOWS\prefetch\iycus*.pf réalisée avec succès !
C:\WINDOWS\prefetch\iycus*.pf supprimé !


* Dans "C:\Documents and Settings\ROMAIN DELOFFRE\locals~1\applic~1" *


iycus.exe trouvé !
Copie iycus.exe réalisée avec succès !
iycus.exe supprimé !

iycus.dat trouvé !
Copie iycus.dat réalisée avec succès !
iycus.dat supprimé !

iycus_nav.dat trouvé !
Copie iycus_nav.dat réalisée avec succès !
iycus_nav.dat supprimé !

iycus_navps.dat trouvé !
Copie iycus_navps.dat réalisée avec succès !
iycus_navps.dat supprimé !

skmvpsju.dat trouvé !
Copie skmvpsju.dat réalisée avec succès !
skmvpsju.dat supprimé !

skmvpsju_nav.dat trouvé !
Copie skmvpsju_nav.dat réalisée avec succès !
skmvpsju_nav.dat supprimé !

skmvpsju_navps.dat trouvé !
Copie skmvpsju_navps.dat réalisée avec succès !
skmvpsju_navps.dat supprimé !


* Dans "C:\DOCUME~1\ADMINI~1\locals~1\applic~1" *



*** Sauvegarde du Registre vers dossier Safebackup ***

sauvegarde du Registre réalisée avec succès !

*** Nettoyage Registre ***

Nettoyage Registre Ok


*** Certificats ***

Certificat Egroup supprimé !
Certificat Electronic-Group supprimé !
Certificat Montorgueil absent !
Certificat OOO-Favorit supprimé !
Certificat Sunny-Day-Design-Ltdt absent !

*** Recherche autres dossiers et fichiers connus ***



*** Nettoyage terminé le 13/06/2009 à 0:01:52,37 ***
Avatar de l’utilisateur
ms3deb
 
Messages: 77
Inscription: 30 Avr 2007, 21:09

Messagede nickW » 13 Juin 2009, 00:29

Bonsoir,

Il manque un des rapports:

nickW, hier, a écrit:Étape 7: Résultats
Envoyer en réponse:
...
*- le rapport de correction de OTL (contenu du fichier SystemDrive\_OTL\MovedFiles\********_******.log - les *** sont des chiffres représentant la date [moisjourannée] et l'heure)
[SystemDrive représente la partition sur laquelle est installé le système, généralement C:]




Peux-tu également me dire comment se comporte le PC?

A suivre,
nickW - Image
30/07/2012: Plus de désinfection de PC jusqu'à nouvel ordre.
Pas de demande d'analyse de log en MP (Message Privé)
Mes configs
Avatar de l’utilisateur
nickW
Modérateur
 
Messages: 21698
Inscription: 20 Mai 2004, 17:41
Localisation: Dordogne/Île de France

Rapp OTlist MAJ!

Messagede ms3deb » 13 Juin 2009, 07:15

Error: Unable to interpret <rien> in the current context!
========== PROCESSES ==========
Process explorer.exe killed successfully!
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7E853D72-626A-48EC-A868-BA8D5E23E045}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BD22FA02-FFEB-45C4-2694-93DE2F8DC48F}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BD22FA02-FFEB-45C4-2694-93DE2F8DC48F}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{10ff9af4-b078-11db-a820-0016e39af064}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{10ff9af4-b078-11db-a820-0016e39af064}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{10ff9af4-b078-11db-a820-0016e39af064}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{10ff9af4-b078-11db-a820-0016e39af064}\ not found.
File E:\ReadMe.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{10ff9af5-b078-11db-a820-0016e39af064}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{10ff9af5-b078-11db-a820-0016e39af064}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3d1db790-3c20-11dc-a8c4-0016d48981f6}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3d1db790-3c20-11dc-a8c4-0016d48981f6}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{49708916-50f5-11dc-a8e5-0016d48981f6}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{49708916-50f5-11dc-a8e5-0016d48981f6}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4a0cb110-5ad2-11dc-a8f4-0016d48981f6}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4a0cb110-5ad2-11dc-a8f4-0016d48981f6}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7f35c00e-a036-11db-a804-0016e39af064}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7f35c00e-a036-11db-a804-0016e39af064}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7f35c00f-a036-11db-a804-0016e39af064}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7f35c00f-a036-11db-a804-0016e39af064}\ not found.
File F:\AdobeR.exe not found.
========== COMMANDS ==========
Explorer started successfully
File delete failed. C:\Documents and Settings\ROMAIN DELOFFRE\Local Settings\Temp\hpodvd09.log scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Internet Explorer cache folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temp\History\History.IE5\index.dat scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temp\Fichiers Internet temporaires\Content.IE5\index.dat scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temp\Cookies\index.dat scheduled to be deleted on reboot.
Local Service Temp folder emptied.
Local Service Temporary Internet Files folder emptied.
Network Service Temp folder emptied.
Network Service Temporary Internet Files folder emptied.
File delete failed. C:\WINDOWS\temp\_avast4_\Webshlock.txt scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_6fc.dat scheduled to be deleted on reboot.
Windows Temp folder emptied.
Java cache emptied.
Temp folders emptied.

OTL by OldTimer - Version 2.1.1.0 log created on 06132009_000646

Files moved on Reboot...
C:\Documents and Settings\ROMAIN DELOFFRE\Local Settings\Temp\hpodvd09.log moved successfully.
File move failed. C:\WINDOWS\temp\_avast4_\Webshlock.txt scheduled to be moved on reboot.
File C:\WINDOWS\temp\Perflib_Perfdata_6fc.dat not found!

Registry entries deleted on Reboot...
Avatar de l’utilisateur
ms3deb
 
Messages: 77
Inscription: 30 Avr 2007, 21:09

Suivante

Retourner vers Sécurité (Contamination - Décontamination)

Qui est en ligne

Utilisateurs parcourant ce forum: Aucun utilisateur enregistré et 45 invités