Connexion très lente

Sécurité et insécurité. Virus, Trojans, Spywares, Failles etc. …

Modérateur: Modérateurs et Modératrices

Règles du forum
Assiste.com a suspendu l'assistance à la décontamination après presque 15 ans sur l'ancien forum puis celui-ci. Voir :

Procédure de décontamination 1 - Anti-malware
Décontamination anti-malwares

Procédure de décontamination 2 - Anti-malware et antivirus (La Manip)
La Manip - Procédure standard de décontamination

Entretien périodique d'un PC sous Windows
Entretien périodique d'un PC sous Windows

Protection des navigateurs, de la navigation et de la vie privée
Protéger le navigateur, la navigation et la vie privée

Messagede mogan85 » 15 Juil 2009, 20:09

Bonsoir. Voici le rapport Rootrepeal en entier :

ROOTREPEAL (c) AD, 2007-2009
==================================================
Scan Start Time: 2009/07/15 21:04
Program Version: Version 1.3.2.0
Windows Version: Windows XP SP2
==================================================

Drivers
-------------------
Name: dump_atapi.sys
Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys
Address: 0xACEBD000 Size: 98304 File Visible: No Signed: -
Status: -

Name: dump_WMILIB.SYS
Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS
Address: 0xBA606000 Size: 8192 File Visible: No Signed: -
Status: -

Name: PCI_PNP1606
Image Path: \Driver\PCI_PNP1606
Address: 0x00000000 Size: 0 File Visible: No Signed: -
Status: -

Name: rootrepeal.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0xA9EC5000 Size: 49152 File Visible: No Signed: -
Status: -

Name: spao.sys
Image Path: spao.sys
Address: 0xB9EA7000 Size: 1048576 File Visible: No Signed: -
Status: -

Name: sptd
Image Path: \Driver\sptd
Address: 0x00000000 Size: 0 File Visible: No Signed: -
Status: -

Hidden/Locked Files
-------------------
Path: C:\Documents and Settings\komtok\Local Settings\Application Data\Microsoft\Messenger\morgankomtok@hotmail.com\SharingMetadata\ladymoisel@hotmail.fr\DFSR\Staging\CS{E8B213B2-8425-5167-5C74-9690531B45C3}\01\11-{E8B213B2-8425-5167-5C74-9690531B45C3}-v1-{2EBDFBA7-5835-4581-A776-65A7479DE328}-v11-Downloaded.frx
Status: Locked to the Windows API!

Path: C:\Documents and Settings\komtok\Local Settings\Application Data\Microsoft\Messenger\morgankomtok@hotmail.com\SharingMetadata\ladymoisel@hotmail.fr\DFSR\Staging\CS{E8B213B2-8425-5167-5C74-9690531B45C3}\09\709-{5626836A-F41D-48AE-BC73-29E7E4CB17EF}-v709-{5626836A-F41D-48AE-BC73-29E7E4CB17EF}-v709-Downloaded.frx
Status: Locked to the Windows API!

Path: C:\Documents and Settings\komtok\Local Settings\Application Data\Microsoft\Messenger\morgankomtok@hotmail.com\SharingMetadata\ladymoisel@hotmail.fr\DFSR\Staging\CS{E8B213B2-8425-5167-5C74-9690531B45C3}\10\710-{5626836A-F41D-48AE-BC73-29E7E4CB17EF}-v710-{5626836A-F41D-48AE-BC73-29E7E4CB17EF}-v710-Downloaded.frx
Status: Locked to the Windows API!

Path: C:\Documents and Settings\komtok\Local Settings\Application Data\Microsoft\Messenger\morgankomtok@hotmail.com\SharingMetadata\ladymoisel@hotmail.fr\DFSR\Staging\CS{E8B213B2-8425-5167-5C74-9690531B45C3}\16\116-{96D80649-7FD4-4137-B58F-F95520783156}-v116-{96D80649-7FD4-4137-B58F-F95520783156}-v116-Downloaded.frx
Status: Locked to the Windows API!

Path: C:\Documents and Settings\komtok\Local Settings\Application Data\Microsoft\Messenger\morgankomtok@hotmail.com\SharingMetadata\ladymoisel@hotmail.fr\DFSR\Staging\CS{E8B213B2-8425-5167-5C74-9690531B45C3}\18\118-{9~2.FRX:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
Status: Locked to the Windows API!

Path: C:\Documents and Settings\komtok\Local Settings\Application Data\Microsoft\Messenger\morgankomtok@hotmail.com\SharingMetadata\ladymoisel@hotmail.fr\DFSR\Staging\CS{E8B213B2-8425-5167-5C74-9690531B45C3}\18\118-{9~2.FRX:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\komtok\Local Settings\Application Data\Microsoft\Messenger\morgankomtok@hotmail.com\SharingMetadata\ladymoisel@hotmail.fr\DFSR\Staging\CS{E8B213B2-8425-5167-5C74-9690531B45C3}\18\118-{9~2.FRX:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\komtok\Local Settings\Application Data\Microsoft\Messenger\morgankomtok@hotmail.com\SharingMetadata\ladymoisel@hotmail.fr\DFSR\Staging\CS{E8B213B2-8425-5167-5C74-9690531B45C3}\18\118-{9~2.FRX:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\komtok\Local Settings\Application Data\Microsoft\Messenger\morgankomtok@hotmail.com\SharingMetadata\ladymoisel@hotmail.fr\DFSR\Staging\CS{E8B213B2-8425-5167-5C74-9690531B45C3}\18\118-{9~2.FRX:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1
Status: Locked to the Windows API!

Path: C:\Documents and Settings\komtok\Local Settings\Application Data\Microsoft\Messenger\morgankomtok@hotmail.com\SharingMetadata\ladymoisel@hotmail.fr\DFSR\Staging\CS{E8B213B2-8425-5167-5C74-9690531B45C3}\18\118-{9~2.FRX:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.2
Status: Locked to the Windows API!

Path: C:\Documents and Settings\komtok\Local Settings\Application Data\Microsoft\Messenger\morgankomtok@hotmail.com\SharingMetadata\ladymoisel@hotmail.fr\DFSR\Staging\CS{E8B213B2-8425-5167-5C74-9690531B45C3}\63\1063-{5626836A-F41D-48AE-BC73-29E7E4CB17EF}-v1063-{5626836A-F41D-48AE-BC73-29E7E4CB17EF}-v1063-Downloaded.frx
Status: Locked to the Windows API!

Path: C:\Documents and Settings\komtok\Local Settings\Application Data\Microsoft\Messenger\morgankomtok@hotmail.com\SharingMetadata\laure.touchelay@hotmail.fr\DFSR\Staging\CS{4C92E596-1291-BBA9-4539-F6220CC98169}\32\171-{96D80649-7FD4-4137-B58F-F95520783156}-v32-{4559B717-810F-4B29-BFBB-E62D3532AE3F}-v171-Downloaded.frx
Status: Locked to the Windows API!

Path: C:\Documents and Settings\komtok\Local Settings\Application Data\Microsoft\Messenger\morgankomtok@hotmail.com\SharingMetadata\laure.touchelay@hotmail.fr\DFSR\Staging\CS{4C92E596-1291-BBA9-4539-F6220CC98169}\55\75-{96D80649-7FD4-4137-B58F-F95520783156}-v55-{38192728-EDE5-4F8A-9BBB-A826E0C49288}-v75-Downloaded.frx
Status: Locked to the Windows API!

Path: C:\Documents and Settings\komtok\Local Settings\Application Data\Microsoft\Messenger\morgankomtok@hotmail.com\SharingMetadata\laure.touchelay@hotmail.fr\DFSR\Staging\CS{4C92E596-1291-BBA9-4539-F6220CC98169}\00\131-{96D80649-7FD4-4137-B58F-F95520783156}-v100-{38192728-EDE5-4F8A-9BBB-A826E0C49288}-v131-Downloaded.frx
Status: Locked to the Windows API!

Path: C:\Documents and Settings\komtok\Local Settings\Application Data\Microsoft\Messenger\morgankomtok@hotmail.com\SharingMetadata\laure.touchelay@hotmail.fr\DFSR\Staging\CS{4C92E596-1291-BBA9-4539-F6220CC98169}\01\12-{4C92E596-1291-BBA9-4539-F6220CC98169}-v1-{2EBDFBA7-5835-4581-A776-65A7479DE328}-v12-Downloaded.frx
Status: Locked to the Windows API!

Path: C:\Documents and Settings\komtok\Local Settings\Application Data\Microsoft\Messenger\morgankomtok@hotmail.com\SharingMetadata\laure.touchelay@hotmail.fr\DFSR\Staging\CS{4C92E596-1291-BBA9-4539-F6220CC98169}\01\132-{96D80649-7FD4-4137-B58F-F95520783156}-v101-{38192728-EDE5-4F8A-9BBB-A826E0C49288}-v132-Downloaded.frx
Status: Locked to the Windows API!

Path: C:\Documents and Settings\komtok\Local Settings\Application Data\Microsoft\Messenger\morgankomtok@hotmail.com\SharingMetadata\laure.touchelay@hotmail.fr\DFSR\Staging\CS{4C92E596-1291-BBA9-4539-F6220CC98169}\02\133-{96D80649-7FD4-4137-B58F-F95520783156}-v102-{38192728-EDE5-4F8A-9BBB-A826E0C49288}-v133-Downloaded.frx
Status: Locked to the Windows API!

Path: C:\Documents and Settings\komtok\Local Settings\Application Data\Microsoft\Messenger\morgankomtok@hotmail.com\SharingMetadata\laure.touchelay@hotmail.fr\DFSR\Staging\CS{4C92E596-1291-BBA9-4539-F6220CC98169}\03\134-{96D80649-7FD4-4137-B58F-F95520783156}-v103-{38192728-EDE5-4F8A-9BBB-A826E0C49288}-v134-Downloaded.frx
Status: Locked to the Windows API!

Path: C:\Documents and Settings\komtok\Local Settings\Application Data\Microsoft\Messenger\morgankomtok@hotmail.com\SharingMetadata\laure.touchelay@hotmail.fr\DFSR\Staging\CS{4C92E596-1291-BBA9-4539-F6220CC98169}\04\135-{96D80649-7FD4-4137-B58F-F95520783156}-v104-{38192728-EDE5-4F8A-9BBB-A826E0C49288}-v135-Downloaded.frx
Status: Locked to the Windows API!

Path: C:\Documents and Settings\komtok\Local Settings\Application Data\Microsoft\Messenger\morgankomtok@hotmail.com\SharingMetadata\laure.touchelay@hotmail.fr\DFSR\Staging\CS{4C92E596-1291-BBA9-4539-F6220CC98169}\05\136-{96D80649-7FD4-4137-B58F-F95520783156}-v105-{38192728-EDE5-4F8A-9BBB-A826E0C49288}-v136-Downloaded.frx
Status: Locked to the Windows API!

Path: C:\Documents and Settings\komtok\Local Settings\Application Data\Microsoft\Messenger\morgankomtok@hotmail.com\SharingMetadata\laure.touchelay@hotmail.fr\DFSR\Staging\CS{4C92E596-1291-BBA9-4539-F6220CC98169}\06\137-{96D80649-7FD4-4137-B58F-F95520783156}-v106-{38192728-EDE5-4F8A-9BBB-A826E0C49288}-v137-Downloaded.frx
Status: Locked to the Windows API!

Path: C:\Documents and Settings\komtok\Local Settings\Application Data\Microsoft\Messenger\morgankomtok@hotmail.com\SharingMetadata\laure.touchelay@hotmail.fr\DFSR\Staging\CS{4C92E596-1291-BBA9-4539-F6220CC98169}\07\138-{96D80649-7FD4-4137-B58F-F95520783156}-v107-{38192728-EDE5-4F8A-9BBB-A826E0C49288}-v138-Downloaded.frx
Status: Locked to the Windows API!

Path: C:\Documents and Settings\komtok\Local Settings\Application Data\Microsoft\Messenger\morgankomtok@hotmail.com\SharingMetadata\laure.touchelay@hotmail.fr\DFSR\Staging\CS{4C92E596-1291-BBA9-4539-F6220CC98169}\08\139-{96D80649-7FD4-4137-B58F-F95520783156}-v108-{38192728-EDE5-4F8A-9BBB-A826E0C49288}-v139-Downloaded.frx
Status: Locked to the Windows API!

Path: C:\Documents and Settings\komtok\Local Settings\Application Data\Microsoft\Messenger\morgankomtok@hotmail.com\SharingMetadata\laure.touchelay@hotmail.fr\DFSR\Staging\CS{4C92E596-1291-BBA9-4539-F6220CC98169}\09\140-{96D80649-7FD4-4137-B58F-F95520783156}-v109-{38192728-EDE5-4F8A-9BBB-A826E0C49288}-v140-Downloaded.frx
Status: Locked to the Windows API!

Path: C:\Documents and Settings\komtok\Local Settings\Application Data\Microsoft\Messenger\morgankomtok@hotmail.com\SharingMetadata\laure.touchelay@hotmail.fr\DFSR\Staging\CS{4C92E596-1291-BBA9-4539-F6220CC98169}\10\141-{96D80649-7FD4-4137-B58F-F95520783156}-v110-{38192728-EDE5-4F8A-9BBB-A826E0C49288}-v141-Downloaded.frx
Status: Locked to the Windows API!

Path: C:\Documents and Settings\komtok\Local Settings\Application Data\Microsoft\Messenger\morgankomtok@hotmail.com\SharingMetadata\laure.touchelay@hotmail.fr\DFSR\Staging\CS{4C92E596-1291-BBA9-4539-F6220CC98169}\11\142-{96D80649-7FD4-4137-B58F-F95520783156}-v111-{38192728-EDE5-4F8A-9BBB-A826E0C49288}-v142-Downloaded.frx
Status: Locked to the Windows API!

Path: C:\Documents and Settings\komtok\Local Settings\Application Data\Microsoft\Messenger\morgankomtok@hotmail.com\SharingMetadata\laure.touchelay@hotmail.fr\DFSR\Staging\CS{4C92E596-1291-BBA9-4539-F6220CC98169}\11\150-{96D80649-7FD4-4137-B58F-F95520783156}-v11-{4559B717-810F-4B29-BFBB-E62D3532AE3F}-v150-Downloaded.frx
Status: Locked to the Windows API!

Path: C:\Documents and Settings\komtok\Local Settings\Application Data\Microsoft\Messenger\morgankomtok@hotmail.com\SharingMetadata\laure.touchelay@hotmail.fr\DFSR\Staging\CS{4C92E596-1291-BBA9-4539-F6220CC98169}\12\143-{96D80649-7FD4-4137-B58F-F95520783156}-v112-{38192728-EDE5-4F8A-9BBB-A826E0C49288}-v143-Downloaded.frx
Status: Locked to the Windows API!

Path: C:\Documents and Settings\komtok\Local Settings\Application Data\Microsoft\Messenger\morgankomtok@hotmail.com\SharingMetadata\laure.touchelay@hotmail.fr\DFSR\Staging\CS{4C92E596-1291-BBA9-4539-F6220CC98169}\12\151-{96D80649-7FD4-4137-B58F-F95520783156}-v12-{4559B717-810F-4B29-BFBB-E62D3532AE3F}-v151-Downloaded.frx
Status: Locked to the Windows API!

Path: C:\Documents and Settings\komtok\Local Settings\Application Data\Microsoft\Messenger\morgankomtok@hotmail.com\SharingMetadata\laure.touchelay@hotmail.fr\DFSR\Staging\CS{4C92E596-1291-BBA9-4539-F6220CC98169}\13\144-{96D80649-7FD4-4137-B58F-F95520783156}-v113-{38192728-EDE5-4F8A-9BBB-A826E0C49288}-v144-Downloaded.frx
Status: Locked to the Windows API!

Path: C:\Documents and Settings\komtok\Local Settings\Application Data\Microsoft\Messenger\morgankomtok@hotmail.com\SharingMetadata\laure.touchelay@hotmail.fr\DFSR\Staging\CS{4C92E596-1291-BBA9-4539-F6220CC98169}\13\152-{96D80649-7FD4-4137-B58F-F95520783156}-v13-{4559B717-810F-4B29-BFBB-E62D3532AE3F}-v152-Downloaded.frx
Status: Locked to the Windows API!

Path: C:\Documents and Settings\komtok\Local Settings\Application Data\Microsoft\Messenger\morgankomtok@hotmail.com\SharingMetadata\laure.touchelay@hotmail.fr\DFSR\Staging\CS{4C92E596-1291-BBA9-4539-F6220CC98169}\14\153-{96D80649-7FD4-4137-B58F-F95520783156}-v14-{4559B717-810F-4B29-BFBB-E62D3532AE3F}-v153-Downloaded.frx
Status: Locked to the Windows API!

Path: C:\Documents and Settings\komtok\Local Settings\Application Data\Microsoft\Messenger\morgankomtok@hotmail.com\SharingMetadata\laure.touchelay@hotmail.fr\DFSR\Staging\CS{4C92E596-1291-BBA9-4539-F6220CC98169}\15\154-{96D80649-7FD4-4137-B58F-F95520783156}-v15-{4559B717-810F-4B29-BFBB-E62D3532AE3F}-v154-Downloaded.frx
Status: Locked to the Windows API!

Path: C:\Documents and Settings\komtok\Local Settings\Application Data\Microsoft\Messenger\morgankomtok@hotmail.com\SharingMetadata\laure.touchelay@hotmail.fr\DFSR\Staging\CS{4C92E596-1291-BBA9-4539-F6220CC98169}\16\155-{96D80649-7FD4-4137-B58F-F95520783156}-v16-{4559B717-810F-4B29-BFBB-E62D3532AE3F}-v155-Downloaded.frx
Status: Locked to the Windows API!

Path: C:\Documents and Settings\komtok\Local Settings\Application Data\Microsoft\Messenger\morgankomtok@hotmail.com\SharingMetadata\laure.touchelay@hotmail.fr\DFSR\Staging\CS{4C92E596-1291-BBA9-4539-F6220CC98169}\17\149-{38192728-EDE5-4F8A-9BBB-A826E0C49288}-v17-{4559B717-810F-4B29-BFBB-E62D3532AE3F}-v149-Downloaded.frx
Status: Locked to the Windows API!

Path: C:\Documents and Settings\komtok\Local Settings\Application Data\Microsoft\Messenger\morgankomtok@hotmail.com\SharingMetadata\laure.touchelay@hotmail.fr\DFSR\Staging\CS{4C92E596-1291-BBA9-4539-F6220CC98169}\17\156-{96D80649-7FD4-4137-B58F-F95520783156}-v17-{4559B717-810F-4B29-BFBB-E62D3532AE3F}-v156-Downloaded.frx
Status: Locked to the Windows API!

Path: C:\Documents and Settings\komtok\Local Settings\Application Data\Microsoft\Messenger\morgankomtok@hotmail.com\SharingMetadata\laure.touchelay@hotmail.fr\DFSR\Staging\CS{4C92E596-1291-BBA9-4539-F6220CC98169}\18\157-{96D80649-7FD4-4137-B58F-F95520783156}-v18-{4559B717-810F-4B29-BFBB-E62D3532AE3F}-v157-Downloaded.frx
Status: Locked to the Windows API!

Path: C:\Documents and Settings\komtok\Local Settings\Application Data\Microsoft\Messenger\morgankomtok@hotmail.com\SharingMetadata\laure.touchelay@hotmail.fr\DFSR\Staging\CS{4C92E596-1291-BBA9-4539-F6220CC98169}\19\158-{96D80649-7FD4-4137-B58F-F95520783156}-v19-{4559B717-810F-4B29-BFBB-E62D3532AE3F}-v158-Downloaded.frx
Status: Locked to the Windows API!

Path: C:\Documents and Settings\komtok\Local Settings\Application Data\Microsoft\Messenger\morgankomtok@hotmail.com\SharingMetadata\laure.touchelay@hotmail.fr\DFSR\Staging\CS{4C92E596-1291-BBA9-4539-F6220CC98169}\20\159-{96D80649-7FD4-4137-B58F-F95520783156}-v20-{4559B717-810F-4B29-BFBB-E62D3532AE3F}-v159-Downloaded.frx
Status: Locked to the Windows API!

Path: C:\Documents and Settings\komtok\Local Settings\Application Data\Microsoft\Messenger\morgankomtok@hotmail.com\SharingMetadata\laure.touchelay@hotmail.fr\DFSR\Staging\CS{4C92E596-1291-BBA9-4539-F6220CC98169}\21\160-{96D80649-7FD4-4137-B58F-F95520783156}-v21-{4559B717-810F-4B29-BFBB-E62D3532AE3F}-v160-Downloaded.frx
Status: Locked to the Windows API!

Path: C:\Documents and Settings\komtok\Local Settings\Application Data\Microsoft\Messenger\morgankomtok@hotmail.com\SharingMetadata\laure.touchelay@hotmail.fr\DFSR\Staging\CS{4C92E596-1291-BBA9-4539-F6220CC98169}\22\161-{96D80649-7FD4-4137-B58F-F95520783156}-v22-{4559B717-810F-4B29-BFBB-E62D3532AE3F}-v161-Downloaded.frx
Status: Locked to the Windows API!

Path: C:\Documents and Settings\komtok\Local Settings\Application Data\Microsoft\Messenger\morgankomtok@hotmail.com\SharingMetadata\laure.touchelay@hotmail.fr\DFSR\Staging\CS{4C92E596-1291-BBA9-4539-F6220CC98169}\23\162-{96D80649-7FD4-4137-B58F-F95520783156}-v23-{4559B717-810F-4B29-BFBB-E62D3532AE3F}-v162-Downloaded.frx
Status: Locked to the Windows API!

Path: C:\Documents and Settings\komtok\Local Settings\Application Data\Microsoft\Messenger\morgankomtok@hotmail.com\SharingMetadata\laure.touchelay@hotmail.fr\DFSR\Staging\CS{4C92E596-1291-BBA9-4539-F6220CC98169}\24\163-{96D80649-7FD4-4137-B58F-F95520783156}-v24-{4559B717-810F-4B29-BFBB-E62D3532AE3F}-v163-Downloaded.frx
Status: Locked to the Windows API!

Path: C:\Documents and Settings\komtok\Local Settings\Application Data\Microsoft\Messenger\morgankomtok@hotmail.com\SharingMetadata\laure.touchelay@hotmail.fr\DFSR\Staging\CS{4C92E596-1291-BBA9-4539-F6220CC98169}\25\164-{96D80649-7FD4-4137-B58F-F95520783156}-v25-{4559B717-810F-4B29-BFBB-E62D3532AE3F}-v164-Downloaded.frx
Status: Locked to the Windows API!

Path: C:\Documents and Settings\komtok\Local Settings\Application Data\Microsoft\Messenger\morgankomtok@hotmail.com\SharingMetadata\laure.touchelay@hotmail.fr\DFSR\Staging\CS{4C92E596-1291-BBA9-4539-F6220CC98169}\26\165-{96D80649-7FD4-4137-B58F-F95520783156}-v26-{4559B717-810F-4B29-BFBB-E62D3532AE3F}-v165-Downloaded.frx
Status: Locked to the Windows API!

Path: C:\Documents and Settings\komtok\Local Settings\Application Data\Microsoft\Messenger\morgankomtok@hotmail.com\SharingMetadata\laure.touchelay@hotmail.fr\DFSR\Staging\CS{4C92E596-1291-BBA9-4539-F6220CC98169}\27\166-{96D80649-7FD4-4137-B58F-F95520783156}-v27-{4559B717-810F-4B29-BFBB-E62D3532AE3F}-v166-Downloaded.frx
Status: Locked to the Windows API!

Path: C:\Documents and Settings\komtok\Local Settings\Application Data\Microsoft\Messenger\morgankomtok@hotmail.com\SharingMetadata\laure.touchelay@hotmail.fr\DFSR\Staging\CS{4C92E596-1291-BBA9-4539-F6220CC98169}\28\167-{96D80649-7FD4-4137-B58F-F95520783156}-v28-{4559B717-810F-4B29-BFBB-E62D3532AE3F}-v167-Downloaded.frx
Status: Locked to the Windows API!

Path: C:\Documents and Settings\komtok\Local Settings\Application Data\Microsoft\Messenger\morgankomtok@hotmail.com\SharingMetadata\laure.touchelay@hotmail.fr\DFSR\Staging\CS{4C92E596-1291-BBA9-4539-F6220CC98169}\29\168-{96D80649-7FD4-4137-B58F-F95520783156}-v29-{4559B717-810F-4B29-BFBB-E62D3532AE3F}-v168-Downloaded.frx
Status: Locked to the Windows API!

Path: C:\Documents and Settings\komtok\Local Settings\Application Data\Microsoft\Messenger\morgankomtok@hotmail.com\SharingMetadata\laure.touchelay@hotmail.fr\DFSR\Staging\CS{4C92E596-1291-BBA9-4539-F6220CC98169}\30\169-{96D80649-7FD4-4137-B58F-F95520783156}-v30-{4559B717-810F-4B29-BFBB-E62D3532AE3F}-v169-Downloaded.frx
Status: Locked to the Windows API!

Path: C:\Documents and Settings\komtok\Local Settings\Application Data\Microsoft\Messenger\morgankomtok@hotmail.com\SharingMetadata\laure.touchelay@hotmail.fr\DFSR\Staging\CS{4C92E596-1291-BBA9-4539-F6220CC98169}\31\170-{96D80649-7FD4-4137-B58F-F95520783156}-v31-{4559B717-810F-4B29-BFBB-E62D3532AE3F}-v170-Downloaded.frx
Status: Locked to the Windows API!

Path: C:\Documents and Settings\komtok\Local Settings\Application Data\Microsoft\Messenger\morgankomtok@hotmail.com\SharingMetadata\laure.touchelay@hotmail.fr\DFSR\Staging\CS{4C92E596-1291-BBA9-4539-F6220CC98169}\33\172-{96D80649-7FD4-4137-B58F-F95520783156}-v33-{4559B717-810F-4B29-BFBB-E62D3532AE3F}-v172-Downloaded.frx
Status: Locked to the Windows API!

Path: C:\Documents and Settings\komtok\Local Settings\Application Data\Microsoft\Messenger\morgankomtok@hotmail.com\SharingMetadata\laure.touchelay@hotmail.fr\DFSR\Staging\CS{4C92E596-1291-BBA9-4539-F6220CC98169}\34\173-{96D80649-7FD4-4137-B58F-F95520783156}-v34-{4559B717-810F-4B29-BFBB-E62D3532AE3F}-v173-Downloaded.frx
Status: Locked to the Windows API!

Path: C:\Documents and Settings\komtok\Local Settings\Application Data\Microsoft\Messenger\morgankomtok@hotmail.com\SharingMetadata\laure.touchelay@hotmail.fr\DFSR\Staging\CS{4C92E596-1291-BBA9-4539-F6220CC98169}\35\174-{96D80649-7FD4-4137-B58F-F95520783156}-v35-{4559B717-810F-4B29-BFBB-E62D3532AE3F}-v174-Downloaded.frx
Status: Locked to the Windows API!

Path: C:\Documents and Settings\komtok\Local Settings\Application Data\Microsoft\Messenger\morgankomtok@hotmail.com\SharingMetadata\laure.touchelay@hotmail.fr\DFSR\Staging\CS{4C92E596-1291-BBA9-4539-F6220CC98169}\36\175-{96D80649-7FD4-4137-B58F-F95520783156}-v36-{4559B717-810F-4B29-BFBB-E62D3532AE3F}-v175-Downloaded.frx
Status: Locked to the Windows API!

Path: C:\Documents and Settings\komtok\Local Settings\Application Data\Microsoft\Messenger\morgankomtok@hotmail.com\SharingMetadata\laure.touchelay@hotmail.fr\DFSR\Staging\CS{4C92E596-1291-BBA9-4539-F6220CC98169}\37\176-{96D80649-7FD4-4137-B58F-F95520783156}-v37-{4559B717-810F-4B29-BFBB-E62D3532AE3F}-v176-Downloaded.frx
Status: Locked to the Windows API!

Path: C:\Documents and Settings\komtok\Local Settings\Application Data\Microsoft\Messenger\morgankomtok@hotmail.com\SharingMetadata\laure.touchelay@hotmail.fr\DFSR\Staging\CS{4C92E596-1291-BBA9-4539-F6220CC98169}\38\177-{96D80649-7FD4-4137-B58F-F95520783156}-v38-{4559B717-810F-4B29-BFBB-E62D3532AE3F}-v177-Downloaded.frx
Status: Locked to the Windows API!

Path: C:\Documents and Settings\komtok\Local Settings\Application Data\Microsoft\Messenger\morgankomtok@hotmail.com\SharingMetadata\laure.touchelay@hotmail.fr\DFSR\Staging\CS{4C92E596-1291-BBA9-4539-F6220CC98169}\39\178-{96D80649-7FD4-4137-B58F-F95520783156}-v39-{4559B717-810F-4B29-BFBB-E62D3532AE3F}-v178-Downloaded.frx
Status: Locked to the Windows API!

Path: C:\Documents and Settings\komtok\Local Settings\Application Data\Microsoft\Messenger\morgankomtok@hotmail.com\SharingMetadata\laure.touchelay@hotmail.fr\DFSR\Staging\CS{4C92E596-1291-BBA9-4539-F6220CC98169}\40\179-{96D80649-7FD4-4137-B58F-F95520783156}-v40-{4559B717-810F-4B29-BFBB-E62D3532AE3F}-v179-Downloaded.frx
Status: Locked to the Windows API!

Path: C:\Documents and Settings\komtok\Local Settings\Application Data\Microsoft\Messenger\morgankomtok@hotmail.com\SharingMetadata\laure.touchelay@hotmail.fr\DFSR\Staging\CS{4C92E596-1291-BBA9-4539-F6220CC98169}\41\180-{96D80649-7FD4-4137-B58F-F95520783156}-v41-{4559B717-810F-4B29-BFBB-E62D3532AE3F}-v180-Downloaded.frx
Status: Locked to the Windows API!

Path: C:\Documents and Settings\komtok\Local Settings\Application Data\Microsoft\Messenger\morgankomtok@hotmail.com\SharingMetadata\laure.touchelay@hotmail.fr\DFSR\Staging\CS{4C92E596-1291-BBA9-4539-F6220CC98169}\42\181-{96D80649-7FD4-4137-B58F-F95520783156}-v42-{4559B717-810F-4B29-BFBB-E62D3532AE3F}-v181-Downloaded.frx
Status: Locked to the Windows API!

Path: C:\Documents and Settings\komtok\Local Settings\Application Data\Microsoft\Messenger\morgankomtok@hotmail.com\SharingMetadata\laure.touchelay@hotmail.fr\DFSR\Staging\CS{4C92E596-1291-BBA9-4539-F6220CC98169}\43\182-{96D80649-7FD4-4137-B58F-F95520783156}-v43-{4559B717-810F-4B29-BFBB-E62D3532AE3F}-v182-Downloaded.frx
Status: Locked to the Windows API!

Path: C:\Documents and Settings\komtok\Local Settings\Application Data\Microsoft\Messenger\morgankomtok@hotmail.com\SharingMetadata\laure.touchelay@hotmail.fr\DFSR\Staging\CS{4C92E596-1291-BBA9-4539-F6220CC98169}\44\183-{96D80649-7FD4-4137-B58F-F95520783156}-v44-{4559B717-810F-4B29-BFBB-E62D3532AE3F}-v183-Downloaded.frx
Status: Locked to the Windows API!

Path: C:\Documents and Settings\komtok\Local Settings\Application Data\Microsoft\Messenger\morgankomtok@hotmail.com\SharingMetadata\laure.touchelay@hotmail.fr\DFSR\Staging\CS{4C92E596-1291-BBA9-4539-F6220CC98169}\45\184-{96D80649-7FD4-4137-B58F-F95520783156}-v45-{4559B717-810F-4B29-BFBB-E62D3532AE3F}-v184-Downloaded.frx
Status: Locked to the Windows API!

Path: C:\Documents and Settings\komtok\Local Settings\Application Data\Microsoft\Messenger\morgankomtok@hotmail.com\SharingMetadata\laure.touchelay@hotmail.fr\DFSR\Staging\CS{4C92E596-1291-BBA9-4539-F6220CC98169}\46\185-{96D80649-7FD4-4137-B58F-F95520783156}-v46-{4559B717-810F-4B29-BFBB-E62D3532AE3F}-v185-Downloaded.frx
Status: Locked to the Windows API!

Path: C:\Documents and Settings\komtok\Local Settings\Application Data\Microsoft\Messenger\morgankomtok@hotmail.com\SharingMetadata\laure.touchelay@hotmail.fr\DFSR\Staging\CS{4C92E596-1291-BBA9-4539-F6220CC98169}\47\186-{96D80649-7FD4-4137-B58F-F95520783156}-v47-{4559B717-810F-4B29-BFBB-E62D3532AE3F}-v186-Downloaded.frx
Status: Locked to the Windows API!

Path: C:\Documents and Settings\komtok\Local Settings\Application Data\Microsoft\Messenger\morgankomtok@hotmail.com\SharingMetadata\laure.touchelay@hotmail.fr\DFSR\Staging\CS{4C92E596-1291-BBA9-4539-F6220CC98169}\48\187-{96D80649-7FD4-4137-B58F-F95520783156}-v48-{4559B717-810F-4B29-BFBB-E62D3532AE3F}-v187-Downloaded.frx
Status: Locked to the Windows API!

Path: C:\Documents and Settings\komtok\Local Settings\Application Data\Microsoft\Messenger\morgankomtok@hotmail.com\SharingMetadata\laure.touchelay@hotmail.fr\DFSR\Staging\CS{4C92E596-1291-BBA9-4539-F6220CC98169}\49\188-{96D80649-7FD4-4137-B58F-F95520783156}-v49-{4559B717-810F-4B29-BFBB-E62D3532AE3F}-v188-Downloaded.frx
Status: Locked to the Windows API!

Path: C:\Documents and Settings\komtok\Local Settings\Application Data\Microsoft\Messenger\morgankomtok@hotmail.com\SharingMetadata\laure.touchelay@hotmail.fr\DFSR\Staging\CS{4C92E596-1291-BBA9-4539-F6220CC98169}\50\189-{96D80649-7FD4-4137-B58F-F95520783156}-v50-{4559B717-810F-4B29-BFBB-E62D3532AE3F}-v189-Downloaded.frx
Status: Locked to the Windows API!

Path: C:\Documents and Settings\komtok\Local Settings\Application Data\Microsoft\Messenger\morgankomtok@hotmail.com\SharingMetadata\laure.touchelay@hotmail.fr\DFSR\Staging\CS{4C92E596-1291-BBA9-4539-F6220CC98169}\51\190-{96D80649-7FD4-4137-B58F-F95520783156}-v51-{4559B717-810F-4B29-BFBB-E62D3532AE3F}-v190-Downloaded.frx
Status: Locked to the Windows API!

Path: C:\Documents and Settings\komtok\Local Settings\Application Data\Microsoft\Messenger\morgankomtok@hotmail.com\SharingMetadata\laure.touchelay@hotmail.fr\DFSR\Staging\CS{4C92E596-1291-BBA9-4539-F6220CC98169}\52\72-{96D80649-7FD4-4137-B58F-F95520783156}-v52-{38192728-EDE5-4F8A-9BBB-A826E0C49288}-v72-Downloaded.frx
Status: Locked to the Windows API!

Path: C:\Documents and Settings\komtok\Local Settings\Application Data\Microsoft\Messenger\morgankomtok@hotmail.com\SharingMetadata\laure.touchelay@hotmail.fr\DFSR\Staging\CS{4C92E596-1291-BBA9-4539-F6220CC98169}\53\73-{96D80649-7FD4-4137-B58F-F95520783156}-v53-{38192728-EDE5-4F8A-9BBB-A826E0C49288}-v73-Downloaded.frx
Status: Locked to the Windows API!

Path: C:\Documents and Settings\komtok\Local Settings\Application Data\Microsoft\Messenger\morgankomtok@hotmail.com\SharingMetadata\laure.touchelay@hotmail.fr\DFSR\Staging\CS{4C92E596-1291-BBA9-4539-F6220CC98169}\54\74-{96D80649-7FD4-4137-B58F-F95520783156}-v54-{38192728-EDE5-4F8A-9BBB-A826E0C49288}-v74-Downloaded.frx
Status: Locked to the Windows API!

Path: C:\Documents and Settings\komtok\Local Settings\Application Data\Microsoft\Messenger\morgankomtok@hotmail.com\SharingMetadata\laure.touchelay@hotmail.fr\DFSR\Staging\CS{4C92E596-1291-BBA9-4539-F6220CC98169}\56\76-{96D80649-7FD4-4137-B58F-F95520783156}-v56-{38192728-EDE5-4F8A-9BBB-A826E0C49288}-v76-Downloaded.frx
Status: Locked to the Windows API!

Path: C:\Documents and Settings\komtok\Local Settings\Application Data\Microsoft\Messenger\morgankomtok@hotmail.com\SharingMetadata\laure.touchelay@hotmail.fr\DFSR\Staging\CS{4C92E596-1291-BBA9-4539-F6220CC98169}\57\84-{96D80649-7FD4-4137-B58F-F95520783156}-v57-{38192728-EDE5-4F8A-9BBB-A826E0C49288}-v84-Downloaded.frx
Status: Locked to the Windows API!

Path: C:\Documents and Settings\komtok\Local Settings\Application Data\Microsoft\Messenger\morgankomtok@hotmail.com\SharingMetadata\laure.touchelay@hotmail.fr\DFSR\Staging\CS{4C92E596-1291-BBA9-4539-F6220CC98169}\58\85-{96D80649-7FD4-4137-B58F-F95520783156}-v58-{38192728-EDE5-4F8A-9BBB-A826E0C49288}-v85-Downloaded.frx
Status: Locked to the Windows API!

Path: C:\Documents and Settings\komtok\Local Settings\Application Data\Microsoft\Messenger\morgankomtok@hotmail.com\SharingMetadata\laure.touchelay@hotmail.fr\DFSR\Staging\CS{4C92E596-1291-BBA9-4539-F6220CC98169}\59\86-{96D80649-7FD4-4137-B58F-F95520783156}-v59-{38192728-EDE5-4F8A-9BBB-A826E0C49288}-v86-Downloaded.frx
Status: Locked to the Windows API!

Path: C:\Documents and Settings\komtok\Local Settings\Application Data\Microsoft\Messenger\morgankomtok@hotmail.com\SharingMetadata\laure.touchelay@hotmail.fr\DFSR\Staging\CS{4C92E596-1291-BBA9-4539-F6220CC98169}\60\87-{96D80649-7FD4-4137-B58F-F95520783156}-v60-{38192728-EDE5-4F8A-9BBB-A826E0C49288}-v87-Downloaded.frx
Status: Locked to the Windows API!

Path: C:\Documents and Settings\komtok\Local Settings\Application Data\Microsoft\Messenger\morgankomtok@hotmail.com\SharingMetadata\laure.touchelay@hotmail.fr\DFSR\Staging\CS{4C92E596-1291-BBA9-4539-F6220CC98169}\61\88-{96D80649-7FD4-4137-B58F-F95520783156}-v61-{38192728-EDE5-4F8A-9BBB-A826E0C49288}-v88-Downloaded.frx
Status: Locked to the Windows API!

Path: C:\Documents and Settings\komtok\Local Settings\Application Data\Microsoft\Messenger\morgankomtok@hotmail.com\SharingMetadata\laure.touchelay@hotmail.fr\DFSR\Staging\CS{4C92E596-1291-BBA9-4539-F6220CC98169}\62\89-{96D80649-7FD4-4137-B58F-F95520783156}-v62-{38192728-EDE5-4F8A-9BBB-A826E0C49288}-v89-Downloaded.frx
Status: Locked to the Windows API!

Path: C:\Documents and Settings\komtok\Local Settings\Application Data\Microsoft\Messenger\morgankomtok@hotmail.com\SharingMetadata\laure.touchelay@hotmail.fr\DFSR\Staging\CS{4C92E596-1291-BBA9-4539-F6220CC98169}\63\90-{96D80649-7FD4-4137-B58F-F95520783156}-v63-{38192728-EDE5-4F8A-9BBB-A826E0C49288}-v90-Downloaded.frx
Status: Locked to the Windows API!

Path: C:\Documents and Settings\komtok\Local Settings\Application Data\Microsoft\Messenger\morgankomtok@hotmail.com\SharingMetadata\laure.touchelay@hotmail.fr\DFSR\Staging\CS{4C92E596-1291-BBA9-4539-F6220CC98169}\64\91-{96D80649-7FD4-4137-B58F-F95520783156}-v64-{38192728-EDE5-4F8A-9BBB-A826E0C49288}-v91-Downloaded.frx
Status: Locked to the WindowsSSDT
-------------------
#: 041 Function Name: NtCreateKey
Status: Hooked by "spao.sys" at address 0xb9ea80e0

#: 053 Function Name: NtCreateThread
Status: Hooked by "<unknown>" at address 0xba75a6e4

#: 071 Function Name: NtEnumerateKey
Status: Hooked by "spao.sys" at address 0xb9ec6ca2

#: 073 Function Name: NtEnumerateValueKey
Status: Hooked by "spao.sys" at address 0xb9ec7030

#: 119 Function Name: NtOpenKey
Status: Hooked by "spao.sys" at address 0xb9ea80c0

#: 122 Function Name: NtOpenProcess
Status: Hooked by "<unknown>" at address 0xba75a6d0

#: 128 Function Name: NtOpenThread
Status: Hooked by "<unknown>" at address 0xba75a6d5

#: 160 Function Name: NtQueryKey
Status: Hooked by "spao.sys" at address 0xb9ec7108

#: 177 Function Name: NtQueryValueKey
Status: Hooked by "spao.sys" at address 0xb9ec6f88

#: 247 Function Name: NtSetValueKey
Status: Hooked by "spao.sys" at address 0xb9ec719a

#: 257 Function Name: NtTerminateProcess
Status: Hooked by "<unknown>" at address 0xba75a6df

#: 277 Function Name: NtWriteVirtualMemory
Status: Hooked by "<unknown>" at address 0xba75a6da

Stealth Objects
-------------------
Object: Hidden Code [Driver: Ntfs, IRP_MJ_CREATE]
Process: System Address: 0x89bce1f8 Address: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_CLOSE]
Process: System Address: 0x89bce1f8 Address: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_READ]
Process: System Address: 0x89bce1f8 Address: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_WRITE]
Process: System Address: 0x89bce1f8 Address: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_INFORMATION]
Process: System Address: 0x89bce1f8 Address: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_INFORMATION]
Process: System Address: 0x89bce1f8 Address: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_EA]
Process: System Address: 0x89bce1f8 Address: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_EA]
Process: System Address: 0x89bce1f8 Address: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x89bce1f8 Address: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_VOLUME_INFORMATION]
Process: System Address: 0x89bce1f8 Address: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_VOLUME_INFORMATION]
Process: System Address: 0x89bce1f8 Address: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_DIRECTORY_CONTROL]
Process: System Address: 0x89bce1f8 Address: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_FILE_SYSTEM_CONTROL]
Process: System Address: 0x89bce1f8 Address: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x89bce1f8 Address: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SHUTDOWN]
Process: System Address: 0x89bce1f8 Address: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_LOCK_CONTROL]
Process: System Address: 0x89bce1f8 Address: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_CLEANUP]
Process: System Address: 0x89bce1f8 Address: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_SECURITY]
Process: System Address: 0x89bce1f8 Address: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_SECURITY]
Process: System Address: 0x89bce1f8 Address: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_QUOTA]
Process: System Address: 0x89bce1f8 Address: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_QUOTA]
Process: System Address: 0x89bce1f8 Address: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_PNP]
Process: System Address: 0x89bce1f8 Address: 121

Object: Hidden Code [Driver: abarhjidȅఐ卆浩 , IRP_MJ_CREATE]
Process: System Address: 0x898921f8 Address: 121

Object: Hidden Code [Driver: abarhjidȅఐ卆浩 , IRP_MJ_CLOSE]
Process: System Address: 0x898921f8 Address: 121

Object: Hidden Code [Driver: abarhjidȅఐ卆浩 , IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x898921f8 Address: 121

Object: Hidden Code [Driver: abarhjidȅఐ卆浩 , IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x898921f8 Address: 121

Object: Hidden Code [Driver: abarhjidȅఐ卆浩 , IRP_MJ_POWER]
Process: System Address: 0x898921f8 Address: 121

Object: Hidden Code [Driver: abarhjidȅఐ卆浩 , IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x898921f8 Address: 121

Object: Hidden Code [Driver: abarhjidȅఐ卆浩 , IRP_MJ_PNP]
Process: System Address: 0x898921f8 Address: 121

Object: Hidden Code [Driver: Cdrom, IRP_MJ_CREATE]
Process: System Address: 0x8996c1f8 Address: 121

Object: Hidden Code [Driver: Cdrom, IRP_MJ_CLOSE]
Process: System Address: 0x8996c1f8 Address: 121

Object: Hidden Code [Driver: Cdrom, IRP_MJ_READ]
Process: System Address: 0x8996c1f8 Address: 121

Object: Hidden Code [Driver: Cdrom, IRP_MJ_WRITE]
Process: System Address: 0x8996c1f8 Address: 121

Object: Hidden Code [Driver: Cdrom, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x8996c1f8 Address: 121

Object: Hidden Code [Driver: Cdrom, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x8996c1f8 Address: 121

Object: Hidden Code [Driver: Cdrom, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x8996c1f8 Address: 121

Object: Hidden Code [Driver: Cdrom, IRP_MJ_SHUTDOWN]
Process: System Address: 0x8996c1f8 Address: 121

Object: Hidden Code [Driver: Cdrom, IRP_MJ_POWER]
Process: System Address: 0x8996c1f8 Address: 121

Object: Hidden Code [Driver: Cdrom, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x8996c1f8 Address: 121

Object: Hidden Code [Driver: Cdrom, IRP_MJ_PNP]
Process: System Address: 0x8996c1f8 Address: 121

Object: Hidden Code [Driver: atapi, IRP_MJ_CREATE]
Process: System Address: 0x89b641f8 Address: 121

Object: Hidden Code [Driver: atapi, IRP_MJ_CLOSE]
Process: System Address: 0x89b641f8 Address: 121

Object: Hidden Code [Driver: atapi, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x89b641f8 Address: 121

Object: Hidden Code [Driver: atapi, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x89b641f8 Address: 121

Object: Hidden Code [Driver: atapi, IRP_MJ_POWER]
Process: System Address: 0x89b641f8 Address: 121

Object: Hidden Code [Driver: atapi, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x89b641f8 Address: 121

Object: Hidden Code [Driver: atapi, IRP_MJ_PNP]
Process: System Address: 0x89b641f8 Address: 121

Object: Hidden Code [Driver: usbehci, IRP_MJ_CREATE]
Process: System Address: 0x899791f8 Address: 121

Object: Hidden Code [Driver: usbehci, IRP_MJ_CLOSE]
Process: System Address: 0x899791f8 Address: 121

Object: Hidden Code [Driver: usbehci, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x899791f8 Address: 121

Object: Hidden Code [Driver: usbehci, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x899791f8 Address: 121

Object: Hidden Code [Driver: usbehci, IRP_MJ_POWER]
Process: System Address: 0x899791f8 Address: 121

Object: Hidden Code [Driver: usbehci, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x899791f8 Address: 121

Object: Hidden Code [Driver: usbehci, IRP_MJ_PNP]
Process: System Address: 0x899791f8 Address: 121

Object: Hidden Code [Driver: usbohci, IRP_MJ_CREATE]
Process: System Address: 0x899851f8 Address: 121

Object: Hidden Code [Driver: usbohci, IRP_MJ_CLOSE]
Process: System Address: 0x899851f8 Address: 121

Object: Hidden Code [Driver: usbohci, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x899851f8 Address: 121

Object: Hidden Code [Driver: usbohci, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x899851f8 Address: 121

Object: Hidden Code [Driver: usbohci, IRP_MJ_POWER]
Process: System Address: 0x899851f8 Address: 121

Object: Hidden Code [Driver: usbohci, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x899851f8 Address: 121

Object: Hidden Code [Driver: usbohci, IRP_MJ_PNP]
Process: System Address: 0x899851f8 Address: 121

Object: Hidden Code [Driver: dmio, IRP_MJ_CREATE]
Process: System Address: 0x89bd01f8 Address: 121

Object: Hidden Code [Driver: dmio, IRP_MJ_CLOSE]
Process: System Address: 0x89bd01f8 Address: 121

Object: Hidden Code [Driver: dmio, IRP_MJ_READ]
Process: System Address: 0x89bd01f8 Address: 121

Object: Hidden Code [Driver: dmio, IRP_MJ_WRITE]
Process: System Address: 0x89bd01f8 Address: 121

Object: Hidden Code [Driver: dmio, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x89bd01f8 Address: 121

Object: Hidden Code [Driver: dmio, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x89bd01f8 Address: 121

Object: Hidden Code [Driver: dmio, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x89bd01f8 Address: 121

Object: Hidden Code [Driver: dmio, IRP_MJ_SHUTDOWN]
Process: System Address: 0x89bd01f8 Address: 121

Object: Hidden Code [Driver: dmio, IRP_MJ_POWER]
Process: System Address: 0x89bd01f8 Address: 121

Object: Hidden Code [Driver: dmio, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x89bd01f8 Address: 121

Object: Hidden Code [Driver: dmio, IRP_MJ_PNP]
Process: System Address: 0x89bd01f8 Address: 121

Object: Hidden Code [Driver: USBSTOR, IRP_MJ_CREATE]
Process: System Address: 0x887a81f8 Address: 121

Object: Hidden Code [Driver: USBSTOR, IRP_MJ_CLOSE]
Process: System Address: 0x887a81f8 Address: 121

Object: Hidden Code [Driver: USBSTOR, IRP_MJ_READ]
Process: System Address: 0x887a81f8 Address: 121

Object: Hidden Code [Driver: USBSTOR, IRP_MJ_WRITE]
Process: System Address: 0x887a81f8 Address: 121

Object: Hidden Code [Driver: USBSTOR, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x887a81f8 Address: 121

Object: Hidden Code [Driver: USBSTOR, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x887a81f8 Address: 121

Object: Hidden Code [Driver: USBSTOR, IRP_MJ_POWER]
Process: System Address: 0x887a81f8 Address: 121

Object: Hidden Code [Driver: USBSTOR, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x887a81f8 Address: 121

Object: Hidden Code [Driver: USBSTOR, IRP_MJ_PNP]
Process: System Address: 0x887a81f8 Address: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_CREATE]
Process: System Address: 0x89b651f8 Address: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_READ]
Process: System Address: 0x89b651f8 Address: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_WRITE]
Process: System Address: 0x89b651f8 Address: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x89b651f8 Address: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x89b651f8 Address: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x89b651f8 Address: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_SHUTDOWN]
Process: System Address: 0x89b651f8 Address: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_CLEANUP]
Process: System Address: 0x89b651f8 Address: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_POWER]
Process: System Address: 0x89b651f8 Address: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x89b651f8 Address: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_PNP]
Process: System Address: 0x89b651f8 Address: 121

Object: Hidden Code [Driver: nvgts, IRP_MJ_CREATE]
Process: System Address: 0x89bcf1f8 Address: 121

Object: Hidden Code [Driver: nvgts, IRP_MJ_CLOSE]
Process: System Address: 0x89bcf1f8 Address: 121

Object: Hidden Code [Driver: nvgts, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x89bcf1f8 Address: 121

Object: Hidden Code [Driver: nvgts, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x89bcf1f8 Address: 121

Object: Hidden Code [Driver: nvgts, IRP_MJ_POWER]
Process: System Address: 0x89bcf1f8 Address: 121

Object: Hidden Code [Driver: nvgts, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x89bcf1f8 Address: 121

Object: Hidden Code [Driver: nvgts, IRP_MJ_PNP]
Process: System Address: 0x89bcf1f8 Address: 121

Object: Hidden Code [Driver: NetBT, IRP_MJ_CREATE]
Process: System Address: 0x887de1f8 Address: 121

Object: Hidden Code [Driver: NetBT, IRP_MJ_CLOSE]
Process: System Address: 0x887de1f8 Address: 121

Object: Hidden Code [Driver: NetBT, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x887de1f8 Address: 121

Object: Hidden Code [Driver: NetBT, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x887de1f8 Address: 121

Object: Hidden Code [Driver: NetBT, IRP_MJ_CLEANUP]
Process: System Address: 0x887de1f8 Address: 121

Object: Hidden Code [Driver: NetBT, IRP_MJ_PNP]
Process: System Address: 0x887de1f8 Address: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CREATE]
Process: System Address: 0x887c11f8 Address: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CREATE_NAMED_PIPE]
Process: System Address: 0x887c11f8 Address: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CLOSE]
Process: System Address: 0x887c11f8 Address: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_READ]
Process: System Address: 0x887c11f8 Address: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_WRITE]
Process: System Address: 0x887c11f8 Address: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_INFORMATION]
Process: System Address: 0x887c11f8 Address: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_INFORMATION]
Process: System Address: 0x887c11f8 Address: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_EA]
Process: System Address: 0x887c11f8 Address: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_EA]
Process: System Address: 0x887c11f8 Address: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x887c11f8 Address: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_VOLUME_INFORMATION]
Process: System Address: 0x887c11f8 Address: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_VOLUME_INFORMATION]
Process: System Address: 0x887c11f8 Address: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_DIRECTORY_CONTROL]
Process: System Address: 0x887c11f8 Address: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_FILE_SYSTEM_CONTROL]
Process: System Address: 0x887c11f8 Address: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x887c11f8 Address: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x887c11f8 Address: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SHUTDOWN]
Process: System Address: 0x887c11f8 Address: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_LOCK_CONTROL]
Process: System Address: 0x887c11f8 Address: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CLEANUP]
Process: System Address: 0x887c11f8 Address: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CREATE_MAILSLOT]
Process: System Address: 0x887c11f8 Address: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_SECURITY]
Process: System Address: 0x887c11f8 Address: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_SECURITY]
Process: System Address: 0x887c11f8 Address: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_POWER]
Process: System Address: 0x887c11f8 Address: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x887c11f8 Address: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_DEVICE_CHANGE]
Process: System Address: 0x887c11f8 Address: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_QUOTA]
Process: System Address: 0x887c11f8 Address: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_QUOTA]
Process: System Address: 0x887c11f8 Address: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_PNP]
Process: System Address: 0x887c11f8 Address: 121

Object: Hidden Code [Driver: Cdfsȅఉ瑎捦܉@考, IRP_MJ_CREATE]
Process: System Address: 0x89758500 Address: 121

Object: Hidden Code [Driver: Cdfsȅఉ瑎捦܉@考, IRP_MJ_CLOSE]
Process: System Address: 0x89758500 Address: 121

Object: Hidden Code [Driver: Cdfsȅఉ瑎捦܉@考, IRP_MJ_READ]
Process: System Address: 0x89758500 Address: 121

Object: Hidden Code [Driver: Cdfsȅఉ瑎捦܉@考, IRP_MJ_QUERY_INFORMATION]
Process: System Address: 0x89758500 Address: 121

Object: Hidden Code [Driver: Cdfsȅఉ瑎捦܉@考, IRP_MJ_SET_INFORMATION]
Process: System Address: 0x89758500 Address: 121

Object: Hidden Code [Driver: Cdfsȅఉ瑎捦܉@考, IRP_MJ_QUERY_VOLUME_INFORMATION]
Process: System Address: 0x89758500 Address: 121

Object: Hidden Code [Driver: Cdfsȅఉ瑎捦܉@考, IRP_MJ_DIRECTORY_CONTROL]
Process: System Address: 0x89758500 Address: 121

Object: Hidden Code [Driver: Cdfsȅఉ瑎捦܉@考, IRP_MJ_FILE_SYSTEM_CONTROL]
Process: System Address: 0x89758500 Address: 121

Object: Hidden Code [Driver: Cdfsȅఉ瑎捦܉@考, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x89758500 Address: 121

Object: Hidden Code [Driver: Cdfsȅఉ瑎捦܉@考, IRP_MJ_SHUTDOWN]
Process: System Address: 0x89758500 Address: 121

Object: Hidden Code [Driver: Cdfsȅఉ瑎捦܉@考, IRP_MJ_LOCK_CONTROL]
Process: System Address: 0x89758500 Address: 121

Object: Hidden Code [Driver: Cdfsȅఉ瑎捦܉@考, IRP_MJ_CLEANUP]
Process: System Address: 0x89758500 Address: 121

Object: Hidden Code [Driver: Cdfsȅఉ瑎捦܉@考, IRP_MJ_PNP]
Process: System Address: 0x89758500 Address: 121

==EOF==


Merci de ton aide !
mogan85
 
Messages: 28
Inscription: 11 Déc 2008, 21:34

Messagede nickW » 17 Juil 2009, 00:35

Bonsoir,

Comment ton PC est-il relié à la FreeBox?
(câble, wifi, ...)



Peux-tu faire ce qui suit:

Étape 1: CurrPorts (de NirSoft), installation
Télécharger CurrPorts depuis la page: http://www.nirsoft.net/utils/cports.html

Voir en bas de page: Download CurrPorts
et télécharger aussi le fichier de langue française en cliquant sur le lien "French" (fichier le plus récent).

Créer un nouveau dossier nommé Nirsoft et y décompresser (clic droit, puis Extraire tout) les deux archives téléchargées.


Effectuer si possible l'étape ci-dessous lorsque la connexion est ralentie:

Étape 2: CurrPorts (de NirSoft)
Fermer toutes les fenêtres de navigateur (Internet Explorer, Firefox, ...).

Lancer CurrPorts par un double clic sur cports.exe (dans le dossier Nirsoft).

Cliquer sur le menu Edition (en haut), puis choisir Sélectionner tout.

Cliquer sur le menu Fichier (en haut), puis choisir Enregistrer les éléments sélectionnés.
Enregistrer le fichier dans le dossier Nirsoft en le nommant currports-log-090716.txt.
Fermer CurrPorts.


Étape 3: Résultat
Envoyer:
*- le rapport de CurrPorts (contenu du fichier currports-log-090716.txt)
Comme ce log contient des adresses IP, tu dois me l'envoyer par MP (Message Privé).

A suivre,
nickW - Image
30/07/2012: Plus de désinfection de PC jusqu'à nouvel ordre.
Pas de demande d'analyse de log en MP (Message Privé)
Mes configs
Avatar de l’utilisateur
nickW
Modérateur
 
Messages: 21698
Inscription: 20 Mai 2004, 17:41
Localisation: Dordogne/Île de France

Messagede mogan85 » 20 Juil 2009, 19:36

J'ai envoyé les rapports que tu m'as demandé. Merci.
mogan85
 
Messages: 28
Inscription: 11 Déc 2008, 21:34

Messagede nickW » 21 Juil 2009, 00:29

Bonsoir,


Le log ne montre pas de connexion parasite.


Vérification des services actifs:


Étape 1: ServiWin (de NirSoft), installation
Télécharger ServiWin depuis la page: http://www.nirsoft.net/utils/serviwin.html
Voir en bas de page: Download ServiWin (in Zip file)
et télécharger aussi le fichier de langue française en cliquant sur le lien "French".

Créer un nouveau dossier nommé Nirsoft et y décompresser (clic droit, puis Extraire tout) les deux archives téléchargées.


Étape 2: ServiWin (de NirSoft)
Ouvrir le dossier Nirsoft, puis lancer ServiWin par un double clic sur serviwin.exe
  • Dans le Menu Affichage (en haut), choisir Choisir/Sélectionner les colonnes
    Dans le nouvel écran "Paramètres des colonnes", décocher les cases situées devant
    Contrôle d'erreur/ErrorControl
    grouper
    Fichier Description
    Nom du produit
    Description
  • Dans le Menu Actions (en haut), choisir Sélectionner tout
  • Dans le Menu Fichier (en haut), choisir Sauvegarder/Enregistrer les éléments sélectionnés, et enregistrer le fichier sous le nom serviwin-log-090720.txt

Fermer ServiWin


Étape 3: Résultat
Comme le log est très long, il est impossible de l'envoyer sur le forum. Il faut le déposer sur un serveur externe pour que je puisse le récupérer.
Méthode:
*- mettre le fichier serviwin-log-090720.txt dans un fichier archive nommé mogan85-serviwin.zip
*- Aller sur: http://senduit.com/
*- Dans la zone File:, cliquer sur le bouton Parcourir... et aller jusqu'au fichier mogan85-serviwin.zip - faire un double clic sur ce fichier
*- Dans la zone Expire in:, dans la liste déroulante, choisir 5 days
*- Cliquer sur le bouton Upload
*- Après le transfert du fichier, il y aura affichage d'une nouvelle page dans laquelle tu trouveras un lien (sous "This is your download URL. It expires in 5 Days.")
Envoyer ce lien en réponse.


Puis créer deux nouveaux rapports d'analyse:

Étape 4: OTL (de OldTimer), analyse
Fermer toutes les fenêtres de programme ouvertes.

Faire un double clic sur OTL.exe pour lancer l'outil.

L'écran principal de OTL s'affiche:
Image

Si ce n'est déjà fait, dans le paragraphe Extra Registry, cocher le bouton-radio Use SafeList:
Image


Cocher (en haut) la case située devant Scan All Users:
Image

Puis cliquer sur le bouton Run Scan:
Image

Laisser l'outil travailler sans l'interrompre.
Lorsque l'outil a terminé, il y a ouverture d'une fenêtre du Bloc-notes contenant un rapport (log).
Fermer le Bloc-notes.
Le second rapport est visible dans la Barre des tâches. Le fermer également.
Fermer la fenêtre de OTL.


Étape 5: Résultats
Envoyer en réponse dans deux messages distincts (à cause de la longueur des logs):
*- les deux rapports de OTL (contenu des fichiers OTL.Txt et Extras.Txt situés sur le Bureau).
Les rapports envoyés sur le forum doivent se terminer par une ligne contenant <End>. Si ce n'est pas le cas, ils sont incomplets, et doivent alors être découpés en plusieurs messages.

A suivre,
nickW - Image
30/07/2012: Plus de désinfection de PC jusqu'à nouvel ordre.
Pas de demande d'analyse de log en MP (Message Privé)
Mes configs
Avatar de l’utilisateur
nickW
Modérateur
 
Messages: 21698
Inscription: 20 Mai 2004, 17:41
Localisation: Dordogne/Île de France

Messagede mogan85 » 21 Juil 2009, 17:57

Bonsoir voici le lien que tu m'as demandé : http://senduit.com/2eac9c
mogan85
 
Messages: 28
Inscription: 11 Déc 2008, 21:34

Messagede mogan85 » 21 Juil 2009, 18:04

Voici le rapport OTL.txt :

OTL logfile created on: 21/07/2009 18:59:53 - Run 3
OTL by OldTimer - Version 3.0.7.1 Folder = C:\Documents and Settings\komtok\Mes documents
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy

2,00 Gb Total Physical Memory | 1,54 Gb Available Physical Memory | 77,11% Memory free
3,85 Gb Paging File | 3,43 Gb Available in Paging File | 89,11% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 11,04 Gb Total Space | 1,24 Gb Free Space | 11,26% Space Free | Partition Type: NTFS
Drive D: | 63,48 Gb Total Space | 48,42 Gb Free Space | 76,27% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
Drive I: | 931,51 Gb Total Space | 883,67 Gb Free Space | 94,86% Space Free | Partition Type: NTFS

Computer Name: MORGAN
Current User Name: komtok
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2008/10/29 04:09:10 | 00,585,728 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\System32\Ati2evxx.exe
PRC - [2008/10/29 04:09:10 | 00,585,728 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\System32\Ati2evxx.exe
PRC - [2009/07/16 23:36:56 | 00,108,289 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2009/07/16 23:36:56 | 00,185,089 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2008/09/06 00:30:04 | 00,952,360 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\WgaTray.exe
PRC - [2007/06/13 15:22:28 | 01,037,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Explorer.EXE
PRC - [2008/09/02 11:48:12 | 00,049,152 | ---- | M] (Advanced Micro Devices Inc.) -- C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
PRC - [2008/11/14 19:43:03 | 00,020,480 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Real\RealPlayer\RealPlay.exe
PRC - [2002/09/20 16:16:30 | 00,090,112 | ---- | M] (Logitech Inc.) -- C:\Program Files\Fichiers communs\Logitech\QCDriver2\LVCOMS.EXE
PRC - [2003/12/13 02:50:34 | 00,033,792 | ---- | M] () -- C:\Program Files\Winamp\winampa.exe
PRC - [2008/06/10 05:27:04 | 00,144,784 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
PRC - [2007/05/08 17:24:20 | 00,054,840 | ---- | M] (Hewlett-Packard) -- C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
PRC - [2009/03/02 13:08:11 | 00,209,153 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2009/02/06 19:51:28 | 03,885,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\msnmsgr.exe
PRC - [2008/09/02 11:40:46 | 00,049,152 | ---- | M] (ATI Technologies Inc.) -- C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
PRC - [2009/02/06 18:07:48 | 00,027,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Contacts\wlcomm.exe
PRC - [2003/08/06 13:24:20 | 12,037,688 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
PRC - [2004/08/04 00:54:52 | 00,093,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe
PRC - [2009/07/11 17:07:31 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\komtok\Mes documents\OTL.exe

========== Win32 Services (SafeList) ==========

SRV - [2009/07/16 23:36:56 | 00,108,289 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService [Auto | Running])
SRV - [2009/07/16 23:36:56 | 00,185,089 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService [Auto | Running])
SRV - [2005/09/23 07:28:32 | 00,029,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
SRV - [2008/10/29 04:09:10 | 00,585,728 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\System32\Ati2evxx.exe -- (Ati HotKey Poller [Auto | Running])
SRV - [2008/10/28 22:05:00 | 00,593,920 | ---- | M] () -- C:\WINDOWS\System32\ati2sgag.exe -- (ATI Smart [Auto | Stopped])
SRV - [2005/09/23 07:28:56 | 00,066,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
SRV - [2004/08/04 00:54:36 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto | Running])
SRV - [2005/04/04 01:41:10 | 00,069,632 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped])
SRV - [2003/07/28 12:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])

========== Driver Services (SafeList) ==========

DRV - [2008/10/29 05:10:58 | 03,341,824 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\System32\DRIVERS\ati2mtag.sys -- (ati2mtag [On_Demand | Running])
DRV - [2008/11/15 01:43:29 | 00,278,728 | ---- | M] () -- C:\WINDOWS\System32\DRIVERS\atksgt.sys -- (atksgt [Auto | Running])
DRV - [2009/02/13 12:34:33 | 00,011,608 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio [System | Running])
DRV - [2009/03/24 16:07:58 | 00,055,640 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\DRIVERS\avgntflt.sys -- (avgntflt [Auto | Running])
DRV - [2009/03/30 10:32:47 | 00,096,104 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\DRIVERS\avipbb.sys -- (avipbb [System | Running])
DRV - [2005/02/23 08:47:50 | 00,584,512 | ---- | M] (VIA - IC Ensemble, Inc.) -- C:\WINDOWS\System32\drivers\Envy24HF.sys -- (Envy24HFS [On_Demand | Running])
DRV - [2008/11/15 01:43:29 | 00,025,416 | ---- | M] () -- C:\WINDOWS\System32\DRIVERS\lirsgt.sys -- (lirsgt [Auto | Running])
DRV - [2008/08/01 12:36:00 | 00,054,784 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\DRIVERS\NVENETFD.sys -- (NVENETFD [On_Demand | Running])
DRV - [2008/08/18 19:54:00 | 00,145,952 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\DRIVERS\nvgts.sys -- (nvgts [Boot | Running])
DRV - [2008/08/01 12:36:00 | 00,022,016 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\DRIVERS\nvnetbus.sys -- (nvnetbus [On_Demand | Running])
DRV - [2002/06/10 15:16:34 | 00,371,766 | ---- | M] (Philips Semiconductors) -- C:\WINDOWS\System32\DRIVERS\CamDrL21.sys -- (PhilCam8116 [On_Demand | Running])
DRV - [2001/08/28 14:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\System32\DRIVERS\ptilink.sys -- (Ptilink [On_Demand | Running])
DRV - [2008/09/19 23:57:32 | 00,043,528 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\DRIVERS\PxHelp20.sys -- (PxHelp20 [Boot | Running])
DRV - [2007/11/13 12:25:54 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\System32\DRIVERS\secdrv.sys -- (Secdrv [On_Demand | Stopped])
DRV - [2009/04/03 00:00:32 | 00,717,296 | ---- | M] () -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd [Boot | Running])
DRV - [2009/07/16 23:36:56 | 00,028,520 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\DRIVERS\ssmdrv.sys -- (ssmdrv [System | Running])
DRV - [2009/06/04 19:54:54 | 00,102,664 | ---- | M] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\tmcomm.sys -- (tmcomm [Auto | Running])
DRV - [2004/08/04 00:07:56 | 00,059,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\usbaudio.sys -- (usbaudio [On_Demand | Running])

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://fr.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://fr.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm


IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-583907252-1303643608-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKU\S-1-5-21-583907252-1303643608-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKU\S-1-5-21-583907252-1303643608-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://fr.rd.yahoo.com/customize/ycomp/ ... .yahoo.com
IE - HKU\S-1-5-21-583907252-1303643608-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
IE - HKU\S-1-5-21-583907252-1303643608-725345543-1003\S-1-5-21-583907252-1303643608-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



O1 HOSTS File: (317681 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 10896 more lines...
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Programme d'aide de l'Assistant de connexion Windows Live) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O3 - HKU\S-1-5-21-583907252-1303643608-725345543-1003\..\Toolbar\WebBrowser: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - No CLSID value found.
O3 - HKU\S-1-5-21-583907252-1303643608-725345543-1003\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [EnvyHFCPL] C:\Program Files\Audio Deck\EnMixCPL.exe (VIA Technologies, Inc)
O4 - HKLM..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe (Hewlett-Packard)
O4 - HKLM..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb06.exe (HP)
O4 - HKLM..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\ImageStudio\ISStart.exe (Logitech Inc.)
O4 - HKLM..\Run: [LogitechImageStudioTray] C:\Program Files\Logitech\ImageStudio\LogiTray.exe (Logitech Inc.)
O4 - HKLM..\Run: [LVCOMS] C:\Program Files\Fichiers communs\Logitech\QCDriver2\LVCOMS.EXE (Logitech Inc.)
O4 - HKLM..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe (Simply Super Software)
O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe ()
O4 - HKU\S-1-5-21-583907252-1303643608-725345543-1003..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\daemon.exe (DT Soft Ltd)
O4 - HKU\S-1-5-21-583907252-1303643608-725345543-1003..\Run: [msnmsgr] C:\Program Files\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-583907252-1303643608-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: E&xporter vers Microsoft Excel - C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE File not found
O9 - Extra 'Tools' menuitem : Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: 57 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\.DEFAULT\..Trusted Domains: 56 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-18\..Trusted Domains: 56 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-21-583907252-1303643608-725345543-1003\..Trusted Domains: secuser.com ([www] http in Sites de confiance)
O15 - HKU\S-1-5-21-583907252-1303643608-725345543-1003\..Trusted Domains: 57 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} http://ax.emsisoft.com/asquared.cab (a-squared Scanner)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shoc ... wflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 212.27.40.240 212.27.40.241
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Fichiers communs\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Fichiers communs\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter: - text/xml - C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\Ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop Components:0 (Ma page d'accueil) - About:Home
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/11/14 02:13:17 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found

========== Files/Folders - Created Within 30 Days ==========

[2009/07/21 18:52:25 | 00,005,374 | ---- | C] () -- C:\Documents and Settings\komtok\Bureau\mogan85-serviwin.zip.zip
[2009/07/21 17:16:49 | 00,001,454 | ---- | C] () -- C:\Documents and Settings\komtok\Mes documents\serviwin_french.zip
[2009/07/21 17:16:34 | 00,039,822 | ---- | C] () -- C:\Documents and Settings\komtok\Mes documents\serviwin.zip
[2009/07/20 23:46:23 | 00,020,291 | ---- | C] () -- C:\Documents and Settings\komtok\Bureau\Nouveau Texte OpenDocument.odt
[2009/07/20 18:11:35 | 00,105,984 | ---- | C] () -- C:\Documents and Settings\komtok\Bureau\CV morgan Vasner.doc
[2009/07/20 17:09:17 | 00,330,488 | ---- | C] () -- C:\Documents and Settings\komtok\Mes documents\hfr2wlm.zip
[2009/07/19 12:46:38 | 00,000,724 | ---- | C] () -- C:\Documents and Settings\komtok\Bureau\Raccourci vers Rmvtrjan.lnk
[2009/07/19 12:10:27 | 00,162,304 | ---- | C] () -- C:\WINDOWS\System32\ztvunrar36.dll
[2009/07/19 12:10:27 | 00,153,088 | ---- | C] () -- C:\WINDOWS\System32\UNRAR3.dll
[2009/07/19 12:10:27 | 00,077,312 | ---- | C] () -- C:\WINDOWS\System32\ztvunace26.dll
[2009/07/19 12:10:27 | 00,075,264 | ---- | C] () -- C:\WINDOWS\System32\unacev2.dll
[2009/07/19 12:10:27 | 00,069,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ztvcabinet.dll
[2009/07/19 12:10:25 | 00,000,000 | ---D | C] -- C:\Program Files\Trojan Remover
[2009/07/19 12:10:25 | 00,000,000 | ---D | C] -- C:\Documents and Settings\komtok\Mes documents\Simply Super Software
[2009/07/19 12:10:25 | 00,000,000 | ---D | C] -- C:\Documents and Settings\komtok\Application Data\Simply Super Software
[2009/07/17 15:44:49 | 00,000,000 | ---D | C] -- C:\Nirsoft
[2009/07/17 15:44:24 | 00,002,128 | ---- | C] () -- C:\Documents and Settings\komtok\Mes documents\cports_french2.zip
[2009/07/17 15:44:04 | 00,058,632 | ---- | C] () -- C:\Documents and Settings\komtok\Mes documents\cports.zip
[2009/07/16 22:48:27 | 00,012,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\mouhid.sys
[2009/07/16 22:48:27 | 00,012,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mouhid.sys
[2009/07/16 22:48:23 | 00,009,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\hidusb.sys
[2009/07/16 22:48:23 | 00,009,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hidusb.sys
[2009/07/16 12:45:02 | 00,001,707 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\Avira AntiVir Control Center.lnk
[2009/07/16 12:44:53 | 00,096,104 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys
[2009/07/16 12:44:53 | 00,055,640 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys
[2009/07/16 12:44:53 | 00,022,360 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntmgr.sys
[2009/07/16 12:44:52 | 00,045,416 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntdd.sys
[2009/07/16 12:44:52 | 00,028,520 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\ssmdrv.sys
[2009/07/16 12:44:48 | 00,000,000 | ---D | C] -- C:\Program Files\Avira
[2009/07/16 12:44:48 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Avira
[2009/07/16 09:16:28 | 30,143,928 | ---- | C] () -- C:\Documents and Settings\komtok\Mes documents\avira_antivir_personal_free.exe
[2009/07/15 21:02:56 | 00,000,000 | ---D | C] -- C:\Rootrepeal
[2009/07/15 08:46:08 | 00,462,508 | ---- | C] () -- C:\Documents and Settings\komtok\Bureau\RootRepeal.zip
[2009/07/13 15:55:31 | 00,000,000 | ---D | C] -- C:\WINDOWS\CSC
[2009/07/13 13:25:54 | 00,265,216 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\komtok\Mes documents\TFC.exe
[2009/07/11 17:07:31 | 00,513,536 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\komtok\Mes documents\OTL.exe
[2009/07/09 16:04:07 | 00,055,492 | ---- | C] () -- C:\Documents and Settings\komtok\Bureau\Image 20.jpg
[2009/07/09 16:03:53 | 00,053,851 | ---- | C] () -- C:\Documents and Settings\komtok\Bureau\Image 19.jpg
[2009/07/09 16:03:09 | 00,042,357 | ---- | C] () -- C:\Documents and Settings\komtok\Bureau\Image 16.jpg
[2009/07/09 16:03:03 | 00,042,508 | ---- | C] () -- C:\Documents and Settings\komtok\Bureau\Image 15.jpg
[2009/07/09 16:02:35 | 00,039,936 | ---- | C] () -- C:\Documents and Settings\komtok\Bureau\Image 14.jpg
[2009/07/08 18:20:02 | 00,302,080 | ---- | C] () -- C:\Documents and Settings\komtok\Mes documents\dossier de candidature auxiliaire de vacances.doc
[2009/07/07 14:53:53 | 00,013,758 | ---- | C] () -- C:\Documents and Settings\komtok\Bureau\Lettre de motivation Courtepaille.odt
[2009/07/06 23:27:19 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/07/06 23:21:22 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Simply Super Software
[2009/07/06 22:37:32 | 00,002,864 | ---- | C] () -- C:\WINDOWS\System32\tmp.reg
[2009/07/06 22:36:59 | 00,000,000 | ---D | C] -- C:\Documents and Settings\komtok\Mes documents\SmitfraudFix
[2009/07/06 20:53:05 | 00,000,933 | ---- | C] () -- C:\Documents and Settings\komtok\Bureau\Spybot - Search & Destroy.lnk
[2009/07/06 20:52:59 | 00,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2009/07/06 20:52:59 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2009/07/06 20:19:59 | 16,409,960 | ---- | C] (Safer Networking Limited ) -- C:\Documents and Settings\komtok\Mes documents\spybotsd162.exe
[2009/07/06 19:52:06 | 08,416,384 | ---- | C] (Simply Super Software ) -- C:\Documents and Settings\komtok\Mes documents\trjsetup679.exe
[2009/04/03 00:00:32 | 00,717,296 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2009/02/27 19:59:57 | 00,000,497 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008/11/21 20:41:52 | 00,164,352 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2008/11/21 20:41:52 | 00,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini
[2008/11/21 20:41:50 | 00,755,027 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2008/11/21 20:41:50 | 00,159,839 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2008/11/15 01:43:29 | 00,278,728 | ---- | C] () -- C:\WINDOWS\System32\drivers\atksgt.sys
[2008/11/15 01:43:29 | 00,025,416 | ---- | C] () -- C:\WINDOWS\System32\drivers\lirsgt.sys
[2008/11/14 23:28:28 | 00,000,061 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2008/11/14 19:48:49 | 00,000,192 | ---- | C] () -- C:\WINDOWS\winamp.ini
[2008/11/14 19:44:54 | 00,000,241 | ---- | C] () -- C:\WINDOWS\QSync.INI
[2008/11/14 19:43:48 | 00,073,728 | ---- | C] () -- C:\WINDOWS\System32\LVUI2RC.dll
[2008/11/14 19:43:48 | 00,005,187 | ---- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2008/11/14 01:39:31 | 00,057,344 | ---- | C] () -- C:\WINDOWS\System32\UnEnvyNT.dll
[2008/03/28 18:41:32 | 00,007,680 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2007/07/10 17:10:12 | 00,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2004/11/16 10:29:28 | 00,254,000 | ---- | C] ( ) -- C:\WINDOWS\System32\Audio3D.dll
[2004/11/16 10:29:28 | 00,254,000 | ---- | C] ( ) -- C:\WINDOWS\System32\A3D.dll
[2003/01/07 15:05:08 | 00,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002/12/14 23:46:03 | 00,921,600 | ---- | C] () -- C:\WINDOWS\System32\vorbisenc.dll
[2002/12/14 23:46:02 | 00,237,568 | ---- | C] () -- C:\WINDOWS\System32\oggDS.dll
[2002/12/14 23:46:02 | 00,188,416 | ---- | C] () -- C:\WINDOWS\System32\vorbis.dll
[2002/12/14 23:46:02 | 00,045,056 | ---- | C] () -- C:\WINDOWS\System32\ogg.dll
[2002/10/04 08:01:42 | 00,503,808 | ---- | C] () -- C:\WINDOWS\System32\xvid.dll
[2001/08/28 14:00:00 | 00,000,603 | ---- | C] () -- C:\WINDOWS\win.ini
[2001/08/28 14:00:00 | 00,000,231 | ---- | C] () -- C:\WINDOWS\system.ini
[1999/01/27 14:39:06 | 00,065,024 | ---- | C] () -- C:\WINDOWS\System32\indounin.dll
[1997/06/13 08:56:08 | 00,056,832 | ---- | C] () -- C:\WINDOWS\System32\Iyvu9_32.dll

========== Files - Modified Within 30 Days ==========

[2009/07/21 18:57:52 | 00,000,192 | ---- | M] () -- C:\WINDOWS\winamp.ini
[2009/07/21 18:53:02 | 00,005,374 | ---- | M] () -- C:\Documents and Settings\komtok\Bureau\mogan85-serviwin.zip.zip
[2009/07/21 18:43:08 | 00,016,896 | ---- | M] () -- C:\Documents and Settings\komtok\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/07/21 17:16:49 | 00,001,454 | ---- | M] () -- C:\Documents and Settings\komtok\Mes documents\serviwin_french.zip
[2009/07/21 17:16:35 | 00,039,822 | ---- | M] () -- C:\Documents and Settings\komtok\Mes documents\serviwin.zip
[2009/07/21 16:49:54 | 00,000,260 | ---- | M] () -- C:\WINDOWS\tasks\WGASetup.job
[2009/07/21 16:49:34 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/07/21 16:48:41 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/07/21 16:48:37 | 00,060,452 | ---- | M] () -- C:\WINDOWS\System32\ativvaxx.cap
[2009/07/21 16:48:37 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/07/21 00:01:21 | 05,904,140 | -H-- | M] () -- C:\Documents and Settings\komtok\Local Settings\Application Data\IconCache.db
[2009/07/20 23:47:05 | 00,020,291 | ---- | M] () -- C:\Documents and Settings\komtok\Bureau\Nouveau Texte OpenDocument.odt
[2009/07/20 18:24:49 | 00,027,648 | ---- | M] () -- C:\Documents and Settings\komtok\Bureau\Lettre de motive Thales.doc
[2009/07/20 18:11:56 | 00,105,984 | ---- | M] () -- C:\Documents and Settings\komtok\Bureau\CV morgan Vasner.doc
[2009/07/20 17:09:24 | 00,330,488 | ---- | M] () -- C:\Documents and Settings\komtok\Mes documents\hfr2wlm.zip
[2009/07/19 23:07:24 | 00,317,681 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2009/07/19 12:46:38 | 00,000,724 | ---- | M] () -- C:\Documents and Settings\komtok\Bureau\Raccourci vers Rmvtrjan.lnk
[2009/07/17 15:44:24 | 00,002,128 | ---- | M] () -- C:\Documents and Settings\komtok\Mes documents\cports_french2.zip
[2009/07/17 15:44:06 | 00,058,632 | ---- | M] () -- C:\Documents and Settings\komtok\Mes documents\cports.zip
[2009/07/16 23:36:56 | 00,028,520 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\drivers\ssmdrv.sys
[2009/07/16 12:45:02 | 00,001,707 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\Avira AntiVir Control Center.lnk
[2009/07/16 09:16:29 | 30,143,928 | ---- | M] () -- C:\Documents and Settings\komtok\Mes documents\avira_antivir_personal_free.exe
[2009/07/16 08:05:29 | 00,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009/07/15 08:46:08 | 00,462,508 | ---- | M] () -- C:\Documents and Settings\komtok\Bureau\RootRepeal.zip
[2009/07/13 20:50:03 | 00,991,946 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/07/13 20:50:03 | 00,458,648 | ---- | M] () -- C:\WINDOWS\System32\perfh00C.dat
[2009/07/13 20:50:03 | 00,392,432 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/07/13 20:50:03 | 00,071,488 | ---- | M] () -- C:\WINDOWS\System32\perfc00C.dat
[2009/07/13 20:50:03 | 00,058,732 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/07/13 13:36:34 | 00,038,160 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/07/13 13:36:12 | 00,019,096 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/07/13 13:26:01 | 00,265,216 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\komtok\Mes documents\TFC.exe
[2009/07/11 17:07:31 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\komtok\Mes documents\OTL.exe
[2009/07/09 16:04:07 | 00,055,492 | ---- | M] () -- C:\Documents and Settings\komtok\Bureau\Image 20.jpg
[2009/07/09 16:03:53 | 00,053,851 | ---- | M] () -- C:\Documents and Settings\komtok\Bureau\Image 19.jpg
[2009/07/09 16:03:09 | 00,042,357 | ---- | M] () -- C:\Documents and Settings\komtok\Bureau\Image 16.jpg
[2009/07/09 16:03:03 | 00,042,508 | ---- | M] () -- C:\Documents and Settings\komtok\Bureau\Image 15.jpg
[2009/07/09 16:02:35 | 00,039,936 | ---- | M] () -- C:\Documents and Settings\komtok\Bureau\Image 14.jpg
[2009/07/08 18:20:04 | 00,302,080 | ---- | M] () -- C:\Documents and Settings\komtok\Mes documents\dossier de candidature auxiliaire de vacances.doc
[2009/07/07 17:10:56 | 24,539,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe
[2009/07/07 15:46:18 | 00,013,758 | ---- | M] () -- C:\Documents and Settings\komtok\Bureau\Lettre de motivation Courtepaille.odt
[2009/07/06 23:20:57 | 08,416,384 | ---- | M] (Simply Super Software ) -- C:\Documents and Settings\komtok\Mes documents\trjsetup679.exe
[2009/07/06 22:37:32 | 00,002,864 | ---- | M] () -- C:\WINDOWS\System32\tmp.reg
[2009/07/06 22:19:23 | 00,316,775 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.msn
[2009/07/06 22:19:23 | 00,316,775 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20090719-230724.backup
[2009/07/06 20:53:05 | 00,000,933 | ---- | M] () -- C:\Documents and Settings\komtok\Bureau\Spybot - Search & Destroy.lnk
[2009/07/06 20:20:00 | 16,409,960 | ---- | M] (Safer Networking Limited ) -- C:\Documents and Settings\komtok\Mes documents\spybotsd162.exe

========== Alternate Data Streams ==========

@Alternate Data Stream - 88 bytes -> C:\Documents and Settings\komtok\Mes documents\HiJackThis.zip: SummaryInformation
@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CB0AACC9
<End>
mogan85
 
Messages: 28
Inscription: 11 Déc 2008, 21:34

Messagede mogan85 » 21 Juil 2009, 18:06

Et voici le log extras :

OTL Extras logfile created on: 21/07/2009 18:59:53 - Run 3
OTL by OldTimer - Version 3.0.7.1 Folder = C:\Documents and Settings\komtok\Mes documents
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy

2,00 Gb Total Physical Memory | 1,54 Gb Available Physical Memory | 77,11% Memory free
3,85 Gb Paging File | 3,43 Gb Available in Paging File | 89,11% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 11,04 Gb Total Space | 1,24 Gb Free Space | 11,26% Space Free | Partition Type: NTFS
Drive D: | 63,48 Gb Total Space | 48,42 Gb Free Space | 76,27% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
Drive I: | 931,51 Gb Total Space | 883,67 Gb Free Space | 94,86% Space Free | Partition Type: NTFS

Computer Name: MORGAN
Current User Name: komtok
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[2009/02/06 19:21:00 | 00,583,024 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call
[2009/02/06 19:23:32 | 01,170,272 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync
[2009/02/06 19:51:28 | 03,885,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
[2004/10/13 18:24:37 | 01,694,208 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger
[2006/08/16 00:35:05 | 03,151,360 | ---- | M] (THQ Canada Inc.) -- D:\Program Files\THQ\Dawn Of War\W40k.exe:*:Enabled:W40k
[2006/08/15 23:36:10 | 03,153,408 | ---- | M] (THQ Canada Inc.) -- D:\Program Files\THQ\Dawn Of War\W40kWA.exe:*:Enabled:W40kWA
[2006/09/17 05:15:16 | 03,110,488 | ---- | M] (THQ Canada Inc.) -- D:\Program Files\THQ\Dawn of War - Dark Crusade\DarkCrusade.exe:*:Enabled:DarkCrusade
[2009/02/06 19:21:00 | 00,583,024 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call
[2009/02/06 19:23:32 | 01,170,272 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync
[2009/02/06 19:51:28 | 03,885,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger
File not found -- C:\Program Files\Windows Home Server\Discovery.exe:*:Enabled:Connecteur Windows Home Server
File not found -- E:\WHSRECOVERY.EXE:*:Enabled:WHS Recovery


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00E15D21-B68B-D7C4-574B-636E2D1ECEBE}" = Catalyst Control Center HydraVision Full
"{02EBDBB9-4600-41D3-B566-40CB861511D2}" = World of Warcraft FREE Trial
"{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center
"{059C042E-796A-4ACC-A81A-ECC2010BB78C}" = Windows Live Messenger
"{1170F665-2359-E439-5BC5-932B87423EF1}" = ccc-utility
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{20533183-D42D-4261-A125-956736FBEA8C}" = Dawn of War - Soulstorm
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Outil de téléchargement Windows Live
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{350C940c-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{39D74E81-5DED-C7EE-8807-91A8800212FA}" = ccc-core-preinstall
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{41C01225-45FD-7BCE-1EDA-F7E50945ADD7}" = Catalyst Control Center Core Implementation
"{44E54A81-9D91-4AA1-9417-80AFF134F5FF}" = Galerie de photos Windows Live
"{4DE3E3D9-AE81-45DE-9195-3015F7B1DBF3}" = Junk Mail filter update
"{4EF69D40-4DC9-485E-95D3-B1C22F218FC8}" = upapp
"{5A24DD7E-7B01-41AC-ADA8-F1776177A3BA}" = Logitech ImageStudio
"{5E8E1294-7951-6DA9-10F1-C877871346F3}" = Skins
"{63DC2DA0-2A6C-4C38-9249-B75395458657}" = Windows Live Mail
"{6860B340-530D-46B3-91F8-1AE1F70F7C33}" = OpenOffice.org 3.0
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{7131646D-CD3C-40F4-97B9-CD9E4E6262EF}" = Microsoft .NET Framework 2.0
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7370DF47-B4F9-4279-BFC3-3F09919F720D}" = Installation Windows Live
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{826F3B4F-C597-AF1D-4CB1-2F441BE8E2BF}" = ccc-core-static
"{82C7B308-0BDD-49D8-8EA5-9CD3A3F9DF41}" = Windows Live Call
"{87B20692-9E9D-FAE0-76C7-E75E3CC7B0D1}" = Catalyst Control Center Graphics Full Existing
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90AF040C-6000-11D3-8CFE-0150048383C9}" = Microsoft Office PowerPoint Viewer 2003
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{982B2A0F-7679-41D6-A584-C8E735F4A8CD}" = Windows Home Server Toolkit 1.1
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9C5EB781-0D37-44B8-9A58-77B3E4BF5F5E}" = Windows Live Sync
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{C29769BE-BEDF-DC9E-67A9-5E7AEFF039CF}" = CCC Help English
"{C514C594-23AA-4F13-A070-DB8BDB27594F}" = Windows Live Mail
"{C740289B-FC90-D938-8317-1FFEBF7C04DB}" = Catalyst Control Center Graphics Previews Common
"{D0B36BAF-3E9D-423E-8821-ED238C18DB0A}" = Warhammer 40,000: Dawn Of War - Gold Edition
"{D3116CC7-24DC-4CA3-9CE1-23FED836E9F2}" = Assistant de connexion Windows Live
"{D3B1C799-CB73-42DE-BA0F-2344793A095C}" = Catalyst Control Center - Branding
"{D5B3C1B7-37C2-47B0-B6DD-EC53D3FB3B01}" = HP MediaSmart Server
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F30A8BF7-288C-57C0-357E-6D67BB694682}" = Catalyst Control Center Graphics Full New
"{F54543CF-EC73-D847-1780-84A6420EA229}" = Catalyst Control Center Graphics Light
"{FE57DE70-95DE-4B64-9266-84DA811053DB}" = HP Update
"{FF39FC01-819B-42E4-AE49-1968AF12DDD4}" = Dawn of War - Dark Crusade
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"All ATI Software" = ATI - Software Uninstall Utility
"ATI Display Driver" = ATI Display Driver
"Audacity_is1" = Audacity 1.2.6
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"Dawn of War - Soulstorm_is1" = Dawn of War - Soulstorm
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"Envy24HF Setup Program" = UnInstall Envy24 Family Audio Device Driver
"Foxit PDF Editor" = Foxit PDF Editor
"Foxit Reader" = Foxit Reader
"HijackThis" = HijackThis 2.0.2
"hp deskjet 5550 series" = hp deskjet 5550 series (Supprimer uniquement)
"hp deskjet 5550 series_Driver" = hp deskjet 5550 series
"hp print screen utility" = hp print screen utility
"KC Softwares AVIToolbox_is1" = KC Softwares AVIToolbox
"KLiteCodecPack_is1" = K-Lite Codec Pack 4.3.1 (Full)
"Logitech Print Service" = Logitech Print Service
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 2.0" = Microsoft .NET Framework 2.0
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NVIDIA Drivers" = NVIDIA Drivers
"RealPlayer 6.0" = RealPlayer 7 Basic
"SLD CODEC PACK 1.5" = SLD CODEC PACK 1.5
"Trojan Remover_is1" = Trojan Remover 6.7.9
"VLC media player" = VideoLAN VLC media player 0.8.0
"WIC" = Windows Imaging Component
"Winamp" = Winamp (remove only)
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"WinLiveSuite_Wave3" = Installation Windows Live
"WinRAR archiver" = Archiveur WinRAR
"WMFDist11" = Windows Media Format 11 runtime
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 26/02/2009 12:30:37 | Computer Name = MORGAN | Source = Avira AntiVir | ID = 4110
Description = Une erreur inconnue est survenue pendant l'initialisation du moteur
de recherche ! Code d'erreur : 53

Error - 26/02/2009 12:31:58 | Computer Name = MORGAN | Source = Avira AntiVir | ID = 4110
Description = Une erreur inconnue est survenue pendant l'initialisation du moteur
de recherche ! Code d'erreur : 53

Error - 27/02/2009 03:29:13 | Computer Name = MORGAN | Source = Application Hang | ID = 1002
Description = Application bloquée IEXPLORE.EXE, version 6.0.2900.2180, module bloqué
hungapp, version 0.0.0.0, adresse de blocage 0x00000000.

Error - 28/02/2009 14:18:05 | Computer Name = MORGAN | Source = Application Hang | ID = 1002
Description = Application bloquée IEXPLORE.EXE, version 6.0.2900.2180, module bloqué
hungapp, version 0.0.0.0, adresse de blocage 0x00000000.

Error - 02/03/2009 04:59:39 | Computer Name = MORGAN | Source = Application Hang | ID = 1002
Description = Application bloquée wmplayer.exe, version 9.0.0.3250, module bloqué
hungapp, version 0.0.0.0, adresse de blocage 0x00000000.

Error - 03/03/2009 17:13:40 | Computer Name = MORGAN | Source = Application Hang | ID = 1002
Description = Application bloquée IEXPLORE.EXE, version 6.0.2900.2180, module bloqué
hungapp, version 0.0.0.0, adresse de blocage 0x00000000.

Error - 06/03/2009 04:42:52 | Computer Name = MORGAN | Source = MsiInstaller | ID = 11316
Description = Produit : Assistant de connexion Windows Live -- Erreur 1316. Erreur
au niveau du réseau lors de la tentative de lecture du fichier C:\WINDOWS\TEMP\IXP000.TMP\Install_{AFA4E5FD-ED70-4D92-99D0-162FD56DC986}.msi

Error - 07/03/2009 06:38:50 | Computer Name = MORGAN | Source = MsiInstaller | ID = 10005
Description = Produit : Windows Live Mail -- Windows Installer a rencontré une erreur
inattendue lors de l'installation de ce package. Il s'agit peut-être d'un problème
lié au package. Le code d'erreur est 2762. Les arguments sont : , ,

Error - 08/03/2009 10:14:23 | Computer Name = MORGAN | Source = Windows Live Messenger | ID = 1000
Description =

Error - 10/03/2009 03:26:58 | Computer Name = MORGAN | Source = Application Hang | ID = 1002
Description = Application bloquée IEXPLORE.EXE, version 6.0.2900.2180, module bloqué
hungapp, version 0.0.0.0, adresse de blocage 0x00000000.

[ System Events ]
Error - 20/07/2009 03:28:18 | Computer Name = MORGAN | Source = Disk | ID = 262155
Description = Le pilote a détecté une erreur du contrôleur sur \Device\Harddisk0\D.

Error - 20/07/2009 03:28:20 | Computer Name = MORGAN | Source = Disk | ID = 262155
Description = Le pilote a détecté une erreur du contrôleur sur \Device\Harddisk0\D.

Error - 21/07/2009 02:03:52 | Computer Name = MORGAN | Source = Disk | ID = 262155
Description = Le pilote a détecté une erreur du contrôleur sur \Device\Harddisk0\D.

Error - 21/07/2009 02:04:23 | Computer Name = MORGAN | Source = Disk | ID = 262155
Description = Le pilote a détecté une erreur du contrôleur sur \Device\Harddisk0\D.

Error - 21/07/2009 06:22:51 | Computer Name = MORGAN | Source = Disk | ID = 262155
Description = Le pilote a détecté une erreur du contrôleur sur \Device\Harddisk0\D.

Error - 21/07/2009 06:22:55 | Computer Name = MORGAN | Source = Disk | ID = 262155
Description = Le pilote a détecté une erreur du contrôleur sur \Device\Harddisk0\D.

Error - 21/07/2009 06:23:07 | Computer Name = MORGAN | Source = Disk | ID = 262155
Description = Le pilote a détecté une erreur du contrôleur sur \Device\Harddisk0\D.

Error - 21/07/2009 10:50:05 | Computer Name = MORGAN | Source = Disk | ID = 262155
Description = Le pilote a détecté une erreur du contrôleur sur \Device\Harddisk0\D.

Error - 21/07/2009 10:50:26 | Computer Name = MORGAN | Source = Disk | ID = 262155
Description = Le pilote a détecté une erreur du contrôleur sur \Device\Harddisk0\D.

Error - 21/07/2009 10:50:28 | Computer Name = MORGAN | Source = Disk | ID = 262155
Description = Le pilote a détecté une erreur du contrôleur sur \Device\Harddisk0\D.


<End>


Merci pour ton aide.
mogan85
 
Messages: 28
Inscription: 11 Déc 2008, 21:34

Messagede mogan85 » 29 Juil 2009, 23:21

Bonsoir je remets à jour mon sujet.
mogan85
 
Messages: 28
Inscription: 11 Déc 2008, 21:34

Messagede mogan85 » 03 Aoû 2009, 18:17

Bonsoir. Je profite de remettre à jour mon sujet, pour ajouter que mon antivirus antivir personnal free edition n'arrive plus à se mettre à jour, ni manuellement ni automatiquement. J'ai toujours le même problème. Peut-on m'aider s'il vous plait ? Merci.
mogan85
 
Messages: 28
Inscription: 11 Déc 2008, 21:34

Messagede nickW » 04 Aoû 2009, 00:20

Bonsoir,


De quand datent ces ralentissements?


Le 6 juillet, tu as installé Trojan Remover et Spybot-S&D.
Qu'ont-ils détecté lors des premières analyses?
La lenteur de la connexion a-t-elle suscité ces installations de nouveaux logiciels?


Utilises-tu eMule?


As-tu essayé de réinitialiser la Box?

A suivre,
nickW - Image
30/07/2012: Plus de désinfection de PC jusqu'à nouvel ordre.
Pas de demande d'analyse de log en MP (Message Privé)
Mes configs
Avatar de l’utilisateur
nickW
Modérateur
 
Messages: 21698
Inscription: 20 Mai 2004, 17:41
Localisation: Dordogne/Île de France

PrécédenteSuivante

Retourner vers Sécurité (Contamination - Décontamination)

Qui est en ligne

Utilisateurs parcourant ce forum: Aucun utilisateur enregistré et 26 invités