Demande d'analyse de log

Sécurité et insécurité. Virus, Trojans, Spywares, Failles etc. …

Modérateur: Modérateurs et Modératrices

Règles du forum
Assiste.com a suspendu l'assistance à la décontamination après presque 15 ans sur l'ancien forum puis celui-ci. Voir :

Procédure de décontamination 1 - Anti-malware
Décontamination anti-malwares

Procédure de décontamination 2 - Anti-malware et antivirus (La Manip)
La Manip - Procédure standard de décontamination

Entretien périodique d'un PC sous Windows
Entretien périodique d'un PC sous Windows

Protection des navigateurs, de la navigation et de la vie privée
Protéger le navigateur, la navigation et la vie privée

Demande d'analyse de log

Messagede esteban31 » 27 Oct 2009, 21:39

Bonjour.

Depuis quelques semaines, mon PC démarre de plus en plus lentement et firefox met également énormément de temps avant de s'ouvrir. Pouvez-vous effectuer une analyse de log svp?

Merci.

Esteban.

PS: désolé mais je n'arrive pas à créer de lien pour vous décrire ma config (j'ai bien lu vos tutos mais je dois pas être doué)
Du coup je la décris ici:

* Système d'exploitation + version :

* Windows XP SP3

* Configuration sécurité
o Pare-feu + version
* Pare-feu ZoneAlarm free
o Antivirus
*Avast
o Antitrojan
* Spybot S&D
* Spywaregard

o Limitation droits utilisateurs
o Limitation services Windows
o Contrôleur d'intégrité actif (tea-timer, adwatch, Processguard registre)
* tea-timer de spybot S&D
o Protection navigation
* Spywareblaster


* Surveillance système
* Spybot

* Configuration optimisation système
o Nettoyeur fichiers
* Ccleaner
o Nettoyeur registre

* Navigation internet
o Type connexion
* ADSL
o surveillance connexion
o Navigateur
* Firefox 1.5.0.1
o Courrielleur
o Messagerie instantanée
* messenger
o Autres





Malwarebytes' Anti-Malware 1.41
Version de la base de données: 3043
Windows 5.1.2600 Service Pack 3

27/10/2009 21:21:47
mbam-log-2009-10-27 (21-21-47).txt

Type de recherche: Examen rapide
Eléments examinés: 110072
Temps écoulé: 5 minute(s), 55 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 0

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
(Aucun élément nuisible détecté)
esteban31
 
Messages: 64
Inscription: 19 Oct 2006, 18:26

Messagede esteban31 » 27 Oct 2009, 21:39

OTL logfile created on: 27/10/2009 21:27:57 - Run 1
OTL by OldTimer - Version 3.0.22.1 Folder = C:\Documents and Settings\JC\Bureau
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy

511,47 Mb Total Physical Memory | 132,13 Mb Available Physical Memory | 25,83% Memory free
1,22 Gb Paging File | 0,67 Gb Available in Paging File | 55,00% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 19,53 Gb Total Space | 6,32 Gb Free Space | 32,34% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 54,99 Gb Total Space | 27,85 Gb Free Space | 50,64% Space Free | Partition Type: NTFS
Drive F: | 8,79 Gb Total Space | 8,74 Gb Free Space | 99,43% Space Free | Partition Type: NTFS
Drive G: | 9,77 Gb Total Space | 9,72 Gb Free Space | 99,47% Space Free | Partition Type: NTFS
Drive H: | 9,77 Gb Total Space | 9,33 Gb Free Space | 95,52% Space Free | Partition Type: NTFS
Drive I: | 48,01 Gb Total Space | 6,51 Gb Free Space | 13,56% Space Free | Partition Type: NTFS

Computer Name: ESTEBAN
Current User Name: JC
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2009/10/27 21:07:49 | 00,521,728 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\JC\Bureau\OTL.exe
PRC - [2009/09/14 20:22:19 | 00,307,704 | ---- | M] (Mozilla Corporation) -- E:\firefox\firefox.exe
PRC - [2009/08/17 17:07:23 | 00,081,000 | ---- | M] (ALWIL Software) -- E:\Avast\ashDisp.exe
PRC - [2009/08/17 17:07:17 | 00,138,680 | ---- | M] (ALWIL Software) -- E:\Avast\ashServ.exe
PRC - [2009/08/17 17:07:01 | 00,254,040 | ---- | M] (ALWIL Software) -- E:\Avast\ashMaiSv.exe
PRC - [2009/08/17 17:04:21 | 00,352,920 | ---- | M] (ALWIL Software) -- E:\Avast\ashWebSv.exe
PRC - [2009/08/17 16:58:55 | 00,018,752 | ---- | M] (ALWIL Software) -- E:\Avast\aswUpdSv.exe
PRC - [2009/07/25 04:23:12 | 00,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
PRC - [2009/07/25 04:23:10 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2009/04/29 20:02:39 | 00,188,416 | ---- | M] (Canal+ Active) -- C:\Program Files\Canal\Canal Widget\VOD\CanalPlus.VOD.exe
PRC - [2009/04/02 15:11:02 | 00,342,312 | ---- | M] (Apple Inc.) -- I:\iTunes\iTunesHelper.exe
PRC - [2009/04/02 15:10:56 | 00,656,168 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe
PRC - [2009/03/26 14:31:20 | 00,132,424 | ---- | M] (Apple Inc.) -- C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2009/03/05 15:07:20 | 02,260,480 | ---- | M] (Safer-Networking Ltd.) -- E:\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2009/01/23 21:21:58 | 00,039,936 | ---- | M] (C-Dilla Ltd) -- C:\WINDOWS\System32\drivers\CDAC11BA.EXE
PRC - [2008/12/12 10:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
PRC - [2008/10/16 08:45:19 | 00,185,872 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
PRC - [2008/09/02 13:33:22 | 00,048,640 | ---- | M] (tzuk) -- E:\Sandboxie\SbieSvc.exe
PRC - [2008/07/09 08:05:20 | 00,919,016 | ---- | M] (Zone Labs, LLC) -- E:\ZoneAlarm\zlclient.exe
PRC - [2008/07/09 08:05:18 | 00,075,304 | ---- | M] (Zone Labs, LLC) -- C:\WINDOWS\System32\ZoneLabs\vsmon.exe
PRC - [2008/04/14 03:34:03 | 01,037,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Explorer.EXE
PRC - [2007/01/31 13:55:42 | 00,096,370 | ---- | M] (Canon Inc.) -- C:\Program Files\Canon\CAL\CALMAIN.exe
PRC - [2006/11/13 14:07:02 | 01,289,000 | ---- | M] (Microsoft Corporation) -- E:\Activesync\Wcescomm.exe
PRC - [2006/11/13 14:06:52 | 00,199,464 | ---- | M] (Microsoft Corporation) -- E:\Activesync\rapimgr.exe
PRC - [2003/08/29 18:05:35 | 00,360,448 | ---- | M] () -- E:\SpywareGuard\sgmain.exe
PRC - [2003/08/29 10:14:56 | 00,233,472 | ---- | M] () -- E:\SpywareGuard\sgbhp.exe
PRC - [2003/06/09 03:07:00 | 00,028,672 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\System32\CTHELPER.EXE
PRC - [2003/05/02 08:19:00 | 00,069,632 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvsvc32.exe
PRC - [2000/06/26 06:44:20 | 00,053,520 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MsPMSPSv.exe

========== Win32 Services (SafeList) ==========

SRV - File not found -- -- (Creative Service for CDROM Access [Auto | Stopped])
SRV - [2009/08/17 17:07:17 | 00,138,680 | ---- | M] (ALWIL Software) -- E:\Avast\ashServ.exe -- (avast! Antivirus [Auto | Running])
SRV - [2009/08/17 17:07:01 | 00,254,040 | ---- | M] (ALWIL Software) -- E:\Avast\ashMaiSv.exe -- (avast! Mail Scanner [On_Demand | Running])
SRV - [2009/08/17 17:04:21 | 00,352,920 | ---- | M] (ALWIL Software) -- E:\Avast\ashWebSv.exe -- (avast! Web Scanner [On_Demand | Running])
SRV - [2009/08/17 16:58:55 | 00,018,752 | ---- | M] (ALWIL Software) -- E:\Avast\aswUpdSv.exe -- (aswUpdSv [Auto | Running])
SRV - [2009/07/25 04:23:10 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService [Auto | Running])
SRV - [2009/04/29 20:02:39 | 00,188,416 | ---- | M] (Canal+ Active) -- C:\Program Files\Canal\Canal Widget\VOD\CanalPlus.VOD.exe -- (CanalPlus.VOD [Auto | Running])
SRV - [2009/04/02 15:10:56 | 00,656,168 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service [On_Demand | Running])
SRV - [2009/03/26 14:31:20 | 00,132,424 | ---- | M] (Apple Inc.) -- C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device [Auto | Running])
SRV - [2009/01/23 21:21:58 | 00,039,936 | ---- | M] (C-Dilla Ltd) -- C:\WINDOWS\System32\drivers\CDAC11BA.EXE -- (C-DillaCdaC11BA [Auto | Running])
SRV - [2008/12/12 10:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service [Auto | Running])
SRV - [2008/09/02 13:33:22 | 00,048,640 | ---- | M] (tzuk) -- E:\Sandboxie\SbieSvc.exe -- (SbieSvc [Auto | Running])
SRV - [2008/07/29 20:10:04 | 00,046,104 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Stopped])
SRV - [2008/07/29 18:24:50 | 00,881,664 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc [Unknown | Stopped])
SRV - [2008/07/29 18:16:38 | 00,132,096 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled | Stopped])
SRV - [2008/07/25 10:17:02 | 00,069,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
SRV - [2008/07/25 10:16:40 | 00,034,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
SRV - [2008/07/09 08:05:18 | 00,075,304 | ---- | M] (Zone Labs, LLC) -- C:\WINDOWS\System32\ZoneLabs\vsmon.exe -- (vsmon [Auto | Running])
SRV - [2008/04/14 03:33:38 | 00,038,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto | Running])
SRV - [2007/10/25 14:27:54 | 00,266,240 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\installer\WLSetupSvc.exe -- (WLSetupSvc [On_Demand | Stopped])
SRV - [2007/10/18 10:31:54 | 00,098,328 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\usnsvc.exe -- (usnjsvc [On_Demand | Stopped])
SRV - [2007/02/05 10:11:18 | 00,075,320 | ---- | M] (Sony Corporation) -- C:\Program Files\Fichiers communs\Sony Shared\AVLib\SSScsiSV.exe -- (SSScsiSV [On_Demand | Stopped])
SRV - [2007/02/05 10:11:16 | 00,112,184 | ---- | M] (Sony Corporation) -- C:\Program Files\Fichiers communs\Sony Shared\AVLib\SsBeSvc.exe -- (SonicStage Back-End Service [On_Demand | Stopped])
SRV - [2007/01/31 13:55:42 | 00,096,370 | ---- | M] (Canon Inc.) -- C:\Program Files\Canon\CAL\CALMAIN.exe -- (CCALib8 [Auto | Running])
SRV - [2007/01/04 02:40:21 | 00,136,120 | ---- | M] (Google) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc [On_Demand | Stopped])
SRV - [2006/12/14 02:21:20 | 00,045,056 | ---- | M] (Sony Corporation) -- C:\Program Files\Fichiers communs\Sony Shared\AVLib\MSCSPTISRV.exe -- (MSCSPTISRV [On_Demand | Stopped])
SRV - [2006/12/14 02:02:08 | 00,069,632 | ---- | M] (Sony Corporation) -- C:\Program Files\Fichiers communs\Sony Shared\AVLib\SPTISRV.exe -- (SPTISRV [On_Demand | Stopped])
SRV - [2006/12/14 01:46:16 | 00,057,344 | ---- | M] () -- C:\Program Files\Fichiers communs\Sony Shared\AVLib\PACSPTISVR.exe -- (PACSPTISVR [On_Demand | Stopped])
SRV - [2006/11/03 08:59:14 | 00,918,016 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\WMPNetwk.exe -- (WMPNetworkSvc [On_Demand | Stopped])
SRV - [2005/11/14 01:06:04 | 00,069,632 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped])
SRV - [2003/07/28 19:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
SRV - [2003/05/02 08:19:00 | 00,069,632 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvsvc32.exe -- (NVSvc [Auto | Running])
SRV - [2000/06/26 06:44:20 | 00,053,520 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MsPMSPSv.exe -- (WMDM PMSP Service [Auto | Running])

========== Driver Services (SafeList) ==========

DRV - [2009/08/17 17:06:43 | 00,094,160 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2 [Auto | Running])
DRV - [2009/08/17 17:05:52 | 00,114,768 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP [System | Running])
DRV - [2009/08/17 17:05:37 | 00,020,560 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\DRIVERS\aswFsBlk.sys -- (aswFsBlk [Auto | Running])
DRV - [2009/08/17 17:04:40 | 00,051,376 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi [System | Running])
DRV - [2009/08/17 17:04:29 | 00,023,152 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr [On_Demand | Running])
DRV - [2009/08/17 17:03:21 | 00,026,944 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4 [System | Running])
DRV - [2009/03/19 15:32:48 | 00,023,400 | ---- | M] (GEAR Software Inc.) -- C:\WINDOWS\System32\DRIVERS\GEARAspiWDM.sys -- (GEARAspiWDM [On_Demand | Running])
DRV - [2008/11/20 20:19:06 | 00,043,872 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20 [Boot | Running])
DRV - [2008/09/02 13:33:22 | 00,100,352 | ---- | M] (tzuk) -- E:\Sandboxie\SbieDrv.sys -- (SbieDrv [On_Demand | Running])
DRV - [2008/07/09 08:05:22 | 00,394,952 | ---- | M] (Zone Labs, LLC) -- C:\WINDOWS\System32\vsdatant.sys -- (vsdatant [System | Running])
DRV - [2008/04/13 19:56:49 | 00,012,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\DRIVERS\usb8023x.sys -- (usb_rndisx [On_Demand | Stopped])
DRV - [2008/04/13 19:45:29 | 00,010,624 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\DRIVERS\gameenum.sys -- (gameenum [On_Demand | Running])
DRV - [2008/04/13 19:45:12 | 00,060,032 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\usbaudio.sys -- (usbaudio [On_Demand | Running])
DRV - [2008/02/27 02:10:44 | 00,051,176 | ---- | M] (Zone Labs, LLC) -- C:\WINDOWS\system32\ZoneLabs\srescan.sys -- (srescan [Boot | Running])
DRV - [2007/11/13 11:25:54 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\System32\DRIVERS\secdrv.sys -- (Secdrv [On_Demand | Stopped])
DRV - [2007/07/19 14:10:28 | 00,127,768 | ---- | M] (Kaspersky Lab) -- C:\WINDOWS\System32\DRIVERS\klif.sys -- (KLIF [System | Running])
DRV - [2004/12/13 22:14:00 | 00,039,904 | ---- | M] (Adaptec, Inc.) -- C:\WINDOWS\System32\drivers\cercsr6.sys -- (cercsr6 [Boot | Stopped])
DRV - [2004/08/05 11:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\System32\DRIVERS\ptilink.sys -- (Ptilink [On_Demand | Running])
DRV - [2003/06/09 02:45:04 | 00,116,416 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\System32\drivers\emupia2k.sys -- (emupia [On_Demand | Running])
DRV - [2003/06/09 02:44:52 | 00,136,448 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\System32\drivers\ctsfm2k.sys -- (ctsfm2k [On_Demand | Running])
DRV - [2003/06/09 02:44:36 | 00,006,144 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\System32\drivers\ctprxy2k.sys -- (ctprxy2k [On_Demand | Running])
DRV - [2003/06/09 02:44:32 | 00,113,840 | ---- | M] (Creative Technology Ltd.) -- C:\WINDOWS\System32\drivers\ctoss2k.sys -- (ossrv [On_Demand | Running])
DRV - [2003/06/09 02:44:22 | 00,494,384 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\System32\drivers\ctaud2k.sys -- (ctaud2k [On_Demand | Running])
DRV - [2003/06/09 02:42:58 | 00,186,068 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\System32\drivers\ctac32k.sys -- (ctac32k [On_Demand | Running])
DRV - [2003/06/09 02:42:44 | 00,135,696 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\System32\drivers\hap16v2k.sys -- (hap16v2k [On_Demand | Stopped])
DRV - [2003/06/09 02:42:28 | 00,819,984 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\System32\drivers\ha10kx2k.sys -- (ha10kx2k [On_Demand | Running])
DRV - [2003/05/02 08:19:00 | 01,312,555 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\DRIVERS\nv4_mini.sys -- (nv [On_Demand | Running])
DRV - [2002/11/18 15:05:00 | 00,116,924 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\DRIVERS\nvcap.sys -- (nvcap [Auto | Running])
DRV - [2002/11/18 15:05:00 | 00,010,814 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\DRIVERS\NVxbar.sys -- (NVXBAR [Auto | Running])
DRV - [2002/09/10 02:45:50 | 00,041,728 | R--- | M] (Broadcom Corporation) -- C:\WINDOWS\System32\DRIVERS\bcm4sbxp.sys -- (bcm4sbxp [On_Demand | Running])
DRV - [2002/09/06 07:40:16 | 00,549,368 | R--- | M] (Analog Devices, Inc.) -- C:\WINDOWS\System32\drivers\smwdm.sys -- (smwdm [On_Demand | Running])
DRV - [2002/08/13 23:00:00 | 00,093,594 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\DRIVERS\IdeChnDr.sys -- (IdeChnDr [Boot | Running])
DRV - [2002/08/13 23:00:00 | 00,013,782 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\DRIVERS\IdeBusDr.sys -- (IdeBusDr [Boot | Running])
DRV - [2002/04/01 06:15:00 | 00,004,816 | R--- | M] (Andrea Electronics Corporation) -- C:\WINDOWS\System32\drivers\aeaudio.sys -- (aeaudio [On_Demand | Running])
DRV - [2001/08/17 23:04:46 | 00,223,232 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\DRIVERS\camdrv21.sys -- (camvid20 [On_Demand | Running])
DRV - [2001/08/17 21:19:20 | 00,003,712 | ---- | M] (Creative Technology Ltd.) -- C:\WINDOWS\System32\DRIVERS\ctljystk.sys -- (ctljystk [On_Demand | Stopped])

========== Modules (SafeList) ==========

MOD - [2009/10/27 21:07:49 | 00,521,728 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\JC\Bureau\OTL.exe
MOD - [2008/04/14 03:30:54 | 01,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
MOD - [2003/06/09 03:07:08 | 00,057,344 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\System32\ctagent.dll

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm


IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-861567501-2052111302-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKU\S-1-5-21-861567501-2052111302-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
IE - HKU\S-1-5-21-861567501-2052111302-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dl ... ar=msnhome
IE - HKU\S-1-5-21-861567501-2052111302-839522115-1003\S-1-5-21-861567501-2052111302-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-861567501-2052111302-839522115-1003\S-1-5-21-861567501-2052111302-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "www.free.fr"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}:6.0.10
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}:6.0.11
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}:6.0.15
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.1
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:1.5.2.20080717
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.14
FF - prefs.js..network.proxy.backup.ftp: ""
FF - prefs.js..network.proxy.backup.ftp_port: 0
FF - prefs.js..network.proxy.backup.gopher: ""
FF - prefs.js..network.proxy.backup.gopher_port: 0
FF - prefs.js..network.proxy.backup.socks: ""
FF - prefs.js..network.proxy.backup.socks_port: 0
FF - prefs.js..network.proxy.backup.ssl: ""
FF - prefs.js..network.proxy.backup.ssl_port: 0
FF - prefs.js..network.proxy.ftp: "localhost"
FF - prefs.js..network.proxy.ftp_port: 8080
FF - prefs.js..network.proxy.gopher: "localhost"
FF - prefs.js..network.proxy.gopher_port: 8080
FF - prefs.js..network.proxy.http: "localhost"
FF - prefs.js..network.proxy.http_port: 8080
FF - prefs.js..network.proxy.share_proxy_settings: true
FF - prefs.js..network.proxy.socks: "localhost"
FF - prefs.js..network.proxy.socks_port: 8080
FF - prefs.js..network.proxy.ssl: "localhost"
FF - prefs.js..network.proxy.ssl_port: 8080


FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/09/02 21:15:36 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2008/12/02 20:44:30 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.14\extensions\\Components: E:\firefox\components [2009/09/15 20:43:48 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.14\extensions\\Plugins: E:\firefox\plugins [2009/09/14 20:22:30 | 00,000,000 | ---D | M]

[2008/06/19 22:45:02 | 00,000,000 | ---D | M] -- C:\Documents and Settings\JC\Application Data\mozilla\Extensions
[2008/06/19 22:45:02 | 00,000,000 | ---D | M] -- C:\Documents and Settings\JC\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/10/27 17:34:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\JC\Application Data\mozilla\Firefox\Profiles\vl1zla0p.default\extensions
[2009/09/02 22:15:14 | 00,000,000 | ---D | M] -- C:\Documents and Settings\JC\Application Data\mozilla\Firefox\Profiles\vl1zla0p.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/03/15 10:07:36 | 00,000,000 | ---D | M] -- C:\Documents and Settings\JC\Application Data\mozilla\Firefox\Profiles\vl1zla0p.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}

O1 HOSTS File: (338733 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.123topsearch.com
O1 - Hosts: 127.0.0.1 123topsearch.com
O1 - Hosts: 127.0.0.1 www.132.com
O1 - Hosts: 127.0.0.1 132.com
O1 - Hosts: 127.0.0.1 www.136136.net
O1 - Hosts: 127.0.0.1 136136.net
O1 - Hosts: 127.0.0.1 www.163ns.com
O1 - Hosts: 127.0.0.1 163ns.com
O1 - Hosts: 11614 more lines...
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Acrobat Reader\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (SpywareGuardDLBLOCK.CBrowserHelper) - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - E:\SpywareGuard\dlprotect.dll ()
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - E:\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No CLSID value found.
O2 - BHO: (Programme d'aide de l'Assistant de connexion Windows Live) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (VMN Toolbar) - {A057A204-BACC-4D26-8287-79A187E26987} - C:\Program Files\vmntoolbar\vmntoolbar.dll (Visicom Media Inc. )
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (VMN Toolbar) - {A057A204-BACC-4D26-8287-79A187E26987} - C:\Program Files\vmntoolbar\vmntoolbar.dll (Visicom Media Inc. )
O3 - HKU\S-1-5-21-861567501-2052111302-839522115-1003\..\Toolbar\WebBrowser: (VMN Toolbar) - {A057A204-BACC-4D26-8287-79A187E26987} - C:\Program Files\vmntoolbar\vmntoolbar.dll (Visicom Media Inc. )
O4 - HKLM..\Run: [avast!] E:\Avast\ashDisp.exe (ALWIL Software)
O4 - HKLM..\Run: [CTHelper] C:\WINDOWS\System32\CTHELPER.EXE (Creative Technology Ltd)
O4 - HKLM..\Run: [iTunesHelper] I:\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [Jet Detection] C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe ()
O4 - HKLM..\Run: [NeroCheck] C:\WINDOWS\System32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe (NVIDIA Corporation)
O4 - HKLM..\Run: [OutpostFeedBack] E:\OUTPOS~1\feedback.exe File not found
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE (Creative Technology Ltd.)
O4 - HKLM..\Run: [ZoneAlarm Client] E:\ZoneAlarm\zlclient.exe (Zone Labs, LLC)
O4 - HKU\S-1-5-21-861567501-2052111302-839522115-1003..\Run: [H/PC Connection Agent] E:\Activesync\Wcescomm.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-861567501-2052111302-839522115-1003..\Run: [NvMediaCenter] C:\WINDOWS\System32\NVMCTRAY.DLL (NVIDIA Corporation)
O4 - HKU\S-1-5-21-861567501-2052111302-839522115-1003..\Run: [SpybotSD TeaTimer] E:\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] E:\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKU\S-1-5-21-861567501-2052111302-839522115-1003..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\System32\Macromed\Flash\NPSWF32_FlashUtil.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Lancement rapide d'Adobe Reader.lnk = E:\Acrobat Reader\Reader\reader_sl.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Documents and Settings\JC\Menu Démarrer\Programmes\Démarrage\Pinnacle Systems - Studio Family.lnk = E:\StudioPCTV\ERegister\Remind32.exe File not found
O4 - Startup: C:\Documents and Settings\JC\Menu Démarrer\Programmes\Démarrage\SpywareGuard.lnk = E:\SpywareGuard\sgmain.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-861567501-2052111302-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: E&xporter vers Microsoft Excel - E:\office 2003\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - E:\Activesync\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Créer un Favori de l'appareil mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - E:\Activesync\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: Outpost Firewall Pro Quick Tune - {44627E97-789B-40d4-B5C2-58BD171129A1} - E:\OUTPOS~1\Plugins\BrowserBar\ie_bar.dll File not found
O9 - Extra Button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\office 2003\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - E:\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKLM\..Trusted Domains: 58 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\.DEFAULT\..Trusted Domains: 57 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-18\..Trusted Domains: 57 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-21-861567501-2052111302-839522115-1003\..Trusted Domains: 64 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} http://ax.emsisoft.com/asquared.cab (a-squared Scanner)
O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_15)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 212.27.40.240 212.27.40.241
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Fichiers communs\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Fichiers communs\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O24 - Desktop Components:0 (Ma page d'accueil) - About:Home
O28 - HKLM ShellExecuteHooks: {81559C35-8464-49F7-BB0E-07A383BEF910} - E:\SpywareGuard\spywareguard.dll ()
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/06/19 20:32:15 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
O35 - comfile [open] -- "%1" %* File not found
O35 - exefile [open] -- "%1" %* File not found

========== Files/Folders - Created Within 30 Days ==========

[2009/10/20 19:48:37 | 00,000,000 | ---D | C] -- C:\Documents and Settings\JC\Application Data\ArcSoft
[2009/10/27 21:07:48 | 00,521,728 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\JC\Bureau\OTL.exe
[2009/10/20 19:48:38 | 00,000,000 | ---D | C] -- E:\Mes documents - JC\My Albums
[2009/10/20 19:48:37 | 00,000,000 | ---D | C] -- E:\Mes documents - JC\My Pictures
[2009/10/14 13:16:43 | 00,000,000 | -HSD | C] -- C:\Config.Msi

========== Files - Modified Within 30 Days ==========

[3 C:\WINDOWS\System32\*.tmp files]
[6 C:\WINDOWS\*.tmp files]
[2009/10/27 21:27:18 | 15,605,792 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox.dat
[2009/10/27 21:07:49 | 00,521,728 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\JC\Bureau\OTL.exe
[2009/10/27 20:59:43 | 00,358,382 | ---- | M] () -- C:\WINDOWS\System32\vsconfig.xml
[2009/10/27 20:59:40 | 00,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/10/27 20:59:17 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/10/27 20:59:04 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/10/27 20:59:02 | 53,638,3488 | -HS- | M] () -- C:\hiberfil.sys
[2009/10/27 20:46:21 | 00,190,952 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox.idx
[2009/10/27 20:46:21 | 00,024,144 | ---- | M] () -- C:\WINDOWS\System32\BMXCtrlState-{00000002-00000000-0000000D-00001102-00000002-80671102}.rfx
[2009/10/27 20:46:21 | 00,024,144 | ---- | M] () -- C:\WINDOWS\System32\BMXBkpCtrlState-{00000002-00000000-0000000D-00001102-00000002-80671102}.rfx
[2009/10/27 20:46:21 | 00,016,348 | ---- | M] () -- C:\WINDOWS\System32\BMXStateBkp-{00000002-00000000-0000000D-00001102-00000002-80671102}.rfx
[2009/10/27 20:46:21 | 00,016,348 | ---- | M] () -- C:\WINDOWS\System32\BMXState-{00000002-00000000-0000000D-00001102-00000002-80671102}.rfx
[2009/10/27 20:46:21 | 00,001,080 | ---- | M] () -- C:\WINDOWS\System32\settingsbkup.sfm
[2009/10/27 20:46:21 | 00,001,080 | ---- | M] () -- C:\WINDOWS\System32\settings.sfm
[2009/10/27 20:46:21 | 00,000,288 | ---- | M] () -- C:\WINDOWS\System32\DVCStateBkp-{00000002-00000000-0000000D-00001102-00000002-80671102}.dat
[2009/10/27 20:46:21 | 00,000,288 | ---- | M] () -- C:\WINDOWS\System32\DVCState-{00000002-00000000-0000000D-00001102-00000002-80671102}.dat
[2009/10/27 20:45:45 | 03,382,339 | ---- | M] () -- C:\WINDOWS\{00000002-00000000-0000000D-00001102-00000002-80671102}.CDF
[2009/10/27 20:45:44 | 03,382,339 | ---- | M] () -- C:\WINDOWS\{00000002-00000000-0000000D-00001102-00000002-80671102}.BAK
[2009/10/25 18:36:37 | 00,503,656 | ---- | M] () -- C:\WINDOWS\System32\perfh00C.dat
[2009/10/25 18:36:37 | 00,435,396 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/10/25 18:36:37 | 00,081,626 | ---- | M] () -- C:\WINDOWS\System32\perfc00C.dat
[2009/10/25 18:36:36 | 00,068,292 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/10/25 18:36:35 | 01,102,320 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/10/20 19:39:31 | 01,325,774 | ---- | M] () -- C:\Documents and Settings\JC\Bureau\plan.bmp
[2009/10/14 13:14:22 | 00,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009/10/12 21:13:14 | 00,000,477 | ---- | M] () -- C:\Documents and Settings\JC\Bureau\IZArc.lnk
[2009/10/02 19:01:57 | 25,198,016 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe
[2009/10/02 12:03:53 | 00,338,733 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts

========== Files - No Company Name ==========
[2009/10/20 19:39:30 | 01,325,774 | ---- | C] () -- C:\Documents and Settings\JC\Bureau\plan.bmp
[2009/10/12 21:13:14 | 00,000,477 | ---- | C] () -- C:\Documents and Settings\JC\Bureau\IZArc.lnk
[2009/08/12 21:02:53 | 00,021,904 | ---- | C] () -- C:\WINDOWS\System32\imsinstall_loc040c.dll
[2009/08/12 21:02:53 | 00,017,808 | ---- | C] () -- C:\WINDOWS\System32\imslsp_install_loc040c.dll
[2009/08/12 21:02:20 | 00,796,048 | ---- | C] () -- C:\WINDOWS\System32\libeay32_0.9.6l.dll
[2009/04/16 07:54:56 | 00,002,439 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2009/02/27 15:04:00 | 00,002,528 | ---- | C] () -- C:\Documents and Settings\JC\Application Data\$_hpcst$.hpc
[2009/01/27 23:05:33 | 00,012,800 | ---- | C] () -- C:\Documents and Settings\JC\Application Data\Settings.cfg
[2009/01/23 21:27:03 | 00,000,029 | ---- | C] () -- C:\WINDOWS\DEBUGSM.INI
[2009/01/23 21:19:16 | 00,290,919 | ---- | C] () -- C:\WINDOWS\System32\pythoncom21.dll
[2009/01/23 21:19:16 | 00,057,344 | ---- | C] () -- C:\WINDOWS\System32\PyWinTypes21.dll
[2009/01/23 21:17:18 | 00,096,768 | ---- | C] () -- C:\WINDOWS\SlantAdj.dll
[2009/01/23 21:17:18 | 00,000,072 | ---- | C] () -- C:\WINDOWS\System32\epDPE.ini
[2009/01/23 21:15:33 | 00,000,130 | ---- | C] () -- C:\WINDOWS\EPSON Perfection 1670F.ini
[2008/10/31 18:41:14 | 00,532,480 | ---- | C] () -- C:\WINDOWS\System32\CddbPlaylist2Sony.dll
[2008/10/16 09:35:25 | 05,903,688 | -H-- | C] () -- C:\Documents and Settings\JC\Local Settings\Application Data\IconCache.db
[2008/09/04 20:52:37 | 00,001,936 | ---- | C] () -- C:\WINDOWS\Sandboxie.ini
[2008/06/29 20:24:34 | 00,000,040 | ---- | C] () -- C:\WINDOWS\navigma.INI
[2008/06/20 23:19:50 | 00,000,231 | ---- | C] () -- C:\WINDOWS\AC3API.INI
[2008/06/20 23:19:19 | 00,035,674 | ---- | C] () -- C:\WINDOWS\System32\Emu10kx.ini
[2008/06/20 23:19:19 | 00,000,029 | ---- | C] () -- C:\WINDOWS\System32\ctzapxx.ini
[2008/06/20 23:19:09 | 00,005,515 | ---- | C] () -- C:\WINDOWS\System32\ENSDEF.INI
[2008/06/20 23:19:09 | 00,000,192 | ---- | C] () -- C:\WINDOWS\System32\KILL.INI
[2008/06/20 15:46:58 | 00,099,840 | ---- | C] () -- C:\Documents and Settings\JC\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/06/20 14:41:40 | 00,000,011 | ---- | C] () -- C:\WINDOWS\SBWIN.INI
[2008/06/20 07:42:38 | 00,000,044 | ---- | C] () -- C:\WINDOWS\System32\msssc.dll
[2008/06/20 07:27:17 | 00,000,026 | ---- | C] () -- C:\WINDOWS\tsctv.ini
[2008/06/19 22:18:29 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\desktop.ini
[2008/06/19 22:14:41 | 00,003,275 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini
[2008/06/19 22:14:39 | 00,005,824 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS
[2008/06/19 21:45:37 | 00,000,873 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008/06/19 20:38:20 | 00,012,328 | ---- | C] () -- C:\Documents and Settings\JC\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2008/06/19 20:37:45 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\JC\Application Data\desktop.ini
[2008/05/22 23:22:18 | 03,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2008/05/22 23:19:46 | 00,000,416 | ---- | C] () -- C:\WINDOWS\System32\dtu100.dll.manifest
[2008/05/22 23:19:46 | 00,000,416 | ---- | C] () -- C:\WINDOWS\System32\dpl100.dll.manifest
[2008/05/22 23:18:54 | 00,012,288 | ---- | C] () -- C:\WINDOWS\System32\DivXWMPExtType.dll
[2004/08/05 11:00:00 | 00,000,738 | ---- | C] () -- C:\WINDOWS\win.ini
[2004/08/05 11:00:00 | 00,000,231 | ---- | C] () -- C:\WINDOWS\system.ini
[2003/04/01 09:58:02 | 00,005,260 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

========== Alternate Data Streams ==========

@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34
<End>
esteban31
 
Messages: 64
Inscription: 19 Oct 2006, 18:26

Messagede esteban31 » 27 Oct 2009, 21:41

OTL Extras logfile created on: 27/10/2009 21:27:57 - Run 1
OTL by OldTimer - Version 3.0.22.1 Folder = C:\Documents and Settings\JC\Bureau
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy

511,47 Mb Total Physical Memory | 132,13 Mb Available Physical Memory | 25,83% Memory free
1,22 Gb Paging File | 0,67 Gb Available in Paging File | 55,00% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 19,53 Gb Total Space | 6,32 Gb Free Space | 32,34% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 54,99 Gb Total Space | 27,85 Gb Free Space | 50,64% Space Free | Partition Type: NTFS
Drive F: | 8,79 Gb Total Space | 8,74 Gb Free Space | 99,43% Space Free | Partition Type: NTFS
Drive G: | 9,77 Gb Total Space | 9,72 Gb Free Space | 99,47% Space Free | Partition Type: NTFS
Drive H: | 9,77 Gb Total Space | 9,33 Gb Free Space | 95,52% Space Free | Partition Type: NTFS
Drive I: | 48,01 Gb Total Space | 6,51 Gb Free Space | 13,56% Space Free | Partition Type: NTFS

Computer Name: ESTEBAN
Current User Name: JC
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.chm [@ = chm.file] -- C:\WINDOWS\hh.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-861567501-2052111302-839522115-1003\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- E:\firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
chm.file [open] -- "C:\WINDOWS\hh.exe" %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
htmlfile [edit] -- "E:\office 2003\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
htmlfile [print] -- "E:\office 2003\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Directory [AddToPlaylistVLC] -- E:\VLC\vlc.exe --started-from-file --playlist-enqueue "%1" ()
Directory [Digital Photo Professional] -- E:\Canon logiciels\Digital Photo Professional\DPPViewer.exe /path "%1" (CANON INC.)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- E:\VLC\vlc.exe --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"26675:TCP" = 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22002
"26675:TCP" = 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" = C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Messenger\livecall.exe" = C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone) -- (Microsoft Corporation)
"E:\Activesync\rapimgr.exe" = E:\Activesync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager -- (Microsoft Corporation)
"E:\Activesync\wcescomm.exe" = E:\Activesync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager -- (Microsoft Corporation)
"E:\Activesync\WCESMgr.exe" = E:\Activesync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" = C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Messenger\livecall.exe" = C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone) -- (Microsoft Corporation)
"E:\Activesync\rapimgr.exe" = E:\Activesync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager -- (Microsoft Corporation)
"E:\Activesync\wcescomm.exe" = E:\Activesync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager -- (Microsoft Corporation)
"E:\Activesync\WCESMgr.exe" = E:\Activesync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application -- (Microsoft Corporation)
"C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour -- (Apple Inc.)
"I:\iTunes\iTunes.exe" = I:\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"E:\eMule2\emule.exe" = E:\eMule2\emule.exe:*:Enabled:eMule -- (http://www.emule-project.net)
"E:\BitLord\BitLord.exe" = E:\BitLord\BitLord.exe:*:Enabled:BitLord -- (www.BitLord.com)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{04DA096D-6236-4A5D-8FB6-3081E67009BA}" = CANAL WIDGET
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{0E0131B2-CF18-40D9-A331-60A3746C1204}" = EPSON Scan
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{197A3012-8C85-4FD3-AB66-9EC7E13DB92E}" = Adobe AIR
"{216AB108-2AE1-4130-B3D5-20B2C4C80F8F}" = QuickTime
"{26A24AE4-039D-4CA4-87B4-2F83216010FF}" = Java(TM) 6 Update 15
"{350C940c-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{5EFCBB42-36AB-4FF9-B90C-E78C7B9EE7B3}" = iTunes
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6C11D561-620B-47DA-A693-4C597F3CDF40}" = EPSON Smart Panel
"{6C5D7191-140A-11D6-B5A0-0050DA208A93}" = ArcSoft PhotoImpression
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{9011040C-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{9115E7DB-3B29-445A-802D-11E0AA945B7F}" = Sound Blaster Live!
"{97C82B44-D408-4F14-9252-47FC1636D23E}_is1" = IZArc 3.81
"{99052DB7-9592-4522-A558-5417BBAD48EE}" = Microsoft ActiveSync
"{9984DF60-1C5B-11D3-ACA1-908A4FC10801}" = Intel Application Accelerator
"{A0EB195B-5876-48E6-879D-33D4B2102610}" = SonicStage 4.3
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A4D7B764-4140-11D4-88EB-0050DA3579C0}" = Nero - Burning Rom
"{AC76BA86-7AD7-1036-7B44-A70700000002}" = Adobe Reader 7.0.7 - Français
"{AF600F7B-67A7-48D9-BA3B-0FF97F35F970}" = ABBYY FineReader 6.0
"{AFA20D47-69C3-4030-8DF8-D37466E70F13}" = Apple Mobile Device Support
"{B023185F-F1EF-4F97-B0BD-AE6D802226D1}" = NVIDIA WDM Drivers
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B69CC1A5-0404-11D6-ABCB-005004C21D30}" = EPSON Copy Utility
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{BADF6744-3787-48F6-B8C9-4C4995401D65}" = Windows Live Messenger
"{BB3AB664-D92B-4CB5-8B3E-D841841F4E68}" = Canon Camera WIA Driver
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C24FE0B8-0A25-42E6-8532-A4ABAA1FA400}" = EPSON Photo Print
"{CCD663AE-610D-4BDF-AAB0-E914B044527D}" = OpenMG Secure Module 4.7.00
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240B5}" = WinZip 11.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D1696920-9794-4BBC-8A30-7A88763DE5A2}" = ABBYY FineReader 5.0 Sprint
"{D3116CC7-24DC-4CA3-9CE1-23FED836E9F2}" = Assistant de connexion Windows Live
"{EBAE381B-60A6-4863-AA9F-FCAB755BC9E5}" = ScanToWeb
"{F196AC50-7C95-42E1-9947-BDAB18BF3C8C}" = Microsoft .NET Framework 2.0 Language Pack - FRA
"{FD44E544-E7D0-4DBA-9FA0-8AE1A1300390}" = Windows Live installer
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Agnitum Outpost Firewall Pro" = Agnitum Outpost Firewall Pro
"Architecte 3D Classic" = Micro Application - Architecte 3D Classic
"avast!" = avast! Antivirus
"BitLord" = BitLord 1.1
"CA_VMN_antispyware" = CA VMN Anti-Spyware (remove only)
"CAL" = Canon Camera Access Library
"CameraWindowDVC5" = Canon Utilities CameraWindow DC_DV 5 for ZoomBrowser EX
"CameraWindowDVC6" = Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX
"CameraWindowLauncher" = Canon Utilities CameraWindow
"CANON iMAGE GATEWAY Task" = CANON iMAGE GATEWAY Task for ZoomBrowser EX
"Canon Internet Library for ZoomBrowser EX" = Canon Internet Library for ZoomBrowser EX
"Capture Setup" = Capture Setup
"CSCLIB" = Canon Camera Support Core Library
"DPP" = Canon Utilities Digital Photo Professional 3.4
"eMule" = eMule
"EOS Utility" = Canon Utilities EOS Utility
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InstallShield_{BB3AB664-D92B-4CB5-8B3E-D841841F4E68}" = Canon EOS 5D Pilote WIA
"InstallShield_{CCD663AE-610D-4BDF-AAB0-E914B044527D}" = OpenMG Secure Module 4.7.00
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 2.0 Language Pack - FRA" = Module de prise en charge linguistique de Microsoft .NET Framework 2.0 - FRA
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"miroVIDEO PCTV" = Studio PCTV
"Mozilla Firefox (3.0.14)" = Mozilla Firefox (3.0.14)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MyCamera" = Canon Utilities MyCamera
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA" = NVIDIA Windows 2000/XP Display Drivers
"OpenMG HotFix4.7-07-13-22-01" = OpenMG Limited Patch 4.7-07-14-05-01
"Original Data Security Tools" = Canon Utilities Original Data Security Tools
"PhotoStitch" = Canon Utilities PhotoStitch
"Picasa 3" = Picasa 3
"Picture Style Editor" = Canon Utilities Picture Style Editor
"RAW Image Task" = Canon RAW Image Task for ZoomBrowser EX
"RealPlayer 6.0" = RealPlayer
"RemoteCaptureTask" = Canon Utilities RemoteCapture Task for ZoomBrowser EX
"Sandboxie" = Sandboxie 3.30
"SpywareBlaster_is1" = SpywareBlaster 4.2
"SpywareGuard_is1" = SpywareGuard v2.2
"TorrentMan Toolbar" = TorrentMan Toolbar
"VLC media player" = VLC media player 0.9.4
"vmntoolbar" = VMN Toolbar
"WFTK" = Canon Utilities WFT-E1/E2/E3 Utility
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Lecteur Windows Media 11
"Windows XP Service" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"ZoneAlarm" = ZoneAlarm
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX
"ZoomBrowser EX Memory Card Utility" = Canon ZoomBrowser EX Memory Card Utility

========== Last 10 Event Log Errors ==========

[ Antivirus Events ]
Error - 19/06/2008 17:24:29 | Computer Name = ESTEBAN | Source = avast! | ID = 33554522
Description = AAVM - initialization error: AavmStart: avworkInitialize failed, 0000A438.


Error - 13/08/2008 02:51:13 | Computer Name = ESTEBAN | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
http://heanet.dl.sourceforge.net/source ... .3.7-7.iso failed,
00000084.

Error - 13/08/2008 14:58:50 | Computer Name = ESTEBAN | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
http://dfn.dl.sourceforge.net/sourcefor ... .3.7-7.iso failed,
00000084.

Error - 13/08/2008 15:41:40 | Computer Name = ESTEBAN | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
http://surfnet.dl.sourceforge.net/sourc ... .3.3-0.iso
failed, 0000001E.

Error - 13/08/2008 15:42:54 | Computer Name = ESTEBAN | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
http://switch.dl.sourceforge.net/source ... .3.7-7.iso failed,
00000084.

Error - 21/08/2008 09:52:08 | Computer Name = ESTEBAN | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\Documents and Settings\JC\Local Settings\Application Data\Mozilla\Firefox\Profiles\vl1zla0p.default\Cache\AF4A7214d01
failed, 0000A413.

Error - 02/10/2009 03:37:11 | Computer Name = ESTEBAN | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
http://test-debit.free.fr/image.iso failed, 00000084.

[ Application Events ]
Error - 26/08/2009 02:20:38 | Computer Name = ESTEBAN | Source = Application Hang | ID = 1002
Description = Application bloquée firefox.exe, version 1.9.0.3498, module bloqué
hungapp, version 0.0.0.0, adresse de blocage 0x00000000.

Error - 26/08/2009 02:20:41 | Computer Name = ESTEBAN | Source = Application Hang | ID = 1002
Description = Application bloquée firefox.exe, version 1.9.0.3498, module bloqué
hungapp, version 0.0.0.0, adresse de blocage 0x00000000.

Error - 26/08/2009 02:20:42 | Computer Name = ESTEBAN | Source = Application Hang | ID = 1002
Description = Application bloquée firefox.exe, version 1.9.0.3498, module bloqué
hungapp, version 0.0.0.0, adresse de blocage 0x00000000.

Error - 02/09/2009 17:14:52 | Computer Name = ESTEBAN | Source = Application Hang | ID = 1002
Description = Application bloquée firefox.exe, version 1.9.0.3498, module bloqué
hungapp, version 0.0.0.0, adresse de blocage 0x00000000.

Error - 07/09/2009 07:31:26 | Computer Name = ESTEBAN | Source = Application Error | ID = 1000
Description = Application défaillante realplay.exe, version 11.0.0.468, module défaillant
rjbdll.dll, version 1.0.5.68, adresse de défaillance 0x00086300.

Error - 07/10/2009 13:27:39 | Computer Name = ESTEBAN | Source = Application Hang | ID = 1002
Description = Application bloquée firefox.exe, version 1.9.0.3526, module bloqué
hungapp, version 0.0.0.0, adresse de blocage 0x00000000.

Error - 07/10/2009 13:27:42 | Computer Name = ESTEBAN | Source = Application Hang | ID = 1002
Description = Application bloquée firefox.exe, version 1.9.0.3526, module bloqué
hungapp, version 0.0.0.0, adresse de blocage 0x00000000.

Error - 17/10/2009 15:40:46 | Computer Name = ESTEBAN | Source = Application Error | ID = 1000
Description = Application défaillante acrord32.exe, version 7.0.7.142, module défaillant
acrord32.dll, version 7.0.7.142, adresse de défaillance 0x00012223.

Error - 23/10/2009 07:22:27 | Computer Name = ESTEBAN | Source = Application Error | ID = 1000
Description = Application défaillante acrord32.exe, version 7.0.7.142, module défaillant
acrord32.dll, version 7.0.7.142, adresse de défaillance 0x00012223.

[ Canal+ Events ]
Error - 17/04/2009 14:56:38 | Computer Name = ESTEBAN | Source = VideoOnDemand | ID = 0
Description = ServicesAdapter::ProcessRequest : Thread was being aborted.

Error - 18/04/2009 15:37:05 | Computer Name = ESTEBAN | Source = VideoOnDemand | ID = 0
Description = ServicesAdapter::ProcessRequest : Thread was being aborted.

Error - 19/04/2009 14:56:13 | Computer Name = ESTEBAN | Source = VideoOnDemand | ID = 0
Description = IdentityHandler : Thread was being aborted.

Error - 19/04/2009 14:56:13 | Computer Name = ESTEBAN | Source = VideoOnDemand | ID = 0
Description = ServicesAdapter::ProcessRequest : Thread was being aborted.

Error - 21/04/2009 11:48:28 | Computer Name = ESTEBAN | Source = VideoOnDemand | ID = 0
Description = IdentityHandler : Thread was being aborted.

Error - 21/04/2009 11:48:28 | Computer Name = ESTEBAN | Source = VideoOnDemand | ID = 0
Description = ServicesAdapter::ProcessRequest : Thread was being aborted.

Error - 22/04/2009 03:33:00 | Computer Name = ESTEBAN | Source = VideoOnDemand | ID = 0
Description = IdentityHandler : Thread was being aborted.

Error - 22/04/2009 03:33:00 | Computer Name = ESTEBAN | Source = VideoOnDemand | ID = 0
Description = ServicesAdapter::ProcessRequest : Thread was being aborted.

Error - 21/07/2009 15:27:59 | Computer Name = ESTEBAN | Source = VideoOnDemand | ID = 0
Description = ServicesAdapter::ProcessRequest : Le thread a été abandonné.

Error - 11/09/2009 05:12:31 | Computer Name = ESTEBAN | Source = VideoOnDemand | ID = 0
Description = ServicesAdapter::ProcessRequest : Le thread a été abandonné.

[ System Events ]
Error - 25/10/2009 15:51:38 | Computer Name = ESTEBAN | Source = Service Control Manager | ID = 7000
Description = Le service Creative Service for CDROM Access n'a pas pu démarrer en
raison de l'erreur : %%2

Error - 26/10/2009 03:34:41 | Computer Name = ESTEBAN | Source = Service Control Manager | ID = 7000
Description = Le service Creative Service for CDROM Access n'a pas pu démarrer en
raison de l'erreur : %%2

Error - 26/10/2009 04:06:11 | Computer Name = ESTEBAN | Source = Service Control Manager | ID = 7000
Description = Le service Creative Service for CDROM Access n'a pas pu démarrer en
raison de l'erreur : %%2

Error - 26/10/2009 05:57:25 | Computer Name = ESTEBAN | Source = Service Control Manager | ID = 7000
Description = Le service Creative Service for CDROM Access n'a pas pu démarrer en
raison de l'erreur : %%2

Error - 26/10/2009 07:23:53 | Computer Name = ESTEBAN | Source = Service Control Manager | ID = 7000
Description = Le service Creative Service for CDROM Access n'a pas pu démarrer en
raison de l'erreur : %%2

Error - 26/10/2009 08:58:56 | Computer Name = ESTEBAN | Source = Service Control Manager | ID = 7000
Description = Le service Creative Service for CDROM Access n'a pas pu démarrer en
raison de l'erreur : %%2

Error - 27/10/2009 04:11:47 | Computer Name = ESTEBAN | Source = Service Control Manager | ID = 7000
Description = Le service Creative Service for CDROM Access n'a pas pu démarrer en
raison de l'erreur : %%2

Error - 27/10/2009 12:23:30 | Computer Name = ESTEBAN | Source = Service Control Manager | ID = 7000
Description = Le service Creative Service for CDROM Access n'a pas pu démarrer en
raison de l'erreur : %%2

Error - 27/10/2009 15:06:00 | Computer Name = ESTEBAN | Source = Service Control Manager | ID = 7000
Description = Le service Creative Service for CDROM Access n'a pas pu démarrer en
raison de l'erreur : %%2

Error - 27/10/2009 15:59:32 | Computer Name = ESTEBAN | Source = Service Control Manager | ID = 7000
Description = Le service Creative Service for CDROM Access n'a pas pu démarrer en
raison de l'erreur : %%2


<End>
esteban31
 
Messages: 64
Inscription: 19 Oct 2006, 18:26

Messagede nickW » 28 Oct 2009, 19:17

Bonsoir,


1/ Pour ta config, peux-tu créer un nouveau sujet dans le sous-forum "Mes configs" ( http://assiste.forum.free.fr/viewforum.php?f=111 ) avec pour titre ton pseudo (esteban31), et contenant ceci:
* Système d'exploitation + version :

* Windows XP SP3

* Configuration sécurité
o Pare-feu + version
* Pare-feu ZoneAlarm free
o Antivirus
*Avast
o Antitrojan
* Spybot S&D
* Spywaregard

o Limitation droits utilisateurs
o Limitation services Windows
o Contrôleur d'intégrité actif (tea-timer, adwatch, Processguard registre)
* tea-timer de spybot S&D
o Protection navigation
* Spywareblaster


* Surveillance système
* Spybot

* Configuration optimisation système
o Nettoyeur fichiers
* Ccleaner
o Nettoyeur registre

* Navigation internet
o Type connexion
* ADSL
o surveillance connexion
o Navigateur
* Firefox 1.5.0.1
o Courrielleur
o Messagerie instantanée
* messenger
o Autres

Je ferai la mise en page et créerai le lien dans ta signature.




2/ Il y a des résidus de Outpost et Kaspersky. Je suppose que tu les as installés puis désinstallés (de façon incomplète).



3/ Tu as installé le fichier hosts de Spybot-S&D (ou un autre fichier hosts).

As-tu pensé à désactiver le service Client DNS?

Désactivation du service Client DNS
Ouvrir la console de gestion des services:
Démarrer--->Exécuter
Taper services.msc puis cliquer sur OK

Descendre jusqu'à Client DNS
Faire un clic droit dessus et choisir Propriétés
Vérifier que dans la case "Chemin d'accès des fichiers exécutables" il y a bien C:\WINDOWS\system32\svchost.exe -k NetworkService
Dans Statut du service, cliquer sur Arrêter (s'il n'est pas déjà arrêté)
Cliquer sur Appliquer,
Dans Type de démarrage, choisir Désactivé
Cliquer sur Appliquer, puis sur OK

Faire redémarrer le PC.

Explication: http://assiste.com.free.fr/p/hosts/host ... hosts.html

Note: cette manip est sans danger, et réversible.

Le PC est-il plus rapide (ou moins lent)?


4/ Que se passe-t-il si tu lances "Firefox en mode sans échec" (j'ai mis des guillemets, car ce n'est pas le système qui doit être en mode sans échec, mais seulement Firefox)?

Pour ce faire:

*- Fermer toutes les fenêtres de Firefox ouvertes

*- Démarrer---->Exécuter
taper exactement
firefox.exe¤-safe-mode
(le caractère ¤ représente un espace)
puis cliquer sur OK

Le lancement de Firefox est-il bien plus rapide?
La navigation est-elle plus fluide? (Note: comme Firefox tourne sans aucune extension - de sécurité ou autre - ne pas aller sur des sites "dangereux")

A suivre,
nickW - Image
30/07/2012: Plus de désinfection de PC jusqu'à nouvel ordre.
Pas de demande d'analyse de log en MP (Message Privé)
Mes configs
Avatar de l’utilisateur
nickW
Modérateur
 
Messages: 21698
Inscription: 20 Mai 2004, 17:41
Localisation: Dordogne/Île de France

Messagede esteban31 » 28 Oct 2009, 22:29

Bonjour.
Merci pour la config :-)

Sinon j'ai effectué la manip décrite.
En mode sans echec, il semblerait que firefox se lance effectivement un peu plus vite mais ce n'est pas flagrant.
Ensuite, après avoir de nouveau redémarer le PC, je n'ai pas noté de grosses améliorations: le démarrage du PC est assez lent et celui de firefox également. Mais ensuite, le navigation est tout à fait fluide et si je relance firefox , le temps de lancement est tout à fait correct.
En fait c'est le premier lancement de firefox qui est lent...
esteban31
 
Messages: 64
Inscription: 19 Oct 2006, 18:26

Messagede nickW » 29 Oct 2009, 01:45

Re-


0/ Ta config et ta signature sont magnifiques! Image



1/ Dans Firefox, Menu Outils ----> Options, onglet Avancé, onglet Mises à jour, as-tu demandé la recherche automatique des mises à jour?

Si tu la désactives, le lancement de Firefox (après redémarrage du PC) est-il plus rapide?



2/ Peux-tu modifier le Type de démarrage d'un service:

Service
Ouvrir la console de gestion des services:
Démarrer--->Exécuter
Taper services.msc puis cliquer sur OK

Descendre jusqu'à Creative Service for CDROM Access
Faire un clic droit dessus et choisir Propriétés
Vérifier que dans la case "Chemin d'accès des fichiers exécutables" il y a bien C:\WINDOWS\system32\CTSvcCDA.EXE
Dans Statut du service, cliquer sur Arrêter (s'il n'est pas déjà arrêté)
Cliquer sur Appliquer,
Dans Type de démarrage, choisir Manuel
Cliquer sur Appliquer, puis sur OK

Le redémarrage du PC est-il plus rapide?



3/ Tu n'as pas répondu à propos de Outpost et Kaspersky, mais si tu as réellement voulu les désinstaller, faire ce qui suit:

Étape 1: OTL (de OldTimer), nettoyage
Ouvrir une fenêtre du Bloc-notes, via Démarrer---->Exécuter, taper notepad puis cliquer sur OK
Sélectionner toutes les lignes de la zone blanche située sous "Code:" ci-dessous, puis appuyer simultanément sur les touches Ctrl et C

Code: Tout sélectionner
rien

:otl
DRV - [2007/07/19 14:10:28 | 00,127,768 | ---- | M] (Kaspersky Lab) -- C:\WINDOWS\System32\DRIVERS\klif.sys -- (KLIF [System | Running])
O4 - HKLM..\Run: [OutpostFeedBack] E:\OUTPOS~1\feedback.exe File not found
O9 - Extra Button: Outpost Firewall Pro Quick Tune - {44627E97-789B-40d4-B5C2-58BD171129A1} - E:\OUTPOS~1\Plugins\BrowserBar\ie_bar.dll File not found

:Commands
[emptytemp]



Retourner dans la fenêtre du Bloc-notes, faire un clic droit dans la fenêtre et choisir Coller
Vérifier dans le menu Format (en haut) que "Retour automatique à ligne" n'est pas actif (pas coché).
Enregistrer le fichier sous le nom OTL-1.txt
Fermer le Bloc-notes.
Note: Les lignes de la zone Code ci-dessus ont été créées exclusivement pour CET utilisateur: esteban31.
si vous n'êtes pas CET utilisateur, il ne faut pas les utiliser: elles pourraient endommager votre système.



Étape 2: Pas de processus de contrôle en temps réel
Désactiver le module résident de l'antivirus et celui de l'antispyware.
Image avast!: clic droit sur l'icône dans la SysBarre (à coté de l'horloge), puis "Arrêter la protection résidente"
Image SpywareGuard: Dans la SysBarre (zone située juste à gauche de l'horloge) faire un double clic sur l'icône "SG" de SpywareGuard, Dans le menu "File" choisir "Exit".
Image TeaTimer de Spybot-S&D: clic droit dans la SysBarre (à coté de l'horloge) sur l'icône du Résident de Spybot-S&D, puis choisir "Quitter Résident de Spybot-S&D".


Étape 3: OTL (de OldTimer), nettoyage
Faire un double clic sur OTL.exe pour lancer l'outil.
Ouvrir le fichier OTL-1.txt dans le Bloc-notes.
Dans le Bloc-notes, cliquer sur le menu Edition (en haut) et choisir Sélectionner tout.
Dans le Bloc-notes, cliquer sur le menu Edition (en haut) et choisir Copier.

Retourner dans la fenêtre de OTL, faire un clic droit dans la fenêtre située en bas nommée "Custom Scans/Fixes" Image et choisir Coller.

Fermer toutes les fenêtres de programme ouvertes (navigateur, traitement de texte, etc...): un redémarrage du PC va se produire.

Cliquer sur le bouton Run Fix: Image

Note: Lorsque le redémarrage est demandé, cliquer sur Oui/Yes

Lorsque l'outil a terminé son travail, il y a affichage dans une petite fenêtre du message "Fix Complete! Click OK to open the fix log". Cliquer sur OK puis fermer OTL.


Étape 4: Processus de contrôle en temps réel
Important: Réactiver le module résident de l'antivirus et celui des antispyware si le redémarrage ne les a pas relancés.


Étape 5: OTL (de OldTimer), analyse
Fermer toutes les fenêtres de programme ouvertes.

Faire un double clic sur OTL.exe pour lancer l'outil.

L'écran principal de OTL s'affiche:
Image

Cocher (en haut) la case située devant Scan All Users: Image

Puis cliquer sur le bouton Run Scan: Image

Laisser l'outil travailler sans l'interrompre.
Lorsque l'outil a terminé, il y a ouverture d'une fenêtre du Bloc-notes contenant un rapport (log).
Fermer le Bloc-notes.
Fermer la fenêtre de OTL.


Étape 6: Résultats
Envoyer en réponse:
*- le rapport de correction de OTL (contenu du fichier SystemDrive\_OTL\MovedFiles\********_******.log - les *** sont des chiffres représentant la date [moisjourannée] et l'heure)
[SystemDrive représente la partition sur laquelle est installé le système, généralement C:]

Envoyer ensuite en réponse dans un message distinct (à cause de la longueur du log):
*- le rapport principal de OTL (contenu du fichier OTL.txt situé sur le Bureau).
Le rapport envoyé sur le forum doit se terminer par une ligne contenant <End>. Si ce n'est pas le cas, il est incomplet, et doit alors être découpé en plusieurs messages.

Note importante: Pour l'envoi de ta(tes) réponse(s), il ne faut pas créer un nouveau sujet, mais cliquer sur le bouton "Répondre"
Image pour continuer dans ce fil de discussion.

A suivre,
nickW - Image
30/07/2012: Plus de désinfection de PC jusqu'à nouvel ordre.
Pas de demande d'analyse de log en MP (Message Privé)
Mes configs
Avatar de l’utilisateur
nickW
Modérateur
 
Messages: 21698
Inscription: 20 Mai 2004, 17:41
Localisation: Dordogne/Île de France

Messagede esteban31 » 01 Nov 2009, 19:25

Bonjour
Merci pour la signature

alors dans l'ordre:
1/ Non, le démarrage de firefox n'est pas plus rapide

2/ Vérifier que dans la case "Chemin d'accès des fichiers exécutables" il y a bien C:\WINDOWS\system32\CTSvcCDA.EXE
oui à l'exception que le nom du fichier est: CTsvcCDA.EXE (minuscule au lieu de majuscule mais je ne pense pas que ce soit important)

Sinon le démarrage du P est peut-être plus rapide mais e n'est pas flagrant

3/ oui j'avais installé "outpost" et désinstallé effectivement mais pour "kaspersky" il ne me semble pas (pas souvenir de l'avoir installé)

nota: lors de l'étape 3, il y a eu un message d'erreur qui s'est affiché: "Range check error"

rapport de correction de OTL

All processes killed
Error: Unable to interpret <emptytemp> in the current context!

OTL by OldTimer - Version 3.0.22.1 log created on 11012009_190222

Files\Folders moved on Reboot...
C:\Documents and Settings\JC\Local Settings\Temp\WCESLog.log moved successfully.
File\Folder C:\WINDOWS\temp\JET72FE.tmp not found!
File\Folder C:\WINDOWS\temp\Perflib_Perfdata_268.dat not found!
File\Folder C:\WINDOWS\temp\Perflib_Perfdata_794.dat not found!
C:\WINDOWS\temp\ZLT02430.TMP moved successfully.
C:\WINDOWS\temp\ZLT02433.TMP moved successfully.

Registry entries deleted on Reboot...
esteban31
 
Messages: 64
Inscription: 19 Oct 2006, 18:26

Messagede esteban31 » 01 Nov 2009, 19:26

OTL logfile created on: 01/11/2009 19:09:23 - Run 2
OTL by OldTimer - Version 3.0.22.1 Folder = C:\Documents and Settings\JC\Bureau
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy

511,47 Mb Total Physical Memory | 94,21 Mb Available Physical Memory | 18,42% Memory free
1,22 Gb Paging File | 0,67 Gb Available in Paging File | 54,95% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 19,53 Gb Total Space | 6,71 Gb Free Space | 34,38% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 54,99 Gb Total Space | 29,52 Gb Free Space | 53,68% Space Free | Partition Type: NTFS
Drive F: | 8,79 Gb Total Space | 8,74 Gb Free Space | 99,43% Space Free | Partition Type: NTFS
Drive G: | 9,77 Gb Total Space | 9,72 Gb Free Space | 99,47% Space Free | Partition Type: NTFS
Drive H: | 9,77 Gb Total Space | 9,33 Gb Free Space | 95,52% Space Free | Partition Type: NTFS
Drive I: | 48,01 Gb Total Space | 6,61 Gb Free Space | 13,77% Space Free | Partition Type: NTFS

Computer Name: ESTEBAN
Current User Name: JC
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2009/10/28 21:56:26 | 00,307,704 | ---- | M] (Mozilla Corporation) -- E:\firefox\firefox.exe
PRC - [2009/10/27 21:07:49 | 00,521,728 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\JC\Bureau\OTL.exe
PRC - [2009/08/17 17:07:23 | 00,081,000 | ---- | M] (ALWIL Software) -- E:\Avast\ashDisp.exe
PRC - [2009/08/17 17:07:17 | 00,138,680 | ---- | M] (ALWIL Software) -- E:\Avast\ashServ.exe
PRC - [2009/08/17 17:07:01 | 00,254,040 | ---- | M] (ALWIL Software) -- E:\Avast\ashMaiSv.exe
PRC - [2009/08/17 17:04:21 | 00,352,920 | ---- | M] (ALWIL Software) -- E:\Avast\ashWebSv.exe
PRC - [2009/08/17 16:58:55 | 00,018,752 | ---- | M] (ALWIL Software) -- E:\Avast\aswUpdSv.exe
PRC - [2009/07/25 04:23:12 | 00,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
PRC - [2009/07/25 04:23:10 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2009/04/29 20:02:39 | 00,188,416 | ---- | M] (Canal+ Active) -- C:\Program Files\Canal\Canal Widget\VOD\CanalPlus.VOD.exe
PRC - [2009/04/02 15:11:02 | 00,342,312 | ---- | M] (Apple Inc.) -- I:\iTunes\iTunesHelper.exe
PRC - [2009/04/02 15:10:56 | 00,656,168 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe
PRC - [2009/03/26 14:31:20 | 00,132,424 | ---- | M] (Apple Inc.) -- C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2009/03/05 15:07:20 | 02,260,480 | ---- | M] (Safer-Networking Ltd.) -- E:\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2009/02/06 11:10:02 | 00,227,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wbem\wmiprvse.exe
PRC - [2009/01/23 21:21:58 | 00,039,936 | ---- | M] (C-Dilla Ltd) -- C:\WINDOWS\System32\drivers\CDAC11BA.EXE
PRC - [2008/12/12 10:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
PRC - [2008/10/16 08:45:19 | 00,185,872 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
PRC - [2008/09/02 13:33:22 | 00,048,640 | ---- | M] (tzuk) -- E:\Sandboxie\SbieSvc.exe
PRC - [2008/07/09 08:05:20 | 00,919,016 | ---- | M] (Zone Labs, LLC) -- E:\ZoneAlarm\zlclient.exe
PRC - [2008/07/09 08:05:18 | 00,075,304 | ---- | M] (Zone Labs, LLC) -- C:\WINDOWS\System32\ZoneLabs\vsmon.exe
PRC - [2008/04/14 03:34:03 | 01,037,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Explorer.EXE
PRC - [2007/01/31 13:55:42 | 00,096,370 | ---- | M] (Canon Inc.) -- C:\Program Files\Canon\CAL\CALMAIN.exe
PRC - [2006/11/13 14:07:02 | 01,289,000 | ---- | M] (Microsoft Corporation) -- E:\Activesync\Wcescomm.exe
PRC - [2006/11/13 14:06:52 | 00,199,464 | ---- | M] (Microsoft Corporation) -- E:\Activesync\rapimgr.exe
PRC - [2005/09/23 21:05:26 | 00,029,696 | ---- | M] (Adobe Systems Incorporated) -- E:\Acrobat Reader\Reader\reader_sl.exe
PRC - [2003/08/29 18:05:35 | 00,360,448 | ---- | M] () -- E:\SpywareGuard\sgmain.exe
PRC - [2003/08/29 10:14:56 | 00,233,472 | ---- | M] () -- E:\SpywareGuard\sgbhp.exe
PRC - [2003/06/09 03:07:00 | 00,028,672 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\System32\CTHELPER.EXE
PRC - [2003/05/02 08:19:00 | 00,069,632 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvsvc32.exe
PRC - [2000/06/26 06:44:20 | 00,053,520 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MsPMSPSv.exe

========== Win32 Services (SafeList) ==========

SRV - File not found -- -- (Creative Service for CDROM Access [On_Demand | Stopped])
SRV - [2009/08/17 17:07:17 | 00,138,680 | ---- | M] (ALWIL Software) -- E:\Avast\ashServ.exe -- (avast! Antivirus [Auto | Running])
SRV - [2009/08/17 17:07:01 | 00,254,040 | ---- | M] (ALWIL Software) -- E:\Avast\ashMaiSv.exe -- (avast! Mail Scanner [On_Demand | Running])
SRV - [2009/08/17 17:04:21 | 00,352,920 | ---- | M] (ALWIL Software) -- E:\Avast\ashWebSv.exe -- (avast! Web Scanner [On_Demand | Running])
SRV - [2009/08/17 16:58:55 | 00,018,752 | ---- | M] (ALWIL Software) -- E:\Avast\aswUpdSv.exe -- (aswUpdSv [Auto | Running])
SRV - [2009/07/25 04:23:10 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService [Auto | Running])
SRV - [2009/04/29 20:02:39 | 00,188,416 | ---- | M] (Canal+ Active) -- C:\Program Files\Canal\Canal Widget\VOD\CanalPlus.VOD.exe -- (CanalPlus.VOD [Auto | Running])
SRV - [2009/04/02 15:10:56 | 00,656,168 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service [On_Demand | Running])
SRV - [2009/03/26 14:31:20 | 00,132,424 | ---- | M] (Apple Inc.) -- C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device [Auto | Running])
SRV - [2009/01/23 21:21:58 | 00,039,936 | ---- | M] (C-Dilla Ltd) -- C:\WINDOWS\System32\drivers\CDAC11BA.EXE -- (C-DillaCdaC11BA [Auto | Running])
SRV - [2008/12/12 10:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service [Auto | Running])
SRV - [2008/09/02 13:33:22 | 00,048,640 | ---- | M] (tzuk) -- E:\Sandboxie\SbieSvc.exe -- (SbieSvc [Auto | Running])
SRV - [2008/07/29 20:10:04 | 00,046,104 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Stopped])
SRV - [2008/07/29 18:24:50 | 00,881,664 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc [Unknown | Stopped])
SRV - [2008/07/29 18:16:38 | 00,132,096 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled | Stopped])
SRV - [2008/07/25 10:17:02 | 00,069,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
SRV - [2008/07/25 10:16:40 | 00,034,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
SRV - [2008/07/09 08:05:18 | 00,075,304 | ---- | M] (Zone Labs, LLC) -- C:\WINDOWS\System32\ZoneLabs\vsmon.exe -- (vsmon [Auto | Running])
SRV - [2008/04/14 03:33:38 | 00,038,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto | Running])
SRV - [2007/10/25 14:27:54 | 00,266,240 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\installer\WLSetupSvc.exe -- (WLSetupSvc [On_Demand | Stopped])
SRV - [2007/10/18 10:31:54 | 00,098,328 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\usnsvc.exe -- (usnjsvc [On_Demand | Stopped])
SRV - [2007/02/05 10:11:18 | 00,075,320 | ---- | M] (Sony Corporation) -- C:\Program Files\Fichiers communs\Sony Shared\AVLib\SSScsiSV.exe -- (SSScsiSV [On_Demand | Stopped])
SRV - [2007/02/05 10:11:16 | 00,112,184 | ---- | M] (Sony Corporation) -- C:\Program Files\Fichiers communs\Sony Shared\AVLib\SsBeSvc.exe -- (SonicStage Back-End Service [On_Demand | Stopped])
SRV - [2007/01/31 13:55:42 | 00,096,370 | ---- | M] (Canon Inc.) -- C:\Program Files\Canon\CAL\CALMAIN.exe -- (CCALib8 [Auto | Running])
SRV - [2007/01/04 02:40:21 | 00,136,120 | ---- | M] (Google) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc [On_Demand | Stopped])
SRV - [2006/12/14 02:21:20 | 00,045,056 | ---- | M] (Sony Corporation) -- C:\Program Files\Fichiers communs\Sony Shared\AVLib\MSCSPTISRV.exe -- (MSCSPTISRV [On_Demand | Stopped])
SRV - [2006/12/14 02:02:08 | 00,069,632 | ---- | M] (Sony Corporation) -- C:\Program Files\Fichiers communs\Sony Shared\AVLib\SPTISRV.exe -- (SPTISRV [On_Demand | Stopped])
SRV - [2006/12/14 01:46:16 | 00,057,344 | ---- | M] () -- C:\Program Files\Fichiers communs\Sony Shared\AVLib\PACSPTISVR.exe -- (PACSPTISVR [On_Demand | Stopped])
SRV - [2006/11/03 08:59:14 | 00,918,016 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\WMPNetwk.exe -- (WMPNetworkSvc [On_Demand | Stopped])
SRV - [2005/11/14 01:06:04 | 00,069,632 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped])
SRV - [2003/07/28 19:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
SRV - [2003/05/02 08:19:00 | 00,069,632 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvsvc32.exe -- (NVSvc [Auto | Running])
SRV - [2000/06/26 06:44:20 | 00,053,520 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MsPMSPSv.exe -- (WMDM PMSP Service [Auto | Running])

========== Driver Services (SafeList) ==========

DRV - [2009/08/17 17:06:43 | 00,094,160 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2 [Auto | Running])
DRV - [2009/08/17 17:05:52 | 00,114,768 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP [System | Running])
DRV - [2009/08/17 17:05:37 | 00,020,560 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\DRIVERS\aswFsBlk.sys -- (aswFsBlk [Auto | Running])
DRV - [2009/08/17 17:04:40 | 00,051,376 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi [System | Running])
DRV - [2009/08/17 17:04:29 | 00,023,152 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr [On_Demand | Running])
DRV - [2009/08/17 17:03:21 | 00,026,944 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4 [System | Running])
DRV - [2009/03/19 15:32:48 | 00,023,400 | ---- | M] (GEAR Software Inc.) -- C:\WINDOWS\System32\DRIVERS\GEARAspiWDM.sys -- (GEARAspiWDM [On_Demand | Running])
DRV - [2008/11/20 20:19:06 | 00,043,872 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20 [Boot | Running])
DRV - [2008/09/02 13:33:22 | 00,100,352 | ---- | M] (tzuk) -- E:\Sandboxie\SbieDrv.sys -- (SbieDrv [On_Demand | Running])
DRV - [2008/07/09 08:05:22 | 00,394,952 | ---- | M] (Zone Labs, LLC) -- C:\WINDOWS\System32\vsdatant.sys -- (vsdatant [System | Running])
DRV - [2008/04/13 19:56:49 | 00,012,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\DRIVERS\usb8023x.sys -- (usb_rndisx [On_Demand | Stopped])
DRV - [2008/04/13 19:45:29 | 00,010,624 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\DRIVERS\gameenum.sys -- (gameenum [On_Demand | Running])
DRV - [2008/04/13 19:45:12 | 00,060,032 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\usbaudio.sys -- (usbaudio [On_Demand | Running])
DRV - [2008/02/27 02:10:44 | 00,051,176 | ---- | M] (Zone Labs, LLC) -- C:\WINDOWS\system32\ZoneLabs\srescan.sys -- (srescan [Boot | Running])
DRV - [2007/11/13 11:25:54 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\System32\DRIVERS\secdrv.sys -- (Secdrv [On_Demand | Stopped])
DRV - [2004/12/13 22:14:00 | 00,039,904 | ---- | M] (Adaptec, Inc.) -- C:\WINDOWS\System32\drivers\cercsr6.sys -- (cercsr6 [Boot | Stopped])
DRV - [2004/08/05 11:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\System32\DRIVERS\ptilink.sys -- (Ptilink [On_Demand | Running])
DRV - [2003/06/09 02:45:04 | 00,116,416 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\System32\drivers\emupia2k.sys -- (emupia [On_Demand | Running])
DRV - [2003/06/09 02:44:52 | 00,136,448 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\System32\drivers\ctsfm2k.sys -- (ctsfm2k [On_Demand | Running])
DRV - [2003/06/09 02:44:36 | 00,006,144 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\System32\drivers\ctprxy2k.sys -- (ctprxy2k [On_Demand | Running])
DRV - [2003/06/09 02:44:32 | 00,113,840 | ---- | M] (Creative Technology Ltd.) -- C:\WINDOWS\System32\drivers\ctoss2k.sys -- (ossrv [On_Demand | Running])
DRV - [2003/06/09 02:44:22 | 00,494,384 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\System32\drivers\ctaud2k.sys -- (ctaud2k [On_Demand | Running])
DRV - [2003/06/09 02:42:58 | 00,186,068 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\System32\drivers\ctac32k.sys -- (ctac32k [On_Demand | Running])
DRV - [2003/06/09 02:42:44 | 00,135,696 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\System32\drivers\hap16v2k.sys -- (hap16v2k [On_Demand | Stopped])
DRV - [2003/06/09 02:42:28 | 00,819,984 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\System32\drivers\ha10kx2k.sys -- (ha10kx2k [On_Demand | Running])
DRV - [2003/05/02 08:19:00 | 01,312,555 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\DRIVERS\nv4_mini.sys -- (nv [On_Demand | Running])
DRV - [2002/11/18 15:05:00 | 00,116,924 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\DRIVERS\nvcap.sys -- (nvcap [Auto | Running])
DRV - [2002/11/18 15:05:00 | 00,010,814 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\DRIVERS\NVxbar.sys -- (NVXBAR [Auto | Running])
DRV - [2002/09/10 02:45:50 | 00,041,728 | R--- | M] (Broadcom Corporation) -- C:\WINDOWS\System32\DRIVERS\bcm4sbxp.sys -- (bcm4sbxp [On_Demand | Running])
DRV - [2002/09/06 07:40:16 | 00,549,368 | R--- | M] (Analog Devices, Inc.) -- C:\WINDOWS\System32\drivers\smwdm.sys -- (smwdm [On_Demand | Running])
DRV - [2002/08/13 23:00:00 | 00,093,594 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\DRIVERS\IdeChnDr.sys -- (IdeChnDr [Boot | Running])
DRV - [2002/08/13 23:00:00 | 00,013,782 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\DRIVERS\IdeBusDr.sys -- (IdeBusDr [Boot | Running])
DRV - [2002/04/01 06:15:00 | 00,004,816 | R--- | M] (Andrea Electronics Corporation) -- C:\WINDOWS\System32\drivers\aeaudio.sys -- (aeaudio [On_Demand | Running])
DRV - [2001/08/17 23:04:46 | 00,223,232 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\DRIVERS\camdrv21.sys -- (camvid20 [On_Demand | Running])
DRV - [2001/08/17 21:19:20 | 00,003,712 | ---- | M] (Creative Technology Ltd.) -- C:\WINDOWS\System32\DRIVERS\ctljystk.sys -- (ctljystk [On_Demand | Stopped])

========== Modules (SafeList) ==========

MOD - [2009/10/27 21:07:49 | 00,521,728 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\JC\Bureau\OTL.exe
MOD - [2008/04/14 03:30:54 | 01,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
MOD - [2003/06/09 03:07:08 | 00,057,344 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\System32\ctagent.dll

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm


IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-861567501-2052111302-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKU\S-1-5-21-861567501-2052111302-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
IE - HKU\S-1-5-21-861567501-2052111302-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dl ... ar=msnhome
IE - HKU\S-1-5-21-861567501-2052111302-839522115-1003\S-1-5-21-861567501-2052111302-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-861567501-2052111302-839522115-1003\S-1-5-21-861567501-2052111302-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.startup.homepage: "www.free.fr"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}:6.0.10
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}:6.0.11
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}:6.0.15
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.1
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:1.5.2.20080717
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.15
FF - prefs.js..network.proxy.backup.ftp: ""
FF - prefs.js..network.proxy.backup.ftp_port: 0
FF - prefs.js..network.proxy.backup.gopher: ""
FF - prefs.js..network.proxy.backup.gopher_port: 0
FF - prefs.js..network.proxy.backup.socks: ""
FF - prefs.js..network.proxy.backup.socks_port: 0
FF - prefs.js..network.proxy.backup.ssl: ""
FF - prefs.js..network.proxy.backup.ssl_port: 0
FF - prefs.js..network.proxy.ftp: "localhost"
FF - prefs.js..network.proxy.ftp_port: 8080
FF - prefs.js..network.proxy.gopher: "localhost"
FF - prefs.js..network.proxy.gopher_port: 8080
FF - prefs.js..network.proxy.http: "localhost"
FF - prefs.js..network.proxy.http_port: 8080
FF - prefs.js..network.proxy.share_proxy_settings: true
FF - prefs.js..network.proxy.socks: "localhost"
FF - prefs.js..network.proxy.socks_port: 8080
FF - prefs.js..network.proxy.ssl: "localhost"
FF - prefs.js..network.proxy.ssl_port: 8080


FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/09/02 21:15:36 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2008/12/02 20:44:30 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.15\extensions\\Components: E:\firefox\components [2009/10/28 22:01:03 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.15\extensions\\Plugins: E:\firefox\plugins [2009/10/28 21:56:31 | 00,000,000 | ---D | M]

[2008/06/19 22:45:02 | 00,000,000 | ---D | M] -- C:\Documents and Settings\JC\Application Data\mozilla\Extensions
[2008/06/19 22:45:02 | 00,000,000 | ---D | M] -- C:\Documents and Settings\JC\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/10/30 18:39:11 | 00,000,000 | ---D | M] -- C:\Documents and Settings\JC\Application Data\mozilla\Firefox\Profiles\vl1zla0p.default\extensions
[2009/09/02 22:15:14 | 00,000,000 | ---D | M] -- C:\Documents and Settings\JC\Application Data\mozilla\Firefox\Profiles\vl1zla0p.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/03/15 10:07:36 | 00,000,000 | ---D | M] -- C:\Documents and Settings\JC\Application Data\mozilla\Firefox\Profiles\vl1zla0p.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}

O1 HOSTS File: (338733 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.123topsearch.com
O1 - Hosts: 127.0.0.1 123topsearch.com
O1 - Hosts: 127.0.0.1 www.132.com
O1 - Hosts: 127.0.0.1 132.com
O1 - Hosts: 127.0.0.1 www.136136.net
O1 - Hosts: 127.0.0.1 136136.net
O1 - Hosts: 127.0.0.1 www.163ns.com
O1 - Hosts: 127.0.0.1 163ns.com
O1 - Hosts: 11614 more lines...
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Acrobat Reader\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (SpywareGuardDLBLOCK.CBrowserHelper) - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - E:\SpywareGuard\dlprotect.dll ()
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - E:\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No CLSID value found.
O2 - BHO: (Programme d'aide de l'Assistant de connexion Windows Live) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (VMN Toolbar) - {A057A204-BACC-4D26-8287-79A187E26987} - C:\Program Files\vmntoolbar\vmntoolbar.dll (Visicom Media Inc. )
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (VMN Toolbar) - {A057A204-BACC-4D26-8287-79A187E26987} - C:\Program Files\vmntoolbar\vmntoolbar.dll (Visicom Media Inc. )
O3 - HKU\S-1-5-21-861567501-2052111302-839522115-1003\..\Toolbar\WebBrowser: (VMN Toolbar) - {A057A204-BACC-4D26-8287-79A187E26987} - C:\Program Files\vmntoolbar\vmntoolbar.dll (Visicom Media Inc. )
O4 - HKLM..\Run: [avast!] E:\Avast\ashDisp.exe (ALWIL Software)
O4 - HKLM..\Run: [CTHelper] C:\WINDOWS\System32\CTHELPER.EXE (Creative Technology Ltd)
O4 - HKLM..\Run: [iTunesHelper] I:\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [Jet Detection] C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe ()
O4 - HKLM..\Run: [NeroCheck] C:\WINDOWS\System32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe (NVIDIA Corporation)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE (Creative Technology Ltd.)
O4 - HKLM..\Run: [ZoneAlarm Client] E:\ZoneAlarm\zlclient.exe (Zone Labs, LLC)
O4 - HKU\S-1-5-21-861567501-2052111302-839522115-1003..\Run: [H/PC Connection Agent] E:\Activesync\Wcescomm.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-861567501-2052111302-839522115-1003..\Run: [NvMediaCenter] C:\WINDOWS\System32\NVMCTRAY.DLL (NVIDIA Corporation)
O4 - HKU\S-1-5-21-861567501-2052111302-839522115-1003..\Run: [SpybotSD TeaTimer] E:\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKU\S-1-5-21-861567501-2052111302-839522115-1003..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\System32\Macromed\Flash\NPSWF32_FlashUtil.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Lancement rapide d'Adobe Reader.lnk = E:\Acrobat Reader\Reader\reader_sl.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Documents and Settings\JC\Menu Démarrer\Programmes\Démarrage\Pinnacle Systems - Studio Family.lnk = E:\StudioPCTV\ERegister\Remind32.exe File not found
O4 - Startup: C:\Documents and Settings\JC\Menu Démarrer\Programmes\Démarrage\SpywareGuard.lnk = E:\SpywareGuard\sgmain.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-861567501-2052111302-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: E&xporter vers Microsoft Excel - E:\office 2003\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - E:\Activesync\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Créer un Favori de l'appareil mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - E:\Activesync\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\office 2003\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - E:\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKLM\..Trusted Domains: 58 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\.DEFAULT\..Trusted Domains: 57 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-18\..Trusted Domains: 57 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-21-861567501-2052111302-839522115-1003\..Trusted Domains: 64 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} http://ax.emsisoft.com/asquared.cab (a-squared Scanner)
O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_15)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 212.27.40.240 212.27.40.241
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Fichiers communs\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Fichiers communs\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O24 - Desktop Components:0 (Ma page d'accueil) - About:Home
O28 - HKLM ShellExecuteHooks: {81559C35-8464-49F7-BB0E-07A383BEF910} - E:\SpywareGuard\spywareguard.dll ()
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/06/19 20:32:15 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
O35 - comfile [open] -- "%1" %* File not found
O35 - exefile [open] -- "%1" %* File not found

========== Files/Folders - Created Within 30 Days ==========

[2009/10/20 19:48:37 | 00,000,000 | ---D | C] -- C:\Documents and Settings\JC\Application Data\ArcSoft
[2009/11/01 18:58:41 | 00,000,000 | ---D | C] -- C:\_OTL
[2009/10/27 21:07:48 | 00,521,728 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\JC\Bureau\OTL.exe
[2009/10/20 19:48:38 | 00,000,000 | ---D | C] -- E:\Mes documents - JC\My Albums
[2009/10/20 19:48:37 | 00,000,000 | ---D | C] -- E:\Mes documents - JC\My Pictures
[2009/10/14 13:16:43 | 00,000,000 | -HSD | C] -- C:\Config.Msi

========== Files - Modified Within 30 Days ==========

[2009/11/01 19:04:26 | 00,358,382 | ---- | M] () -- C:\WINDOWS\System32\vsconfig.xml
[2009/11/01 19:04:21 | 00,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/11/01 19:04:00 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/11/01 19:03:46 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/11/01 19:03:45 | 53,638,3488 | -HS- | M] () -- C:\hiberfil.sys
[2009/11/01 19:02:59 | 16,801,824 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox.dat
[2009/11/01 19:02:59 | 00,205,280 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox.idx
[2009/11/01 19:02:59 | 00,024,144 | ---- | M] () -- C:\WINDOWS\System32\BMXCtrlState-{00000002-00000000-0000000D-00001102-00000002-80671102}.rfx
[2009/11/01 19:02:59 | 00,024,144 | ---- | M] () -- C:\WINDOWS\System32\BMXBkpCtrlState-{00000002-00000000-0000000D-00001102-00000002-80671102}.rfx
[2009/11/01 19:02:59 | 00,016,348 | ---- | M] () -- C:\WINDOWS\System32\BMXStateBkp-{00000002-00000000-0000000D-00001102-00000002-80671102}.rfx
[2009/11/01 19:02:59 | 00,016,348 | ---- | M] () -- C:\WINDOWS\System32\BMXState-{00000002-00000000-0000000D-00001102-00000002-80671102}.rfx
[2009/11/01 19:02:59 | 00,001,080 | ---- | M] () -- C:\WINDOWS\System32\settingsbkup.sfm
[2009/11/01 19:02:59 | 00,001,080 | ---- | M] () -- C:\WINDOWS\System32\settings.sfm
[2009/11/01 19:02:59 | 00,000,288 | ---- | M] () -- C:\WINDOWS\System32\DVCStateBkp-{00000002-00000000-0000000D-00001102-00000002-80671102}.dat
[2009/11/01 19:02:59 | 00,000,288 | ---- | M] () -- C:\WINDOWS\System32\DVCState-{00000002-00000000-0000000D-00001102-00000002-80671102}.dat
[2009/11/01 19:02:28 | 03,382,339 | ---- | M] () -- C:\WINDOWS\{00000002-00000000-0000000D-00001102-00000002-80671102}.CDF
[2009/11/01 19:02:27 | 03,382,339 | ---- | M] () -- C:\WINDOWS\{00000002-00000000-0000000D-00001102-00000002-80671102}.BAK
[2009/10/29 10:02:32 | 00,000,904 | ---- | M] () -- E:\Mes documents - JC\assedicMP.htm
[2009/10/27 21:07:49 | 00,521,728 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\JC\Bureau\OTL.exe
[2009/10/25 18:36:37 | 00,503,656 | ---- | M] () -- C:\WINDOWS\System32\perfh00C.dat
[2009/10/25 18:36:37 | 00,435,396 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/10/25 18:36:37 | 00,081,626 | ---- | M] () -- C:\WINDOWS\System32\perfc00C.dat
[2009/10/25 18:36:36 | 00,068,292 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/10/25 18:36:35 | 01,102,320 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/10/20 19:39:31 | 01,325,774 | ---- | M] () -- C:\Documents and Settings\JC\Bureau\plan.bmp
[2009/10/14 13:14:22 | 00,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009/10/12 21:13:14 | 00,000,477 | ---- | M] () -- C:\Documents and Settings\JC\Bureau\IZArc.lnk

========== Files - No Company Name ==========
[2009/10/29 10:02:30 | 00,000,904 | ---- | C] () -- E:\Mes documents - JC\assedicMP.htm
[2009/10/20 19:39:30 | 01,325,774 | ---- | C] () -- C:\Documents and Settings\JC\Bureau\plan.bmp
[2009/10/12 21:13:14 | 00,000,477 | ---- | C] () -- C:\Documents and Settings\JC\Bureau\IZArc.lnk
[2009/08/12 21:02:53 | 00,021,904 | ---- | C] () -- C:\WINDOWS\System32\imsinstall_loc040c.dll
[2009/08/12 21:02:53 | 00,017,808 | ---- | C] () -- C:\WINDOWS\System32\imslsp_install_loc040c.dll
[2009/08/12 21:02:20 | 00,796,048 | ---- | C] () -- C:\WINDOWS\System32\libeay32_0.9.6l.dll
[2009/04/16 07:54:56 | 00,002,439 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2009/02/27 15:04:00 | 00,002,528 | ---- | C] () -- C:\Documents and Settings\JC\Application Data\$_hpcst$.hpc
[2009/01/27 23:05:33 | 00,012,800 | ---- | C] () -- C:\Documents and Settings\JC\Application Data\Settings.cfg
[2009/01/23 21:27:03 | 00,000,029 | ---- | C] () -- C:\WINDOWS\DEBUGSM.INI
[2009/01/23 21:19:16 | 00,290,919 | ---- | C] () -- C:\WINDOWS\System32\pythoncom21.dll
[2009/01/23 21:19:16 | 00,057,344 | ---- | C] () -- C:\WINDOWS\System32\PyWinTypes21.dll
[2009/01/23 21:17:18 | 00,096,768 | ---- | C] () -- C:\WINDOWS\SlantAdj.dll
[2009/01/23 21:17:18 | 00,000,072 | ---- | C] () -- C:\WINDOWS\System32\epDPE.ini
[2009/01/23 21:15:33 | 00,000,130 | ---- | C] () -- C:\WINDOWS\EPSON Perfection 1670F.ini
[2008/10/31 18:41:14 | 00,532,480 | ---- | C] () -- C:\WINDOWS\System32\CddbPlaylist2Sony.dll
[2008/10/16 09:35:25 | 05,903,688 | -H-- | C] () -- C:\Documents and Settings\JC\Local Settings\Application Data\IconCache.db
[2008/09/04 20:52:37 | 00,001,936 | ---- | C] () -- C:\WINDOWS\Sandboxie.ini
[2008/06/29 20:24:34 | 00,000,040 | ---- | C] () -- C:\WINDOWS\navigma.INI
[2008/06/20 23:19:50 | 00,000,231 | ---- | C] () -- C:\WINDOWS\AC3API.INI
[2008/06/20 23:19:19 | 00,035,674 | ---- | C] () -- C:\WINDOWS\System32\Emu10kx.ini
[2008/06/20 23:19:19 | 00,000,029 | ---- | C] () -- C:\WINDOWS\System32\ctzapxx.ini
[2008/06/20 23:19:09 | 00,005,515 | ---- | C] () -- C:\WINDOWS\System32\ENSDEF.INI
[2008/06/20 23:19:09 | 00,000,192 | ---- | C] () -- C:\WINDOWS\System32\KILL.INI
[2008/06/20 15:46:58 | 00,099,840 | ---- | C] () -- C:\Documents and Settings\JC\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/06/20 14:41:40 | 00,000,011 | ---- | C] () -- C:\WINDOWS\SBWIN.INI
[2008/06/20 07:42:38 | 00,000,044 | ---- | C] () -- C:\WINDOWS\System32\msssc.dll
[2008/06/20 07:27:17 | 00,000,026 | ---- | C] () -- C:\WINDOWS\tsctv.ini
[2008/06/19 22:18:29 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\desktop.ini
[2008/06/19 22:14:41 | 00,003,275 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini
[2008/06/19 22:14:39 | 00,005,824 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS
[2008/06/19 21:45:37 | 00,000,873 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008/06/19 20:38:20 | 00,012,328 | ---- | C] () -- C:\Documents and Settings\JC\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2008/06/19 20:37:45 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\JC\Application Data\desktop.ini
[2008/05/22 23:22:18 | 03,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2008/05/22 23:19:46 | 00,000,416 | ---- | C] () -- C:\WINDOWS\System32\dtu100.dll.manifest
[2008/05/22 23:19:46 | 00,000,416 | ---- | C] () -- C:\WINDOWS\System32\dpl100.dll.manifest
[2008/05/22 23:18:54 | 00,012,288 | ---- | C] () -- C:\WINDOWS\System32\DivXWMPExtType.dll
[2004/08/05 11:00:00 | 00,000,738 | ---- | C] () -- C:\WINDOWS\win.ini
[2004/08/05 11:00:00 | 00,000,231 | ---- | C] () -- C:\WINDOWS\system.ini
[2003/04/01 09:58:02 | 00,005,260 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

========== Alternate Data Streams ==========

@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34
<End>
esteban31
 
Messages: 64
Inscription: 19 Oct 2006, 18:26

Messagede esteban31 » 06 Nov 2009, 21:39

Bonjour.

Manque-t-il des infos pour l'analyse?

Esteban.
esteban31
 
Messages: 64
Inscription: 19 Oct 2006, 18:26

Messagede nickW » 08 Nov 2009, 01:25

Bonsoir,

Je ne vois rien d'infectieux dans ces rapports OTL.


Quelques pistes à explorer (penser à faire redémarrer le PC après chaque modification):

*- essayer d'Annuler la Vaccination de Spybot-S&D si tu l'as installée

*- voir dans le Gestionnaire de tâches quels sont les processus les plus gourmands en % processeur

*- désactiver au moyen de Spybot-S&D (Outils---->Démarrage système) certains processus "inutiles au démarrage":
O4 - HKLM..\Run: [Jet Detection] C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe ()
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE (Creative Technology Ltd.)
O4 - Startup: C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Lancement rapide d'Adobe Reader.lnk = E:\Acrobat Reader\Reader\reader_sl.exe (Adobe Systems Incorporated)

*- nettoyer la poussière sur les ventilateurs (PC débranché)

*- défragmenter

*- désactiver temporairement SpywareGuard et/ou TeaTimer de Spybot-S&D

*- vérifier les propriétés du contrôleur IDE (uniquement si tu as des disques IDE)
Voir dans le Gestionnaire de périphériques, Contrôleur ATAPI/IDE, Contrôleur IDE Principal

*- ne pas utiliser de logiciel de P2P (eMule, BitLord)

(si tu as besoin d'explications, n'hésite pas à les demander).

A suivre,
nickW - Image
30/07/2012: Plus de désinfection de PC jusqu'à nouvel ordre.
Pas de demande d'analyse de log en MP (Message Privé)
Mes configs
Avatar de l’utilisateur
nickW
Modérateur
 
Messages: 21698
Inscription: 20 Mai 2004, 17:41
Localisation: Dordogne/Île de France

Suivante

Retourner vers Sécurité (Contamination - Décontamination)

Qui est en ligne

Utilisateurs parcourant ce forum: Aucun utilisateur enregistré et 9 invités