Demande analyse logs PC lent et infestè

Sécurité et insécurité. Virus, Trojans, Spywares, Failles etc. …

Modérateur: Modérateurs et Modératrices

Règles du forum
Assiste.com a suspendu l'assistance à la décontamination après presque 15 ans sur l'ancien forum puis celui-ci. Voir :

Procédure de décontamination 1 - Anti-malware
Décontamination anti-malwares

Procédure de décontamination 2 - Anti-malware et antivirus (La Manip)
La Manip - Procédure standard de décontamination

Entretien périodique d'un PC sous Windows
Entretien périodique d'un PC sous Windows

Protection des navigateurs, de la navigation et de la vie privée
Protéger le navigateur, la navigation et la vie privée

Demande analyse logs PC lent et infestè

Messagede snoopit31 » 26 Mar 2010, 16:20

Bonjour,

Merci pour tous ces conseils et les fiches didactiques pour débusquer les malwares que Bitfender ne trouve pas.
Mon PC est de plus en plus lent, j'ai l'impression qu'il a pris de l'embonpoint en 3 ans !!!!

Avant de passer à l'étape suivant avec HijackThis pour enlever les services et applications par forcément nécessaires à l'utilisation normale de mon PC j'ai suivi vos conseils. Surprise, Malwarebytes' Anti-Malware a trouvé trois objets infestés alors que l'analyse approfondie et l'analyse système Bitdefender que j'ai relancé après n'ont rien trouvé.

Lors de l'analyse OTL, j'ai constaté qu'il y avait 22 répertoires et sous répertoires "Application Data" dans le répertoire "All Users". En vérifiant après l'analyse, j'ai effectivement constaté cette duplication de répertoires imbriqués qui portent les même noms mais le nombre de fichiers et la taille va en diminuant de 336 365 fichiers dans 577 dossiers et 1.44Go vers 0 pour le dernier et 32 o et 23 dossiers à l'avant dernier. Ca ne me semble pas normal. Et l'analyse du répertoire prend de plus en plus de temps au fur et à mesure que l'on descend dans l'arbre des "Application Data" en partant de "All Users". Que faire ?

Voici mes rapports :

Rapport Malwarebytes :

Malwarebytes' Anti-Malware 1.44
Version de la base de données: 3915
Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18882

26/03/2010 08:39:24
mbam-log-2010-03-26 (08-39-22).txt

Type de recherche: Examen rapide
Eléments examinés: 174890
Temps écoulé: 15 minute(s), 51 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 1
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 1
Dossier(s) infecté(s): 1
Fichier(s) infecté(s): 0

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\EoRezo (Rogue.Eorezo) -> No action taken.

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
HKEY_CURRENT_USER\SOFTWARE\Policies\Microsoft\Internet Explorer\Control Panel\Homepage (Hijack.Homepage) -> Bad: (1) Good: (0) -> No action taken.

Dossier(s) infecté(s):
C:\Program Files\RegistryDoktor 4.1 (Rogue.RegistryDoktor) -> No action taken.

Fichier(s) infecté(s):
(Aucun élément nuisible détecté)

Rapport OTL

voir le troisième message car il n'a pas été envoyé en entier dans celui-ci
snoopit31
 
Messages: 7
Inscription: 25 Mar 2010, 23:36

suite fichier extras

Messagede snoopit31 » 26 Mar 2010, 16:29

J'ai oublié de dire que Bitdender m'a signalé un fichier cxp.exe (je en suis plau sûr du nom exact mais c'est un exe de spoon sandbox comme possible malveillant en me conseillant de le désactiver. Ce que j'ai fait.
Concernant les multiplication des répertoires "application data", ils ont tous la même date du 12 juillet 2008.
Voilà si ça paut servir au diagnostic.
Merci
Charles

Rapport Extras OTL

OTL Extras logfile created on: 26/03/2010 08:43:12 - Run 1
OTL by OldTimer - Version 3.1.37.3 Folder = C:\Users\Charles\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18882)
Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy

2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 46,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 66,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 224,88 Gb Total Space | 23,59 Gb Free Space | 10,49% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive N: | 3,77 Gb Total Space | 0,10 Gb Free Space | 2,70% Space Free | Partition Type: FAT32

Computer Name: PC-FAMILIAL
Current User Name: Charles
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-1513615021-1546154329-1706228114-1003\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~3\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UacDisableNotify" = 1
"InternetSettingsDisableNotify" = 1
"AutoUpdateDisableNotify" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 1
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\BitTorrent\bittorrent.exe" = C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent -- ()


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0A44E0A2-1DC6-4AD1-AD9C-AF999C664DAB}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{22ACAA64-F02F-4685-8718-BD8278F11F56}" = lport=3540 | protocol=17 | dir=in | svc=pnrpsvc | app=%systemroot%\system32\svchost.exe |
"{26701E2A-828D-43D2-A077-9AA210C27DD3}" = lport=3540 | protocol=17 | dir=in | svc=pnrpsvc | app=%systemroot%\system32\svchost.exe |
"{424CA1E0-DEA8-44B9-A34C-5A237EE8D0B1}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{427D18EB-103E-49D3-9E20-2CEB159E3146}" = lport=2869 | protocol=6 | dir=in | app=system |
"{4B1A2C1E-1F3F-4F3C-8712-015CBDBEB4E3}" = rport=3702 | protocol=17 | dir=out | app=%systemroot%\system32\p2phost.exe |
"{4B4DD3AF-7E37-4C96-BF5C-FC883E954A6D}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{556219C2-70E0-4634-8043-0E0CBC9F7519}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{6B8CB999-6236-4FAA-8150-7CDCD69FE4A6}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{6DCE357E-F30D-4FA0-82C3-177CC40156F7}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{7D5AFCF5-568D-4053-A54E-07F495D2BA25}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{903F88FF-B945-40AA-82FC-71B2178901BA}" = rport=3702 | protocol=17 | dir=out | app=%systemroot%\system32\p2phost.exe |
"{9247D394-4650-4143-8AC5-1B5A70EAF411}" = rport=10243 | protocol=6 | dir=out | app=system |
"{9F9F08FD-CCB5-45E2-9EB1-A54F5BA09EE9}" = rport=3540 | protocol=17 | dir=out | svc=pnrpsvc | app=%systemroot%\system32\svchost.exe |
"{A46CA0C7-5409-4D7C-B904-582A35939A7F}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{AC2873DE-89A2-4FCA-9FDE-CBE62E66326D}" = lport=3702 | protocol=17 | dir=in | app=%systemroot%\system32\p2phost.exe |
"{C0A87E5A-A5C2-447D-A96E-4EC27307364E}" = lport=2869 | protocol=6 | dir=in | app=system |
"{C7CD659A-A3D5-47A5-B225-63993243234E}" = lport=3702 | protocol=17 | dir=in | app=%systemroot%\system32\p2phost.exe |
"{CD2124C7-1A2B-41D9-BCA2-02F1E8305B39}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{CDA17D59-CC72-45CC-A151-4447DA0662C3}" = lport=10243 | protocol=6 | dir=in | app=system |
"{D6E9A4D3-F182-4E9B-8D6E-0613812443C6}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{D91B5D4F-6AE2-4523-913F-F0C6EBDFAD95}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{DBC6AC76-74F5-48B5-9EC8-8A3C2AD9B268}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{E1E96A88-8E64-490D-B507-D76BBEFE3A99}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{E9EC7B81-C0D7-413C-9198-2D88BD4D1A9B}" = rport=3540 | protocol=17 | dir=out | svc=pnrpsvc | app=%systemroot%\system32\svchost.exe |
"{FE73DEA2-490B-4D51-A834-5E328ADC9C6F}" = lport=2869 | protocol=6 | dir=in | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{02305D9D-85BA-449F-985D-50C0DDA60521}" = protocol=6 | dir=in | app=c:\program files\common files\aol\system information\sinf.exe |
"{096A4831-CFC3-4B15-8B69-C881B4298566}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{0F862AED-1280-4E57-A4D0-3A6CEFF0CDF9}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{10B6C2D4-A469-4509-AD25-4CB8FD522E56}" = protocol=6 | dir=in | app=c:\program files\common files\aol\acs\aoldial.exe |
"{10ED7B7E-3090-42B9-A8EA-9DC0FE366441}" = protocol=17 | dir=in | app=c:\program files\common files\aol\acs\aolacsd.exe |
"{12FC11B3-A78A-4943-A9B3-9A64AC80C1BD}" = protocol=17 | dir=in | app=c:\program files\dna\btdna.exe |
"{19CD6D79-C23A-4539-B7FE-C8FDB3E7EDDE}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{1C35BB3A-7A48-4B3F-9610-2256528C007D}" = protocol=6 | dir=out | app=%systemroot%\system32\p2phost.exe |
"{227CA952-7F7E-415E-95CB-971486111732}" = protocol=6 | dir=out | svc=upnphost | app=c:\windows\system32\svchost.exe |
"{2ABE8EB5-B07D-4616-9926-EFF4E87DB20C}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{3402E81F-36F6-4FEE-B0F2-19DE68C825E3}" = protocol=6 | dir=in | app=c:\program files\common files\aol\acs\aolacsd.exe |
"{3846E077-CEBF-4F4F-B7A5-8C617B44D432}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{3AE6FA2F-6369-46C0-9FBC-5785C55F498C}" = protocol=6 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
"{3B63195E-7BBC-4FFC-AB50-EF1A8AF58296}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{48927FD0-6563-4482-9990-EF3EDDAF2399}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{4A23B538-6998-4E8D-B47E-E5F4178614DE}" = protocol=6 | dir=out | app=system |
"{4D34F827-D789-41E9-A047-9FBA33822967}" = protocol=6 | dir=in | app=c:\program files\dna\btdna.exe |
"{4F073774-E8B6-46F3-A5B5-635B15162F63}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{506D562E-D479-4456-9292-4B0B4C44ECAE}" = protocol=17 | dir=in | app=c:\program files\common files\aol\acs\aoldial.exe |
"{578496E8-C87E-4722-B297-93BB3D46AF18}" = protocol=17 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
"{605E7F11-C927-4393-B531-106667455CAA}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{63B9EEBE-F0CB-4C76-B95A-A93E467BED1E}" = protocol=6 | dir=out | app=%systemroot%\system32\p2phost.exe |
"{655FB7C5-31C3-436F-87C6-F3670EB42B89}" = protocol=6 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |
"{6DA3E214-8402-4E2E-9959-57CF698775E1}" = protocol=6 | dir=out | app=c:\windows\system32\wudfhost.exe |
"{7FD2355E-68FF-4A4F-AEB1-9D042925BC40}" = protocol=17 | dir=in | app=c:\program files\aol 9.0 vr\waol.exe |
"{80BED819-853A-4C46-B1E4-C0A28417949A}" = protocol=17 | dir=in | app=c:\program files\common files\aol\system information\sinf.exe |
"{8620B72B-E841-43D5-A75E-E2425DBED0F4}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe |
"{89265405-29CF-4309-8D09-7D6501288285}" = protocol=6 | dir=in | app=c:\program files\bittorrent_dna\dna.exe |
"{89BE78E1-CDCC-4DD1-A6C6-F3C1ACC9D057}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{8AE1D1A1-02AA-4EBE-B959-F711AF74974A}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{959D4804-939D-40AB-A994-60F9B9FD8A9D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{975E68A8-408E-44C7-A1F8-E54AD47B0605}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{97CCC493-C165-443F-9589-77AFA29A5C1F}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{9DBFDF74-DD6D-4AAA-B16F-BF042986C0B6}" = protocol=6 | dir=in | app=c:\program files\aol 9.0 vr\waol.exe |
"{9DD6CE0D-CF70-4342-8CA3-10A9382E8098}" = protocol=6 | dir=in | app=c:\program files\common files\aol\topspeed\3.0\aoltpsd3.exe |
"{9F88F86D-DE14-476F-8B4E-6C656D74BB54}" = protocol=6 | dir=in | app=c:\program files\skype\phone\skype.exe |
"{A3F699FF-2144-4C2E-B9B4-08DD2D5FA756}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{AA5547FC-3C8B-4ECA-9690-13EA7718504A}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{AC57165D-4B61-4731-BFD1-575BC360D50C}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{B6F4744F-88FC-42B9-B0B0-054AEF88A51A}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{B8393477-4A14-4306-9216-5DBB0CFFA428}" = protocol=17 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |
"{BD91FB95-AE15-4576-B270-0EDA08A3DF4B}" = protocol=17 | dir=in | app=c:\program files\skype\phone\skype.exe |
"{BF5B9B2F-1990-43F5-A9B7-47338A86AD8A}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{C9F68B1E-64C5-46FC-8B73-F67E68A48BB4}" = protocol=17 | dir=in | app=c:\program files\common files\aol\topspeed\3.0\aoltpsd3.exe |
"{CE5AC4DA-86B8-4B37-A595-21FE80E22A4F}" = protocol=6 | dir=in | app=%systemroot%\system32\p2phost.exe |
"{CE6BB0C2-FE4D-4459-B659-B0005316EF0F}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{D36D56B0-C268-4867-B1AA-D0DC62923811}" = protocol=17 | dir=in | app=c:\program files\bittorrent_dna\dna.exe |
"{E10A85B6-8551-40CE-8499-3C9EC021FC05}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{E1B2988F-D95A-4188-B871-9E4E8D6BCE16}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{EFEBA83B-5621-4C8B-8023-15CB66573DE2}" = protocol=6 | dir=out | app=system |
"{F49730F5-866D-4583-8332-314103947F37}" = protocol=6 | dir=in | app=%systemroot%\system32\p2phost.exe |
"{FA0EAD20-C9B9-49FC-B61A-C79EE8A9B2E6}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"TCP Query User{780993B1-427E-4AE2-89B2-BA5704E91E69}C:\users\charles\program files\bittorrent_dna\dna.exe" = protocol=6 | dir=in | app=c:\users\charles\program files\bittorrent_dna\dna.exe |
"TCP Query User{A5C0A701-E937-49D3-A9A8-DAFDAE349F20}C:\program files\emule\emule.exe" = protocol=6 | dir=in | app=c:\program files\emule\emule.exe |
"UDP Query User{15AAFD6D-3E18-4028-9EB2-F0332EF7B076}C:\program files\emule\emule.exe" = protocol=17 | dir=in | app=c:\program files\emule\emule.exe |
"UDP Query User{4A2BDC48-3BC5-40A9-AA66-46435DA6287F}C:\users\charles\program files\bittorrent_dna\dna.exe" = protocol=17 | dir=in | app=c:\users\charles\program files\bittorrent_dna\dna.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{004FFFFF-FF01-FF11-FF03-01F00F02F000}" = GDL Object Web Plug-in
"{0627E8E9-6822-4A5E-9225-286741CDC3E4}" = FileViewerUtility 1.0
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{10A44844-4465-456E-8C97-80BDD4F68845}" = Assistant de connexion Windows Live ID
"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime
"{16E79B1D-D1C2-4CA6-8B23-F4D890E0DCB9}" = Orange Plug-in messagerie vocale 888
"{1895A08A-0DEC-4855-B1F4-1B95FB39901B}" = BitDefender Total Security 2010
"{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}" = Google Earth
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Outil de téléchargement Windows Live
"{2075CB0A-D26F-4DAA-B424-5079296B43BA}" = Windows Live FolderShare
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{254BEB3E-1085-4D66-9CDC-0152C0DC2E93}" = EPSON TWAIN 5
"{26A24AE4-039D-4CA4-87B4-2F83216018FF}" = Java(TM) 6 Update 18
"{2EAF7E61-068E-11DF-953C-005056806466}" = Google Earth
"{2FFE93F0-BB72-4E52-8761-354D1AAA9387}" = Sony Ericsson PC Suite 3.209.00
"{3119E881-90A3-11D4-9E17-00A0C9CA2831}" = Corel OCR-Trace
"{3248F0A8-6813-11D6-A77B-00B0D0160000}" = Java(TM) SE Runtime Environment 6
"{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java(TM) 6 Update 2
"{3248F0A8-6813-11D6-A77B-00B0D0160040}" = Java(TM) 6 Update 4
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{35725FBC-A136-4A46-9F29-091759D9BB93}" = MVision
"{3AC54383-31D1-4907-961B-B12CBB1D0AE8}" = MobileMe Control Panel
"{3AF8FCCD-F51A-4014-9002-F195E1CBC876}" = Logitech QuickCam
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
"{3E31821C-7917-367E-938E-E65FC413EA31}" = Microsoft .NET Framework 3.5 Language Pack SP1 - fra
"{428AF0B7-148E-45d7-898D-AA849BE9A284}" = Lotus Notes 6.51 fr
"{44CDBD1B-89FB-4E02-8319-2A4C550F664A}" = RTC Client API v1.2
"{4634B21A-CC07-4396-890C-2B8168661FEA}" = Windows Live Writer
"{46ABBC54-1872-4AA3-95E2-F2C063A63F31}" = Installation Windows Live
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4BC5C5C7-A247-4C25-BFC2-170E5423688E}" = Samsung PC Studio 3
"{4BDFD2CE-6329-42E4-9801-9B3D1F10D79B}" = Adobe® Photoshop® Album Edition Découverte 3.0
"{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack
"{4EE2EF4B-25D3-4D44-8384-A2B96F811F55}" = OpenOffice.org 3.2
"{4EF8BE6A-899C-4196-94E7-297C5F7A203E}" = pdfforge Toolbar v1.1.1
"{523B1E21-0B29-4402-9B8A-339086462028}_is1" = VirtualDub-MPEG2 v1.6.19 b24587 Fr
"{53B20C18-D8D4-4588-8737-9BBFE303C354}" = Windows Live Movie Maker
"{5A347920-4AFC-11D5-9FB0-800649886934}" = SDFormatter
"{5DD76286-9BE7-4894-A990-E905E91AC818}" = Windows Live Mail
"{63B9BAB5-F36A-4A3B-9E5C-68A7F212BFB9}" = TerraTec Home Cinema
"{65F5B7AF-3363-11D7-BB6B-00018021113F}" = EPSON PhotoQuicker3.5
"{66450A49-F7A1-4BE8-A626-609B8005ADB6}_is1" = ZNsoft Optimizer Xp
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6E1205BF-25BC-44A5-B10E-34402BFF5D45}" = PHP 5.2.6
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{770F1BEC-2871-4E70-B837-FB8525FFA3B1}" = Windows Live Messenger
"{82C7B308-0BDD-49D8-8EA5-9CD3A3F9DF41}" = Windows Live Call
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8B4AB829-DFD3-436D-B808-D9733D76C590}" = Macromedia Dreamweaver MX
"{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules
"{90120000-0016-040C-0000-0000000FF1CE}" = Microsoft Office Excel MUI (French) 2007
"{90120000-0016-040C-0000-0000000FF1CE}_HOMESTUDENTR_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-040C-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (French) 2007
"{90120000-0018-040C-0000-0000000FF1CE}_HOMESTUDENTR_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-040C-0000-0000000FF1CE}" = Microsoft Office Word MUI (French) 2007
"{90120000-001B-040C-0000-0000000FF1CE}_HOMESTUDENTR_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0401-0000-0000000FF1CE}" = Microsoft Office Proof (Arabic) 2007
"{90120000-001F-0401-0000-0000000FF1CE}_HOMESTUDENTR_{14809F99-C601-4D4A-9391-F1E8FAA964C5}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0413-0000-0000000FF1CE}" = Microsoft Office Proof (Dutch) 2007
"{90120000-001F-0413-0000-0000000FF1CE}_HOMESTUDENTR_{D66D5A44-E480-4BA4-B4F2-C554F6B30EBB}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-040C-0000-0000000FF1CE}" = Module de compatibilité pour Microsoft Office System 2007
"{90120000-002C-040C-0000-0000000FF1CE}" = Microsoft Office Proofing (French) 2007
"{90120000-006E-040C-0000-0000000FF1CE}" = Microsoft Office Shared MUI (French) 2007
"{90120000-006E-040C-0000-0000000FF1CE}_HOMESTUDENTR_{B165D3C2-40AE-4D39-86F7-E5C87C4264C0}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-040C-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (French) 2007
"{90120000-00A1-040C-0000-0000000FF1CE}_HOMESTUDENTR_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00B2-040C-0000-0000000FF1CE}" = Complément Microsoft Enregistrer en tant que PDF ou XPS pour programmes Microsoft Office 2007
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{913D040C-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Standard licence Etudiants/Enseignants/Elèves
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A10F672B-01C4-498F-ADBD-3E5B144284B7}_is1" = Tomtomax Maxi-Box V2.0.18
"{A5181519-9F3D-4372-ABC6-C333C2F3A816}_is1" = RunAlyzer
"{A5BA14E0-7384-11D4-BAE7-00409631A2C8}" = Macromedia Extension Manager
"{A67BB21E-D419-45BB-AB86-7D87D14BBCE2}" = Safari
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
"{AC76BA86-7AD7-1036-7B44-A93000000001}" = Adobe Reader 9.3.1 - Français
"{AD483998-2E9A-4405-83FF-6E503AF49CBB}" = Microsoft Virtual PC 2007 SP1
"{AE3CF174-872C-46C6-B9F6-C0593F3BC7B8}" = Microsoft Office Live Add-in 1.4
"{B08894AF-D523-46B1-9B9B-2DA6B29CDD23}" = RemoteCapture 2.6
"{B131E59D-202C-43C6-84C9-68F0C37541F1}" = Galerie de photos Windows Live
"{B72B0ECE-F41E-4EC4-AA37-1A00640680BF}" = Microsoft Sites publics français
"{B7FB0C86-41A4-4402-9A33-912C462042A0}" = Roxio Creator 9 LE
"{B8CD1189-53D6-4C51-8082-14B812EABBA8}" = Canon Camera WIA Driver
"{B94061DC-B2BB-42F7-800D-BCBF678AA8B3}" = Canon Camera WIA Driver
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{BEF726DD-4037-4214-8C6A-E625C02D2870}" = Logitech Audio Echo Cancellation Component
"{C121E4BA-00CB-4229-88DD-B832BBBB9DCF}" = EPSON Photo!4 Ver1.7
"{C4A4722E-79F9-417C-BD72-8D359A090C97}" = Samsung PC Studio 3
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CC0C788C-7C68-47A9-BFBF-0DF7B205B4CC}" = OFFICE One Fonts v7
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1
"{E1B2DF7C-A176-4A1D-9D32-3CEC5037A524}" = Apple Application Support
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E503B4BF-F7BB-3D5F-8BC8-F694B1CFF942}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218
"{EA516024-D84D-41F1-814F-83175A6188F2}" = Logitech Video Enumerator
"{EBAE381B-60A6-4863-AA9F-FCAB755BC9E5}" = ScanToWeb
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F439D7AF-03F3-4F8E-AEC4-571BFE977C61}" = iTunes
"{F4F4F84E-804F-4E9A-84D7-C34283F0088F}" = RealUpgrade 1.0
"{F7D27C70-90F5-49B9-B188-0A133C0CE353}" = Windows Live Toolbar
"{F7E1CA14-B39D-452A-960B-39423DDDD933}" = DriveImage XML
"{FA54AFB1-5745-4389-B8C1-9F7509672ED1}" = Utilitaire de configuration iPhone
"{FBF177D0-16A0-F742-A624-4129BBB9CEC9}" = GeneaSoft par GeneaNet
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"7-Zip" = 7-Zip 4.55 beta
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Photoshop 5.0 Limited Edition" = Adobe Photoshop 5.0 Limited Edition
"Adobe Photoshop Elements 2.0" = Adobe Photoshop Elements 2.0
"Adobe Shockwave Player" = Adobe Shockwave Player
"Amaya" = Amaya
"Applet_App" = Applet_App
"Applet_Copy" = Applet_Copy
"Applet_Creativity" = Applet_Creativity
"Applet_Email" = Applet_Email
"Applet_Epp" = Applet_Epp
"Applet_File" = Applet_File
"Applet_OCR" = Applet_OCR
"Applet_Web" = Applet_Web
"AUDIO_REALTEK" = Realtek HD Audio V6.0.1.5322
"CameraWindowDC" = Canon Utilities CameraWindow DC
"CameraWindowDVC6" = Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX
"CameraWindowLauncher" = Canon Utilities CameraWindow
"Canon G.726 WMP-Decoder" = Canon G.726 WMP-Decoder
"CCleaner" = CCleaner
"Copy Utility" = Copy Utility
"CREATOR9" = Creator 9
"DebugBar" = DebugBar v5.3 pour Internet Explorer (supprimer seulement)
"Duplicate Cleaner_is1" = Duplicate Cleaner 1.4.3
"EOS Utility" = Canon Utilities EOS Utility
"EPSON Photo Print" = EPSON Photo Print
"EPSON Scanner" = EPSON Scan
"EPSON Smart Panel" = EPSON Smart Panel
"ERUNT_is1" = ERUNT 1.1j
"F3200 Guide de référence" = F3200 Guide de référence
"FileZilla Client" = FileZilla Client 3.3.2
"FoxyTunesForFirefox" = FoxyTunes for Firefox
"Free.fr" = Free - Kit de connexion
"FreePack" = FreePack
"Freeplayer" = Freeplayer
"Google Chrome" = Google Chrome
"Google Updater" = Outil de mise à jour Google
"GPL Ghostscript 8.63" = GPL Ghostscript 8.63
"GRISBI" = Grisbi 0.5.9
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"hp deskjet 940c series" = hp deskjet 940c series (Supprimer uniquement)
"IETester" = IETester v0.4.2 (remove only)
"Infocentre" = Infocentre Rev. 2.0
"InfraRecorder" = InfraRecorder
"Inkscape" = Inkscape 0.46
"InstallShield_{0627E8E9-6822-4A5E-9225-286741CDC3E4}" = Canon Utilities FileViewerUtility 1.0
"InstallShield_{B08894AF-D523-46B1-9B9B-2DA6B29CDD23}" = Canon Utilities RemoteCapture 2.6
"InstallShield_{B8CD1189-53D6-4C51-8082-14B812EABBA8}" = Canon IXY 320, PowerShot S230, IXUS v3 Pilote WIA
"InstallShield_{B94061DC-B2BB-42F7-800D-BCBF678AA8B3}" = Canon PowerShot G3 Pilote WIA
"legacyqcam_10.51" = Coffret de pilotes Logitech Legacy USB Camera
"lvdrivers_11.80" = Coffret de pilotes Logitech QuickCam
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 Language Pack SP1 - fra" = Module linguistique Microsoft .NET Framework 3.5 SP1- fra
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"monAlbumPhoto_is1" = monAlbumPhoto
"Money2005b" = Microsoft Money
"MovieEditTask" = Canon MovieEdit Task for ZoomBrowser EX
"MozBackup_is1" = MozBackup 1.4.6
"Mozilla Firefox (3.6.2pre)" = Mozilla Firefox (3.6.2pre)
"Mozilla Sunbird (0.9)" = Mozilla Sunbird (0.9)
"Mozilla Thunderbird (3.0.3)" = Mozilla Thunderbird (3.0.3)
"MSMONEYV80" = Microsoft Money 2000 Standard
"MyCamera" = Canon Utilities MyCamera
"MyCameraDC" = Canon Utilities MyCamera DC
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"PC Wizard 2010_is1" = PC Wizard 2010.1.92
"PhotoRecord" = Canon PhotoRecord
"PhotoStitch" = Canon Utilities PhotoStitch
"Picasa 3" = Picasa 3
"PoiEdit" = PoiEdit
"Programme de désinstallation AOL" = AOL - Assistant de désinstallation
"PuTTY_is1" = PuTTY version 0.60
"RAW Image Task" = Canon RAW Image Task for ZoomBrowser EX
"RealPlayer 12.0" = RealPlayer
"RemoteCaptureDC" = Canon Utilities RemoteCapture DC
"RemoteCaptureTask" = Canon Utilities RemoteCapture Task for ZoomBrowser EX
"SAMSUNG Mobile Modem" = SAMSUNG Mobile Modem Driver Set
"Samsung Mobile phone USB driver" = Samsung Mobile phone USB driver Software
"SAMSUNG Mobile USB Modem" = SAMSUNG Mobile USB Modem Software
"SAMSUNG Mobile USB Modem 1.0" = SAMSUNG Mobile USB Modem 1.0 Software
"Scribus 1.3.3.12" = Scribus 1.3.3.12
"SETUPMYPC_FR" = SetUp My PC
"Spyware Doctor" = Spyware Doctor 7.0
"SystemRequirementsLab" = System Requirements Lab
"telerama" = telerama Screen Saver
"TomTom HOME" = TomTom HOME 2.7.3.1894
"TvFreePlayer Tools" = TvFreePlayer Tools
"Update Service" = Update Service
"Updator" = Packard Bell Updator
"VIDEO_NVIDIA" = Video NVIDIA v97.19
"ViewpointMediaPlayer" = Viewpoint Media Player
"VLC media player" = VideoLAN VLC media player 0.8.6h
"VN_VUIns_Rhine_VIA" = VIA Rhine Family Fast Ethernet Adapter
"WampServer 2_is1" = WampServer 2.0
"WinGimp-2.0_is1" = GIMP 2.6.8
"WinGimpSmartPrint2_is1" = SmartPrint26_20091022 for GIMP 2.6
"WinGTK-2_is1" = GTK+ 2.10.6-1 runtime environment
"WinLiveSuite_Wave3" = Installation Windows Live
"WinPcapInst" = WinPcap 4.0 alpha1
"WinRAR archiver" = Archiveur WinRAR
"winscp3_is1" = WinSCP 4.0.4
"XnView_is1" = XnView 1.92.1
"Xvid_is1" = Xvid 1.1.2 final uninstall
"Yahoo! Companion" = Yahoo! Toolbar avec bloqueur de fenêtres pop-up
"Yahoo! Toolbar" = Yahoo! Toolbar
"YInstHelper" = Yahoo! Install Manager
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX
"ZoomBrowser EX Memory Card Utility" = Canon ZoomBrowser EX Memory Card Utility

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1513615021-1546154329-1706228114-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"BitTorrent" = BitTorrent
"BitTorrent DNA" = DNA
"pdfsam" = pdfsam
"Spoon Sandbox Manager 3.16" = Spoon Sandbox Manager 3.16
"Spoon Sandbox Manager 3.19" = Spoon Sandbox Manager 3.19

========== Last 10 Event Log Errors ==========

Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

<End>
snoopit31
 
Messages: 7
Inscription: 25 Mar 2010, 23:36

rapport OTL entier

Messagede snoopit31 » 26 Mar 2010, 16:32

Je ne suis pas sûr que le rapport OTL ait été envoyé en entier, je ne vois pas le <end> à la fin.

Rapport OTL

OTL Extras logfile created on: 26/03/2010 08:43:12 - Run 1
OTL by OldTimer - Version 3.1.37.3 Folder = C:\Users\Charles\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18882)
Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy

2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 46,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 66,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 224,88 Gb Total Space | 23,59 Gb Free Space | 10,49% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive N: | 3,77 Gb Total Space | 0,10 Gb Free Space | 2,70% Space Free | Partition Type: FAT32

Computer Name: PC-FAMILIAL
Current User Name: Charles
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-1513615021-1546154329-1706228114-1003\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~3\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UacDisableNotify" = 1
"InternetSettingsDisableNotify" = 1
"AutoUpdateDisableNotify" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 1
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\BitTorrent\bittorrent.exe" = C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent -- ()


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0A44E0A2-1DC6-4AD1-AD9C-AF999C664DAB}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{22ACAA64-F02F-4685-8718-BD8278F11F56}" = lport=3540 | protocol=17 | dir=in | svc=pnrpsvc | app=%systemroot%\system32\svchost.exe |
"{26701E2A-828D-43D2-A077-9AA210C27DD3}" = lport=3540 | protocol=17 | dir=in | svc=pnrpsvc | app=%systemroot%\system32\svchost.exe |
"{424CA1E0-DEA8-44B9-A34C-5A237EE8D0B1}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{427D18EB-103E-49D3-9E20-2CEB159E3146}" = lport=2869 | protocol=6 | dir=in | app=system |
"{4B1A2C1E-1F3F-4F3C-8712-015CBDBEB4E3}" = rport=3702 | protocol=17 | dir=out | app=%systemroot%\system32\p2phost.exe |
"{4B4DD3AF-7E37-4C96-BF5C-FC883E954A6D}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{556219C2-70E0-4634-8043-0E0CBC9F7519}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{6B8CB999-6236-4FAA-8150-7CDCD69FE4A6}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{6DCE357E-F30D-4FA0-82C3-177CC40156F7}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{7D5AFCF5-568D-4053-A54E-07F495D2BA25}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{903F88FF-B945-40AA-82FC-71B2178901BA}" = rport=3702 | protocol=17 | dir=out | app=%systemroot%\system32\p2phost.exe |
"{9247D394-4650-4143-8AC5-1B5A70EAF411}" = rport=10243 | protocol=6 | dir=out | app=system |
"{9F9F08FD-CCB5-45E2-9EB1-A54F5BA09EE9}" = rport=3540 | protocol=17 | dir=out | svc=pnrpsvc | app=%systemroot%\system32\svchost.exe |
"{A46CA0C7-5409-4D7C-B904-582A35939A7F}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{AC2873DE-89A2-4FCA-9FDE-CBE62E66326D}" = lport=3702 | protocol=17 | dir=in | app=%systemroot%\system32\p2phost.exe |
"{C0A87E5A-A5C2-447D-A96E-4EC27307364E}" = lport=2869 | protocol=6 | dir=in | app=system |
"{C7CD659A-A3D5-47A5-B225-63993243234E}" = lport=3702 | protocol=17 | dir=in | app=%systemroot%\system32\p2phost.exe |
"{CD2124C7-1A2B-41D9-BCA2-02F1E8305B39}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{CDA17D59-CC72-45CC-A151-4447DA0662C3}" = lport=10243 | protocol=6 | dir=in | app=system |
"{D6E9A4D3-F182-4E9B-8D6E-0613812443C6}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{D91B5D4F-6AE2-4523-913F-F0C6EBDFAD95}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{DBC6AC76-74F5-48B5-9EC8-8A3C2AD9B268}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{E1E96A88-8E64-490D-B507-D76BBEFE3A99}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{E9EC7B81-C0D7-413C-9198-2D88BD4D1A9B}" = rport=3540 | protocol=17 | dir=out | svc=pnrpsvc | app=%systemroot%\system32\svchost.exe |
"{FE73DEA2-490B-4D51-A834-5E328ADC9C6F}" = lport=2869 | protocol=6 | dir=in | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{02305D9D-85BA-449F-985D-50C0DDA60521}" = protocol=6 | dir=in | app=c:\program files\common files\aol\system information\sinf.exe |
"{096A4831-CFC3-4B15-8B69-C881B4298566}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{0F862AED-1280-4E57-A4D0-3A6CEFF0CDF9}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{10B6C2D4-A469-4509-AD25-4CB8FD522E56}" = protocol=6 | dir=in | app=c:\program files\common files\aol\acs\aoldial.exe |
"{10ED7B7E-3090-42B9-A8EA-9DC0FE366441}" = protocol=17 | dir=in | app=c:\program files\common files\aol\acs\aolacsd.exe |
"{12FC11B3-A78A-4943-A9B3-9A64AC80C1BD}" = protocol=17 | dir=in | app=c:\program files\dna\btdna.exe |
"{19CD6D79-C23A-4539-B7FE-C8FDB3E7EDDE}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{1C35BB3A-7A48-4B3F-9610-2256528C007D}" = protocol=6 | dir=out | app=%systemroot%\system32\p2phost.exe |
"{227CA952-7F7E-415E-95CB-971486111732}" = protocol=6 | dir=out | svc=upnphost | app=c:\windows\system32\svchost.exe |
"{2ABE8EB5-B07D-4616-9926-EFF4E87DB20C}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{3402E81F-36F6-4FEE-B0F2-19DE68C825E3}" = protocol=6 | dir=in | app=c:\program files\common files\aol\acs\aolacsd.exe |
"{3846E077-CEBF-4F4F-B7A5-8C617B44D432}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{3AE6FA2F-6369-46C0-9FBC-5785C55F498C}" = protocol=6 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
"{3B63195E-7BBC-4FFC-AB50-EF1A8AF58296}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{48927FD0-6563-4482-9990-EF3EDDAF2399}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{4A23B538-6998-4E8D-B47E-E5F4178614DE}" = protocol=6 | dir=out | app=system |
"{4D34F827-D789-41E9-A047-9FBA33822967}" = protocol=6 | dir=in | app=c:\program files\dna\btdna.exe |
"{4F073774-E8B6-46F3-A5B5-635B15162F63}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{506D562E-D479-4456-9292-4B0B4C44ECAE}" = protocol=17 | dir=in | app=c:\program files\common files\aol\acs\aoldial.exe |
"{578496E8-C87E-4722-B297-93BB3D46AF18}" = protocol=17 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
"{605E7F11-C927-4393-B531-106667455CAA}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{63B9EEBE-F0CB-4C76-B95A-A93E467BED1E}" = protocol=6 | dir=out | app=%systemroot%\system32\p2phost.exe |
"{655FB7C5-31C3-436F-87C6-F3670EB42B89}" = protocol=6 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |
"{6DA3E214-8402-4E2E-9959-57CF698775E1}" = protocol=6 | dir=out | app=c:\windows\system32\wudfhost.exe |
"{7FD2355E-68FF-4A4F-AEB1-9D042925BC40}" = protocol=17 | dir=in | app=c:\program files\aol 9.0 vr\waol.exe |
"{80BED819-853A-4C46-B1E4-C0A28417949A}" = protocol=17 | dir=in | app=c:\program files\common files\aol\system information\sinf.exe |
"{8620B72B-E841-43D5-A75E-E2425DBED0F4}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe |
"{89265405-29CF-4309-8D09-7D6501288285}" = protocol=6 | dir=in | app=c:\program files\bittorrent_dna\dna.exe |
"{89BE78E1-CDCC-4DD1-A6C6-F3C1ACC9D057}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{8AE1D1A1-02AA-4EBE-B959-F711AF74974A}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{959D4804-939D-40AB-A994-60F9B9FD8A9D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{975E68A8-408E-44C7-A1F8-E54AD47B0605}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{97CCC493-C165-443F-9589-77AFA29A5C1F}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{9DBFDF74-DD6D-4AAA-B16F-BF042986C0B6}" = protocol=6 | dir=in | app=c:\program files\aol 9.0 vr\waol.exe |
"{9DD6CE0D-CF70-4342-8CA3-10A9382E8098}" = protocol=6 | dir=in | app=c:\program files\common files\aol\topspeed\3.0\aoltpsd3.exe |
"{9F88F86D-DE14-476F-8B4E-6C656D74BB54}" = protocol=6 | dir=in | app=c:\program files\skype\phone\skype.exe |
"{A3F699FF-2144-4C2E-B9B4-08DD2D5FA756}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{AA5547FC-3C8B-4ECA-9690-13EA7718504A}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{AC57165D-4B61-4731-BFD1-575BC360D50C}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{B6F4744F-88FC-42B9-B0B0-054AEF88A51A}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{B8393477-4A14-4306-9216-5DBB0CFFA428}" = protocol=17 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |
"{BD91FB95-AE15-4576-B270-0EDA08A3DF4B}" = protocol=17 | dir=in | app=c:\program files\skype\phone\skype.exe |
"{BF5B9B2F-1990-43F5-A9B7-47338A86AD8A}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{C9F68B1E-64C5-46FC-8B73-F67E68A48BB4}" = protocol=17 | dir=in | app=c:\program files\common files\aol\topspeed\3.0\aoltpsd3.exe |
"{CE5AC4DA-86B8-4B37-A595-21FE80E22A4F}" = protocol=6 | dir=in | app=%systemroot%\system32\p2phost.exe |
"{CE6BB0C2-FE4D-4459-B659-B0005316EF0F}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{D36D56B0-C268-4867-B1AA-D0DC62923811}" = protocol=17 | dir=in | app=c:\program files\bittorrent_dna\dna.exe |
"{E10A85B6-8551-40CE-8499-3C9EC021FC05}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{E1B2988F-D95A-4188-B871-9E4E8D6BCE16}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{EFEBA83B-5621-4C8B-8023-15CB66573DE2}" = protocol=6 | dir=out | app=system |
"{F49730F5-866D-4583-8332-314103947F37}" = protocol=6 | dir=in | app=%systemroot%\system32\p2phost.exe |
"{FA0EAD20-C9B9-49FC-B61A-C79EE8A9B2E6}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"TCP Query User{780993B1-427E-4AE2-89B2-BA5704E91E69}C:\users\charles\program files\bittorrent_dna\dna.exe" = protocol=6 | dir=in | app=c:\users\charles\program files\bittorrent_dna\dna.exe |
"TCP Query User{A5C0A701-E937-49D3-A9A8-DAFDAE349F20}C:\program files\emule\emule.exe" = protocol=6 | dir=in | app=c:\program files\emule\emule.exe |
"UDP Query User{15AAFD6D-3E18-4028-9EB2-F0332EF7B076}C:\program files\emule\emule.exe" = protocol=17 | dir=in | app=c:\program files\emule\emule.exe |
"UDP Query User{4A2BDC48-3BC5-40A9-AA66-46435DA6287F}C:\users\charles\program files\bittorrent_dna\dna.exe" = protocol=17 | dir=in | app=c:\users\charles\program files\bittorrent_dna\dna.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{004FFFFF-FF01-FF11-FF03-01F00F02F000}" = GDL Object Web Plug-in
"{0627E8E9-6822-4A5E-9225-286741CDC3E4}" = FileViewerUtility 1.0
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{10A44844-4465-456E-8C97-80BDD4F68845}" = Assistant de connexion Windows Live ID
"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime
"{16E79B1D-D1C2-4CA6-8B23-F4D890E0DCB9}" = Orange Plug-in messagerie vocale 888
"{1895A08A-0DEC-4855-B1F4-1B95FB39901B}" = BitDefender Total Security 2010
"{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}" = Google Earth
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Outil de téléchargement Windows Live
"{2075CB0A-D26F-4DAA-B424-5079296B43BA}" = Windows Live FolderShare
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{254BEB3E-1085-4D66-9CDC-0152C0DC2E93}" = EPSON TWAIN 5
"{26A24AE4-039D-4CA4-87B4-2F83216018FF}" = Java(TM) 6 Update 18
"{2EAF7E61-068E-11DF-953C-005056806466}" = Google Earth
"{2FFE93F0-BB72-4E52-8761-354D1AAA9387}" = Sony Ericsson PC Suite 3.209.00
"{3119E881-90A3-11D4-9E17-00A0C9CA2831}" = Corel OCR-Trace
"{3248F0A8-6813-11D6-A77B-00B0D0160000}" = Java(TM) SE Runtime Environment 6
"{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java(TM) 6 Update 2
"{3248F0A8-6813-11D6-A77B-00B0D0160040}" = Java(TM) 6 Update 4
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{35725FBC-A136-4A46-9F29-091759D9BB93}" = MVision
"{3AC54383-31D1-4907-961B-B12CBB1D0AE8}" = MobileMe Control Panel
"{3AF8FCCD-F51A-4014-9002-F195E1CBC876}" = Logitech QuickCam
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
"{3E31821C-7917-367E-938E-E65FC413EA31}" = Microsoft .NET Framework 3.5 Language Pack SP1 - fra
"{428AF0B7-148E-45d7-898D-AA849BE9A284}" = Lotus Notes 6.51 fr
"{44CDBD1B-89FB-4E02-8319-2A4C550F664A}" = RTC Client API v1.2
"{4634B21A-CC07-4396-890C-2B8168661FEA}" = Windows Live Writer
"{46ABBC54-1872-4AA3-95E2-F2C063A63F31}" = Installation Windows Live
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4BC5C5C7-A247-4C25-BFC2-170E5423688E}" = Samsung PC Studio 3
"{4BDFD2CE-6329-42E4-9801-9B3D1F10D79B}" = Adobe® Photoshop® Album Edition Découverte 3.0
"{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack
"{4EE2EF4B-25D3-4D44-8384-A2B96F811F55}" = OpenOffice.org 3.2
"{4EF8BE6A-899C-4196-94E7-297C5F7A203E}" = pdfforge Toolbar v1.1.1
"{523B1E21-0B29-4402-9B8A-339086462028}_is1" = VirtualDub-MPEG2 v1.6.19 b24587 Fr
"{53B20C18-D8D4-4588-8737-9BBFE303C354}" = Windows Live Movie Maker
"{5A347920-4AFC-11D5-9FB0-800649886934}" = SDFormatter
"{5DD76286-9BE7-4894-A990-E905E91AC818}" = Windows Live Mail
"{63B9BAB5-F36A-4A3B-9E5C-68A7F212BFB9}" = TerraTec Home Cinema
"{65F5B7AF-3363-11D7-BB6B-00018021113F}" = EPSON PhotoQuicker3.5
"{66450A49-F7A1-4BE8-A626-609B8005ADB6}_is1" = ZNsoft Optimizer Xp
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6E1205BF-25BC-44A5-B10E-34402BFF5D45}" = PHP 5.2.6
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{770F1BEC-2871-4E70-B837-FB8525FFA3B1}" = Windows Live Messenger
"{82C7B308-0BDD-49D8-8EA5-9CD3A3F9DF41}" = Windows Live Call
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8B4AB829-DFD3-436D-B808-D9733D76C590}" = Macromedia Dreamweaver MX
"{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules
"{90120000-0016-040C-0000-0000000FF1CE}" = Microsoft Office Excel MUI (French) 2007
"{90120000-0016-040C-0000-0000000FF1CE}_HOMESTUDENTR_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-040C-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (French) 2007
"{90120000-0018-040C-0000-0000000FF1CE}_HOMESTUDENTR_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-040C-0000-0000000FF1CE}" = Microsoft Office Word MUI (French) 2007
"{90120000-001B-040C-0000-0000000FF1CE}_HOMESTUDENTR_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0401-0000-0000000FF1CE}" = Microsoft Office Proof (Arabic) 2007
"{90120000-001F-0401-0000-0000000FF1CE}_HOMESTUDENTR_{14809F99-C601-4D4A-9391-F1E8FAA964C5}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0413-0000-0000000FF1CE}" = Microsoft Office Proof (Dutch) 2007
"{90120000-001F-0413-0000-0000000FF1CE}_HOMESTUDENTR_{D66D5A44-E480-4BA4-B4F2-C554F6B30EBB}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-040C-0000-0000000FF1CE}" = Module de compatibilité pour Microsoft Office System 2007
"{90120000-002C-040C-0000-0000000FF1CE}" = Microsoft Office Proofing (French) 2007
"{90120000-006E-040C-0000-0000000FF1CE}" = Microsoft Office Shared MUI (French) 2007
"{90120000-006E-040C-0000-0000000FF1CE}_HOMESTUDENTR_{B165D3C2-40AE-4D39-86F7-E5C87C4264C0}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-040C-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (French) 2007
"{90120000-00A1-040C-0000-0000000FF1CE}_HOMESTUDENTR_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00B2-040C-0000-0000000FF1CE}" = Complément Microsoft Enregistrer en tant que PDF ou XPS pour programmes Microsoft Office 2007
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{913D040C-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Standard licence Etudiants/Enseignants/Elèves
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A10F672B-01C4-498F-ADBD-3E5B144284B7}_is1" = Tomtomax Maxi-Box V2.0.18
"{A5181519-9F3D-4372-ABC6-C333C2F3A816}_is1" = RunAlyzer
"{A5BA14E0-7384-11D4-BAE7-00409631A2C8}" = Macromedia Extension Manager
"{A67BB21E-D419-45BB-AB86-7D87D14BBCE2}" = Safari
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
"{AC76BA86-7AD7-1036-7B44-A93000000001}" = Adobe Reader 9.3.1 - Français
"{AD483998-2E9A-4405-83FF-6E503AF49CBB}" = Microsoft Virtual PC 2007 SP1
"{AE3CF174-872C-46C6-B9F6-C0593F3BC7B8}" = Microsoft Office Live Add-in 1.4
"{B08894AF-D523-46B1-9B9B-2DA6B29CDD23}" = RemoteCapture 2.6
"{B131E59D-202C-43C6-84C9-68F0C37541F1}" = Galerie de photos Windows Live
"{B72B0ECE-F41E-4EC4-AA37-1A00640680BF}" = Microsoft Sites publics français
"{B7FB0C86-41A4-4402-9A33-912C462042A0}" = Roxio Creator 9 LE
"{B8CD1189-53D6-4C51-8082-14B812EABBA8}" = Canon Camera WIA Driver
"{B94061DC-B2BB-42F7-800D-BCBF678AA8B3}" = Canon Camera WIA Driver
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{BEF726DD-4037-4214-8C6A-E625C02D2870}" = Logitech Audio Echo Cancellation Component
"{C121E4BA-00CB-4229-88DD-B832BBBB9DCF}" = EPSON Photo!4 Ver1.7
"{C4A4722E-79F9-417C-BD72-8D359A090C97}" = Samsung PC Studio 3
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CC0C788C-7C68-47A9-BFBF-0DF7B205B4CC}" = OFFICE One Fonts v7
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1
"{E1B2DF7C-A176-4A1D-9D32-3CEC5037A524}" = Apple Application Support
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E503B4BF-F7BB-3D5F-8BC8-F694B1CFF942}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218
"{EA516024-D84D-41F1-814F-83175A6188F2}" = Logitech Video Enumerator
"{EBAE381B-60A6-4863-AA9F-FCAB755BC9E5}" = ScanToWeb
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F439D7AF-03F3-4F8E-AEC4-571BFE977C61}" = iTunes
"{F4F4F84E-804F-4E9A-84D7-C34283F0088F}" = RealUpgrade 1.0
"{F7D27C70-90F5-49B9-B188-0A133C0CE353}" = Windows Live Toolbar
"{F7E1CA14-B39D-452A-960B-39423DDDD933}" = DriveImage XML
"{FA54AFB1-5745-4389-B8C1-9F7509672ED1}" = Utilitaire de configuration iPhone
"{FBF177D0-16A0-F742-A624-4129BBB9CEC9}" = GeneaSoft par GeneaNet
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"7-Zip" = 7-Zip 4.55 beta
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Photoshop 5.0 Limited Edition" = Adobe Photoshop 5.0 Limited Edition
"Adobe Photoshop Elements 2.0" = Adobe Photoshop Elements 2.0
"Adobe Shockwave Player" = Adobe Shockwave Player
"Amaya" = Amaya
"Applet_App" = Applet_App
"Applet_Copy" = Applet_Copy
"Applet_Creativity" = Applet_Creativity
"Applet_Email" = Applet_Email
"Applet_Epp" = Applet_Epp
"Applet_File" = Applet_File
"Applet_OCR" = Applet_OCR
"Applet_Web" = Applet_Web
"AUDIO_REALTEK" = Realtek HD Audio V6.0.1.5322
"CameraWindowDC" = Canon Utilities CameraWindow DC
"CameraWindowDVC6" = Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX
"CameraWindowLauncher" = Canon Utilities CameraWindow
"Canon G.726 WMP-Decoder" = Canon G.726 WMP-Decoder
"CCleaner" = CCleaner
"Copy Utility" = Copy Utility
"CREATOR9" = Creator 9
"DebugBar" = DebugBar v5.3 pour Internet Explorer (supprimer seulement)
"Duplicate Cleaner_is1" = Duplicate Cleaner 1.4.3
"EOS Utility" = Canon Utilities EOS Utility
"EPSON Photo Print" = EPSON Photo Print
"EPSON Scanner" = EPSON Scan
"EPSON Smart Panel" = EPSON Smart Panel
"ERUNT_is1" = ERUNT 1.1j
"F3200 Guide de référence" = F3200 Guide de référence
"FileZilla Client" = FileZilla Client 3.3.2
"FoxyTunesForFirefox" = FoxyTunes for Firefox
"Free.fr" = Free - Kit de connexion
"FreePack" = FreePack
"Freeplayer" = Freeplayer
"Google Chrome" = Google Chrome
"Google Updater" = Outil de mise à jour Google
"GPL Ghostscript 8.63" = GPL Ghostscript 8.63
"GRISBI" = Grisbi 0.5.9
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"hp deskjet 940c series" = hp deskjet 940c series (Supprimer uniquement)
"IETester" = IETester v0.4.2 (remove only)
"Infocentre" = Infocentre Rev. 2.0
"InfraRecorder" = InfraRecorder
"Inkscape" = Inkscape 0.46
"InstallShield_{0627E8E9-6822-4A5E-9225-286741CDC3E4}" = Canon Utilities FileViewerUtility 1.0
"InstallShield_{B08894AF-D523-46B1-9B9B-2DA6B29CDD23}" = Canon Utilities RemoteCapture 2.6
"InstallShield_{B8CD1189-53D6-4C51-8082-14B812EABBA8}" = Canon IXY 320, PowerShot S230, IXUS v3 Pilote WIA
"InstallShield_{B94061DC-B2BB-42F7-800D-BCBF678AA8B3}" = Canon PowerShot G3 Pilote WIA
"legacyqcam_10.51" = Coffret de pilotes Logitech Legacy USB Camera
"lvdrivers_11.80" = Coffret de pilotes Logitech QuickCam
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 Language Pack SP1 - fra" = Module linguistique Microsoft .NET Framework 3.5 SP1- fra
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"monAlbumPhoto_is1" = monAlbumPhoto
"Money2005b" = Microsoft Money
"MovieEditTask" = Canon MovieEdit Task for ZoomBrowser EX
"MozBackup_is1" = MozBackup 1.4.6
"Mozilla Firefox (3.6.2pre)" = Mozilla Firefox (3.6.2pre)
"Mozilla Sunbird (0.9)" = Mozilla Sunbird (0.9)
"Mozilla Thunderbird (3.0.3)" = Mozilla Thunderbird (3.0.3)
"MSMONEYV80" = Microsoft Money 2000 Standard
"MyCamera" = Canon Utilities MyCamera
"MyCameraDC" = Canon Utilities MyCamera DC
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"PC Wizard 2010_is1" = PC Wizard 2010.1.92
"PhotoRecord" = Canon PhotoRecord
"PhotoStitch" = Canon Utilities PhotoStitch
"Picasa 3" = Picasa 3
"PoiEdit" = PoiEdit
"Programme de désinstallation AOL" = AOL - Assistant de désinstallation
"PuTTY_is1" = PuTTY version 0.60
"RAW Image Task" = Canon RAW Image Task for ZoomBrowser EX
"RealPlayer 12.0" = RealPlayer
"RemoteCaptureDC" = Canon Utilities RemoteCapture DC
"RemoteCaptureTask" = Canon Utilities RemoteCapture Task for ZoomBrowser EX
"SAMSUNG Mobile Modem" = SAMSUNG Mobile Modem Driver Set
"Samsung Mobile phone USB driver" = Samsung Mobile phone USB driver Software
"SAMSUNG Mobile USB Modem" = SAMSUNG Mobile USB Modem Software
"SAMSUNG Mobile USB Modem 1.0" = SAMSUNG Mobile USB Modem 1.0 Software
"Scribus 1.3.3.12" = Scribus 1.3.3.12
"SETUPMYPC_FR" = SetUp My PC
"Spyware Doctor" = Spyware Doctor 7.0
"SystemRequirementsLab" = System Requirements Lab
"telerama" = telerama Screen Saver
"TomTom HOME" = TomTom HOME 2.7.3.1894
"TvFreePlayer Tools" = TvFreePlayer Tools
"Update Service" = Update Service
"Updator" = Packard Bell Updator
"VIDEO_NVIDIA" = Video NVIDIA v97.19
"ViewpointMediaPlayer" = Viewpoint Media Player
"VLC media player" = VideoLAN VLC media player 0.8.6h
"VN_VUIns_Rhine_VIA" = VIA Rhine Family Fast Ethernet Adapter
"WampServer 2_is1" = WampServer 2.0
"WinGimp-2.0_is1" = GIMP 2.6.8
"WinGimpSmartPrint2_is1" = SmartPrint26_20091022 for GIMP 2.6
"WinGTK-2_is1" = GTK+ 2.10.6-1 runtime environment
"WinLiveSuite_Wave3" = Installation Windows Live
"WinPcapInst" = WinPcap 4.0 alpha1
"WinRAR archiver" = Archiveur WinRAR
"winscp3_is1" = WinSCP 4.0.4
"XnView_is1" = XnView 1.92.1
"Xvid_is1" = Xvid 1.1.2 final uninstall
"Yahoo! Companion" = Yahoo! Toolbar avec bloqueur de fenêtres pop-up
"Yahoo! Toolbar" = Yahoo! Toolbar
"YInstHelper" = Yahoo! Install Manager
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX
"ZoomBrowser EX Memory Card Utility" = Canon ZoomBrowser EX Memory Card Utility

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1513615021-1546154329-1706228114-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"BitTorrent" = BitTorrent
"BitTorrent DNA" = DNA
"pdfsam" = pdfsam
"Spoon Sandbox Manager 3.16" = Spoon Sandbox Manager 3.16
"Spoon Sandbox Manager 3.19" = Spoon Sandbox Manager 3.19

========== Last 10 Event Log Errors ==========

Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

<End>
[/b]
snoopit31
 
Messages: 7
Inscription: 25 Mar 2010, 23:36

Messagede nickW » 29 Mar 2010, 00:29

Bonsoir,

Remarque initiale:
tu as envoyé deux fois le rapport Extras.Txt, mais pas le rapport OTLTxt.
Peux-tu envoyer le rapport OTL.Txt?



Tu as en effet installé de nombreux logiciels!

La place libre sur la partition C: est faible: 10,49% Space Free


Commencons par un nettoyage des fichiers temporaires:

Étape 1: TFC - Temp File Cleaner (de OldTimer)
Télécharger TFC depuis l'un des deux liens ci-dessous:
http://oldtimer.geekstogo.com/TFC.exe
http://ottools.noahdfear.net/TFC.exe
Enregistrer le fichier sur le Bureau.

L'outil va faire redémarrer le système: il est indispensable d'enregistrer tous les travaux en cours.

Faire un clic droit sur TFC.exe puis choisir "Exécuter en tant qu'Administrateur" pour lancer l'outil.

L'écran principal de TFC s'affiche:
Image

Cliquer sur le bouton Start.

L'outil va supprimer les fichiers temporaires de tous les utilisateurs, ce qui prend au maximum trois minutes.

En fin d'exécution, le programme affichera la liste des dossiers vidés, ainsi que la taille de l'espace disque ainsi libéré.

Noter le nombre affiché en rouge tout en bas: Total Files Cleaned = **,** mb pour l'envoyer en réponse.

Le programme proposera le redémarrage du système ("The system requires a reboot to finish removing files"). Il faut cliquer sur Oui/Yes.



Ensuite, nettoyage de ce qu'a détecté MBAM (ce ne sont que des traces inactives):

Étape 2: Pas de processus de contrôle en temps réel
Désactiver le module résident de l'antivirus.
Image BitDefender: double clic sur l'icône dans la SysBarre (à coté de l'horloge), dans le menu "Antivirus", dans l'onglet "Résident", décocher la case située devant "Protection en temps réel activée"


Étape 3: Malwarebytes' Anti-Malware, nettoyage
Fermer toutes les fenêtres de programme ouvertes.
Lancer Malwarebytes' Anti-Malware via le Menu Démarrer.
Dans l'onglet Paramètres, vérifier que toutes les cases sont cochées sauf "Créer une option dans le menu contextuel pour analyser des fichiers (clic droit)".
Dans l'onglet Mise à jour, cliquer sur le bouton Recherche de mise à jour et installer toutes les mises à jour trouvées.
Dans l'onglet Recherche, cocher le bouton radio situé devant "Exécuter un examen rapide" puis cliquer sur le bouton Rechercher.
Attendre sans rien faire d'autre la fin de la recherche; dans la fenêtre annonçant la fin de l'analyse, cliquer sur OK; puis cliquer sur le bouton "Afficher les résultats".

Si des éléments nuisibles ont été détectés, cliquer sur le bouton "Supprimer la sélection"
Attendre patiemment sans rien faire d'autre la fin du nettoyage.
Un redémarrage est parfois nécessaire. Accepter.
Une fenêtre du Bloc-notes s'ouvre pour afficher le rapport. Fermer le Bloc-notes.
Cliquer sur le bouton "Quitter" pour fermer Malwarebytes' Anti-Malware.


Étape 4: Processus de contrôle en temps réel
Important: Réactiver le module résident de l'antivirus.


Étape 5: Résultats
Envoyer en réponse:
*- le total des éléments supprimés par TFC.
*- le rapport de Malwarebytes' Anti-Malware (contenu du fichier mbam-log-****-**-** (**-**-**).txt situé dans le dossier SystemDrive\Users\<tonprofil>\AppData\Roaming\Malwarebytes\Malwarebytes' Anti-Malware\Logs où ****-**-** (**-**-**) représente la date [année-mois-jour] et l'heure [hh-mn-ss])
[SystemDrive représente la partition sur laquelle est installé le système, généralement C:]

A suivre,
nickW - Image
30/07/2012: Plus de désinfection de PC jusqu'à nouvel ordre.
Pas de demande d'analyse de log en MP (Message Privé)
Mes configs
Avatar de l’utilisateur
nickW
Modérateur
 
Messages: 21698
Inscription: 20 Mai 2004, 17:41
Localisation: Dordogne/Île de France

Messagede snoopit31 » 31 Mar 2010, 10:18

Merci pour ta réponse que je viens de lire.
Je vais mettre en pratique.
Effectivement, j'ai pas mal de logiciels car je gère un site web. J'utilise donc un serveur local pour développer les modifs. Et j'ai eu des pb avec la dernière version d'easyphp, je suis passé sur wamp. Avec les logiciels de appareils photos, des téléphone portables et d'appareils empruntés pour la numérisation de photos argentiques et quelques logiciels référencés sur 01.net que je teste, çà finit par en faire pas mal sans oublier ceux installés d'origine que je n'arrive pas à désinstaller complétement (j'ai toujours des répertoires symantec alors que j'ai désinstallé Norton depuis longtemps).
Maintenant que j'ai plus de temps, je prévois de faire un peu le ménage entre les logiciels utilisés et les autres. Mais je vais y aller par étape. Comme tu me le conseilles, je vais commencer par le ménage dans les fichiers temporaires que j'essaie de vider avec Ccleaner sans y arriver complétement jusqu'à présent.

Excuse-moi pour l'erreur de copie. Voici le bon fichier.

Cordialement
Charles


OTL logfile created on: 26/03/2010 08:43:12 - Run 1
OTL by OldTimer - Version 3.1.37.3 Folder = C:\Users\Charles\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18882)
Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy

2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 46,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 66,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 224,88 Gb Total Space | 23,59 Gb Free Space | 10,49% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive N: | 3,77 Gb Total Space | 0,10 Gb Free Space | 2,70% Space Free | Partition Type: FAT32

Computer Name: PC-FAMILIAL
Current User Name: Charles
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/03/26 08:42:10 | 000,555,520 | ---- | M] (OldTimer Tools) -- C:\Users\Charles\Downloads\OTL.exe
PRC - [2010/03/17 21:55:26 | 001,612,616 | ---- | M] (BitDefender S.R.L.) -- C:\Program Files\BitDefender\BitDefender 2010\vsserv.exe
PRC - [2010/03/17 21:55:22 | 001,087,864 | ---- | M] (BitDefender S.R.L.) -- C:\Program Files\BitDefender\BitDefender 2010\seccenter.exe
PRC - [2010/03/16 13:59:31 | 000,202,256 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2010/01/20 15:59:34 | 001,120,704 | ---- | M] (BitDefender S.R.L.) -- C:\Program Files\BitDefender\BitDefender 2010\bdagent.exe
PRC - [2010/01/11 13:02:46 | 000,308,552 | ---- | M] (BitDefender S.R.L.) -- C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
PRC - [2009/11/13 12:31:14 | 000,092,008 | ---- | M] (TomTom) -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
PRC - [2009/05/19 10:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
PRC - [2009/04/11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/04/11 07:27:28 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conime.exe
PRC - [2009/03/30 16:28:36 | 001,533,808 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
PRC - [2009/03/30 16:28:36 | 000,183,152 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
PRC - [2008/07/26 08:23:42 | 000,186,904 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\logishrd\LVCOMSER\LVComSer.exe
PRC - [2004/01/09 04:56:00 | 000,057,393 | ---- | M] (IBM Corp) -- C:\Program Files\lotus\notes\ntmulti.exe
PRC - [2000/01/01 01:00:00 | 001,089,416 | ---- | M] (Code Systems Corporation) -- C:\Users\Charles\AppData\Local\Spoon\3.16.0.6\Spoon-Sandbox.exe


========== Modules (SafeList) ==========

MOD - [2010/03/26 08:42:10 | 000,555,520 | ---- | M] (OldTimer Tools) -- C:\Users\Charles\Downloads\OTL.exe
MOD - [2010/03/17 21:55:15 | 000,176,128 | ---- | M] (BitDefender S.R.L. Bucharest, ROMANIA) -- C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_59\plugin_extra.m32
MOD - [2010/03/17 21:55:15 | 000,098,304 | ---- | M] (BitDefender S.R.L. Bucharest, ROMANIA) -- C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_59\plugin_net.m32
MOD - [2010/03/17 21:55:14 | 000,319,488 | ---- | M] (BitDefender S.R.L. Bucharest, ROMANIA) -- C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_59\plugin_fragments.m32
MOD - [2010/03/17 21:55:14 | 000,266,240 | ---- | M] (BitDefender S.R.L. Bucharest, ROMANIA) -- C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_59\plugin_nt.m32
MOD - [2010/03/17 21:55:14 | 000,151,552 | ---- | M] (BitDefender S.R.L. Bucharest, ROMANIA) -- C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_59\plugin_base.m32
MOD - [2010/03/17 21:55:13 | 000,217,088 | ---- | M] (BitDefender S.R.L. Bucharest, ROMANIA) -- C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_59\midas32.dll
MOD - [2010/03/17 21:55:13 | 000,126,976 | ---- | M] (BitDefender S.R.L. Bucharest, ROMANIA) -- C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_59\plugin_registry.m32
MOD - [2009/04/11 07:21:38 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (Planificateur LiveUpdate automatique)
SRV - [2010/03/17 21:55:26 | 001,612,616 | ---- | M] (BitDefender S.R.L.) [Auto | Running] -- C:\Program Files\BitDefender\BitDefender 2010\vsserv.exe -- (VSSERV)
SRV - [2010/01/11 13:02:46 | 000,308,552 | ---- | M] (BitDefender S.R.L.) [Auto | Running] -- C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe -- (LIVESRV)
SRV - [2009/11/13 12:31:14 | 000,092,008 | ---- | M] (TomTom) [Auto | Running] -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService)
SRV - [2009/10/23 14:45:26 | 000,311,296 | ---- | M] (S.C. BitDefender S.R.L) [On_Demand | Stopped] -- C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\scan.dll -- (scan)
SRV - [2009/10/19 16:06:10 | 000,183,880 | ---- | M] (BitDefender S.R.L. http://www.bitdefender.com) [On_Demand | Stopped] -- C:\Program Files\Common Files\BitDefender\BitDefender Arrakis Server\bin\arrakis3.exe -- (Arrakis3)
SRV - [2009/09/25 02:27:04 | 000,793,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache)
SRV - [2009/09/23 13:33:42 | 001,141,200 | ---- | M] (PC Tools) [On_Demand | Stopped] -- C:\Program Files\Spyware Doctor\pctsSvc.exe -- (sdCoreService)
SRV - [2009/09/23 12:17:22 | 000,358,600 | ---- | M] (PC Tools) [On_Demand | Stopped] -- C:\Program Files\Spyware Doctor\pctsAuxs.exe -- (sdAuxService)
SRV - [2009/08/24 12:36:45 | 000,377,344 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- winhttp.dll -- (WinHttpAutoProxySvc)
SRV - [2009/06/17 11:18:42 | 006,582,912 | ---- | M] () [On_Demand | Stopped] -- c:\wamp\bin\mysql\mysql5.1.36\bin\mysqld.exe -- (wampmysqld)
SRV - [2009/05/19 10:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)
SRV - [2009/03/30 16:28:36 | 001,533,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2008/12/10 01:10:14 | 000,024,636 | ---- | M] (Apache Software Foundation) [On_Demand | Stopped] -- c:\wamp\bin\apache\apache2.2.11\bin\httpd.exe -- (wampapache)
SRV - [2008/07/26 08:27:42 | 000,141,848 | ---- | M] (Logitech Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\logishrd\SrvLnch\SrvLnch.exe -- (LVSrvLauncher)
SRV - [2008/07/26 08:25:36 | 000,150,040 | ---- | M] (Logitech Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv)
SRV - [2008/07/26 08:23:42 | 000,186,904 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe -- (LVCOMSer)
SRV - [2008/01/19 08:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2006/10/22 03:30:20 | 004,493,312 | ---- | M] () [Auto | Stopped] -- C:\Program Files\EasyPHP 2.0b1\mysql\bin\mysqld.exe -- (MySQL)
SRV - [2006/05/09 17:24:54 | 000,086,016 | ---- | M] (CACE Technologies) [On_Demand | Stopped] -- C:\Program Files\WinPcap\rpcapd.exe -- (rpcapd) Remote Packet Capture Protocol v.0 (experimental)
SRV - [2004/01/09 04:56:00 | 000,057,393 | ---- | M] (IBM Corp) [Auto | Running] -- C:\Program Files\lotus\notes\ntmulti.exe -- (Multi-user Cleanup Service)


========== Driver Services (SafeList) ==========

DRV - [2010/03/17 21:55:27 | 000,039,808 | ---- | M] (BitDefender S.R.L.) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\trufos.sys -- (Trufos)
DRV - [2010/03/17 21:55:27 | 000,014,720 | ---- | M] (BitDefender S.R.L.) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\profos.sys -- (Profos)
DRV - [2010/03/17 21:55:25 | 000,153,448 | ---- | M] (BitDefender S.R.L. Bucharest, ROMANIA) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\bdfm.sys -- (BDFM)
DRV - [2010/01/21 14:15:02 | 000,058,624 | ---- | M] (BitDefender) [Kernel | On_Demand | Stopped] -- C:\Program Files\BitDefender\BitDefender 2010\bdselfpr.sys -- (BDSelfPr)
DRV - [2010/01/12 12:03:34 | 011,586,280 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2009/10/19 16:04:00 | 000,072,200 | ---- | M] (BitDefender LLC) [Kernel | System | Running] -- C:\Windows\System32\drivers\BdfNdisf6.sys -- (BdfNdisf)
DRV - [2009/09/23 16:10:06 | 000,207,280 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\PCTCore.sys -- (PCTCore)
DRV - [2009/09/22 08:22:06 | 000,083,208 | ---- | M] (BitDefender) [Kernel | Auto | Running] -- C:\Program Files\BitDefender\BitDefender 2010\bdvedisk.sys -- (BDVEDISK)
DRV - [2009/09/01 14:24:34 | 000,118,536 | ---- | M] (BitDefender LLC) [Kernel | System | Running] -- C:\Program Files\Common Files\BitDefender\BitDefender Firewall\bdftdif.sys -- (bdftdif)
DRV - [2009/07/24 11:26:08 | 000,285,704 | ---- | M] (BitDefender S.R.L. Bucharest, ROMANIA) [File_System | Boot | Running] -- C:\Windows\system32\DRIVERS\bdfsfltr.sys -- (bdfsfltr)
DRV - [2009/07/15 02:05:52 | 000,229,224 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\VMM.sys -- (vmm)
DRV - [2009/04/30 22:56:32 | 000,495,768 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LV561AV.SYS -- (PID_0928) Logitech QuickCam Express(PID_0928)
DRV - [2009/04/11 05:42:54 | 000,073,216 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\USBAUDIO.sys -- (usbaudio) Pilote USB audio (WDM)
DRV - [2008/09/22 03:20:42 | 000,043,520 | ---- | M] (VIA Technologies, Inc. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\fetnd6v.sys -- (FETND6V)
DRV - [2008/07/26 16:26:20 | 000,041,752 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LVUSBSta.sys -- (LVUSBSta)
DRV - [2008/07/26 08:25:02 | 000,025,624 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LVPr2Mon.sys -- (LVPr2Mon)
DRV - [2008/07/03 18:53:58 | 000,021,672 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ggsemc.sys -- (ggsemc)
DRV - [2008/07/03 18:53:58 | 000,013,352 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ggflt.sys -- (ggflt)
DRV - [2008/06/10 20:22:52 | 000,081,288 | ---- | M] (PCTools Research Pty Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\iksyssec.sys -- (IKSysSec)
DRV - [2008/06/02 14:19:16 | 000,066,952 | ---- | M] (PCTools Research Pty Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\iksysflt.sys -- (IkSysFlt)
DRV - [2008/06/02 14:19:12 | 000,042,376 | ---- | M] (PCTools Research Pty Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ikfilesec.sys -- (IKFileSec)
DRV - [2008/02/05 00:50:44 | 000,059,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\VMNetSrv.sys -- (VPCNetS2)
DRV - [2008/01/19 08:41:25 | 000,020,024 | ---- | M] (VIA Technologies, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
DRV - [2007/07/24 20:47:33 | 000,682,232 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd)
DRV - [2007/07/03 15:58:20 | 000,106,792 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdmdm.sys -- (sscdmdm)
DRV - [2007/07/03 15:57:24 | 000,011,944 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdmdfl.sys -- (sscdmdfl)
DRV - [2007/07/03 15:54:24 | 000,080,552 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdbus.sys -- (sscdbus) SAMSUNG USB Composite Device driver (WDM)
DRV - [2007/04/03 12:57:54 | 000,099,080 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s116unic.sys -- (s116unic) Sony Ericsson Device 116 USB Ethernet Emulation SEMC116 (WDM)
DRV - [2007/04/03 12:57:52 | 000,098,696 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s116obex.sys -- (s116obex)
DRV - [2007/04/03 12:57:52 | 000,023,176 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s116nd5.sys -- (s116nd5) Sony Ericsson Device 116 USB Ethernet Emulation SEMC116 (NDIS)
DRV - [2007/04/03 12:57:50 | 000,100,488 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s116mgmt.sys -- (s116mgmt) Sony Ericsson Device 116 USB WMC Device Management Drivers (WDM)
DRV - [2007/04/03 12:57:48 | 000,108,680 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s116mdm.sys -- (s116mdm)
DRV - [2007/04/03 12:57:48 | 000,015,112 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s116mdfl.sys -- (s116mdfl)
DRV - [2007/04/03 12:57:42 | 000,083,336 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s116bus.sys -- (s116bus) Sony Ericsson Device 116 driver (WDM)
DRV - [2007/03/01 16:21:10 | 001,744,928 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTKVHDA.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2006/12/04 15:13:14 | 001,121,536 | ---- | M] (Philips Semiconductors GmbH) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\3xHybrid.sys -- (3xHybrid)
DRV - [2006/11/02 10:51:45 | 000,900,712 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
DRV - [2006/11/02 10:51:38 | 000,420,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2006/11/02 10:51:34 | 000,316,520 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
DRV - [2006/11/02 10:51:32 | 000,297,576 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
DRV - [2006/11/02 10:51:25 | 000,235,112 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
DRV - [2006/11/02 10:51:25 | 000,232,040 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
DRV - [2006/11/02 10:51:00 | 000,147,048 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
DRV - [2006/11/02 10:50:45 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2006/11/02 10:50:41 | 000,112,232 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2006/11/02 10:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006/11/02 10:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
DRV - [2006/11/02 10:50:35 | 000,098,408 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2006/11/02 10:50:24 | 000,088,680 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
DRV - [2006/11/02 10:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006/11/02 10:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
DRV - [2006/11/02 10:50:16 | 000,071,784 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2006/11/02 10:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2006/11/02 10:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006/11/02 10:50:10 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
DRV - [2006/11/02 10:50:10 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2006/11/02 10:50:10 | 000,038,504 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid2.sys -- (SiSRaid2)
DRV - [2006/11/02 10:50:10 | 000,037,480 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
DRV - [2006/11/02 10:50:09 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc)
DRV - [2006/11/02 10:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
DRV - [2006/11/02 10:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006/11/02 10:50:05 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2006/11/02 10:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006/11/02 10:50:04 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2006/11/02 10:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006/11/02 10:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
DRV - [2006/11/02 10:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006/11/02 10:49:53 | 000,028,776 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
DRV - [2006/11/02 10:49:28 | 000,016,488 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2006/11/02 10:49:20 | 000,014,952 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
DRV - [2006/11/02 09:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006/11/02 09:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
DRV - [2006/11/02 09:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
DRV - [2006/11/02 09:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
DRV - [2006/11/02 09:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
DRV - [2006/11/02 09:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
DRV - [2006/11/02 08:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)
DRV - [2006/11/02 08:30:54 | 000,117,760 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel(R)
DRV - [2006/11/02 08:30:53 | 000,464,384 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\BCMWL6.SYS -- (BCM43XV)
DRV - [2006/11/01 21:18:15 | 000,033,588 | ---- | M] (America Online, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\wanatw4.sys -- (wanatw) WAN Miniport (ATW)
DRV - [2006/07/24 15:05:00 | 000,005,632 | ---- | M] () [File_System | System | Running] -- C:\Windows\System32\drivers\StarOpen.sys -- (StarOpen)
DRV - [2006/05/09 16:50:56 | 000,034,944 | ---- | M] (CACE Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\npf.sys -- (NPF)
DRV - [2002/12/11 14:25:16 | 000,018,953 | ---- | M] (FreeBox SA) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\fbxusb.sys -- (fbxusb)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1513615021-1546154329-1706228114-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://fr.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-1513615021-1546154329-1706228114-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = fr
IE - HKU\S-1-5-21-1513615021-1546154329-1706228114-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = BD 0F 01 AF 70 C4 CA 01 [binary data]
IE - HKU\S-1-5-21-1513615021-1546154329-1706228114-1003\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-1513615021-1546154329-1706228114-1003\..\URLSearchHook: {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\pdfforge Toolbar\SearchSettings.dll (Spigot, Inc.)
IE - HKU\S-1-5-21-1513615021-1546154329-1706228114-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1513615021-1546154329-1706228114-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.order.1: "Yahoo"
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=971163"
FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "megaup"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "http://www.sud-aerien.org/"
FF - prefs.js..extensions.enabledItems: {097d3191-e6fa-4728-9826-b533d755359d}:0.7.11
FF - prefs.js..extensions.enabledItems: fr-FR@dictionaries.addons.mozilla.org:3.5
FF - prefs.js..extensions.enabledItems: fr@dictionaries.addons.mozilla.org:3.5
FF - prefs.js..extensions.enabledItems: firebug@software.joehewitt.com:1.5.3
FF - prefs.js..extensions.enabledItems: {a7c6cf7f-112c-4500-a7ea-39801a327e5f}:1.0.7
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.1.1
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.1.20091029021655
FF - prefs.js..extensions.enabledItems: FFToolbar@bitdefender.com:2.0
FF - prefs.js..keyword.URL: "http //fr.search.yahoo.com/search?ei=utf-8&fr=megaup&p="


FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010/03/16 14:01:54 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\FFToolbar@bitdefender.com: C:\Program Files\BitDefender\BitDefender 2010\bdaphffext\ [2010/03/24 17:23:32 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.2pre\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/03/25 19:35:28 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.2pre\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/03/25 19:35:28 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Sunbird 0.9\extensions\\Components: C:\Program Files\Mozilla Sunbird\components [2010/03/16 14:01:39 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Sunbird 0.9\extensions\\Plugins: C:\Program Files\Mozilla Sunbird\plugins
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.0.3\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2010/03/17 22:00:47 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.0.3\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2010/03/16 14:02:10 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Thunderbird\Extensions\\bdThunderbird@bitdefender.com: C:\Program Files\BitDefender\BitDefender 2010\bdtbext\ [2010/03/17 22:00:47 | 000,000,000 | ---D | M]

[2009/12/17 19:14:02 | 000,000,000 | ---D | M] -- C:\Users\Charles\AppData\Roaming\mozilla\Extensions
[2009/12/17 19:14:02 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Charles\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2008/07/09 20:27:58 | 000,000,000 | ---D | M] -- C:\Users\Charles\AppData\Roaming\mozilla\Extensions\home2@tomtom.com
[2010/03/26 08:09:45 | 000,000,000 | ---D | M] -- C:\Users\Charles\AppData\Roaming\mozilla\Firefox\Profiles\n1exwxno.default\extensions
[2010/01/18 22:16:41 | 000,000,000 | ---D | M] (All-in-One Sidebar) -- C:\Users\Charles\AppData\Roaming\mozilla\Firefox\Profiles\n1exwxno.default\extensions\{097d3191-e6fa-4728-9826-b533d755359d}
[2009/09/03 08:13:12 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Charles\AppData\Roaming\mozilla\Firefox\Profiles\n1exwxno.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/08/01 11:52:27 | 000,000,000 | ---D | M] (Codetch) -- C:\Users\Charles\AppData\Roaming\mozilla\Firefox\Profiles\n1exwxno.default\extensions\{420ed894-c19f-4318-a83f-bacae374db28}
[2010/01/23 00:32:23 | 000,000,000 | ---D | M] (FoxyTunes) -- C:\Users\Charles\AppData\Roaming\mozilla\Firefox\Profiles\n1exwxno.default\extensions\{463F6CA5-EE3C-4be1-B7E6-7FEE11953374}
[2010/03/16 09:24:47 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Charles\AppData\Roaming\mozilla\Firefox\Profiles\n1exwxno.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2008/06/29 11:00:06 | 000,000,000 | ---D | M] (Megaupload Toolbar) -- C:\Users\Charles\AppData\Roaming\mozilla\Firefox\Profiles\n1exwxno.default\extensions\{991A772A-BA13-4c1d-A9EF-F897F31DEC7D}
[2009/12/07 09:26:05 | 000,000,000 | ---D | M] (FireFTP) -- C:\Users\Charles\AppData\Roaming\mozilla\Firefox\Profiles\n1exwxno.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}
[2009/07/02 22:43:36 | 000,000,000 | ---D | M] (Web Developer) -- C:\Users\Charles\AppData\Roaming\mozilla\Firefox\Profiles\n1exwxno.default\extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}
[2010/02/16 09:36:28 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Charles\AppData\Roaming\mozilla\Firefox\Profiles\n1exwxno.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
[2009/01/14 21:09:48 | 000,000,000 | ---D | M] -- C:\Users\Charles\AppData\Roaming\mozilla\Firefox\Profiles\n1exwxno.default\extensions\crossftp@gmail.com
[2010/03/16 09:24:45 | 000,000,000 | ---D | M] -- C:\Users\Charles\AppData\Roaming\mozilla\Firefox\Profiles\n1exwxno.default\extensions\firebug@software.joehewitt.com
[2010/02/18 18:58:34 | 000,000,000 | ---D | M] -- C:\Users\Charles\AppData\Roaming\mozilla\Firefox\Profiles\n1exwxno.default\extensions\fr@dictionaries.addons.mozilla.org
[2010/02/13 18:55:34 | 000,000,000 | ---D | M] -- C:\Users\Charles\AppData\Roaming\mozilla\Firefox\Profiles\n1exwxno.default\extensions\fr-FR@dictionaries.addons.mozilla.org
[2010/03/26 07:30:47 | 000,000,000 | ---D | M] -- C:\Users\Charles\AppData\Roaming\mozilla\Firefox\Profiles\n1exwxno.default\extensions\staged-xpis
[2009/12/20 00:02:08 | 000,000,000 | ---D | M] -- C:\Users\Charles\AppData\Roaming\mozilla\Sunbird\Profiles\jqqoda20.default\extensions
[2010/03/25 19:45:47 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2009/08/18 13:52:17 | 000,000,000 | ---D | M] (pdfforge Toolbar Plugin) -- C:\Program Files\Mozilla Firefox\extensions\{B922D405-6D13-4A2B-AE89-08A030DA4402}
[2007/04/05 22:16:33 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA}
[2009/08/18 13:52:18 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\search@searchsettings.com
[2007/08/29 22:47:44 | 000,054,600 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npbittorrent.dll
[2008/06/30 21:02:00 | 000,663,072 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Mozilla Firefox\plugins\npOGAPlugin.dll
[2007/03/27 09:50:58 | 001,093,632 | ---- | M] (UNISYS France) -- C:\Program Files\Mozilla Firefox\plugins\npornap.dll
[2010/03/25 19:35:24 | 000,001,516 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-france.xml
[2010/03/25 19:35:24 | 000,001,822 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\cnrtl-tlfi-fr.xml
[2010/03/25 19:35:24 | 000,000,757 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-france.xml
[2010/03/23 21:34:20 | 000,003,805 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\MyHeritage.xml
[2010/03/25 19:35:24 | 000,001,426 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-fr.xml
[2010/03/25 19:35:24 | 000,000,956 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-france.xml

O1 HOSTS File: ([2009/04/17 21:00:09 | 000,305,710 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.123topsearch.com
O1 - Hosts: 127.0.0.1 123topsearch.com
O1 - Hosts: 127.0.0.1 www.132.com
O1 - Hosts: 127.0.0.1 132.com
O1 - Hosts: 127.0.0.1 www.136136.net
O1 - Hosts: 127.0.0.1 136136.net
O1 - Hosts: 127.0.0.1 www.163ns.com
O1 - Hosts: 10527 more lines...
O2 - BHO: (Yahoo! Toolbar Helper) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (no name) - {64F56FC1-1272-44CD-BA6E-39723696E350} - No CLSID value found.
O2 - BHO: (DebugBar BHO) - {69FC0024-10EB-480A-BBF2-3BF4E78E17B1} - C:\Program Files\Core Services\DebugBar\DebugInfoBar.dll (Core Services)
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll ()
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.15642\swg.dll (Google Inc.)
O2 - BHO: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\pdfforgeToolbarIE.dll (Spigot, Inc.)
O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll (Google Inc.)
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O2 - BHO: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\pdfforge Toolbar\SearchSettings.dll (Spigot, Inc.)
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (BitDefender Toolbar) - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2010\ietoolbar.dll (BitDefender S.R.L.)
O3 - HKLM\..\Toolbar: (DebugBar) - {3E1201F4-1707-409F-BB45-A5F192381DA0} - C:\Program Files\Core Services\DebugBar\DebugToolBar.dll (Core Services)
O3 - HKLM\..\Toolbar: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\pdfforgeToolbarIE.dll (Spigot, Inc.)
O3 - HKU\S-1-5-21-1513615021-1546154329-1706228114-1003\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKU\S-1-5-21-1513615021-1546154329-1706228114-1003\..\Toolbar\WebBrowser: (&Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll ()
O4 - HKLM..\Run: [BDAgent] C:\Program Files\BitDefender\BitDefender 2010\bdagent.exe (BitDefender S.R.L.)
O4 - HKLM..\Run: [BitDefender Antiphishing Helper] C:\Program Files\BitDefender\BitDefender 2010\IEShow.exe (BitDefender S.R.L.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - Startup: C:\Users\ADMIN\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.0.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O4 - Startup: C:\Users\Anne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 2.4.lnk = C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe File not found
O4 - Startup: C:\Users\Anne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.0.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O4 - Startup: C:\Users\Charles\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
O4 - Startup: C:\Users\Charles\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Spoon Sandbox Manager 3.16.lnk = C:\Users\Charles\AppData\Local\Spoon\3.16.0.6\Spoon-Sandbox-Native.exe ()
O4 - Startup: C:\Users\Charles\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Spoon Sandbox Manager 3.19.lnk = C:\Users\Charles\AppData\Local\Spoon\3.19.0.5\Spoon-Sandbox-Native.exe ()
O4 - Startup: C:\Users\Claire\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 2.4.lnk = C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe File not found
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1513615021-1546154329-1706228114-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: E&xporter vers Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/Fac ... oader5.cab (Facebook Photo Uploader 5)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\yinsthelper.dll (YInstStarter Class)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://gfx1.hotmail.com/mail/w2/resourc ... dfr-fr.cab (MSN Photo Upload Tool)
O16 - DPF: {588031A3-94BF-4CDD-86D0-939F6F93910F} https://fixit.support.microsoft.com/Act ... Client.CAB (FixItClient Class)
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} http://upload.facebook.com/controls/Fac ... loader.cab (Facebook Photo Uploader Control)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microso ... 9354616827 (MUWebControl Class)
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} http://www.mypix.com/fr/fr/importer/ImageUploader4.cab (Image Uploader Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/fl ... rashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_04)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: Microsoft XML Parser for Java file:///C:/Windows/Java/classes/xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 212.27.40.241 212.27.40.240
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Public\Pictures\Charles\1972_08_Afghanistan\Lacs\lacs05.jpg
O24 - Desktop BackupWallPaper: C:\Users\Public\Pictures\Charles\1972_08_Afghanistan\Lacs\lacs05.jpg
O29 - HKLM SecurityProviders - (credssp.dll) - credssp.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{0571684f-5afa-11dd-86d0-0019db37a5ae}\Shell\AutoRun\command - "" = O:\setupSNK.exe -- File not found
O33 - MountPoints2\{3bea3765-e47c-11db-b156-00038a000015}\Shell\AutoRun\command - "" = L:\setupSNK.exe -- File not found
O33 - MountPoints2\{80c69366-9797-11dc-9171-0019db37a5ae}\Shell - "" = Autorun
O33 - MountPoints2\{80c69366-9797-11dc-9171-0019db37a5ae}\Shell\AutoRun\command - "" = G:\PicasaCD.exe -- File not found
O33 - MountPoints2\{89940ebe-53d4-11dc-9f1d-0019db37a5ae}\Shell\AutoRun\command - "" = G:\setupSNK.exe -- File not found
O33 - MountPoints2\{9dbe7891-4de1-11dd-8838-0019db37a5ae}\Shell\AutoRun\command - "" = M:\InstallTomTomHOME.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias [2008/07/04 02:20:16 | 000,000,000 | ---D | M]
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: Wmi - C:\Windows\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

========== Files/Folders - Created Within 30 Days ==========

[2010/03/25 22:40:06 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2010/03/25 22:34:54 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2010/03/25 22:32:25 | 000,000,000 | ---D | C] -- C:\Users\Charles\AppData\Roaming\Malwarebytes
[2010/03/25 22:32:19 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/03/25 22:32:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/03/25 22:32:15 | 000,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/03/25 22:32:15 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/03/25 22:29:13 | 005,115,832 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Charles\Desktop\mbam-setup.exe
[2010/03/25 20:46:05 | 000,181,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe
[2010/03/25 19:20:28 | 000,000,000 | ---D | C] -- C:\Windows\CheckSur
[2010/03/24 15:03:20 | 000,000,000 | ---D | C] -- C:\Users\Charles\FreeGo\Documents\Downloads
[2010/03/23 21:36:53 | 000,000,000 | ---D | C] -- C:\Users\Charles\FreeGo\Documents\MyHeritage
[2010/03/23 21:36:53 | 000,000,000 | ---D | C] -- C:\Users\Charles\AppData\Roaming\MyHeritage
[2010/03/23 21:36:53 | 000,000,000 | ---D | C] -- C:\ProgramData\MyHeritage
[2010/03/23 21:34:17 | 000,000,000 | ---D | C] -- C:\Program Files\Family Toolbar
[2010/03/23 21:34:14 | 000,000,000 | ---D | C] -- C:\Users\Charles\AppData\Roaming\The Complete Genealogy Reporter - FTB
[2010/03/23 21:32:48 | 000,000,000 | ---D | C] -- C:\MyHeritage
[2010/03/23 19:55:29 | 000,000,000 | ---D | C] -- C:\ProgramData\GeneaSoft par GeneaNet
[2010/03/22 20:44:01 | 000,000,000 | ---D | C] -- C:\Program Files\GeneaSoft par GeneaNet
[2010/03/21 22:37:36 | 000,000,000 | ---D | C] -- C:\Users\Charles\GenWEB
[2010/03/17 21:25:13 | 000,000,000 | ---D | C] -- C:\Users\Charles\AppData\Roaming\BitDefender
[2010/03/17 21:23:55 | 000,000,000 | ---D | C] -- C:\ProgramData\BitDefender
[2010/03/17 21:23:55 | 000,000,000 | ---D | C] -- C:\Program Files\BitDefender
[2010/03/17 21:22:31 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\BitDefender
[2010/03/16 14:02:43 | 000,000,000 | ---D | C] -- C:\Users\Charles\AppData\Local\Real
[2010/03/16 14:00:26 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\xing shared
[2010/03/10 18:02:06 | 000,024,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\nshhttp.dll
[2010/03/10 18:02:00 | 000,030,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\httpapi.dll
[2010/03/03 08:32:16 | 000,293,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\browserchoice.exe
[2010/02/27 18:43:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2010/02/24 10:24:56 | 000,000,000 | ---D | C] -- C:\Users\Charles\FreeGo\Documents\gegl-0.0
[2010/02/24 10:10:46 | 000,726,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll
[2010/02/24 10:10:39 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2010/02/24 10:10:15 | 000,471,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_isv.dll
[2010/02/24 10:10:14 | 000,471,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc.dll
[2010/02/24 10:10:13 | 000,526,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_isv.exe
[2010/02/24 10:10:13 | 000,346,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_ssp_isv.exe
[2010/02/24 10:10:12 | 000,518,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate.exe
[2010/02/24 10:10:12 | 000,347,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_ssp.exe
[2010/02/24 10:10:12 | 000,332,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdrm.dll
[2010/02/24 10:10:12 | 000,152,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_ssp_isv.dll
[2010/02/24 10:10:12 | 000,152,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_ssp.dll
[2010/02/24 10:10:09 | 001,696,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\gameux.dll
[2010/02/24 10:10:08 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Apphlpdm.dll
[2010/02/24 10:10:07 | 004,240,384 | ---- | C] (Microsoft) -- C:\Windows\System32\GameUXLegacyGDFs.dll
[5 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/03/26 08:45:18 | 000,000,422 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{6425341D-ECBC-4E7F-A6F3-A42BFB0195A7}.job
[2010/03/26 08:45:00 | 000,000,420 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{BD756C55-62FC-49C2-85E5-823B7292BE01}.job
[2010/03/26 08:45:00 | 000,000,418 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{706B5556-6A8B-499E-A849-644FD7F9F7D0}.job
[2010/03/26 08:44:59 | 000,000,418 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{F440EDDD-108C-4455-AA69-8B7B07E5EAC9}.job
[2010/03/26 08:43:16 | 008,912,896 | -HS- | M] () -- C:\Users\Charles\ntuser.dat
[2010/03/26 08:03:02 | 000,052,813 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2010/03/26 08:03:01 | 000,052,813 | ---- | M] () -- C:\ProgramData\nvModes.001
[2010/03/26 08:02:44 | 000,224,064 | ---- | M] () -- C:\Users\Charles\AppData\Local\GDIPFONTCACHEV1.DAT
[2010/03/26 07:45:29 | 000,001,000 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2010/03/26 07:43:02 | 000,003,296 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/03/26 07:43:02 | 000,003,296 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/03/26 07:42:58 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/03/26 07:42:31 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/03/26 07:41:49 | 000,670,576 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010/03/26 07:40:09 | 000,524,288 | -HS- | M] () -- C:\Users\Charles\ntuser.dat{a7925937-8996-11dd-979d-0019db37a5ae}.TMContainer00000000000000000001.regtrans-ms
[2010/03/26 07:40:09 | 000,065,536 | -HS- | M] () -- C:\Users\Charles\ntuser.dat{a7925937-8996-11dd-979d-0019db37a5ae}.TM.blf
[2010/03/26 07:39:47 | 004,695,354 | -H-- | M] () -- C:\Users\Charles\AppData\Local\IconCache.db
[2010/03/25 22:35:00 | 000,000,876 | ---- | M] () -- C:\Users\Charles\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2010/03/25 22:34:55 | 000,000,696 | ---- | M] () -- C:\Users\Charles\Desktop\NTREGOPT.lnk
[2010/03/25 22:34:55 | 000,000,677 | ---- | M] () -- C:\Users\Charles\Desktop\ERUNT.lnk
[2010/03/25 22:32:22 | 000,000,781 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/03/25 22:29:20 | 005,115,832 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Charles\Desktop\mbam-setup.exe
[2010/03/25 22:20:12 | 000,020,058 | ---- | M] () -- C:\Users\Charles\FreeGo\Documents\cc_20100325_222007.reg
[2010/03/25 20:44:53 | 000,001,854 | ---- | M] () -- C:\Users\Public\Desktop\Safari.lnk
[2010/03/25 19:10:01 | 000,001,934 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2010/03/24 08:21:09 | 000,001,356 | ---- | M] () -- C:\Users\Charles\AppData\Local\d3d9caps.dat
[2010/03/23 21:35:45 | 000,012,027 | ---- | M] () -- C:\Users\Charles\.recently-used.xbel
[2010/03/22 20:44:03 | 000,000,937 | ---- | M] () -- C:\Users\Charles\Desktop\GeneaSoft par GeneaNet.lnk
[2010/03/22 00:59:11 | 000,000,052 | ---- | M] () -- C:\Windows\System32\ashttpstats.csv
[2010/03/20 17:33:24 | 000,001,687 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2010/03/20 09:42:01 | 000,000,004 | ---- | M] () -- C:\Windows\System32\aspdict-en.dat
[2010/03/20 09:42:01 | 000,000,000 | ---- | M] () -- C:\Windows\System32\as2features.dat
[2010/03/20 09:42:01 | 000,000,000 | ---- | M] () -- C:\Windows\System32\as2clusters.dat
[2010/03/19 10:26:10 | 000,000,025 | ---- | M] () -- C:\Users\Charles\AppData\Roaming\bdfvconp.ini
[2010/03/18 10:47:26 | 000,000,016 | ---- | M] () -- C:\Windows\System32\asdict.dat
[2010/03/18 09:36:32 | 000,000,385 | ---- | M] () -- C:\Windows\System32\user_gensett.xml
[2010/03/18 06:38:06 | 000,001,050 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore1cac65d2fbb4265.job
[2010/03/17 21:55:25 | 000,153,448 | ---- | M] (BitDefender S.R.L. Bucharest, ROMANIA) -- C:\Windows\System32\drivers\bdfm.sys
[2010/03/17 21:55:25 | 000,106,464 | ---- | M] (BitDefender S.R.L. Bucharest, ROMANIA) -- C:\Windows\System32\drivers\bdhv.sys
[2010/03/17 21:52:53 | 000,000,000 | ---- | M] () -- C:\Windows\System32\wsbl.dat
[2010/03/17 21:52:53 | 000,000,000 | ---- | M] () -- C:\Windows\System32\phar_unmip.dat
[2010/03/17 21:52:53 | 000,000,000 | ---- | M] () -- C:\Windows\System32\phar_histprot.dat
[2010/03/17 21:52:53 | 000,000,000 | ---- | M] () -- C:\Windows\System32\ph_white.dat
[2010/03/17 21:52:53 | 000,000,000 | ---- | M] () -- C:\Windows\System32\ph_summ.dat
[2010/03/17 21:52:53 | 000,000,000 | ---- | M] () -- C:\Windows\System32\ph_spoof.sig
[2010/03/17 21:52:53 | 000,000,000 | ---- | M] () -- C:\Windows\System32\ph_sign.slf
[2010/03/17 21:52:53 | 000,000,000 | ---- | M] () -- C:\Windows\System32\ph_fuzzy.sig
[2010/03/17 21:52:53 | 000,000,000 | ---- | M] () -- C:\Windows\System32\ph_black.dat
[2010/03/17 21:52:53 | 000,000,000 | ---- | M] () -- C:\Windows\System32\pcwords2.dat
[2010/03/17 21:52:53 | 000,000,000 | ---- | M] () -- C:\Windows\System32\pcwords.dat
[2010/03/17 21:52:53 | 000,000,000 | ---- | M] () -- C:\Windows\System32\pc_webproxy.dat
[2010/03/17 21:52:53 | 000,000,000 | ---- | M] () -- C:\Windows\System32\pc_video.dat
[2010/03/17 21:52:53 | 000,000,000 | ---- | M] () -- C:\Windows\System32\pc_tabloids.dat
[2010/03/17 21:52:53 | 000,000,000 | ---- | M] () -- C:\Windows\System32\pc_socialnetworks.dat
[2010/03/17 21:52:53 | 000,000,000 | ---- | M] () -- C:\Windows\System32\pc_sign.slf
[2010/03/17 21:52:53 | 000,000,000 | ---- | M] () -- C:\Windows\System32\pc_searchengines.dat
[2010/03/17 21:52:53 | 000,000,000 | ---- | M] () -- C:\Windows\System32\pc_regionaltlds.dat
[2010/03/17 21:52:53 | 000,000,000 | ---- | M] () -- C:\Windows\System32\pc_pornography.dat
[2010/03/17 21:52:53 | 000,000,000 | ---- | M] () -- C:\Windows\System32\pc_onlineshop.dat
[2010/03/17 21:52:53 | 000,000,000 | ---- | M] () -- C:\Windows\System32\pc_onlinepay.dat
[2010/03/17 21:52:53 | 000,000,000 | ---- | M] () -- C:\Windows\System32\pc_onlinedating.dat
[2010/03/17 21:52:53 | 000,000,000 | ---- | M] () -- C:\Windows\System32\pc_news.dat
[2010/03/17 21:52:53 | 000,000,000 | ---- | M] () -- C:\Windows\System32\pc_im.dat
[2010/03/17 21:52:53 | 000,000,000 | ---- | M] () -- C:\Windows\System32\pc_illegal.dat
[2010/03/17 21:52:53 | 000,000,000 | ---- | M] () -- C:\Windows\System32\pc_hate.dat
[2010/03/17 21:52:53 | 000,000,000 | ---- | M] () -- C:\Windows\System32\pc_games.dat
[2010/03/17 21:52:53 | 000,000,000 | ---- | M] () -- C:\Windows\System32\pc_gambling.dat
[2010/03/17 21:52:53 | 000,000,000 | ---- | M] () -- C:\Windows\System32\pc_drugs.dat
[2010/03/17 21:52:53 | 000,000,000 | ---- | M] () -- C:\Windows\System32\ab_sbl.sig
[2010/03/17 21:52:53 | 000,000,000 | ---- | M] () -- C:\Windows\System32\ab_bl.sig
[2010/03/17 21:25:15 | 000,001,966 | ---- | M] () -- C:\Users\Public\Desktop\BitDefender Total Security 2010.lnk
[2010/03/17 21:11:21 | 000,302,812 | ---- | M] () -- C:\BdUninstallTool2010.03.17-09.05.20.reg
[2010/03/17 21:06:24 | 000,081,984 | ---- | M] () -- C:\Windows\System32\bdod.bin
[2010/03/17 18:13:20 | 000,001,054 | ---- | M] () -- C:\Users\Charles\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Spoon Sandbox Manager 3.16.lnk
[2010/03/16 14:01:55 | 000,001,704 | ---- | M] () -- C:\Users\Public\Desktop\Jeux et musique gratuits.lnk
[2010/03/16 14:01:55 | 000,000,901 | ---- | M] () -- C:\Users\Public\Desktop\RealPlayer SP.lnk
[2010/03/16 14:01:38 | 000,185,920 | ---- | M] (RealNetworks, Inc.) -- C:\Windows\System32\rmoc3260.dll
[2010/03/16 14:00:44 | 000,006,656 | ---- | M] (RealNetworks, Inc.) -- C:\Windows\System32\pndx5016.dll
[2010/03/16 14:00:44 | 000,005,632 | ---- | M] (RealNetworks, Inc.) -- C:\Windows\System32\pndx5032.dll
[2010/03/16 13:59:39 | 000,278,528 | ---- | M] (Real Networks, Inc) -- C:\Windows\System32\pncrt.dll
[2010/03/09 09:11:20 | 000,005,700 | ---- | M] () -- C:\Users\Charles\FreeGo\Documents\cc_20100309_091115.reg
[2010/03/08 21:42:59 | 000,001,633 | ---- | M] () -- C:\Users\Charles\Desktop\CCleaner.lnk
[2010/03/07 17:04:54 | 001,497,408 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010/03/07 17:04:54 | 000,680,394 | ---- | M] () -- C:\Windows\System32\perfh00C.dat
[2010/03/07 17:04:54 | 000,595,982 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/03/07 17:04:54 | 000,128,514 | ---- | M] () -- C:\Windows\System32\perfc00C.dat
[2010/03/07 17:04:54 | 000,105,416 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/03/06 09:39:35 | 000,001,054 | ---- | M] () -- C:\Users\Charles\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Spoon Sandbox Manager 3.19.lnk
[2010/03/03 13:29:07 | 000,000,470 | ---- | M] () -- C:\Windows\System32\BDUpdateV1.xml
[2010/03/02 20:57:27 | 000,000,487 | ---- | M] () -- C:\Windows\win.ini
[2010/02/27 18:52:43 | 000,000,997 | ---- | M] () -- C:\Users\Public\Desktop\OpenOffice.org 3.2.lnk
[2010/02/27 18:43:21 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\deploytk.dll
[2010/02/27 18:43:21 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2010/02/27 18:43:21 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2010/02/27 18:43:21 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2010/02/26 01:25:29 | 000,002,330 | ---- | M] () -- C:\Users\Charles\FreeGo\Documents\cc_20100226_012524.reg
[2010/02/24 10:16:06 | 000,181,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe
[5 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/03/25 22:35:00 | 000,000,876 | ---- | C] () -- C:\Users\Charles\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2010/03/25 22:34:55 | 000,000,696 | ---- | C] () -- C:\Users\Charles\Desktop\NTREGOPT.lnk
[2010/03/25 22:34:55 | 000,000,677 | ---- | C] () -- C:\Users\Charles\Desktop\ERUNT.lnk
[2010/03/25 22:32:22 | 000,000,781 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/03/25 22:20:09 | 000,020,058 | ---- | C] () -- C:\Users\Charles\FreeGo\Documents\cc_20100325_222007.reg
[2010/03/23 21:35:45 | 000,012,027 | ---- | C] () -- C:\Users\Charles\.recently-used.xbel
[2010/03/22 20:44:03 | 000,000,937 | ---- | C] () -- C:\Users\Charles\Desktop\GeneaSoft par GeneaNet.lnk
[2010/03/20 09:42:01 | 000,000,004 | ---- | C] () -- C:\Windows\System32\aspdict-en.dat
[2010/03/20 09:42:01 | 000,000,000 | ---- | C] () -- C:\Windows\System32\as2features.dat
[2010/03/20 09:42:01 | 000,000,000 | ---- | C] () -- C:\Windows\System32\as2clusters.dat
[2010/03/19 10:26:10 | 000,000,025 | ---- | C] () -- C:\Users\Charles\AppData\Roaming\bdfvconp.ini
[2010/03/18 10:47:26 | 000,000,016 | ---- | C] () -- C:\Windows\System32\asdict.dat
[2010/03/18 09:36:32 | 000,000,385 | ---- | C] () -- C:\Windows\System32\user_gensett.xml
[2010/03/18 06:38:06 | 000,001,050 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore1cac65d2fbb4265.job
[2010/03/17 21:55:44 | 000,000,052 | ---- | C] () -- C:\Windows\System32\ashttpstats.csv
[2010/03/17 21:52:53 | 000,000,000 | ---- | C] () -- C:\Windows\System32\wsbl.dat
[2010/03/17 21:52:53 | 000,000,000 | ---- | C] () -- C:\Windows\System32\phar_unmip.dat
[2010/03/17 21:52:53 | 000,000,000 | ---- | C] () -- C:\Windows\System32\phar_histprot.dat
[2010/03/17 21:52:53 | 000,000,000 | ---- | C] () -- C:\Windows\System32\ph_white.dat
[2010/03/17 21:52:53 | 000,000,000 | ---- | C] () -- C:\Windows\System32\ph_summ.dat
[2010/03/17 21:52:53 | 000,000,000 | ---- | C] () -- C:\Windows\System32\ph_spoof.sig
[2010/03/17 21:52:53 | 000,000,000 | ---- | C] () -- C:\Windows\System32\ph_sign.slf
[2010/03/17 21:52:53 | 000,000,000 | ---- | C] () -- C:\Windows\System32\ph_fuzzy.sig
[2010/03/17 21:52:53 | 000,000,000 | ---- | C] () -- C:\Windows\System32\ph_black.dat
[2010/03/17 21:52:53 | 000,000,000 | ---- | C] () -- C:\Windows\System32\pcwords2.dat
[2010/03/17 21:52:53 | 000,000,000 | ---- | C] () -- C:\Windows\System32\pcwords.dat
[2010/03/17 21:52:53 | 000,000,000 | ---- | C] () -- C:\Windows\System32\pc_webproxy.dat
[2010/03/17 21:52:53 | 000,000,000 | ---- | C] () -- C:\Windows\System32\pc_video.dat
[2010/03/17 21:52:53 | 000,000,000 | ---- | C] () -- C:\Windows\System32\pc_tabloids.dat
[2010/03/17 21:52:53 | 000,000,000 | ---- | C] () -- C:\Windows\System32\pc_socialnetworks.dat
[2010/03/17 21:52:53 | 000,000,000 | ---- | C] () -- C:\Windows\System32\pc_sign.slf
[2010/03/17 21:52:53 | 000,000,000 | ---- | C] () -- C:\Windows\System32\pc_searchengines.dat
[2010/03/17 21:52:53 | 000,000,000 | ---- | C] () -- C:\Windows\System32\pc_regionaltlds.dat
[2010/03/17 21:52:53 | 000,000,000 | ---- | C] () -- C:\Windows\System32\pc_pornography.dat
[2010/03/17 21:52:53 | 000,000,000 | ---- | C] () -- C:\Windows\System32\pc_onlineshop.dat
[2010/03/17 21:52:53 | 000,000,000 | ---- | C] () -- C:\Windows\System32\pc_onlinepay.dat
[2010/03/17 21:52:53 | 000,000,000 | ---- | C] () -- C:\Windows\System32\pc_onlinedating.dat
[2010/03/17 21:52:53 | 000,000,000 | ---- | C] () -- C:\Windows\System32\pc_news.dat
[2010/03/17 21:52:53 | 000,000,000 | ---- | C] () -- C:\Windows\System32\pc_im.dat
[2010/03/17 21:52:53 | 000,000,000 | ---- | C] () -- C:\Windows\System32\pc_illegal.dat
[2010/03/17 21:52:53 | 000,000,000 | ---- | C] () -- C:\Windows\System32\pc_hate.dat
[2010/03/17 21:52:53 | 000,000,000 | ---- | C] () -- C:\Windows\System32\pc_games.dat
[2010/03/17 21:52:53 | 000,000,000 | ---- | C] () -- C:\Windows\System32\pc_gambling.dat
[2010/03/17 21:52:53 | 000,000,000 | ---- | C] () -- C:\Windows\System32\pc_drugs.dat
[2010/03/17 21:52:53 | 000,000,000 | ---- | C] () -- C:\Windows\System32\ab_sbl.sig
[2010/03/17 21:52:53 | 000,000,000 | ---- | C] () -- C:\Windows\System32\ab_bl.sig
[2010/03/17 21:25:15 | 000,001,966 | ---- | C] () -- C:\Users\Public\Desktop\BitDefender Total Security 2010.lnk
[2010/03/17 21:05:24 | 000,302,812 | ---- | C] () -- C:\BdUninstallTool2010.03.17-09.05.20.reg
[2010/03/16 14:01:55 | 000,001,704 | ---- | C] () -- C:\Users\Public\Desktop\Jeux et musique gratuits.lnk
[2010/03/16 14:01:55 | 000,000,901 | ---- | C] () -- C:\Users\Public\Desktop\RealPlayer SP.lnk
[2010/03/16 13:57:50 | 000,001,934 | ---- | C] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2010/03/09 09:11:18 | 000,005,700 | ---- | C] () -- C:\Users\Charles\FreeGo\Documents\cc_20100309_091115.reg
[2010/03/06 09:39:35 | 000,001,054 | ---- | C] () -- C:\
snoopit31
 
Messages: 7
Inscription: 25 Mar 2010, 23:36

Messagede snoopit31 » 31 Mar 2010, 14:59

Bonjour,

J'ai nettoyé mes fichiers temporaires avec TFC. J'ai eu un souci car il a planté une première fois au cours du nettoyage d'une session utilisateur. Après redémarrage du PC, j'ai relancé et TFC semblait boucler sur le troisième utilisateur car l'outil a tourné plus de 3 minutes sans progresser. J'ai cliqué sur exit et le programme s'est remis à marcher jusqu'à la fin. Mais comme j'avais cliqué sur exit, il s'est fermé automatiquement sans que j'ai le temps de noter le nombre de fichiers nettoyés. Par contre; en comparant l'espace disque C avant et après, c'est au moins 4,6 Go qui ont été libérés.

J'ai supprimé ensuite les fichiers infestés avec Malwarebytes, je copie le rapport ci-dessous.
Après ce nettoyage, que dois-je faire pour améliorer le fonctionnement du PC ? J'ai beau supprimer le lancement de certains programmes au démarrage dans la sélection que Windows me présente, je trouve qu'il est toujours un peu lent et qu'il y a beaucoup de sollicitations du disque dur que je constate à l'oreille !
merci encore pour tes premiesr conseils.
A suivre
charles

Malwarebytes' Anti-Malware 1.45
www.malwarebytes.org

Version de la base de données: 3930

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18904

31/03/2010 15:04:50
mbam-log-2010-03-31 (15-04-50).txt

Type d'examen: Examen rapide
Elément(s) analysé(s): 142464
Temps écoulé: 9 minute(s), 52 seconde(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 1
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 1
Dossier(s) infecté(s): 1
Fichier(s) infecté(s): 0

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\EoRezo (Rogue.Eorezo) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
HKEY_CURRENT_USER\SOFTWARE\Policies\Microsoft\Internet Explorer\Control Panel\Homepage (Hijack.Homepage) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Dossier(s) infecté(s):
C:\Program Files\RegistryDoktor 4.1 (Rogue.RegistryDoktor) -> Quarantined and deleted successfully.

Fichier(s) infecté(s):
(Aucun élément nuisible détecté)
[/b]
snoopit31
 
Messages: 7
Inscription: 25 Mar 2010, 23:36

Messagede nickW » 02 Avr 2010, 00:47

Bonsoir,

Pour la suppression des éléments Symantec (Norton), voir: Télécharger et exécuter l'outil de désinstallation Norton
http://service1.symantec.com/SUPPORT/IN ... 4110429924


Il faudrait installer la dernière version de Java de Sun:
Version actuelle: Java SE Runtime Environment (JRE) 6 Update 19 - JRE 6 Update 19
*- http://java.sun.com/javase/downloads/index.jsp

Dans le paragraphe "Java Platform, Standard Edition", cliquer sur le bouton Image (Download JRE).

Sur la page suivante, dans le paragraphe "Provide Information, then Continue to Download", choisir la plateforme (Windows/Windows x64), cocher la case située devant "I agree to the Java SE Runtime Environment 6u19 with JavaFX 1 License Agreement.", puis cliquer sur le bouton Continue >>

Sur la nouvelle page, sous "Windows Offline Installation", télécharger le fichier jre-6u19-windows-i586.exe, 15,54 MB


Ensuite, tu peux désinstaller via Ajout/Suppression de programmes
*- pdfforge Toolbar v1.1.1
*- toutes les versions de Java de Sun antérieures à la dernière installée ci-dessus


Tu pourrais modifier le Typpe de démarrage de certains services:
*- TomTom (qui est en démarrage automatique, et qui pourrait être en démarrage Manuel)
*- EasyPHP (qui est en démarrage automatique, et qui pourrait être en démarrage Désactivé si tu n'utilises plus EasyPHP)

A suivre,
nickW - Image
30/07/2012: Plus de désinfection de PC jusqu'à nouvel ordre.
Pas de demande d'analyse de log en MP (Message Privé)
Mes configs
Avatar de l’utilisateur
nickW
Modérateur
 
Messages: 21698
Inscription: 20 Mai 2004, 17:41
Localisation: Dordogne/Île de France

merci pour les conseils et outils

Messagede snoopit31 » 14 Avr 2010, 20:22

Bonjour,

J'ai appliqué tes conseils et le PC va mieux. Mais ce n'est pas encore ça car il me lance des analyses de disque dur au démarrage.
Pourtant au final, le disque dur n'a pas de problème !
Ça fait 3 ans que j'ai ce PC commencerait-il déjà à être vieillir?

Merci encore pour tes conseils et référence d'outils efficaces.

Charles
snoopit31
 
Messages: 7
Inscription: 25 Mar 2010, 23:36

Messagede nickW » 15 Avr 2010, 23:28

Bonsoir,

Liste d'une clé du Registre, recherche de la valeur "dirty bit" sur les deux partitions:


Étape 1: Création du fichier liste.bat
Ouvrir une fenêtre du Bloc-notes, via Démarrer---->Tous les programmes---->Accessoires---->Exécuter, taper notepad puis cliquer sur OK
Faire un copier/coller des lignes ci-dessous (dans la zone blanche située sous "Code:") dans cette fenêtre du Bloc-notes.
Code: Tout sélectionner
fsutil dirty query C: > c:\fsutil1.txt
fsutil dirty query N: > c:\fsutil2.txt
copy c:\fsutil1.txt + c:\fsutil2.txt  C:\fsutil.txt
del c:\fsutil1.txt
del c:\fsutil2.txt



Vérifier (dans le menu Format) que "Retour automatique à ligne" n'est pas actif (pas coché), comme ceci:
Image

Enregistrer le fichier sur le Bureau sous le nom de liste.bat
Attention: l'extension doit être .bat , choisir "Tous les fichiers" dans la liste déroulante de "Type" lors du "Enregistrer sous.." comme ceci:
Image

Fermer le Bloc-notes.

Le fichier ainsi créé doit avoir cette icône: Image

Si l'extension est .bat.txt, renommer le fichier en .bat


Étape 2: Utilisation du fichier liste.bat
Faire un double clic sur liste.bat
Une petite fenêtre à fond noir va s'ouvrir puis disparaître très rapidement.


Étape 3: OTL (de OldTimer), analyse
Faire un clic droit sur OTL.exe puis choisir "Exécuter en tant qu'Administrateur" pour lancer l'outil.

L'écran principal de OTL s'affiche:
Image

Cliquer sur le bouton Aucun:
Image

Dans le paragraphe Personnalisation, copier/coller la ligne de la zone blanche située sous "Code:" ci-dessous:

Code: Tout sélectionner
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager



Puis cliquer sur le bouton Analyse:
Image

Laisser l'outil travailler sans l'interrompre (c'est très rapide).
Lorsque l'outil a terminé, il y a ouverture d'une fenêtre du Bloc-notes contenant un rapport (log).
Fermer le Bloc-notes.
Fermer la fenêtre de OTL.


Étape 4: Résultats
Envoyer en réponse:
*- le résultat de l'exécution de liste.bat (contenu du fichier C:\fsutil.txt)
*- le rapport principal de OTL (contenu du fichier OTL.Txt situé sur le Bureau).

A suivre,
nickW - Image
30/07/2012: Plus de désinfection de PC jusqu'à nouvel ordre.
Pas de demande d'analyse de log en MP (Message Privé)
Mes configs
Avatar de l’utilisateur
nickW
Modérateur
 
Messages: 21698
Inscription: 20 Mai 2004, 17:41
Localisation: Dordogne/Île de France


Retourner vers Sécurité (Contamination - Décontamination)

Qui est en ligne

Utilisateurs parcourant ce forum: Aucun utilisateur enregistré et 10 invités