[OK] analyse par otl et malaware

Sécurité et insécurité. Virus, Trojans, Spywares, Failles etc. …

Modérateur: Modérateurs et Modératrices

Règles du forum
Assiste.com a suspendu l'assistance à la décontamination après presque 15 ans sur l'ancien forum puis celui-ci. Voir :

Procédure de décontamination 1 - Anti-malware
Décontamination anti-malwares

Procédure de décontamination 2 - Anti-malware et antivirus (La Manip)
La Manip - Procédure standard de décontamination

Entretien périodique d'un PC sous Windows
Entretien périodique d'un PC sous Windows

Protection des navigateurs, de la navigation et de la vie privée
Protéger le navigateur, la navigation et la vie privée

[OK] analyse par otl et malaware

Messagede 0smoz » 01 Mai 2010, 17:34

bonjour a tous
voila après un virus chopper via Facebook (virus éliminer je pense)
j ai les soucis suivant:

=> crach a répétition de mozilla
=> crach de mon explorer.exe (donc perte de mon bureau) ce qui est assez ennuyeux

j espère avoir des réponses des génies que vous étés


Mon PC

  • Système d'exploitation + version :

    • Windows Xp edition familliale
    • SP3...
  • Configuration sécurité
    • Pare-feu + version window + Bitdefender
      ...
    • Antivirus BitDefender
      ...
  • Configuration optimisation système
    • Nettoyeur fichiers Ccleaner??
      ...
    • Nettoyeur registre Ccleaner??
      ...
  • Navigation internet
    • Type de connexion adsl fibre optique
      ...
    • Navigateur FireFox
      ...
    • Messagerie instantanée Msn
      ......




les log's pour malaware

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Version de la base de données: 4057

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

01/05/2010 18:09:28
mbam-log-2010-05-01 (18-09-28).txt

Type d'examen: Examen rapide
Elément(s) analysé(s): 125759
Temps écoulé: 13 minute(s), 31 seconde(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 1
Clé(s) du Registre infectée(s): 3
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 1
Fichier(s) infecté(s): 22

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
C:\Program Files\Mozilla Firefox\extensions\{bbec3a46-c2e4-ff61-76d2-19a319ec0628}\components\RwAoqp.dll (Adware.BHO) -> No action taken.

Clé(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\fcn (Rogue.Residue) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\The Weather Channel (Adware.Hotbar) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\AppDataLow\HavingFunOnline (Adware.BHO.FL) -> No action taken.

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
C:\WINDOWS\system32\GroupPolicyManifest (Worm.Archive) -> No action taken.

Fichier(s) infecté(s):
C:\Documents and Settings\Sebastien\Local Settings\Application Data\cwogy_navps.dat (Adware.Navipromo.H) -> No action taken.
C:\Documents and Settings\Sebastien\Local Settings\Application Data\cwogy_nav.dat (Adware.Navipromo.H) -> No action taken.
C:\Documents and Settings\Sebastien\Local Settings\Application Data\cwogy.dat (Adware.Navipromo.H) -> No action taken.
C:\Documents and Settings\Sebastien\Local Settings\Application Data\wgwys_navps.dat (Adware.Navipromo.H) -> No action taken.
C:\Program Files\Mozilla Firefox\extensions\{bbec3a46-c2e4-ff61-76d2-19a319ec0628}\components\RwAoqp.dll (Adware.BHO) -> No action taken.
C:\WINDOWS\system32\GroupPolicyManifest\1.music.mp3 (Worm.Archive) -> No action taken.
C:\WINDOWS\system32\GroupPolicyManifest\1.music.mp3.kwd (Worm.Archive) -> No action taken.
C:\WINDOWS\system32\GroupPolicyManifest\10.setup.zip (Worm.Archive) -> No action taken.
C:\WINDOWS\system32\GroupPolicyManifest\10.setup.zip.kwd (Worm.Archive) -> No action taken.
C:\WINDOWS\system32\GroupPolicyManifest\11.unpack.zip (Worm.Archive) -> No action taken.
C:\WINDOWS\system32\GroupPolicyManifest\11.unpack.zip.kwd (Worm.Archive) -> No action taken.
C:\WINDOWS\system32\GroupPolicyManifest\12.limepro.zip (Worm.Archive) -> No action taken.
C:\WINDOWS\system32\GroupPolicyManifest\12.limepro.zip.kwd (Worm.Archive) -> No action taken.
C:\WINDOWS\system32\GroupPolicyManifest\13.keygen.zip (Worm.Archive) -> No action taken.
C:\WINDOWS\system32\GroupPolicyManifest\13.keygen.zip.kwd (Worm.Archive) -> No action taken.
C:\WINDOWS\system32\GroupPolicyManifest\2.crack.zip (Worm.Archive) -> No action taken.
C:\WINDOWS\system32\GroupPolicyManifest\2.crack.zip.kwd (Worm.Archive) -> No action taken.
C:\WINDOWS\system32\GroupPolicyManifest\8.mpgvideo.mpg (Worm.Archive) -> No action taken.
C:\WINDOWS\system32\GroupPolicyManifest\8.mpgvideo.mpg.kwd (Worm.Archive) -> No action taken.
C:\WINDOWS\system32\GroupPolicyManifest\9.remix.mp3 (Worm.Archive) -> No action taken.
C:\WINDOWS\system32\GroupPolicyManifest\9.remix.mp3.kwd (Worm.Archive) -> No action taken.
C:\WINDOWS\GnuHashes.ini (Malware.Trace) -> No action taken.
0smoz
 
Messages: 13
Inscription: 01 Mai 2010, 16:59

Messagede 0smoz » 01 Mai 2010, 17:36

les log OTL.txr

OTL logfile created on: 01/05/2010 18:12:33 - Run 1
OTL by OldTimer - Version 3.2.4.0 Folder = C:\Documents and Settings\Sebastien\Bureau
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy

2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 54,00% Memory free
3,00 Gb Paging File | 2,00 Gb Available in Paging File | 67,00% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 93,16 Gb Total Space | 42,51 Gb Free Space | 45,63% Space Free | Partition Type: NTFS
Unable to calculate disk information.
E: Drive not present or media not loaded
Drive F: | 298,09 Gb Total Space | 0,93 Gb Free Space | 0,31% Space Free | Partition Type: NTFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: FAVIER
Current User Name: Sebastien
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/05/01 17:43:14 | 000,570,880 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Sebastien\Bureau\OTL.exe
PRC - [2010/04/27 10:17:34 | 001,238,352 | ---- | M] (Valve Corporation) -- C:\Program Files\Steam2\steam.exe
PRC - [2010/04/13 00:46:36 | 001,135,912 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
PRC - [2010/04/01 20:01:50 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010/02/18 11:43:18 | 000,248,040 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe
PRC - [2009/11/06 16:58:02 | 000,058,112 | ---- | M] (Space Sciences Laboratory) -- C:\Program Files\BOINC\boinctray.exe
PRC - [2009/11/04 21:36:05 | 002,923,192 | ---- | M] () -- C:\Program Files\Pando Networks\Media Booster\PMB.exe
PRC - [2009/10/06 21:19:36 | 000,071,168 | ---- | M] () -- C:\WINDOWS\system32\LxrJD31s.exe
PRC - [2009/09/30 20:58:42 | 000,026,464 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Contacts\wlcomm.exe
PRC - [2009/04/10 19:29:08 | 000,037,888 | ---- | M] () -- C:\Program Files\Winamp\winampa.exe
PRC - [2009/02/27 07:54:22 | 000,870,672 | ---- | M] (Intel(R) Corporation) -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe
PRC - [2009/02/27 07:22:10 | 001,368,064 | ---- | M] (Intel(R) Corporation) -- C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe
PRC - [2009/02/27 06:55:20 | 000,909,312 | ---- | M] (Intel(R) Corporation) -- C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
PRC - [2009/02/27 06:40:52 | 001,202,448 | ---- | M] (Intel(R) Corporation) -- C:\Program Files\Fichiers communs\Intel\WirelessCommon\iFrmewrk.exe
PRC - [2009/02/27 06:38:38 | 000,473,360 | ---- | M] (Intel(R) Corporation) -- C:\Program Files\Fichiers communs\Intel\WirelessCommon\RegSrvc.exe
PRC - [2009/02/19 00:33:08 | 000,809,488 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Logitech\SetPoint\SetPoint.exe
PRC - [2009/02/19 00:28:52 | 000,076,304 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Fichiers communs\LogiShrd\KHAL2\KHALMNPR.exe
PRC - [2008/12/09 18:40:16 | 000,464,264 | ---- | M] () -- C:\Program Files\AskBarDis\bar\bin\AskService.exe
PRC - [2008/12/09 18:40:16 | 000,234,888 | ---- | M] () -- C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe
PRC - [2008/11/18 15:37:52 | 001,179,648 | ---- | M] (BitDefender SRL) -- C:\Program Files\Fichiers communs\BitDefender\BitDefender Update Service\livesrv.exe
PRC - [2008/09/04 19:11:34 | 000,368,640 | ---- | M] (BitDefender S.R.L.) -- C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe
PRC - [2008/08/29 15:46:10 | 001,261,568 | ---- | M] (BitDefender S.R.L.) -- C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
PRC - [2008/04/14 04:34:03 | 001,037,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/11/27 16:46:32 | 000,086,016 | ---- | M] (BitDefender) -- C:\Program Files\Fichiers communs\BitDefender\BitDefender Communicator\xcommsvr.exe
PRC - [2007/10/25 16:37:32 | 002,178,832 | ---- | M] () -- C:\Program Files\Logitech\QuickCam\Quickcam.exe
PRC - [2007/10/25 16:33:22 | 000,563,984 | ---- | M] () -- C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe
PRC - [2007/10/25 16:32:58 | 000,407,824 | ---- | M] (Logitech Inc.) -- C:\Program Files\Fichiers communs\LogiShrd\LQCVFX\COCIManager.exe
PRC - [2007/10/19 13:19:22 | 000,141,848 | ---- | M] (Logitech Inc.) -- C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe
PRC - [2007/10/19 13:17:28 | 000,186,904 | ---- | M] (Logitech Inc.) -- C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
PRC - [2007/03/28 01:07:42 | 000,593,920 | R--- | M] () -- C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
PRC - [2007/02/28 10:55:18 | 000,880,640 | R--- | M] (Sony Ericsson Mobile Communications AB) -- C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
PRC - [2007/02/09 17:03:38 | 000,983,040 | R--- | M] (Teleca AB) -- C:\Program Files\Fichiers communs\Teleca Shared\Generic.exe
PRC - [2005/06/23 20:33:00 | 000,057,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe
PRC - [2005/01/25 06:00:00 | 000,098,304 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\E_FATIAAE.EXE
PRC - [2004/08/28 10:37:00 | 000,155,648 | ---- | M] (Matsushita Electric Industrial Co., Ltd.) -- C:\WINDOWS\system32\RAMASST.exe
PRC - [2004/08/28 10:33:00 | 000,110,592 | ---- | M] (Matsushita Electric Industrial Co., Ltd.) -- C:\WINDOWS\system32\DVDRAMSV.exe
PRC - [2004/08/16 16:08:56 | 000,430,080 | ---- | M] (TOSHIBA) -- C:\Program Files\Toshiba\TOSHIBA Applet\THotkey.exe
PRC - [2004/07/13 21:51:04 | 000,892,928 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\Toshiba\ConfigFree\NDSTray.exe
PRC - [2004/06/16 16:44:06 | 000,036,864 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\Toshiba\ConfigFree\CFSvcs.exe
PRC - [2004/04/30 11:14:50 | 000,118,784 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\Utilitaire de zoom TOSHIBA\SmoothView.exe
PRC - [2004/04/27 14:50:38 | 000,114,688 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\Commandes TOSHIBA\TFncKy.exe
PRC - [2004/04/22 16:23:44 | 000,098,304 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
PRC - [2004/02/12 11:43:56 | 001,019,904 | ---- | M] (TOSHIBA) -- C:\Program Files\Toshiba\PadTouch\PadExe.exe
PRC - [2003/09/15 17:19:16 | 000,065,536 | ---- | M] (TOSHIBA) -- C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe
PRC - [2003/06/19 23:25:00 | 000,322,120 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE


========== Modules (SafeList) ==========

MOD - [2010/05/01 17:43:14 | 000,570,880 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Sebastien\Bureau\OTL.exe
MOD - [2010/04/04 01:45:33 | 000,378,264 | ---- | M] (Adobe Systems, Inc.) -- C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\pdfshell.dll
MOD - [2009/07/12 02:12:06 | 000,632,656 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\msvcr80.dll
MOD - [2009/02/27 17:37:16 | 000,311,296 | ---- | M] () -- C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\pdfshell.FRA
MOD - [2009/02/27 07:29:00 | 000,204,800 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\NetProvCredMan.dll
MOD - [2009/02/19 00:31:16 | 000,045,584 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Logitech\SetPoint\lgscroll.dll
MOD - [2009/02/19 00:26:28 | 000,064,016 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Logitech\SetPoint\GameHook.dll
MOD - [2008/08/14 09:14:14 | 000,079,240 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Fichiers communs\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll
MOD - [2008/04/14 04:33:36 | 000,044,032 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ntlanman.dll
MOD - [2008/04/14 04:33:35 | 000,245,760 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\netui1.dll
MOD - [2008/04/14 04:33:35 | 000,083,456 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\netui0.dll
MOD - [2008/04/14 04:33:34 | 000,011,776 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\netrap.dll
MOD - [2008/04/14 04:33:23 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drprov.dll
MOD - [2008/04/14 04:33:22 | 000,025,600 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\davclnt.dll
MOD - [2008/04/14 04:32:02 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx
MOD - [2008/04/13 20:36:46 | 002,986,496 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\xpsp2res.dll
MOD - [2007/10/19 13:19:10 | 000,109,080 | ---- | M] (Logitech Inc.) -- C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcInj.dll
MOD - [2004/04/22 16:23:36 | 000,066,048 | ---- | M] (Synaptics, Inc.) -- C:\WINDOWS\system32\SynTPFcs.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (winvnc)
SRV - File not found [On_Demand | Stopped] -- -- (wampmysqld)
SRV - File not found [On_Demand | Stopped] -- -- (wampapache)
SRV - File not found [On_Demand | Stopped] -- -- (usnjsvc)
SRV - File not found [Auto | Stopped] -- -- (repeater_service)
SRV - [2010/03/16 23:48:09 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010/02/19 20:31:44 | 000,067,360 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper.dll -- (getPlusHelper) getPlus(R)
SRV - [2009/10/06 21:19:36 | 000,071,168 | ---- | M] () [Auto | Running] -- C:\WINDOWS\System32\LxrJD31s.exe -- (LxrJD31s)
SRV - [2009/04/21 15:36:50 | 000,216,232 | ---- | M] (CybelSoft) [On_Demand | Stopped] -- C:\Program Files\ma-config.com\maconfservice.exe -- (maconfservice)
SRV - [2009/02/27 07:54:22 | 000,870,672 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng) Intel(R)
SRV - [2009/02/27 06:55:20 | 000,909,312 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\S24EvMon.exe -- (S24EventMonitor) Intel(R)
SRV - [2009/02/27 06:38:38 | 000,473,360 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Fichiers communs\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc) Intel(R)
SRV - [2009/02/19 00:30:20 | 000,121,360 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Fichiers communs\Logitech\Bluetooth\LBTServ.exe -- (LBTServ)
SRV - [2008/12/09 18:40:16 | 000,464,264 | ---- | M] () [Auto | Running] -- C:\Program Files\AskBarDis\bar\bin\AskService.exe -- (ASKService)
SRV - [2008/12/09 18:40:16 | 000,234,888 | ---- | M] () [Auto | Running] -- C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe -- (ASKUpgrade)
SRV - [2008/11/18 15:37:52 | 001,179,648 | ---- | M] (BitDefender SRL) [Auto | Running] -- C:\Program Files\Fichiers communs\BitDefender\BitDefender Update Service\livesrv.exe -- (LIVESRV)
SRV - [2008/11/04 01:06:28 | 000,441,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2008/08/29 15:46:10 | 001,261,568 | ---- | M] (BitDefender S.R.L.) [Auto | Running] -- C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe -- (VSSERV)
SRV - [2008/08/29 15:01:16 | 000,151,552 | ---- | M] (S.C. BitDefender S.R.L) [On_Demand | Running] -- C:\Program Files\Fichiers communs\BitDefender\BitDefender Threat Scanner\scan.dll -- (scan)
SRV - [2008/08/15 06:46:20 | 000,284,016 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Fichiers communs\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe -- (Adobe Version Cue CS4)
SRV - [2007/11/27 16:46:32 | 000,086,016 | ---- | M] (BitDefender) [Auto | Running] -- C:\Program Files\Fichiers communs\BitDefender\BitDefender Communicator\xcommsvr.exe -- (XCOMM)
SRV - [2007/10/19 13:21:16 | 000,141,848 | ---- | M] (Logitech Inc.) [Auto | Stopped] -- C:\Program Files\Fichiers communs\LogiShrd\SrvLnch\SrvLnch.exe -- (LVSrvLauncher)
SRV - [2007/10/19 13:19:22 | 000,141,848 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv)
SRV - [2007/10/19 13:17:28 | 000,186,904 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe -- (LVCOMSer)
SRV - [2006/10/26 15:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2005/11/14 01:06:04 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe -- (IDriverT)
SRV - [2004/08/28 10:33:00 | 000,110,592 | ---- | M] (Matsushita Electric Industrial Co., Ltd.) [Auto | Running] -- C:\WINDOWS\system32\DVDRAMSV.exe -- (DVD-RAM_Service)
SRV - [2004/06/16 16:44:06 | 000,036,864 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files\Toshiba\ConfigFree\CFSvcs.exe -- (CFSvcs)
SRV - [2003/06/19 23:25:00 | 000,322,120 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE -- (MDM)
SRV - [2002/12/17 18:26:22 | 007,520,337 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe -- (MSSQL$SONY_MEDIAMGR)
SRV - [2002/12/17 18:23:30 | 000,311,872 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlagent.EXE -- (SQLAgent$SONY_MEDIAMGR)
SRV - [2002/07/23 05:45:12 | 000,065,536 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Fichiers communs\Sony Shared\AVLib\SPTISRV.exe -- (SPTISRV)


========== Driver Services (SafeList) ==========

DRV - [2009/12/03 12:17:48 | 000,024,504 | ---- | M] (Turtle Entertainment GmbH) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ESLvnic.sys -- (ESLvnic1)
DRV - [2009/10/06 21:19:36 | 000,069,824 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\LxrJD31d.sys -- (LxrJD31d)
DRV - [2009/04/21 15:39:26 | 000,014,336 | ---- | M] (CybelSoft) [Kernel | On_Demand | Stopped] -- C:\Program Files\ma-config.com\Drivers\driverhardwarev2.sys -- (driverhardwarev2)
DRV - [2009/03/04 10:31:32 | 004,202,496 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NETw5x32.sys -- (NETw5x32) Intel(R)
DRV - [2008/12/18 23:44:00 | 000,028,816 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LUsbFilt.sys -- (LUsbFilt)
DRV - [2008/12/18 23:43:48 | 000,037,392 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2008/12/18 23:43:40 | 000,035,472 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2008/08/14 08:57:42 | 000,074,720 | ---- | M] (Adobe Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\adfs.sys -- (adfs)
DRV - [2008/08/13 17:23:56 | 000,011,904 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)
DRV - [2008/04/13 19:45:12 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio) Pilote USB audio (WDM)
DRV - [2008/04/13 18:36:05 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2008/02/15 14:12:06 | 005,854,752 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\igxpmp32.sys -- (ialm)
DRV - [2008/01/25 15:40:56 | 000,156,688 | ---- | M] (BitDefender SRL) [Kernel | System | Running] -- C:\Program Files\Fichiers communs\BitDefender\BitDefender Firewall\bdftdif.sys -- (bdftdif)
DRV - [2008/01/16 14:12:10 | 000,008,320 | ---- | M] (BitDefender S.R.L.) [Kernel | On_Demand | Running] -- C:\Program Files\BitDefender\BitDefender 2008\bdselfpr.sys -- (BDSelfPr)
DRV - [2008/01/07 17:41:34 | 000,196,368 | ---- | M] (BitDefender S.R.L. Bucharest, ROMANIA) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\bdfsfltr.sys -- (bdfsfltr)
DRV - [2007/10/19 13:16:30 | 002,109,976 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Lvckap.sys -- (LVcKap)
DRV - [2007/10/11 18:59:24 | 000,025,624 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LVPr2Mon.sys -- (LVPr2Mon)
DRV - [2007/10/11 18:59:02 | 002,142,488 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LVMVdrv.sys -- (LVMVDrv)
DRV - [2007/09/26 07:01:32 | 002,236,032 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\NETw4x32.sys -- (NETw4x32) Pilote de carte Intel(R)
DRV - [2007/08/21 19:17:28 | 004,419,584 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2007/07/12 00:32:44 | 000,012,800 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\Fichiers communs\BitDefender\BitDefender Threat Scanner\profos.sys -- (Profos)
DRV - [2007/07/10 07:00:42 | 000,036,736 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\Fichiers communs\BitDefender\BitDefender Threat Scanner\trufos.sys -- (Trufos)
DRV - [2007/03/06 18:54:40 | 000,041,376 | ---- | M] (Labtec Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LVUSBSta.sys -- (LVUSBSta)
DRV - [2007/03/06 18:49:20 | 000,491,168 | ---- | M] (Labtec Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LV561AV.SYS -- (PID_0928) Logitech QuickCam Express(PID_0928)
DRV - [2006/09/05 20:00:54 | 000,086,432 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\se58obex.sys -- (se58obex)
DRV - [2006/09/05 20:00:06 | 000,088,624 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\se58mgmt.sys -- (se58mgmt) Sony Ericsson Device 088 USB WMC Device Management Drivers (WDM)
DRV - [2006/09/05 19:59:18 | 000,097,088 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\se58mdm.sys -- (se58mdm)
DRV - [2006/09/05 19:59:14 | 000,009,360 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\se58mdfl.sys -- (se58mdfl)
DRV - [2006/09/05 19:58:26 | 000,061,536 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\se58bus.sys -- (se58bus) Sony Ericsson Device 088 driver (WDM)
DRV - [2006/09/05 19:57:54 | 000,018,704 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\se58nd5.sys -- (se58nd5) Sony Ericsson Device 088 USB Ethernet Emulation SEMC58 (NDIS)
DRV - [2006/09/05 19:57:48 | 000,090,800 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\se58unic.sys -- (se58unic) Sony Ericsson Device 088 USB Ethernet Emulation SEMC58 (WDM)
DRV - [2006/02/17 21:26:42 | 000,083,344 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\z530obex.sys -- (z530obex)
DRV - [2006/02/17 21:26:40 | 000,085,408 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\z530mgmt.sys -- (z530mgmt) Sony Ericsson Z530 USB WMC Device Management Drivers (WDM)
DRV - [2006/02/17 21:26:36 | 000,094,064 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\z530mdm.sys -- (z530mdm)
DRV - [2006/02/17 21:26:34 | 000,008,336 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\z530mdfl.sys -- (z530mdfl)
DRV - [2006/02/17 21:26:30 | 000,058,288 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\z530bus.sys -- (z530bus) Sony Ericsson Z530 Driver driver (WDM)
DRV - [2005/12/13 19:08:44 | 001,124,097 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2005/11/30 11:12:36 | 000,162,560 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tifm21.sys -- (tifm21)
DRV - [2005/06/02 13:33:00 | 000,102,384 | ---- | M] (Matsushita Electric Industrial Co.,Ltd.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\meiudf.sys -- (meiudf)
DRV - [2004/08/04 00:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Pilote NT de carte Realtek PCI Fast Ethernet à base RTL8139(A/B/C)
DRV - [2004/07/26 14:28:02 | 000,004,352 | ---- | M] (Toshiba Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NBSMI.sys -- (TVALD)
DRV - [2004/06/26 16:22:00 | 000,006,016 | ---- | M] (RDV Soft) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\vnccom.SYS -- (vnccom)
DRV - [2004/06/26 16:22:00 | 000,004,736 | ---- | M] (RDV Soft) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\vncdrv.sys -- (vncdrv)
DRV - [2004/05/28 11:45:02 | 000,390,944 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ar5211.sys -- (AR5211)
DRV - [2004/04/22 16:18:48 | 000,182,688 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SynTP.sys -- (SynTP)
DRV - [2004/04/14 14:52:22 | 000,005,632 | R--- | M] (ATI Technologies Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\atiide.sys -- (atiide)
DRV - [2004/03/09 20:28:38 | 000,680,448 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2004/02/27 00:50:38 | 000,611,820 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
DRV - [2004/02/24 11:08:52 | 000,400,384 | ---- | M] (Sensaura) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ALCXSENS.SYS -- (ALCXSENS)
DRV - [2003/12/05 19:53:00 | 000,068,352 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Rtlnic51.sys -- (RTL8023)
DRV - [2003/10/27 13:59:00 | 000,013,842 | ---- | M] (ATI Technologies Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\atisgkaf.sys -- (caboagp)
DRV - [2003/02/18 19:02:06 | 000,042,092 | ---- | M] (Texas Instruments Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tiumfwl.sys -- (tiumfwl)
DRV - [2003/01/29 14:35:00 | 000,012,032 | ---- | M] (TOSHIBA Corporation.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\Netdevio.sys -- (Netdevio)
DRV - [2002/12/10 16:13:22 | 000,007,552 | ---- | M] (Texas Instruments Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\tiumflt.sys -- (DevUpper)
DRV - [2002/11/05 16:00:46 | 000,039,424 | ---- | M] (SMC) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\smcirda.sys -- (SMCIRDA)
DRV - [2002/08/08 15:51:32 | 000,038,951 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\NETMDUSB.sys -- (NETMDUSB)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.pucuy.com/


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-4130127721-353058759-2456171261-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://fr.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-4130127721-353058759-2456171261-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = fr
IE - HKU\S-1-5-21-4130127721-353058759-2456171261-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 4A 2F 93 C5 E0 DF CA 01 [binary data]
IE - HKU\S-1-5-21-4130127721-353058759-2456171261-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-4130127721-353058759-2456171261-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.defaulturl: "http://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q="
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "http://www.google.fr"
FF - prefs.js..extensions.enabledItems: {bbec3a46-c2e4-ff61-76d2-19a319ec0628}:4.6.6.7
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2
FF - prefs.js..extensions.enabledItems: {d40f5e7b-d2cf-4856-b441-cc613eeffbe3}:1.47.4
FF - prefs.js..extensions.enabledItems: fr-reforme1990@dictionaries.addons.mozilla.org:3.5
FF - prefs.js..extensions.enabledItems: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:1.1.9
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.8.20100408.6
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20


FF - HKLM\software\mozilla\Firefox\extensions\\{3112ca9c-de6d-4884-a869-9855de68056c}: C:\Documents and Settings\All Users\Application Data\Google\Toolbar for Firefox\{3112ca9c-de6d-4884-a869-9855de68056c} [2009/06/05 10:11:35 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/04/19 18:40:34 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/04/27 22:40:51 | 000,000,000 | ---D | M]

[2010/04/19 18:40:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sebastien\Application Data\Mozilla\Extensions
[2009/04/22 11:23:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sebastien\Application Data\Mozilla\Extensions\mozswing@mozswing.org
[2010/05/01 11:09:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sebastien\Application Data\Mozilla\Firefox\Profiles\fth0ooj0.default\extensions
[2010/04/28 08:22:51 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Sebastien\Application Data\Mozilla\Firefox\Profiles\fth0ooj0.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/04/28 23:40:28 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Documents and Settings\Sebastien\Application Data\Mozilla\Firefox\Profiles\fth0ooj0.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2010/05/01 11:08:53 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\Sebastien\Application Data\Mozilla\Firefox\Profiles\fth0ooj0.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010/04/19 19:34:12 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Sebastien\Application Data\Mozilla\Firefox\Profiles\fth0ooj0.default\extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}
[2010/04/22 16:08:43 | 000,000,000 | ---D | M] (DownThemAll!) -- C:\Documents and Settings\Sebastien\Application Data\Mozilla\Firefox\Profiles\fth0ooj0.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}
[2010/04/27 00:04:19 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Documents and Settings\Sebastien\Application Data\Mozilla\Firefox\Profiles\fth0ooj0.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2010/04/19 19:42:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sebastien\Application Data\Mozilla\Firefox\Profiles\fth0ooj0.default\extensions\fr-reforme1990@dictionaries.addons.mozilla.org
[2010/05/01 00:18:55 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/04/19 17:56:48 | 000,000,000 | ---D | M] (LoudMo Contextual Ad Assistant) -- C:\Program Files\Mozilla Firefox\extensions\{bbec3a46-c2e4-ff61-76d2-19a319ec0628}
[2010/04/27 22:40:54 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2004/07/02 14:51:00 | 000,327,904 | ---- | M] (Macromedia, Inc.) -- C:\Program Files\Mozilla Firefox\components\np32asw.dll
[2004/07/02 14:51:00 | 000,327,904 | ---- | M] (Macromedia, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\np32asw.dll
[2008/02/28 13:11:00 | 000,470,016 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npagent.dll
[2010/04/12 17:29:19 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2009/11/04 21:36:05 | 000,238,776 | ---- | M] (Pando Networks) -- C:\Program Files\Mozilla Firefox\plugins\npPandoWebInst.dll
[2010/04/01 19:07:29 | 000,001,516 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-france.xml
[2010/04/01 19:07:29 | 000,001,822 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\cnrtl-tlfi-fr.xml
[2010/04/01 19:07:29 | 000,000,757 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-france.xml
[2010/04/01 19:07:29 | 000,001,426 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-fr.xml
[2010/04/01 19:07:29 | 000,000,956 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-france.xml

O1 HOSTS File: ([2010/04/25 10:07:00 | 000,392,675 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 127.0.0.1 www.123fporn.info
O1 - Hosts: 13563 more lines...
O2 - BHO: (ContributeBHO Class) - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files\Adobe\/Adobe Contribute CS4/contributeieplugin.dll ()
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (AskBar BHO) - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (installnetworkonline) - {63f38a2c-25e6-b425-da1a-bf572625ae32} - C:\WINDOWS\system32\yNd-rJAu6dN_M.dll ()
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No CLSID value found.
O2 - BHO: (Programme d'aide de l'Assistant de connexion Windows Live) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Vuze Remote Toolbar) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files\Vuze_Remote\tbVuze.dll (Conduit Ltd.)
O2 - BHO: (EpsonToolBandKicker Class) - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O3 - HKLM\..\Toolbar: (BitDefender Toolbar) - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2008\IEToolbar.dll (Bitdefender)
O3 - HKLM\..\Toolbar: (Contribute Toolbar) - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\/Adobe Contribute CS4/contributeieplugin.dll ()
O3 - HKLM\..\Toolbar: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O3 - HKU\S-1-5-21-4130127721-353058759-2456171261-1006\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKU\S-1-5-21-4130127721-353058759-2456171261-1006\..\Toolbar\WebBrowser: (no name) - {00000000-5736-4205-0008-781CD0E19F00} - No CLSID value found.
O3 - HKU\S-1-5-21-4130127721-353058759-2456171261-1006\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found.
O3 - HKU\S-1-5-21-4130127721-353058759-2456171261-1006\..\Toolbar\WebBrowser: (Ask Toolbar) - {3041D03E-FD4B-44E0-B742-2D9B88305F98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O3 - HKU\S-1-5-21-4130127721-353058759-2456171261-1006\..\Toolbar\WebBrowser: (Vuze Remote Toolbar) - {BA14329E-9550-4989-B3F2-9732E92D17CC} - C:\Program Files\Vuze_Remote\tbVuze.dll (Conduit Ltd.)
O4 - HKLM..\Run: [Adobe ARM] C:\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe Photo Downloader] C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe_ID0ENQBO] C:\Program Files\Fichiers communs\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4Tray.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files\Fichiers communs\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [ATIModeChange] C:\WINDOWS\System32\Ati2mdxx.exe (ATI Technologies, Inc.)
O4 - HKLM..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [BDAgent] C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe (BitDefender S.R.L.)
O4 - HKLM..\Run: [BitDefender Antiphishing Helper] C:\Program Files\BitDefender\BitDefender 2008\IEShow.exe (BitDefender)
O4 - HKLM..\Run: [boincmgr] C:\Program Files\BOINC\boincmgr.exe (Space Sciences Laboratory)
O4 - HKLM..\Run: [boinctray] C:\Program Files\BOINC\boinctray.exe (Space Sciences Laboratory)
O4 - HKLM..\Run: [CFSServ.exe] File not found
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [EPSON Stylus D68 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAAE.EXE (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [IntelWireless] C:\Program Files\Fichiers communs\Intel\WirelessCommon\iFrmewrk.exe (Intel(R) Corporation)
O4 - HKLM..\Run: [IntelZeroConfig] C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe (Intel(R) Corporation)
O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\WINDOWS\KHALMNPR.Exe (Logitech, Inc.)
O4 - HKLM..\Run: [LogitechCommunicationsManager] C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe ()
O4 - HKLM..\Run: [LogitechQuickCamRibbon] C:\Program Files\Logitech\QuickCam\Quickcam.exe ()
O4 - HKLM..\Run: [NDSTray.exe] File not found
O4 - HKLM..\Run: [PadTouch] C:\Program Files\TOSHIBA\PadTouch\PadExe.exe (TOSHIBA)
O4 - HKLM..\Run: [SmoothView] C:\Program Files\Toshiba\Utilitaire de zoom TOSHIBA\SmoothView.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [Sony Ericsson PC Suite] C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe ()
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [TFncKy] File not found
O4 - HKLM..\Run: [THotkey] C:\Program Files\Toshiba\TOSHIBA Applet\THotkey.exe (TOSHIBA)
O4 - HKLM..\Run: [TPSMain] C:\WINDOWS\System32\TPSMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe ()
O4 - HKU\S-1-5-21-4130127721-353058759-2456171261-1006..\Run: [AdobeBridge] File not found
O4 - HKU\S-1-5-21-4130127721-353058759-2456171261-1006..\Run: [Pando Media Booster] C:\Program Files\Pando Networks\Media Booster\PMB.exe ()
O4 - HKU\S-1-5-21-4130127721-353058759-2456171261-1006..\Run: [Sonic RecordNow!] File not found
O4 - HKU\S-1-5-21-4130127721-353058759-2456171261-1006..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKU\S-1-5-21-4130127721-353058759-2456171261-1006..\Run: [Steam] c:\program files\steam2\steam.exe (Valve Corporation)
O4 - HKU\S-1-5-21-4130127721-353058759-2456171261-1006..\Run: [TOSCDSPD] C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe (TOSHIBA)
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe (Matsushita Electric Industrial Co., Ltd.)
O4 - Startup: C:\Documents and Settings\Sebastien\Menu Démarrer\Programmes\Démarrage\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-4130127721-353058759-2456171261-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: E&xporter vers Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe File not found
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe File not found
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} http://messenger.zone.msn.com/Messenger ... E_UNO1.cab (UnoCtrl Class)
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} http://cid-bdcf6aa14ff82fe1.spaces.live ... nPUpld.cab (Windows Live Photo Upload Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/Me ... b56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0014-0002-0005-ABCDEFFEDCBA} http://java.sun.com/products/plugin/aut ... s-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} http://wwwimages.adobe.com/www.adobe.co ... nos/gp.cab (get_atlcom Class)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/s ... wflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 89.2.0.1 89.2.0.2
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Fichiers communs\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Fichiers communs\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\WINDOWS\System32\cryptnet32.dll) - C:\WINDOWS\System32\cryptnet32.dll File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\704fb8b7509: DllName - C:\WINDOWS\System32\cryptnet32.dll - C:\WINDOWS\System32\cryptnet32.dll File not found
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll ()
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\LBTWlgn: DllName - c:\program files\fichiers communs\logitech\bluetooth\LBTWlgn.dll - c:\Program Files\Fichiers communs\Logitech\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O24 - Desktop Components:0 (Ma page d'accueil) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\Sebastien\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Sebastien\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/24 08:23:51 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{72e0d65c-fa50-11dc-b11f-0018de2cec27}\Shell - "" = AutoRun
O33 - MountPoints2\{72e0d65c-fa50-11dc-b11f-0018de2cec27}\Shell\Auto\command - "" = KM.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2004/08/24 08:22:57 | 000,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: Wmi - C:\WINDOWS\system32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found

========== Files/Folders - Created Within 30 Days ==========

[2010/05/01 17:53:06 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/05/01 17:50:49 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2010/05/01 17:49:40 | 000,791,393 | ---- | C] (Lars Hederer ) -- C:\Documents and Settings\Sebastien\Bureau\erunt-setup.exe
[2010/05/01 17:48:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sebastien\Application Data\Malwarebytes
[2010/05/01 17:47:31 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/05/01 17:47:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/05/01 17:47:28 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/05/01 17:47:27 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/05/01 17:44:14 | 006,153,352 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Sebastien\Bureau\mbam-setup.exe
[2010/05/01 17:43:13 | 000,570,880 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Sebastien\Bureau\OTL.exe
[2010/04/30 12:24:45 | 000,000,000 | ---D | C] -- C:\Program Files\BOINC
[2010/04/30 12:24:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\BOINC
[2010/04/27 22:40:51 | 000,411,368 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[2010/04/27 22:40:51 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2010/04/27 22:40:51 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2010/04/27 22:40:51 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2010/04/25 01:17:17 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Sebastien\Recent
[2010/04/24 00:04:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sebastien\Local Settings\Application Data\Temp
[2010/04/24 00:03:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\DivX
[2010/04/16 18:37:13 | 000,000,000 | ---D | C] -- C:\Program Files\dumps
[2010/04/15 19:33:58 | 000,000,000 | ---D | C] -- C:\Pass Revelator
[2010/04/14 20:56:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Vuze_Remote
[2010/04/13 12:32:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sebastien\Bureau\Custodia Anti-Cheat
[2010/04/11 12:13:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Norton
[2010/04/11 12:11:52 | 000,000,000 | ---D | C] -- C:\Program Files\NortonInstaller
[2010/04/11 12:11:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NortonInstaller
[2010/04/11 11:34:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sebastien\Local Settings\Application Data\Conduit
[2010/04/11 11:34:48 | 000,000,000 | ---D | C] -- C:\Program Files\Conduit
[2010/04/11 11:34:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sebastien\Local Settings\Application Data\Vuze_Remote
[2010/04/11 11:34:45 | 000,000,000 | ---D | C] -- C:\Program Files\Vuze_Remote
[2010/04/09 18:26:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sebastien\Application Data\vlc
[2010/04/01 19:07:06 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live Safety Center
[11 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/05/01 18:14:01 | 000,001,060 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/05/01 18:11:42 | 000,081,984 | ---- | M] () -- C:\WINDOWS\System32\bdod.bin
[2010/05/01 17:51:37 | 000,000,767 | ---- | M] () -- C:\Documents and Settings\Sebastien\Menu Démarrer\Programmes\Démarrage\ERUNT AutoBackup.lnk
[2010/05/01 17:50:51 | 000,000,611 | ---- | M] () -- C:\Documents and Settings\Sebastien\Bureau\NTREGOPT.lnk
[2010/05/01 17:50:51 | 000,000,592 | ---- | M] () -- C:\Documents and Settings\Sebastien\Bureau\ERUNT.lnk
[2010/05/01 17:49:07 | 000,791,393 | ---- | M] (Lars Hederer ) -- C:\Documents and Settings\Sebastien\Bureau\erunt-setup.exe
[2010/05/01 17:47:35 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\Malwarebytes' Anti-Malware.lnk
[2010/05/01 17:44:29 | 006,153,352 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Sebastien\Bureau\mbam-setup.exe
[2010/05/01 17:43:14 | 000,570,880 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Sebastien\Bureau\OTL.exe
[2010/05/01 17:05:37 | 000,133,632 | ---- | M] () -- C:\Documents and Settings\Sebastien\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/05/01 14:06:05 | 000,001,056 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/05/01 14:05:58 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/05/01 14:05:46 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/04/30 18:32:54 | 023,855,104 | -H-- | M] () -- C:\Documents and Settings\Sebastien\NTUSER.DAT
[2010/04/30 18:32:28 | 000,000,184 | -HS- | M] () -- C:\Documents and Settings\Sebastien\ntuser.ini
[2010/04/30 18:31:16 | 000,000,121 | ---- | M] () -- C:\WINDOWS\bdagent.INI
[2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/04/28 20:56:03 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/04/27 23:15:00 | 000,001,813 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\Google Chrome.lnk
[2010/04/25 22:51:14 | 005,365,879 | ---- | M] () -- C:\Documents and Settings\Sebastien\Mes documents\record-1004252011-de_nuke.rar
[2010/04/25 22:50:33 | 032,111,425 | ---- | M] () -- C:\Documents and Settings\Sebastien\Mes documents\record-1004252011-de_nuke.dem
[2010/04/25 10:07:00 | 000,392,675 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/04/24 11:15:20 | 000,005,959 | ---- | M] () -- C:\Documents and Settings\Sebastien\Mes documents\server.cfg
[2010/04/24 00:08:57 | 000,001,489 | ---- | M] () -- C:\Documents and Settings\Sebastien\Bureau\DivX Movies.lnk
[2010/04/24 00:08:19 | 000,000,777 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\DivX Plus Player.lnk
[2010/04/24 00:07:54 | 000,000,817 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\DivX Plus Converter.lnk
[2010/04/22 11:20:41 | 000,000,673 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\Steam.lnk
[2010/04/19 19:33:42 | 000,391,917 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20100425-100700.backup
[2010/04/19 19:15:47 | 000,000,707 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20100419-193342.backup
[2010/04/19 18:39:11 | 000,001,602 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\Mozilla Firefox.lnk
[2010/04/19 17:56:49 | 000,111,808 | ---- | M] () -- C:\WINDOWS\System32\J_L-HKMt-H9G6D_.exe
[2010/04/18 20:01:29 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\Adobe Reader 9.lnk
[2010/04/18 19:51:17 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/04/14 23:19:46 | 000,006,405 | ---- | M] () -- C:\Documents and Settings\Sebastien\style.php
[2010/04/13 20:10:48 | 001,327,104 | ---- | M] () -- C:\WINDOWS\System32\yNd-rJAu6dN_M.dll
[2010/04/12 17:29:27 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2010/04/12 17:29:26 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2010/04/12 17:29:25 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2010/04/12 17:29:19 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[2010/04/12 15:19:02 | 000,073,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2010/04/11 11:35:59 | 000,001,505 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\Vuze.lnk
[2010/04/10 21:25:13 | 000,000,288 | ---- | M] () -- C:\Documents and Settings\Sebastien\Bureau\aequitas.ini
[2010/04/09 18:25:37 | 000,000,719 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\VLC media player.lnk
[2010/04/05 01:52:08 | 002,108,634 | -H-- | M] () -- C:\Documents and Settings\Sebastien\Local Settings\Application Data\IconCache.db
[2010/04/04 21:14:17 | 000,000,671 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\Mumble (Backwards Compatible).lnk
[2010/04/04 21:14:17 | 000,000,654 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\Mumble.lnk
[11 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/05/01 17:51:37 | 000,000,767 | ---- | C] () -- C:\Documents and Settings\Sebastien\Menu Démarrer\Programmes\Démarrage\ERUNT AutoBackup.lnk
[2010/05/01 17:50:51 | 000,000,611 | ---- | C] () -- C:\Documents and Settings\Sebastien\Bureau\NTREGOPT.lnk
[2010/05/01 17:50:51 | 000,000,592 | ---- | C] () -- C:\Documents and Settings\Sebastien\Bureau\ERUNT.lnk
[2010/05/01 17:47:35 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\Malwarebytes' Anti-Malware.lnk
[2010/04/25 22:50:54 | 005,365,879 | ---- | C] () -- C:\Documents and Settings\Sebastien\Mes documents\record-1004252011-de_nuke.rar
[2010/04/25 22:50:22 | 032,111,425 | ---- | C] () -- C:\Documents and Settings\Sebastien\Mes documents\record-1004252011-de_nuke.dem
[2010/04/24 11:13:13 | 000,005,959 | ---- | C] () -- C:\Documents and Settings\Sebastien\Mes documents\server.cfg
[2010/04/24 00:08:57 | 000,001,489 | ---- | C] () -- C:\Documents and Settings\Sebastien\Bureau\DivX Movies.lnk
[2010/04/24 00:08:19 | 000,000,777 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\DivX Plus Player.lnk
[2010/04/24 00:07:54 | 000,000,817 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\DivX Plus Converter.lnk
[2010/04/24 00:05:22 | 000,001,813 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\Google Chrome.lnk
[2010/04/24 00:04:17 | 000,001,060 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/04/24 00:04:16 | 000,001,056 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/04/20 00:13:57 | 000,000,803 | ---- | C] () -- C:\Documents and Settings\Sebastien\Bureau\Internet Explorer.lnk
[2010/04/19 18:39:11 | 000,001,602 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\Mozilla Firefox.lnk
[2010/04/19 18:13:36 | 000,000,947 | ---- | C] () -- C:\Documents and Settings\Sebastien\site.txt
[2010/04/19 14:19:33 | 000,111,808 | ---- | C] () -- C:\WINDOWS\System32\J_L-HKMt-H9G6D_.exe
[2010/04/16 11:44:51 | 000,000,264 | ---- | C] () -- C:\Documents and Settings\Sebastien\secou msn.txt
[2010/04/15 02:56:21 | 000,000,024 | ---- | C] () -- C:\Documents and Settings\Sebastien\code support.txt
[2010/04/14 23:19:46 | 000,006,405 | ---- | C] () -- C:\Documents and Settings\Sebastien\style.php
[2010/04/13 20:10:48 | 001,327,104 | ---- | C] () -- C:\WINDOWS\System32\yNd-rJAu6dN_M.dll
[2010/04/09 18:25:37 | 000,000,719 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\VLC media player.lnk
[2010/04/04 21:14:17 | 000,000,671 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\Mumble (Backwards Compatible).lnk
[2010/04/04 21:14:17 | 000,000,654 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\Mumble.lnk
[2009/10/06 21:19:54 | 000,000,000 | ---- | C] () -- C:\WINDOWS\JDSecure31.INI
[2009/10/06 21:19:37 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\LxrJD20Sat.dll
[2009/10/06 21:19:36 | 000,249,856 | ---- | C] () -- C:\WINDOWS\System32\LxrJD31.dll
[2009/10/06 21:19:36 | 000,069,824 | ---- | C] () -- C:\WINDOWS\System32\drivers\LxrJD31d.sys
[2009/10/04 23:45:22 | 000,027,648 | ---- | C] () -- C:\WINDOWS\System32\AVSredirect.dll
[2009/05/06 16:36:14 | 000,000,789 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2009/04/28 14:56:59 | 000,000,000 | ---- | C] () -- C:\WINDOWS\SetPointInstall.ini
[2009/04/15 00:19:21 | 000,000,237 | ---- | C] () -- C:\WINDOWS\lexstat.ini
[2009/04/15 00:18:29 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\lxbkvs.dll
[2009/04/15 00:18:25 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\LXBKLCNP.DLL
[2009/04/15 00:16:43 | 000,000,266 | ---- | C] () -- C:\WINDOWS\System32\lxbkcoin.ini
[2009/03/07 17:26:42 | 000,015,581 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini
[2009/03/07 17:24:46 | 000,010,288 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS
[2009/03/02 12:50:54 | 000,000,000 | ---- | C] () -- C:\WINDOWS\mngui.INI
[2009/01/14 15:30:07 | 000,995,328 | ---- | C] () -- C:\WINDOWS\System32\ChartSuite.dll
[2009/01/14 14:58:56 | 000,516,096 | ---- | C] () -- C:\WINDOWS\System32\RegisterDialog.dll
[2008/12/29 02:38:42 | 000,009,677 | ---- | C] () -- C:\WINDOWS\GnuHashes.ini
[2008/07/04 11:44:55 | 000,262,416 | ---- | C] () -- C:\WINDOWS\System32\ASFV2.DLL
[2008/07/04 11:41:11 | 000,524,288 | ---- | C] () -- C:\WINDOWS\System32\TDI-SonyOMG.dll
[2008/06/01 14:17:52 | 000,000,063 | ---- | C] () -- C:\WINDOWS\yesmessenger.ini
[2008/03/24 19:53:16 | 000,000,169 | ---- | C] () -- C:\WINDOWS\RtlRack.ini
[2008/03/24 19:07:14 | 000,000,099 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2008/03/21 09:52:38 | 000,000,121 | ---- | C] () -- C:\WINDOWS\bdagent.INI
[2008/03/20 11:22:34 | 000,051,370 | ---- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2008/03/19 23:01:28 | 000,000,025 | ---- | C] () -- C:\WINDOWS\CDED68PE.ini
[2008/03/19 20:09:13 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4926.dll
[2008/03/06 16:49:08 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4906.dll
[2007/10/11 18:59:24 | 000,025,624 | ---- | C] () -- C:\WINDOWS\System32\drivers\LVPr2Mon.sys
[2007/01/31 13:50:32 | 000,913,408 | ---- | C] () -- C:\WINDOWS\System32\xreglib.dll
[2004/08/24 10:24:44 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2004/08/24 10:16:57 | 000,006,757 | ---- | C] () -- C:\WINDOWS\TcdsASC2.ini
[2004/08/24 10:01:31 | 000,000,385 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2004/08/24 09:50:59 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2004/08/24 09:50:59 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2004/08/24 09:50:59 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2004/08/24 09:50:59 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2004/08/24 09:50:59 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2004/08/24 09:50:58 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2004/08/24 09:39:02 | 000,000,000 | ---- | C] () -- C:\WINDOWS\NDSTray.INI
[2004/08/24 09:38:55 | 000,019,607 | ---- | C] () -- C:\WINDOWS\System32\drivers\TOSSMBNT.sys
[2004/08/24 09:29:15 | 000,126,976 | ---- | C] () -- C:\WINDOWS\System32\MousePage.dll
[2004/08/24 09:29:15 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\TCtrlIO.dll
[2004/08/24 09:25:56 | 000,128,113 | ---- | C] () -- C:\WINDOWS\System32\csellang.ini
[2004/08/24 09:25:56 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\csellang.dll
[2004/08/24 09:25:56 | 000,010,177 | ---- | C] () -- C:\WINDOWS\System32\tosmreg.ini
[2004/08/24 09:25:56 | 000,007,671 | ---- | C] () -- C:\WINDOWS\System32\cseltbl.ini
[2004/08/24 09:19:22 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\SynTPCoI.dll
[2004/08/24 09:13:58 | 000,000,164 | ---- | C] () -- C:\WINDOWS\avrack.ini
[2004/08/24 08:28:45 | 000,000,829 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/24 08:05:29 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\ToshBIOS.dll
[2004/08/24 08:05:29 | 000,000,083 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2004/08/20 10:50:41 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\ati2evxx.dll
[2004/07/12 23:18:22 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
0smoz
 
Messages: 13
Inscription: 01 Mai 2010, 16:59

Messagede 0smoz » 01 Mai 2010, 17:41

suite log OTL


========== LOP Check ==========

[2008/03/20 20:23:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Azureus
[2006/09/26 01:07:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BitDefender
[2010/05/01 14:10:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BOINC
[2009/06/01 18:57:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BVRP Software
[2009/01/31 17:07:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ConeXware
[2008/03/20 20:31:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Downloaded Installations
[2008/11/02 18:05:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FlashFXP
[2008/12/26 13:01:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ICQ
[2009/04/28 14:27:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ma-config.com
[2010/03/15 21:11:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Messenger Plus!
[2009/11/04 21:50:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NexonUS
[2009/11/04 21:37:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PMB Files
[2008/11/28 21:01:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sony
[2008/09/03 20:04:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Teleca
[2009/10/26 19:40:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2008/03/24 19:14:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\UDL
[2009/01/03 12:51:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WhiteCap (Holiday Edition)
[2009/10/26 19:44:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2004/08/24 09:38:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Application Data\toshiba
[2009/11/13 00:05:31 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\Sebastien\Application Data\.#
[2010/05/01 12:00:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sebastien\Application Data\Azureus
[2006/09/26 01:08:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sebastien\Application Data\Bitdefender
[2008/05/01 00:01:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sebastien\Application Data\Camfrog
[2010/03/18 21:26:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sebastien\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2010/04/25 23:07:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sebastien\Application Data\FileZilla
[2008/12/18 02:42:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sebastien\Application Data\FireShot
[2008/12/06 01:47:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sebastien\Application Data\gtk-2.0
[2010/04/29 21:58:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sebastien\Application Data\HLSW
[2010/01/25 18:47:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sebastien\Application Data\HTML Executable
[2008/12/26 00:55:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sebastien\Application Data\ICQLite
[2008/10/29 11:10:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sebastien\Application Data\InterVideo
[2008/09/04 10:41:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sebastien\Application Data\Leadertech
[2009/04/22 11:43:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sebastien\Application Data\LimeWire
[2008/03/20 10:22:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sebastien\Application Data\ma-config.com
[2010/04/04 21:32:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sebastien\Application Data\Mumble
[2009/03/08 12:50:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sebastien\Application Data\NetMedia Providers
[2010/03/02 17:51:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sebastien\Application Data\Octoshape
[2010/02/20 21:24:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sebastien\Application Data\pokerth
[2008/11/28 21:07:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sebastien\Application Data\Publish Providers
[2009/12/07 19:29:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sebastien\Application Data\QuickScan
[2010/04/19 18:29:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sebastien\Application Data\RayV
[2010/03/06 11:57:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sebastien\Application Data\shockvoice
[2008/11/28 21:29:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sebastien\Application Data\Sony
[2008/10/22 17:05:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sebastien\Application Data\Sony Setup
[2009/11/13 00:03:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sebastien\Application Data\Tactical Coders
[2008/11/21 00:01:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sebastien\Application Data\TeamViewer
[2009/03/02 11:20:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sebastien\Application Data\Teleca
[2004/08/24 09:38:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sebastien\Application Data\toshiba
[2009/04/24 03:17:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sebastien\Application Data\Uniblue
[2008/03/06 12:12:40 | 000,000,258 | ---- | M] () -- C:\WINDOWS\Tasks\Rappel d'enregistrement 1.job

========== Purity Check ==========



========== Custom Scans ==========


<SYSTEMDRIVE>
[2007/11/07 08:03:18 | 000,562,688 | ---- | M] (Microsoft Corporation) -- C:\install.exe


<MD5>
[2004/08/05 12:00:00 | 018,779,217 | ---- | M] () .cab file -- C:\I386\sp2.cab:AGP440.sys
[2004/08/05 12:00:00 | 018,779,217 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2008/10/26 11:48:57 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2008/10/26 11:48:57 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008/04/13 20:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 20:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys

<MD5>
[2004/08/05 12:00:00 | 018,779,217 | ---- | M] () .cab file -- C:\I386\sp2.cab:atapi.sys
[2004/08/05 12:00:00 | 018,779,217 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2008/10/26 11:48:57 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2008/10/26 11:48:57 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008/04/13 20:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 20:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/03 23:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
[2004/08/05 12:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0000\DriverFiles\i386\atapi.sys
[2004/08/05 12:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0010\DriverFiles\i386\atapi.sys

<MD5>
[2004/08/05 12:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=21E83876A6287F15538EF187D286FE11 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll
[2008/04/14 04:33:24 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=4EC800BDF80521B0207BD2301DFC7D14 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/14 04:33:24 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=4EC800BDF80521B0207BD2301DFC7D14 -- C:\WINDOWS\system32\eventlog.dll

<MD5>
[2008/04/14 04:33:34 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=04821179C3171554C1BD1F9888A113E2 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/14 04:33:34 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=04821179C3171554C1BD1F9888A113E2 -- C:\WINDOWS\system32\netlogon.dll
[2004/08/05 12:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=FAF07FDCDE76000621A28D19F8E2E8EB -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

<MD5>
[2008/04/14 04:33:40 | 000,187,392 | ---- | M] (Microsoft Corporation) MD5=973B36634C544948C663E8269AA1B3A3 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/14 04:33:40 | 000,187,392 | ---- | M] (Microsoft Corporation) MD5=973B36634C544948C663E8269AA1B3A3 -- C:\WINDOWS\system32\scecli.dll
[2004/08/05 12:00:00 | 000,186,368 | ---- | M] (Microsoft Corporation) MD5=DEC0397F35D027874804EC72979D03CC -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll

<systemroot>

<systemroot>
[2010/03/10 08:16:48 | 000,420,352 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\vbscript.dll
[11 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

<systemroot>

========== Alternate Data Streams ==========

@Alternate Data Stream - 512 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:05EE1EEF
@Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C8B8CEBD
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C46995DA
<End>
0smoz
 
Messages: 13
Inscription: 01 Mai 2010, 16:59

Messagede 0smoz » 01 Mai 2010, 17:42

Log Extras

OTL Extras logfile created on: 01/05/2010 18:12:33 - Run 1
OTL by OldTimer - Version 3.2.4.0 Folder = C:\Documents and Settings\Sebastien\Bureau
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy

2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 54,00% Memory free
3,00 Gb Paging File | 2,00 Gb Available in Paging File | 67,00% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 93,16 Gb Total Space | 42,51 Gb Free Space | 45,63% Space Free | Partition Type: NTFS
Unable to calculate disk information.
E: Drive not present or media not loaded
Drive F: | 298,09 Gb Total Space | 0,93 Gb Free Space | 0,31% Space Free | Partition Type: NTFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: FAVIER
Current User Name: Sebastien
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)

[HKEY_USERS\S-1-5-21-4130127721-353058759-2456171261-1006\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"6881:TCP" = 6881:TCP:*:Enabled:azureus
"48113:TCP" = 48113:TCP:LocalSubNet:Enabled:maconfig_tcp
"48113:UDP" = 48113:UDP:LocalSubNet:Enabled:maconfig_udp
"56133:TCP" = 56133:TCP:*:Enabled:Pando Media Booster
"56133:UDP" = 56133:UDP:*:Enabled:Pando Media Booster
"6891:TCP" = 6891:TCP:*:Enabled:1
"6891:UDP" = 6891:UDP:*:Enabled:2
"1863:TCP" = 1863:TCP:*:Enabled:3
"1863:UDP" = 1863:UDP:*:Enabled:4
"5353:TCP" = 5353:TCP:*:Enabled:Adobe CSI CS4
"3703:TCP" = 3703:TCP:*:Enabled:Adobe Version Cue CS4 Server
"3704:TCP" = 3704:TCP:*:Enabled:Adobe Version Cue CS4 Server
"51000:TCP" = 51000:TCP:*:Enabled:Adobe Version Cue CS4 Server
"51001:TCP" = 51001:TCP:*:Enabled:Adobe Version Cue CS4 Server

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\FlashFXP\FlashFXP.exe" = C:\Program Files\FlashFXP\FlashFXP.exe:*:Enabled:FlashFXP v3 -- File not found
"C:\Nexon\Combat Arms\CombatArms.exe" = C:\Nexon\Combat Arms\CombatArms.exe:*Enabled:CombatArms.exe -- File not found
"C:\Nexon\Combat Arms\Engine.exe" = C:\Nexon\Combat Arms\Engine.exe:*Enabled:Engine.exe -- File not found
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\mIRC\mirc.exe" = C:\Program Files\mIRC\mirc.exe:*:Enabled:mIRC -- File not found
"C:\Program Files\GaNja`Script\mirc.exe" = C:\Program Files\GaNja`Script\mirc.exe:*:Enabled:mIRC -- (mIRC Co. Ltd.)
"C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)
"C:\Program Files\Steam\steam.exe" = C:\Program Files\Steam\steam.exe:*:Enabled:Steam -- File not found
"C:\Program Files\Winamp Remote\bin\Orb.exe" = C:\Program Files\Winamp Remote\bin\Orb.exe:*:Enabled:Orb -- File not found
"C:\Program Files\Winamp Remote\bin\OrbTray.exe" = C:\Program Files\Winamp Remote\bin\OrbTray.exe:*:Enabled:OrbTray -- File not found
"C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe" = C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe:*:Enabled:Orb Stream Client -- File not found
"C:\WINDOWS\system32\dpvsetup.exe" = C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test -- (Microsoft Corporation)
"C:\Program Files\Teamspeak2_RC2\server_windows.exe" = C:\Program Files\Teamspeak2_RC2\server_windows.exe:*:Enabled:Server -- File not found
"F:\Azureus\Azureus.exe" = F:\Azureus\Azureus.exe:*:Enabled:Azureus -- File not found
"E:\Azureus\Azureus.exe" = E:\Azureus\Azureus.exe:*:Enabled:Azureus -- File not found
"C:\Program Files\Steam\steamapps\0smoz62\condition zero\hl.exe" = C:\Program Files\Steam\steamapps\0smoz62\condition zero\hl.exe:*:Enabled:Half-Life Launcher -- File not found
"C:\Program Files\HLSW\hlsw.exe" = C:\Program Files\HLSW\hlsw.exe:*:Enabled:HLSW Application -- (Stripf Software)
"C:\WINDOWS\system32\rtcshare.exe" = C:\WINDOWS\system32\rtcshare.exe:*:Enabled:Partage de l'application RTC -- (Microsoft Corporation)
"C:\Program Files\Sony Ericsson\Update Service\Update Service.exe" = C:\Program Files\Sony Ericsson\Update Service\Update Service.exe:*:Enabled:Update Service -- ()
"C:\Program Files\Sony Ericsson\Sony Ericsson Media Manager\MediaManager.exe" = C:\Program Files\Sony Ericsson\Sony Ericsson Media Manager\MediaManager.exe:*:Enabled:Sony Ericsson Media Manager 1.2 -- (Sony Creative Software Inc.)
"C:\wamp\bin\apache\apache2.2.8\bin\httpd.exe" = C:\wamp\bin\apache\apache2.2.8\bin\httpd.exe:*:Enabled:Apache HTTP Server -- File not found
"C:\Program Files\UltraVNC\winvnc.exe" = C:\Program Files\UltraVNC\winvnc.exe:*:Enabled:Serveur VNC pour Win32 -- File not found
"C:\Program Files\UltraVNC\repeater.exe" = C:\Program Files\UltraVNC\repeater.exe:*:Enabled:Répétiteur pour UltraVNC -- File not found
"C:\Program Files\UltraVNC\vncviewer.exe" = C:\Program Files\UltraVNC\vncviewer.exe:*:Enabled:VNCViewer -- File not found
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE" = C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation)
"C:\Program Files\Java\jre6\bin\java.exe" = C:\Program Files\Java\jre6\bin\java.exe:*:Enabled:Java(TM) Platform SE binary -- (Sun Microsystems, Inc.)
"C:\Program Files\FileZilla FTP Client\filezilla.exe" = C:\Program Files\FileZilla FTP Client\filezilla.exe:*:Enabled:FileZilla FTP Client -- (FileZilla Project)
"C:\Documents and Settings\Sebastien\temp\TeamViewer3\TeamViewer.exe" = C:\Documents and Settings\Sebastien\temp\TeamViewer3\TeamViewer.exe:*:Disabled:Application de pilotage à distance TeamViewer -- File not found
"C:\Program Files\ma-config.com\maconfservice.exe" = C:\Program Files\ma-config.com\maconfservice.exe:LocalSubNet:Enabled:maconfservice -- (CybelSoft)
"C:\Documents and Settings\Sebastien\Application Data\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe" = C:\Documents and Settings\Sebastien\Application Data\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe:*:Enabled:Main program for Octoshape client -- File not found
"C:\Program Files\Pando Networks\Media Booster\PMB.exe" = C:\Program Files\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster -- ()
"C:\Nexon\Combat Arms\CombatArms.exe" = C:\Nexon\Combat Arms\CombatArms.exe:*Enabled:CombatArms.exe -- File not found
"C:\Nexon\Combat Arms\Engine.exe" = C:\Nexon\Combat Arms\Engine.exe:*Enabled:Engine.exe -- File not found
"C:\Program Files\Steam\steamapps\0smoz62\counter-strike\hl.exe" = C:\Program Files\Steam\steamapps\0smoz62\counter-strike\hl.exe:*:Enabled:Half-Life Launcher -- File not found
"C:\Program Files\Steam\steamapps\0smoz62\condition zero deleted scenes\hl.exe" = C:\Program Files\Steam\steamapps\0smoz62\condition zero deleted scenes\hl.exe:*:Enabled:Half-Life Launcher -- File not found
"C:\Program Files\aMSN1\amsn.exe" = C:\Program Files\aMSN1\amsn.exe:*:Enabled:aMSN -- File not found
"C:\Program Files\aMSN1\bin\wish.exe" = C:\Program Files\aMSN1\bin\wish.exe:*:Enabled:Wish Application -- File not found
"C:\Program Files\VideoLAN\VLC\vlc.exe" = C:\Program Files\VideoLAN\VLC\vlc.exe:*:Enabled:VLC media player -- ()
"C:\Program Files\Steam1\steamapps\0smoz62\counter-strike\hl.exe" = C:\Program Files\Steam1\steamapps\0smoz62\counter-strike\hl.exe:*:Enabled:Half-Life Launcher -- File not found
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Program Files\Fichiers communs\Adobe\CS4ServiceManager\CS4ServiceManager.exe" = C:\Program Files\Fichiers communs\Adobe\CS4ServiceManager\CS4ServiceManager.exe:*:Enabled:Adobe CSI CS4 -- (Adobe Systems Incorporated)
"C:\Program Files\Fichiers communs\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe" = C:\Program Files\Fichiers communs\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe:*:Enabled:Adobe Version Cue CS4 Server -- (Adobe Systems Incorporated)
"C:\Program Files\RayV\RayV\RayV.exe" = C:\Program Files\RayV\RayV\RayV.exe:*:Enabled:RayV -- File not found
"C:\Program Files\RayV\RayV\RayV.dll" = C:\Program Files\RayV\RayV\RayV.dll:*:Enabled:RayV -- File not found
"C:\Program Files\Adobe\Adobe After Effects CS4\Support Files\AfterFX.exe" = C:\Program Files\Adobe\Adobe After Effects CS4\Support Files\AfterFX.exe:*:Enabled:Adobe After Effects CS4 -- (Adobe Systems Incorporated)
"C:\Program Files\Vuze\Azureus.exe" = C:\Program Files\Vuze\Azureus.exe:*:Enabled:Azureus / Vuze -- (Vuze Inc.)
"C:\Program Files\Steam2\steam.exe" = C:\Program Files\Steam2\steam.exe:*:Enabled:Steam -- (Valve Corporation)
"C:\Program Files\Steam2\steamapps\0smoz62\counter-strike\hl.exe" = C:\Program Files\Steam2\steamapps\0smoz62\counter-strike\hl.exe:*:Enabled:Counter-Strike -- (Valve)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{00ADFB20-AE75-46F4-AD2C-F48B15AC3100}" = Adobe Color NA Recommended Settings CS4
"{0456ebd7-5f67-4ab6-852e-63781e3f389c}" = Macromedia Flash Player
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4
"{05832D65-6EDB-4D32-BA78-BCD0E2B91C02}" = Atheros Wireless LAN MiniPCI card Driver
"{0609D0AF-1382-42BE-81DB-CF30F8B0F6E2}" = Serif PhotoPlus 6.0
"{098727E1-775A-4450-B573-3F441F1CA243}" = kuler
"{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI Control Panel
"{0C826C5B-B131-423A-A229-C71B3CACCD6A}" = CDDRV_Installer
"{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4
"{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4
"{117C01B5-9D68-4A15-85E2-A7CDFA82CEB9}" = OpenMG Secure Module 3.1
"{121634B0-2F4B-11D3-ADA3-00C04F52DD52}" = Windows Installer Clean Up
"{14F70205-1940-4000-88C7-BE799A6B2CAD}" = Adobe Soundbooth CS4
"{15BF7AAF-846C-4A6D-80E1-5D1FC7FB461B}" = Adobe SGM CS4
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{16E16F01-2E2D-4248-A42F-76261C147B6C}" = Adobe Drive CS4
"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
"{172423F9-522A-483A-AD65-03600CE4CA4F}" = Microsoft Works 6-9 Converter
"{188BA1CC-F3A1-49B0-A34D-8C861C64E1AE}" = Manuels TOSHIBA
"{19ABFD8F-CB86-4965-9282-047FC27084F1}" = SQLXML 3.0 SP3
"{1B7C06E1-4888-47A6-992A-0990B9683486}" = Adobe Version Cue CS4 Server
"{1DCA3EAA-6EB5-4563-A970-EA14D75037BA}" = Adobe InDesign CS4
"{1E04CB54-AF4E-4AC3-B4B7-C0A160BE57F1}" = Adobe InDesign CS4 Icon Handler
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Outil de téléchargement Windows Live
"{20C45B32-5AB6-46A4-94EF-58950CAF05E5}" = EPSON Attach To Email
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{23FB368F-1399-4EAC-817C-4B83ECBE3D83}" = mProSafe
"{26A24AE4-039D-4CA4-87B4-2F83216012FF}" = Java(TM) 6 Update 20
"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
"{297190A1-4B0D-4CD6-8B9F-3907F15C3FD8}" = Adobe CS4 American English Speech Analysis Models
"{2A88F1BF-7041-4E42-84B1-6B4ACB83AC64}" = EPSON Scan Assistant
"{2BAF2B96-7560-48B4-87D4-10178DDBE217}" = Adobe InDesign CS4 Application Feature Set Files (Roman)
"{30C8AA56-4088-426F-91D1-0EDFD3A25678}" = Adobe Dreamweaver CS4
"{3101CB58-3482-4D21-AF1A-7057FC935355}" = KhalInstallWrapper
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java(TM) 6 Update 5
"{3470FBE6-B743-420F-B5CE-0D27FA749C16}" = Touch and Launch
"{350C940c-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35725FBC-A136-4A46-9F29-091759D9BB93}" = MVision
"{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4
"{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{3B24B725-D81F-442D-8CE5-2AF05A4A4CC9}" = Music Visualizer Library 1.4.00
"{3CF0858D-1AC5-4308-9DE7-AD15288A8BDC}" = Console TOSHIBA
"{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}" = Adobe Color - Photoshop Specific CS4
"{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = Logitech Registration
"{428FDF9F-E010-4C4C-A8BB-156960AFCA1C}" = Adobe Fireworks CS4
"{43509E18-076E-40FE-AF38-CA5ED400A5A9}" = Pixel Bender Toolkit
"{44E240EC-2224-4078-A88B-2CEE0D3016EF}" = Adobe After Effects CS4 Presets
"{45EC816C-0771-4C14-AE6D-72D1B578F4C8}" = Adobe After Effects CS4
"{46ABBC54-1872-4AA3-95E2-F2C063A63F31}" = Installation Windows Live
"{48F9998C-3BA0-42D3-82E6-5882441EB8CE}" = Adobe Flash CS4 STI-fr
"{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A52555C-032A-4083-BDD9-6A85ABFB39A8}" = Adobe SING CS4
"{4BDFD2CE-6329-42E4-9801-9B3D1F10D79B}" = Adobe® Photoshop® Album Edition Découverte 3.0
"{4D12D805-50B2-4287-B3B9-AD4D74F85693}" = BOINC
"{52232EF4-CC12-4C21-ABCF-ADB79618302D}" = Adobe Soundbooth CS4 Codecs
"{553255F3-78FD-40F1-A6F8-6882140265FE}" = Apple Application Support
"{5570C7F0-43D0-4916-8A9E-AEDD52FA86F4}" = Adobe Color EU Extra Settings CS4
"{561968FD-56A1-49FD-9ED0-F55482C7C5BC}" = Adobe Media Encoder CS4 Exporter
"{5BB207D6-0E1E-11D5-9B6A-00C04F7EC248}" = Decal Converter
"{5DA7BC15-18D3-41A0-9F59-838DA3EAEF17}" = EPSON Easy Photo Print
"{5EAD5443-7194-46CC-A055-428E6ABB1BAF}" = Adobe Encore CS4
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{5F1ECBFB-048E-406E-A7AB-A81F9E359961}" = Sony Ericsson Media Manager 1.2
"{60DB5894-B5A1-4B62-B0F3-669A22C0EE5D}" = Adobe Dynamiclink Support
"{61D6891E-E822-4448-9F9A-0AAAAEB6AF6C}" = Adobe Creative Suite 4 Master Collection
"{63C24A08-70F3-4C8E-B9FB-9F21A903801D}" = Adobe Color Video Profiles CS CS4
"{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}" = Adobe Photoshop CS4 Support
"{64212898-097F-4F3F-AECA-6D34A7EF82DF}" = Utilitaire de zoom TOSHIBA
"{67A9747A-E1F5-4E9A-81CC-12B5D5B81B6E}" = Adobe After Effects CS4 Third Party Content
"{67F0E67A-8E93-4C2C-B29D-47C48262738A}" = Adobe Device Central CS4
"{68243FF8-83CA-466B-B2B8-9F99DA5479C4}" = AdobeColorCommonSetCMYK
"{68D368EE-F5AC-4402-BD45-B454B5453FE1}" = SRS WOW XT Plug-In for Windows Media Player for Toshiba version 1.0.2
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6F06A42D-525C-49ED-8622-E16790956CD8}" = Ma-Config.com plugin
"{7148F0A8-6813-11D6-A77B-00B0D0142050}" = Java 2 Runtime Environment, SE v1.4.2_05
"{71D6CE84-B7DC-4166-8E0D-56C1C37BFB5A}" = SonicStage 1.5.06
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7406DF60-016D-476B-A2C7-55D997592047}" = Adobe OnLocation CS4
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{770F1BEC-2871-4E70-B837-FB8525FFA3B1}" = Windows Live Messenger
"{7CC7BDD5-6F10-4724-96A1-EAC7D9F2831C}" = Adobe InDesign CS4 Common Base Files
"{7F14F68C-17FA-4F88-B3FD-7F449C1EBF32}" = EPSON Web-To-Page
"{8186FF34-D389-4B7E-9A2F-C197585BCFBD}" = Adobe Media Encoder CS4 Importer
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{82C7B308-0BDD-49D8-8EA5-9CD3A3F9DF41}" = Windows Live Call
"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{87532CAB-7932-4F84-8937-823337622807}" = Adobe Illustrator CS4
"{888D0F50-FF0A-4808-966E-23D63277BF2A}" = Intel(R) Network Connections 12.4.38.0
"{90120000-0010-040C-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (French) 12
"{90120000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2007
"{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0015-040C-0000-0000000FF1CE}" = Microsoft Office Access MUI (French) 2007
"{90120000-0015-040C-0000-0000000FF1CE}_PROPLUS_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-040C-0000-0000000FF1CE}" = Microsoft Office Excel MUI (French) 2007
"{90120000-0016-040C-0000-0000000FF1CE}_PROPLUS_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-040C-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (French) 2007
"{90120000-0018-040C-0000-0000000FF1CE}_PROPLUS_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-040C-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (French) 2007
"{90120000-0019-040C-0000-0000000FF1CE}_PROPLUS_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-040C-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (French) 2007
"{90120000-001A-040C-0000-0000000FF1CE}_PROPLUS_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-040C-0000-0000000FF1CE}" = Microsoft Office Word MUI (French) 2007
"{90120000-001B-040C-0000-0000000FF1CE}_PROPLUS_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0401-0000-0000000FF1CE}" = Microsoft Office Proof (Arabic) 2007
"{90120000-001F-0401-0000-0000000FF1CE}_PROPLUS_{14809F99-C601-4D4A-9391-F1E8FAA964C5}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_PROPLUS_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROPLUS_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROPLUS_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0413-0000-0000000FF1CE}" = Microsoft Office Proof (Dutch) 2007
"{90120000-001F-0413-0000-0000000FF1CE}_PROPLUS_{D66D5A44-E480-4BA4-B4F2-C554F6B30EBB}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_PROPLUS_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-040C-0000-0000000FF1CE}" = Module de compatibilité pour Microsoft Office System 2007
"{90120000-002C-040C-0000-0000000FF1CE}" = Microsoft Office Proofing (French) 2007
"{90120000-0044-040C-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (French) 2007
"{90120000-0044-040C-0000-0000000FF1CE}_PROPLUS_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-040C-0000-0000000FF1CE}" = Microsoft Office Shared MUI (French) 2007
"{90120000-006E-040C-0000-0000000FF1CE}_PROPLUS_{B165D3C2-40AE-4D39-86F7-E5C87C4264C0}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD for Toshiba
"{91A1040C-6000-11D3-8CFE-0150048383C9}" = Microsoft Office OneNote 2003
"{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4
"{945AC98B-3DC8-45BE-BAE0-22CEEE37A103}" = Logitech QuickCam
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{94FB906A-CF42-4128-A509-D353026A607E}" = REALTEK Gigabit and Fast Ethernet NIC Driver
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9541FED0-327F-4DF0-8B96-EF57EF622F19}" = Sonic RecordNow!
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A394342-4A68-4EBA-85A6-55B559F4E700}" = Microsoft .NET Framework 1.1 French Language Pack
"{9D765FA6-F2BC-40AF-8145-50808F9BDF4E}" = Pilote du DVD-RAM
"{9FE35071-CAB2-4E79-93E7-BFC6A2DC5C5D}" = Réducteur de bruit lect. CD/DVD
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A6690C0E-B96E-4F0F-A8EB-D5B332454AC6}" = Commandes TOSHIBA
"{A6EC82A0-1414-475D-8AFD-469089F3080D}" = Adobe Contribute CS4
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB67580-257C-45FF-B8F4-C8C30682091A}_is1" = SIW version 2008-06-04
"{AC76BA86-7AD7-1036-7B44-A93000000001}" = Adobe Reader 9.3.2 - Français
"{B05DE7B7-0B40-4411-BD4B-222CAE2D8F15}" = Adobe MotionPicture Color Files CS4
"{B13F5727-F12F-4253-B6AD-26AFA880B709}" = Sony Media Manager 2.0
"{B15381DD-FF97-4FCD-A881-ED4DB0975500}" = Adobe Color Video Profiles AE CS4
"{B169BC97-B8AA-4ACA-9CF2-9D0FF5BABDF7}" = Adobe Premiere Pro CS4 Functional Content
"{B29AD377-CC12-490A-A480-1452337C618D}" = Connect
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B65BA85C-0A27-4BC0-A22D-A66F0E5B9494}" = Adobe Photoshop CS4
"{B9F4561A-924D-4510-A85A-BB0960C338CB}" = Adobe Asset Services CS4
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{BD423B54-8668-44B6-8610-D24514445E88}" = Adobe Flash CS4 Extension - Flash Lite STI fr
"{BDD83DC9-BEE9-4654-A5DA-CC46C250088D}" = TOSHIBA ConfigFree
"{BE9CEAAA-F069-4331-BF2F-8D350F6504F4}" = Adobe Media Encoder CS4 Additional Exporter
"{BEF726DD-4037-4214-8C6A-E625C02D2870}" = Logitech Audio Echo Cancellation Component
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{C6E8173D-40EE-4998-B659-CA19F1F278BA}" = BitDefender Antivirus 2008
"{C86E7C99-E4AD-79C7-375B-1AEF9A91EC2B}" = Acrobat.com
"{C938BE91-3BB5-4B84-9EF6-88F0505D0038}" = Adobe Premiere Pro CS4 Third Party Content
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CF40ACC5-E1BB-4aff-AC72-04C2F616BCA7}" = getPlus(R) for Adobe
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1
"{D499F8DE-3F31-4900-9157-61061613704B}" = Adobe Premiere Pro CS4
"{DCE8CD14-FBF5-4464-B9A4-E18E473546C7}" = Assistant de connexion Windows Live
"{DEB90B8E-0DCB-48CE-B90E-8842A2BD643E}" = Adobe Media Encoder CS4
"{E09B48B5-E141-427A-AB0C-D3605127224A}" = Microsoft SQL Server Desktop Engine (SONY_MEDIAMGR)
"{E780E536-16CE-4CD1-8FE0-2D5E52FAA65B}" = Ma-Config.com
"{E86BC406-944E-41F6-ADE6-2C136734C96B}" = EPSON File Manager
"{E89B484C-B913-49A0-959B-89E836001658}" = GEAR 32bit Driver Installer
"{E8EE9410-8AC4-4F43-A626-DDECA75C79F3}" = Adobe Setup
"{E9E34215-82EF-4909-BE2F-F581F0DC9062}" = DirectX for Managed Code Update (Summer 2004)
"{EA516024-D84D-41F1-814F-83175A6188F2}" = Logitech Video Enumerator
"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
"{EE353798-E875-42E0-B58D-7E6696182EA8}" = Adobe Media Encoder CS4 Dolby
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F196AC50-7C95-42E1-9947-BDAB18BF3C8C}" = Microsoft .NET Framework 2.0 Language Pack - FRA
"{F1B8DB67-D30E-4FF9-A85F-3CEE51825AA2}" = SMSC IrCC V5.1.3600.3 SP1
"{F22FD942-651D-4EE8-BD6F-7E0AF5E17625}" = Logiciel Intel(R) PROSet/Wireless WiFi
"{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}" = Logitech SetPoint
"{F6E99614-F042-4459-82B7-8B38B2601356}" = Adobe Flash CS4
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio
"{FB2A5FCC-B81B-48C2-A009-7804694D83E9}" = Adobe Encore CS4 Codecs
"{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}" = mWlsSafe
"{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All
"{FE6397C1-CECA-4EC3-B064-42AED7676898}" = Sony Ericsson PC Suite
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"{FFAB5ABB-8AAB-42E2-847F-1743E51E01E9}" = Disc2Phone
"7-Zip" = 7-Zip 4.65
"8461-7759-5462-8226" = Vuze
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11
"Adobe_b2d6abde968e6f277ddbfd501383e02" = Adobe Creative Suite 4 Master Collection
"All ATI Software" = ATI - Utilitaire de désinstallation du logiciel
"Ask Toolbar_is1" = Vuze Toolbar
"ATI Display Driver" = ATI Display Driver
"AviSynth" = AviSynth 2.5
"CCleaner" = CCleaner (remove only)
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"dBpoweramp DSP Effects" = dBpoweramp DSP Effects
"dBpoweramp Musepack Codec" = dBpoweramp Musepack Codec
"DivX Setup.divx.com" = Configuration DivX
"DriverAgent" = DriverAgent Plugin for Netscape by TouchStone Software
"EncVorbis" = EncVorbis 1.1
"EPSON Printer and Utilities" = EPSON Logiciel imprimante
"ERUNT_is1" = ERUNT 1.1j
"ESD68 Guide d'utilisation" = ESD68 Guide d'utilisation
"FileZilla Client" = FileZilla Client 3.3.2.1
"GaNja`Script" = GaNja`Script
"Google Chrome" = Google Chrome
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HijackThis" = HijackThis 2.0.2
"HLSW_is1" = HLSW v1.3.2.1
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InstallShield_{20C45B32-5AB6-46A4-94EF-58950CAF05E5}" = EPSON Attach To Email
"InstallShield_{68D368EE-F5AC-4402-BD45-B454B5453FE1}" = SRS WOW XT Plug-In for Windows Media Player for Toshiba version 1.0.2
"J_L-HKMt-H9G6D_" = LoudMo Contextual Ad Assistant
"JDSecure" = JD Secure 3.1
"legacyqcam_10.51" = Coffret de pilotes Labtec Legacy USB Camera
"Lexmark X1100 Series" = Lexmark X1100 Series
"lvdrivers_11.50" = Coffret de pilotes Logitech QuickCam
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Messenger Plus! Live" = Messenger Plus! Live
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 2.0 Language Pack - FRA" = Module de prise en charge linguistique de Microsoft .NET Framework 2.0 - FRA
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.6.3)" = Mozilla Firefox (3.6.3)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"Mumble" = Mumble and Murmur
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"OpenMG HotFix3.1-02-08-09-01" = OpenMG Limited Patch 3.1-02-12-04-01
"OpenMG HotFix3.1-02-08-15-01" = OpenMG Limited Patch 3.1-02-10-22-01
"OpenMG HotFix3.1-02-10-08-01" = OpenMG Limited Patch 3.1-02-10-22-02
"Outil de diagnostic PC" = Outil de diagnostic PC TOSHIBA
"Photo Viewer" = Photo Viewer 2.24
"PhotoFiltre" = PhotoFiltre
"Power Saver" = Gestion d'énergie TOSHIBA
"ProInst" = Intel PROSet Wireless
"PROPLUS" = Microsoft Office Professional Plus 2007
"RadLight MPC DirectShow Filter" = RadLight MPC DirectShow Filter (remove only)
"Red Giant Datamator" = Red Giant Datamator
"Shockvoice Client_is1" = Shockvoice Client 0.9.3
"Spybot - Search & Destroy_is1" = Spybot - Search & Destroy 1.5.2.20
"Steam App 10" = Counter-Strike
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TeamSpeak Client_is1" = TeamSpeak Client
"TOSHIBA Hotkey Utility for Display Devices" = TOSHIBA Hotkey Utility for Display Devices
"TOSHIBA Software Modem" = TOSHIBA Software Modem
"TOSHIBA Utilities" = TOSHIBA Utilities
"Update Service" = Update Service
"VideoMach 5.1.0" = VideoMach 5.1.0
"VLC media player" = VLC media player 1.0.5
"Vuze_Remote Toolbar" = Vuze_Remote Toolbar
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"WIC" = Windows Imaging Component
"Winamp" = Winamp
"Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Lecteur Windows Media 11
"Windows XP Service" = Windows XP Service Pack 3
"WinLiveSuite_Wave3" = Installation Windows Live
"WinRAR archiver" = Archiveur WinRAR
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-4130127721-353058759-2456171261-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"QUICKMEDIACONVERTER" = Player

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 05/04/2010 16:42:56 | Computer Name = FAVIER | Source = Application Error | ID = 1000
Description = Application défaillante wmplayer.exe, version 11.0.5721.5145, module
défaillant unknown, version 0.0.0.0, adresse de défaillance 0x00000000.

Error - 09/04/2010 12:21:25 | Computer Name = FAVIER | Source = Application Hang | ID = 1002
Description = Application bloquée QuickTimePlayer.exe, version 7.66.71.0, module
bloqué hungapp, version 0.0.0.0, adresse de blocage 0x00000000.

Error - 12/04/2010 12:57:40 | Computer Name = FAVIER | Source = Application Error | ID = 1000
Description = Application défaillante photoshop.exe, version 11.0.0.0, module défaillant
photoshop.exe, version 11.0.0.0, adresse de défaillance 0x00c902cf.

Error - 19/04/2010 08:28:29 | Computer Name = FAVIER | Source = Application Error | ID = 1000
Description = Application défaillante powerarc.exe, version 11.0.3.4, module défaillant
kernel32.dll, version 5.1.2600.5781, adresse de défaillance 0x00012afb.

Error - 25/04/2010 17:04:24 | Computer Name = FAVIER | Source = Application Error | ID = 1000
Description = Application défaillante skplayer fr.exe, version 0.0.0.0, module défaillant
skplayer fr.exe, version 0.0.0.0, adresse de défaillance 0x00001500.

Error - 27/04/2010 04:53:38 | Computer Name = FAVIER | Source = Application Error | ID = 1000
Description = Application défaillante explorer.exe, version 6.0.2900.5512, module
défaillant DivXDec.ax, version 7.1.1.14, adresse de défaillance 0x000de9f4.

Error - 27/04/2010 16:56:38 | Computer Name = FAVIER | Source = Application Error | ID = 1000
Description = Application défaillante explorer.exe, version 6.0.2900.5512, module
défaillant unknown, version 0.0.0.0, adresse de défaillance 0x06f49290.

Error - 28/04/2010 11:50:43 | Computer Name = FAVIER | Source = Application Error | ID = 1000
Description = Application défaillante explorer.exe, version 6.0.2900.5512, module
défaillant unknown, version 0.0.0.0, adresse de défaillance 0x04f09294.

Error - 01/05/2010 06:01:28 | Computer Name = FAVIER | Source = Application Error | ID = 1000
Description = Application défaillante explorer.exe, version 6.0.2900.5512, module
défaillant unknown, version 0.0.0.0, adresse de défaillance 0x06139292.

Error - 01/05/2010 06:01:37 | Computer Name = FAVIER | Source = Application Error | ID = 1000
Description = Application défaillante drwtsn32.exe, version 5.1.2600.0, module défaillant
dbghelp.dll, version 5.1.2600.5512, adresse de défaillance 0x0001295d.

[ System Events ]
Error - 01/05/2010 12:04:46 | Computer Name = FAVIER | Source = Disk | ID = 262151
Description = Le périphérique \Device\Harddisk0\D comporte un bloc défectueux.

Error - 01/05/2010 12:04:49 | Computer Name = FAVIER | Source = Disk | ID = 262151
Description = Le périphérique \Device\Harddisk0\D comporte un bloc défectueux.

Error - 01/05/2010 12:04:53 | Computer Name = FAVIER | Source = Disk | ID = 262151
Description = Le périphérique \Device\Harddisk0\D comporte un bloc défectueux.

Error - 01/05/2010 12:04:57 | Computer Name = FAVIER | Source = Disk | ID = 262151
Description = Le périphérique \Device\Harddisk0\D comporte un bloc défectueux.

Error - 01/05/2010 12:05:01 | Computer Name = FAVIER | Source = Disk | ID = 262151
Description = Le périphérique \Device\Harddisk0\D comporte un bloc défectueux.

Error - 01/05/2010 12:05:05 | Computer Name = FAVIER | Source = Disk | ID = 262151
Description = Le périphérique \Device\Harddisk0\D comporte un bloc défectueux.

Error - 01/05/2010 12:05:13 | Computer Name = FAVIER | Source = Disk | ID = 262151
Description = Le périphérique \Device\Harddisk0\D comporte un bloc défectueux.

Error - 01/05/2010 12:05:17 | Computer Name = FAVIER | Source = Disk | ID = 262151
Description = Le périphérique \Device\Harddisk0\D comporte un bloc défectueux.

Error - 01/05/2010 12:05:21 | Computer Name = FAVIER | Source = Disk | ID = 262151
Description = Le périphérique \Device\Harddisk0\D comporte un bloc défectueux.

Error - 01/05/2010 12:05:25 | Computer Name = FAVIER | Source = Disk | ID = 262151
Description = Le périphérique \Device\Harddisk0\D comporte un bloc défectueux.


<End>

en vous disant merci d avance et en espérant n avoir rien oublier
Amicalement 0smoz
0smoz
 
Messages: 13
Inscription: 01 Mai 2010, 16:59

Messagede nickW » 01 Mai 2010, 23:55

Bonsoir,

Premiers nettoyages:


Étape 1: rkill (de Grinler), téléchargement
Remarque importante:
rkill est parfois, à tort, détecté comme nuisible. Si nécessaire, désactiver l'antivirus lors de son téléchargement.

Télécharger rkill via un clic droit suivi de Enregistrer la cible du lien sous ... depuis l'un des liens ci-dessous:

Lien 1
Lien 2
Lien 3
Lien 4

Enregistrer le fichier sur le Bureau.


Étape 2: Navilog1 (de IL-MAFIOSO), téléchargement
Télécharger Navilog1 par un clic droit sur le lien ci-dessous:
http://pagesperso-orange.fr/il.mafioso/ ... vilog1.exe
Enregistrer le fichier sur le Bureau.


Étape 3: OTL (de OldTimer), préparation de la correction
Ouvrir une fenêtre du Bloc-notes, via Démarrer---->Exécuter, taper notepad puis cliquer sur OK

Sélectionner toutes les lignes de la zone blanche située sous "Code:" ci-dessous, puis appuyer simultanément sur les touches Ctrl et C

Code: Tout sélectionner
rien

:otl
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.pucuy.com/
FF - prefs.js..extensions.enabledItems: {bbec3a46-c2e4-ff61-76d2-19a319ec0628}:4.6.6.7
[2010/04/19 17:56:48 | 000,000,000 | ---D | M] (LoudMo Contextual Ad Assistant) -- C:\Program Files\Mozilla Firefox\extensions\{bbec3a46-c2e4-ff61-76d2-19a319ec0628}
O2 - BHO: (installnetworkonline) - {63f38a2c-25e6-b425-da1a-bf572625ae32} - C:\WINDOWS\system32\yNd-rJAu6dN_M.dll ()
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No CLSID value found.
O2 - BHO: (AskBar BHO) - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No CLSID value found.
O2 - BHO: (Vuze Remote Toolbar) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files\Vuze_Remote\tbVuze.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O3 - HKU\S-1-5-21-4130127721-353058759-2456171261-1006\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKU\S-1-5-21-4130127721-353058759-2456171261-1006\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found.
O3 - HKU\S-1-5-21-4130127721-353058759-2456171261-1006\..\Toolbar\WebBrowser: (Ask Toolbar) - {3041D03E-FD4B-44E0-B742-2D9B88305F98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O3 - HKU\S-1-5-21-4130127721-353058759-2456171261-1006\..\Toolbar\WebBrowser: (Vuze Remote Toolbar) - {BA14329E-9550-4989-B3F2-9732E92D17CC} - C:\Program Files\Vuze_Remote\tbVuze.dll (Conduit Ltd.)
O33 - MountPoints2\{72e0d65c-fa50-11dc-b11f-0018de2cec27}\Shell - "" = AutoRun
O33 - MountPoints2\{72e0d65c-fa50-11dc-b11f-0018de2cec27}\Shell\Auto\command - "" = KM.exe

:Commands
[emptytemp]



Retourner dans la fenêtre du Bloc-notes, faire un clic droit dans la fenêtre et choisir Coller
Vérifier dans le menu Format (en haut) que "Retour automatique à ligne" n'est pas actif (pas coché).
Enregistrer le fichier sous le nom fix.txt <---- ne pas modifier le nom du fichier
Fermer le Bloc-notes.

Note: Les lignes de la zone Code ci-dessus ont été créées exclusivement pour CET utilisateur: 0smoz.
Si vous n'êtes pas CET utilisateur, il ne faut pas les utiliser: elles pourraient endommager votre système.



Étape 4: Pas de processus de contrôle en temps réel
Désactiver le module résident de l'antivirus.
Image BitDefender: double clic sur l'icône dans la SysBarre (à coté de l'horloge), dans le menu "Antivirus", dans l'onglet "Résident", décocher la case située devant "Protection en temps réel activée"


Étape 5: Désinstallation
Démarrer-->Paramètres-->Panneau de Configuration-->Ajout/Suppression de programmes
Rechercher et désinstaller (si trouvé) Vuze Toolbar
Rechercher et désinstaller (si trouvé) Vuze_Remote Toolbar


Étape 6: Navilog1 (de IL-MAFIOSO), nettoyage
Fermer toutes les applications actives (comme traitement de texte, navigateur).
Faire un double clic sur le fichier Navilog1.exe présent sur le Bureau.

Suivre les indications affichées.
Sur le menu principal, choisir l'option 1 et valider.
(ne pas choisir l'option 2 sans mon avis/accord)

L'outil peut annoncer qu'il va effectuer un redémarrage du PC: Appuyer sur une touche comme demandé.
Si le PC ne redémarre pas automatiquement, lancer manuellement le redémarrage, en choisissant la session habituelle.

Attendre jusqu'au message :
*** Scan Termine le ..... ***
Appuyer sur une touche comme demandé, le Bloc-notes va s'ouvrir.
Note: Dans le Bloc-notes, vérifier dans le menu Format (en haut) que l'option "Retour automatique à la ligne" n'est pas cochée.
Enregistrer ce fichier sous le nom navi1-100501.txt
Fermer le Bloc-notes.


Un dysfonctionnement des serveurs de free et/ou du forum m'empêche d'envoyer de "gros" messages. La suite est donc dans le message suivant.


A suivre,
nickW - Image
30/07/2012: Plus de désinfection de PC jusqu'à nouvel ordre.
Pas de demande d'analyse de log en MP (Message Privé)
Mes configs
Avatar de l’utilisateur
nickW
Modérateur
 
Messages: 21698
Inscription: 20 Mai 2004, 17:41
Localisation: Dordogne/Île de France

Messagede nickW » 01 Mai 2010, 23:56

Un dysfonctionnement des serveurs de free et/ou du forum m'empêche d'envoyer de "gros" messages. Ceci est la suite du message précédent.


Étape 7: Pas de processus de contrôle en temps réel
Si un redémarrage s'est produit et si l'antivirus a été réactivé, il faut de nouveau le désactiver.


Étape 8: rkill (de Grinler), exécution
Faire un double clic sur le fichier rkill téléchargé pour lancer l'outil.

Une fenêtre à fond noir va apparaître brièvement, puis disparaître.
En fin d'exécution, enregistrer le fichier rkill.log

Si rien ne se passe, ou si l'outil ne se lance pas, télécharger l'outil depuis un autre des quatre liens ci-dessus et faire une nouvelle tentative d'exécution.

Si aucun des outils téléchargés depuis les quatre liens ci-dessus ne semble fonctionner, ne pas continuer le nettoyage, et me prévenir sur le forum.

Ne pas faire redémarrer le PC.


Étape 9: Malwarebytes' Anti-Malware, nettoyage
Fermer toutes les fenêtres de programme ouvertes.
Lancer Malwarebytes' Anti-Malware via le Menu Démarrer.
Dans l'onglet Paramètres, vérifier que toutes les cases sont cochées sauf "Créer une option dans le menu contextuel pour analyser des fichiers (clic droit)".
Dans l'onglet Mise à jour, cliquer sur le bouton Recherche de mise à jour et installer toutes les mises à jour trouvées.
Dans l'onglet Recherche, cocher le bouton radio situé devant "Exécuter un examen rapide" puis cliquer sur le bouton Rechercher, comme ceci:

Image

Attendre sans rien faire d'autre la fin de la recherche; dans la fenêtre annonçant la fin de l'analyse, cliquer sur OK; puis cliquer sur le bouton "Afficher les résultats":
Image


Si des éléments nuisibles ont été détectés, cliquer sur le bouton "Supprimer la sélection": Image

Attendre patiemment sans rien faire d'autre la fin du nettoyage.
Un redémarrage est parfois nécessaire. Accepter.
Une fenêtre du Bloc-notes s'ouvre pour afficher le rapport. Fermer le Bloc-notes.
Cliquer sur le bouton "Quitter" pour fermer Malwarebytes' Anti-Malware.


Étape 10: Pas de processus de contrôle en temps réel
Si un redémarrage s'est produit et si l'antivirus a été réactivé, il faut de nouveau le désactiver.


Étape 11: OTL (de OldTimer), correction

Faire un double clic sur OTL.exe pour lancer l'outil.

L'écran principal de OTL s'affiche:
Image

Cliquer sur le bouton Correction: Image

Il y a ouverture d'une petite fenêtre "OTL": Image

Cliquer sur le bouton Ok.

A partir de la nouvelle fenêtre "Ouvrir", naviguer jusqu'au dossier de sauvegarde du fichier fix.txt puis cliquer sur le bouton Ouvrir.

Le contenu du fichier fix.txt est ainsi inséré dans le panneau "Personnalisation" Image

Fermer toutes les fenêtres de programme ouvertes autres que OTL (navigateur, traitement de texte, etc...): un redémarrage du PC va se produire.

Cliquer de nouveau sur le bouton Correction: Image

Note: Lorsque le redémarrage est demandé, cliquer sur Ok

Lorsque l'outil a terminé son travail, il y a affichage dans une petite fenêtre du message "Correction terminée! Cliquez sur Ok pour afficher le rapport.". Cliquer sur Ok puis fermer OTL.


Étape 12: Processus de contrôle en temps réel
Important: Réactiver le module résident de l'antivirus.


Étape 13: OTL (de OldTimer), analyse rapide
Fermer toutes les fenêtres de programme ouvertes.

Faire un double clic sur OTL.exe pour lancer l'outil.

L'écran principal de OTL s'affiche:
Image

Cliquer sur le bouton Analyse rapide:
Image


Laisser l'outil travailler sans l'interrompre.
Lorsque l'outil a terminé, il y a ouverture d'une fenêtre du Bloc-notes contenant un rapport (log).
Fermer le Bloc-notes.
Fermer la fenêtre de OTL.


Étape 14: Résultats
Envoyer en réponse:
*- le rapport de Navilog1, Option 1 (contenu du fichier navi1-100501.txt)
*- le rapport de rkill (contenu du fichier rkill.log situé dans le dossier SystemDrive\)
[SystemDrive représente la partition sur laquelle est installé le système, généralement C:]
*- le rapport de Malwarebytes' Anti-Malware (contenu du fichier mbam-log-****-**-** (**-**-**).txt situé dans le dossier SystemDrive\Documents and Settings\<tonprofil>\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs où ****-** (**-**-**) représente la date [année-mois-jour] et l'heure [hh-mn-ss])
[SystemDrive représente la partition sur laquelle est installé le système, généralement C:]
*- le rapport de correction de OTL (contenu du fichier SystemDrive\_OTL\MovedFiles\********_******.log - les *** sont des chiffres représentant la date [moisjourannée] et l'heure)
[SystemDrive représente la partition sur laquelle est installé le système, généralement C:]

Envoyer ensuite en réponse dans un message distinct (à cause de la longueur du fichier):
*- le rapport principal de OTL (contenu du fichier OTL.txt situé sur le Bureau).
Le rapport envoyé sur le forum doit se terminer par une ligne contenant <End>. Si ce n'est pas le cas, il est incomplet, et doit alors être découpé en plusieurs messages.

Dans ta réponse, n'oublie pas de donner le plus d'informations possible sur l'état du PC: amélioration / disparition / aggravation des symptômes d'infection.


Note importante: Pour l'envoi de ta(tes) réponse(s), il ne faut pas créer un nouveau sujet, mais cliquer sur le bouton "Répondre"
Image pour continuer dans ce fil de discussion.

A suivre,
nickW - Image
30/07/2012: Plus de désinfection de PC jusqu'à nouvel ordre.
Pas de demande d'analyse de log en MP (Message Privé)
Mes configs
Avatar de l’utilisateur
nickW
Modérateur
 
Messages: 21698
Inscription: 20 Mai 2004, 17:41
Localisation: Dordogne/Île de France

Messagede 0smoz » 02 Mai 2010, 10:34

bonjour bonjour

alors d abord un grand merci pour une réponse aussi rapide et claire

depuis que j ai suivi vos instruction, j ai récupérer un pc beaucoup plus rapide
et aussi aucun crache a remarque pour le moment

je vous tiendrais au courant des évolutions

en attendant voici les logs demandés

log rkill

This log file is located at C:\rkill.log.
Please post this only if requested to by the person helping you.
Otherwise you can close this log when you wish.
Ran as Sebastien on 02/05/2010 at 10:54:17.


Processes terminated by Rkill or while it was running:


C:\Documents and Settings\Sebastien\Bureau\rkill.scr


Rkill completed on 02/05/2010 at 10:54:26.
0smoz
 
Messages: 13
Inscription: 01 Mai 2010, 16:59

Messagede 0smoz » 02 Mai 2010, 10:36

logs OTL

All processes killed
Error: Unable to interpret <rien> in the current context!
========== OTL ==========
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
Prefs.js: {bbec3a46-c2e4-ff61-76d2-19a319ec0628}:4.6.6.7 removed from extensions.enabledItems
C:\Program Files\Mozilla Firefox\extensions\{bbec3a46-c2e4-ff61-76d2-19a319ec0628}\components folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{bbec3a46-c2e4-ff61-76d2-19a319ec0628}\chrome folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{bbec3a46-c2e4-ff61-76d2-19a319ec0628} folder moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{63f38a2c-25e6-b425-da1a-bf572625ae32}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{63f38a2c-25e6-b425-da1a-bf572625ae32}\ deleted successfully.
C:\WINDOWS\system32\yNd-rJAu6dN_M.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7E853D72-626A-48EC-A868-BA8D5E23E045}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{201f27d4-3704-41d6-89c1-aa35e39143ed}\ not found.
File C:\Program Files\AskBarDis\bar\bin\askBar.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7E853D72-626A-48EC-A868-BA8D5E23E045}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ba14329e-9550-4989-b3f2-9732e92d17cc}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ba14329e-9550-4989-b3f2-9732e92d17cc}\ not found.
File C:\Program Files\Vuze_Remote\tbVuze.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{3041d03e-fd4b-44e0-b742-2d9b88305f98} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3041d03e-fd4b-44e0-b742-2d9b88305f98}\ not found.
File C:\Program Files\AskBarDis\bar\bin\askBar.dll not found.
Registry value HKEY_USERS\S-1-5-21-4130127721-353058759-2456171261-1006\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}\ not found.
Registry value HKEY_USERS\S-1-5-21-4130127721-353058759-2456171261-1006\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7}\ not found.
Registry value HKEY_USERS\S-1-5-21-4130127721-353058759-2456171261-1006\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{3041D03E-FD4B-44E0-B742-2D9B88305F98} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3041D03E-FD4B-44E0-B742-2D9B88305F98}\ not found.
File C:\Program Files\AskBarDis\bar\bin\askBar.dll not found.
Registry value HKEY_USERS\S-1-5-21-4130127721-353058759-2456171261-1006\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{BA14329E-9550-4989-B3F2-9732E92D17CC} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BA14329E-9550-4989-B3F2-9732E92D17CC}\ not found.
File C:\Program Files\Vuze_Remote\tbVuze.dll not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{72e0d65c-fa50-11dc-b11f-0018de2cec27}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{72e0d65c-fa50-11dc-b11f-0018de2cec27}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{72e0d65c-fa50-11dc-b11f-0018de2cec27}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{72e0d65c-fa50-11dc-b11f-0018de2cec27}\ not found.
File KM.exe not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes
->Flash cache emptied: 41620 bytes

User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 2626170 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 42404187 bytes

User: Sebastien
->Temp folder emptied: 5187885 bytes
->Temporary Internet Files folder emptied: 4492522 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 33687308 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 1930355 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 19569 bytes
%systemroot%\System32 .tmp files removed: 24553472 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 2087 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 23963526 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 133,00 mb


OTL by OldTimer - Version 3.2.4.0 log created on 05022010_111648

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...
0smoz
 
Messages: 13
Inscription: 01 Mai 2010, 16:59

Messagede 0smoz » 02 Mai 2010, 10:37

log navi

Fix Navipromo version 4.0.8 commencé le 02/05/2010 10:31:39,40

!!! Attention,ce rapport peut indiquer des fichiers/programmes légitimes!!!
!!! Postez ce rapport sur le forum pour le faire analyser !!!

Outil exécuté depuis C:\navilog1

Mise à jour le 09.03.2010 à 18h00 par IL-MAFIOSO

Microsoft Windows XP Édition familiale ( v5.1.2600 ) Service Pack 3
X86-based PC ( Multiprocessor Free : Genuine Intel(R) CPU T2050 @ 1.60GHz )
BIOS : BIOS Version 6.00
USER : Sebastien ( Administrator )
BOOT : Normal boot

Antivirus : Bitdefender Antivirus 8.0 (Not Activated)


C:\ (Local Disk) - NTFS - Total:93 Go (Free:42 Go)
D:\ (CD or DVD) - CDFS - Total:0 Go (Free:0 Go)
F:\ (Local Disk) - NTFS - Total:298 Go (Free:0 Go)


Recherche executée en mode normal

Nettoyage exécuté au redémarrage de l'ordinateur


c:\docume~1\sebast~1\locals~1\applic~1\cwogy.dat supprimé !
c:\docume~1\sebast~1\locals~1\applic~1\cwogy_nav.dat supprimé !
c:\docume~1\sebast~1\locals~1\applic~1\cwogy_navps.dat supprimé !
c:\docume~1\sebast~1\locals~1\applic~1\wgwys_navps.dat supprimé !


Nettoyage contenu C:\WINDOWS\Temp effectué !
Nettoyage contenu C:\Documents and Settings\Sebastien\locals~1\Temp effectué !


*** Sauvegarde du Registre vers dossier Safebackup ***

sauvegarde du Registre réalisée avec succès !

*** Nettoyage Registre ***

Nettoyage Registre Ok




*** Scan terminé 02/05/2010 10:42:40,67 ***
0smoz
 
Messages: 13
Inscription: 01 Mai 2010, 16:59

Messagede 0smoz » 02 Mai 2010, 10:47

log malaware

www.malwarebytes.org

Version de la base de données: 4058

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

02/05/2010 11:04:19
mbam-log-2010-05-02 (11-04-19).txt

Type d'examen: Examen rapide
Elément(s) analysé(s): 123237
Temps écoulé: 8 minute(s), 15 seconde(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 1
Clé(s) du Registre infectée(s): 2
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 1
Fichier(s) infecté(s): 18

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
C:\Program Files\Mozilla Firefox\extensions\{bbec3a46-c2e4-ff61-76d2-19a319ec0628}\components\RwAoqp.dll (Adware.BHO) -> Delete on reboot.

Clé(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\The Weather Channel (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\AppDataLow\HavingFunOnline (Adware.BHO.FL) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
C:\WINDOWS\system32\GroupPolicyManifest (Worm.Archive) -> Quarantined and deleted successfully.

Fichier(s) infecté(s):
C:\Program Files\Mozilla Firefox\extensions\{bbec3a46-c2e4-ff61-76d2-19a319ec0628}\components\RwAoqp.dll (Adware.BHO) -> Delete on reboot.
C:\WINDOWS\system32\GroupPolicyManifest\1.music.mp3 (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\GroupPolicyManifest\1.music.mp3.kwd (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\GroupPolicyManifest\10.setup.zip (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\GroupPolicyManifest\10.setup.zip.kwd (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\GroupPolicyManifest\11.unpack.zip (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\GroupPolicyManifest\11.unpack.zip.kwd (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\GroupPolicyManifest\12.limepro.zip (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\GroupPolicyManifest\12.limepro.zip.kwd (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\GroupPolicyManifest\13.keygen.zip (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\GroupPolicyManifest\13.keygen.zip.kwd (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\GroupPolicyManifest\2.crack.zip (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\GroupPolicyManifest\2.crack.zip.kwd (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\GroupPolicyManifest\8.mpgvideo.mpg (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\GroupPolicyManifest\8.mpgvideo.mpg.kwd (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\GroupPolicyManifest\9.remix.mp3 (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\GroupPolicyManifest\9.remix.mp3.kwd (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\GnuHashes.ini (Malware.Trace) -> Quarantined and deleted successfully.
0smoz
 
Messages: 13
Inscription: 01 Mai 2010, 16:59

Suivante

Retourner vers Sécurité (Contamination - Décontamination)

Qui est en ligne

Utilisateurs parcourant ce forum: Aucun utilisateur enregistré et 24 invités

cron